臺灣博碩士論文加值系統

現今的工業運作模式大多是使用電腦等自動化系統來管理各種設備，有些也會用到雲端等網路系統，不僅能夠增加資料傳輸效率，還能同時控制不同地方的設備運作。然而，隨著網路的發展，工業系統的各種安全問題也隨之而來，各種攻擊手段透過網路威脅著工業系統，在這其中最重要的是監控與資料擷取系統(Supervisory Control And Data Acquisition，簡稱SCADA)。監控與資料擷取系統是大多數工業設施會使用的控制系統，若遭到攻擊將可能使整個工業系統瓦解，因此需要一套安全保護的機制。
在本研究中，我們改良以前專家學者提出的系統，來設計適合監控與資料擷取系統的金鑰管理機制，使系統在廣播、單播、群播等不同傳輸模式中也能保障資料的安全，另外此系統具有定期更新金鑰的功能，並遵守前向安全、後向安全、抗共謀來防止金鑰洩漏。還增加了自我修復功能，能在金鑰中心故障時自行更新金鑰。

These days, most industries use automatic systems to manage various devices. Some of them also use a network which can not only increase the efficiency of data transmission but also control devices from different places at the same time. However, many security issues of industrial systems have been noticed according to the development of the Internet. There are some attacks that may threaten industrial systems through the Internet. One of the most important systems is the supervisory control and data acquisition (SCADA for short). SCADA is a control system which is used by most industrial constructions. Related attacks to SCADA may cause the disruption of the entire industrial system. Therefore, the security of SCADA is very important.
In this paper, we aim to improve the previous systems proposed by some experts and scholars and design some secure key distribution protocols for SCADA. The protocols support broadcast, unicast, and multicast. In addition, the proposed protocols have the property of periodically updating communicated keys. These protocols keep forward secrecy, backward secrecy, and collusion resistance to prevent keys from leaking out. We also add the self-healing mechanism so that devices can update keys by themselves if the key center is broken.

論文口試委員審定書 iii
摘要 iv
Abstract v
誌謝 vi
目錄 vii
表目錄 ix
圖目錄 x
第一章 緒論 1
1.1 研究背景 1
1.2 研究動機與目的 4
1.3 章節概要 11
第二章 文獻探討 12
2.1 SCADA系統概述 12
2.2 近年SCADA研究 14
2.3 相關SCADA研究 20
2.3.1 符號定義 20
2.3.2 系統架構 21
2.3.3 初始化階段 21
2.2.4 加密階段 22
2.3.5 解密階段 23
2.3.6 安全性分析 24
第三章 具抵抗共謀之SCADA金鑰分配協議 25
3.1 符號定義 25
3.2 系統架構 26
3.2.1 架構簡介 26
3.2.2 設置階段 26
3.2.3 初始化階段 27
3.2.4 廣播加密階段 28
3.2.5 廣播解密階段 29
3.2.6 單播加密階段 30
3.2.7 單播解密階段 31
3.3 安全性分析 32
3.4 效能分析與比較 34
第四章 具自我修復之SCADA金鑰分配協議 36
4.1 符號定義 36
4.2系統架構 37
4.2.1 架構簡介 37
4.2.2 設置階段 37
4.2.3 初始化階段 38
4.2.4 廣播加密階段 40
4.2.5 廣播解密階段 41
4.2.6 單播加密階段 42
4.2.7 單播解密階段 43
4.2.8 群播加密階段 43
4.2.9 群播解密階段 44
4.3 安全性分析 46
4.4 效能分析與比較 49
第五章 結論與未來展望 51
5.1 結論 51
5.2 未來展望 53
參考文獻 54

[1]S. Boyer, “Scada: Supervisory Control And Data Acquisition,” 2009.
[2]N. Flix, G. Dumortier, A. Aïtouche, A. Gehin, and M. Staroswiecki, “Generic control/command distributed system, European Control Conference (ECC),” 1999.
