Testing and Exploring Vulnerabilities of the Applications Implementing IEC 60870-5-104 Protocol

Abstract

IEC 60870-5-104 protocol is an important protocol in the SCADA system. ABB Company uses this protocol for monitoring and managing power utility devices. These devices are interconnected and form part of an important SCADA systems.As SCADA environment becomes more interconnected to the networked world, the understanding of SCADA and it's associated protocol increases in the public domain. The concept of security by obscurity that protected the SCADA environment is no more efficient. In this thesis we look at the many characteristics of power utility SCADA devices and it's possible weaknesses.This thesis studied the IEC 60870-5-104 protocol. We used a method called ?fuzzing? to test the protocol implementation in ABB devices. This method allows us to inject random or semi-random data into ABB devices. We also used vulnerability scanners and HTTP scanner to probe the ABB device. Finally, we performed a TCP/IP based attack on the device as a proof-of-concept that these devices are vulnerable to TCP/IP based attacks. IEC 60870-5-104 is vulnerable to IEC 60870-5-104 attack because it sits on top of the TCP/IP stack. With the test results, we have suggested improvements and propose on future work. The author of this thesis has signed an Non Disclosure Agreement with ABB Corporate Research Centre, Oslo. The content of this thesis should only be read by people who have also signed the Non Disclosure Agreement.