[3]J. Fernandez and A. Fernandez, “SCADA systems: Vulnerabilities and remediation,” J. Comput. Sci. Colleges Arch., vol.20, no. 4, pp. 160-168, 2005.
[4]S. Patel and Y. Yu, “Analysis of SCADA Security Models,” International Management Review Vol. 3 No. 2, pp. 68-76, 2007.
[5]“Security technologies for industrial automation and control systems,” Instrum. Syst. Autom. Soc., Research Triangle Park, NC, ANSI/ISATR99.00.01-2007, 2007.
[6]“Integrating electronic security into the manufacturing and control systems environment,” Instrum. Syst. Autom. Soc., Research Triangle Park, NC, ANSI/ISA-TR99.00.02-2004, 2007.
[7]“System protection profile—industrial control systems v1.0,” Nat. Inst. Standards Technol., Gaithersburg, MD, 2004.
[8]“API 1164: Pipeline SCADA Security,” Washington, DC: American Petroleum Inst, 2004.
[9]“Cryptographic protection of SCADA communications Part 1: Background, policies and test plan,” Amer. Gas Assoc, 2005.
[10]“Cryptographic protection of SCADA communications; Part 2: retrofit link encryption for asynchronous serial communications,” American Gas Assoc., 2005.
[11]行政院國家資通安全會報 , 國家資通安全發展方案 (106 年至 109 年 ) , 中華民國 106 年 11月。
[12]K. Stouffer, V. Pillitteri, S. Lightman, M. Abrams, and A. Hahn, “Guide to Industrial Control Systems (ICS) Security,” NIST Special Publication 800-82 Revision 2, 2015.
[13]M. Eldefrawy, “Modbus Authentication Protocol for Secure SCADA Systems,” Center of Excellence in information Assurance, 2016, https://www.youtube.com/watch?v=42m94qSgmfI
[14]J. Wiles, T. Claypoole, P. Drake, P. Henry, L. Johnson, S. Lowther, G. Miles, M. Tobias, and J. Windle, “Techno Security's Guide to Securing SCADA: A Comprehensive Handbook On Protecting The Critical Infrastructure,” 2008.
[15]J. Graham and S. Patel, “Security Considerations in SCADA Communication Protocols,” Intelligent Systems Research Laboratory Technical Report TR-ISRL- 04-01, 2004.
[16]“Substations Committee of the IEEE Power Engineering Society,” 1379-2000-IEEE Recommended Practice for Data Communications Between Remote Terminal Units and Intelligent Electronic Devices in a Substation, 2001.
[17]G. Cagalaban, Y. So, and S. Kim, “SCADA Network Insecurity: Securing Critical Infrastructures through SCADA Security Exploitation,” 2009.
[18]B. Drury, “Control Techniques Drives and Controls Handbook,” Institution of Engineering and Technology, 2009.
[19]B. Zhu, A. Joseph, and S. Sastry, “A Taxonomy of Cyber Attacks on SCADA Systems,” International Conference on Internet of Things and 4th International Conference on Cyber, Physical, and Social Computing, pp. 380-388, 2011.
[20]M. Drahansky and M. Balitanas, “Cipher for Internet-based Supervisory Control and Data Acquisition Architecture,” Journal of Security Engineering, pp. 337-348, 2011.
[21]J. Rrushi, “SCADA Intrusion Prevention System”, 2006.
[22]R. Chahar, G. Datta, and N. Rajpal, “Design of a New Security Protocol,” International Conference on Computational Intelligence and Multimedia Applications, pp. 132-134, 2007.
[23]L. Pietre-Cambacedes and P. Sitbon, “Cryptographic key management for SCADA systems—Issues and perspectives,” in Proc. Int. Conf. Information Security and Assurance, 2008.
[24]D. Choi, K. Hakman, D. Won, and S. Kim, “Advanced Key-Management Architecture for Secure SCADA Communications,” Power Delivery, IEEE Transactions on, vol. 24, pp. 1154-1163, 2009.
[25]A. Rezai, P. Keshavarzi, and Z. Moravej, “A new key management scheme for SCADA network,” Proc. 2nd int. Symp. Comput. Sci. Eng., Aydin, Turkey, pp. 383–388, 2011.
[26]C. Kumar, G. Jose, C. Sajeev, and C. Suyambulingom, “Safety Measures Against Man-In-The-Middle Attack In Key Exchange,” 2006-2012 Asian Research Publishing Network (ARPN), VOL. 7, NO. 2, pp. 243-246, 2012.
[27]R. Dawson, C. Boyd, E. Dawson, and J. Nieto, “SKMA – A Key Management Architecture for SCADA Systems,” Information Security Institute Queensland University of Technology, 2006.
[28]E. Ramaraj, S. Karthikeyan, and M. Hemalatha, “A Design of Security Protocol using Hybrid Encryption Technique (AES and RSA),” International Journal of The Computer, the Internet and Management Vol. 17, No.1, pp. 78-86, 2009.
[29]A. Ebrahimi, F. Koropi, and H. Naji, “Increasing the security of SCADA systems using key management and hyper elliptic curve cryptography,” Proc. 9th Symp. Adv. Sci. Tech., Mashhad, pp. 17–24, 2014.
[30]D. Choi, H. Jeong, D. Won, and S. Kim, “Hybrid Key Management Architecture for Robust SCADA Systems,” Journal of Information Science and Engineering, Vol. 29, pp. 197-215, 2011.
[31]Y. Amir, Y. Kim, C. Nita-Rotaru, J. Schultz, J. Stanton, and G. Tsudik, “Secure group communication using robust contributory key agreement,” IEEE Transactions on Parallel and Distributed Systems, Vol. 15, pp. 468-480, 2004.
[32]S. Mittra, “Iolus: A Framework for Scalable Secure Multicasting,” ACM SIGCOMM Computer Communication Review, 1997.
[33]R. Jiang, R. Lu, J. Luo, C. Lai, and X. Shen, “Efficient self-healing group key management with dynamic revocation and collusion resistance for SCADA in smart grid,” Secur. Commun. Netw, pp.1026–1039, 2015.
[34]M. Shi, X. Shen, Y. Jiang, and C. Lin, “Self-healing group key distribution with time-limited node revocation for wireless sensor networks,” IEEE Wireless Communications, pp.38-46, 2007.
[35]T. Pramod and N. Sunithaa, “Polynomial Based Scheme for Secure SCADA Operations,” Procedia Technology, Vol. 21, pp. 474-481, 2015.
[36]A. Rezai, P. Keshavarzi, and Z. Moravej, “Advance Hybrid Key Management Architecture for SCADA Network Security,” 2016. Secur. Commun. Netw, Vol 9, Issue17, 2016.
[37]S. Hong, G. Ahn, and W. XU, “Access control management for SCADA systems,” IEICE Transactions on Information and Systems, E91-D(10), pp.2449-2457, 2008.
[38]J. Schreiver, “Role based access control and authentication for SCADA field devices using a dual Bloom filter and challenge response,” Electronic Theses and Dissertations, 2012.
[39]M. Nasr and A. Varjani, “An alarm based access control model for SCADA system,” Smart Grid Conference (SGC 2015), pp.145-151, 2015.
[40]徐翊城，SCADA系統安全調查，國立中正大學通訊資訊數位學習碩士，2012。
[41]陳林輝，SCADA 系統網路弱點偵測之研究，國防大學理工學院電子工程碩士，2015。
[42]周定進，東台灣水力發電廠SCADA系統之研究，國立東華大學電機工程學系碩士，2008。
[43]康渼松，台電負載特性之研究及其對電力系統運轉之影響，國立中山大學電機工程學系研究所博士，2001。
[44]趙億裕，風力發電系統遠端監控平台設計與實現，國立高雄應用科技大學電機工程系碩士，2008。
[45]林家宏，電力系統適應性故障診斷及電力品質偵測之研究，國立中山大學電機工程學系研究所博士，2004。
[46]孫政治，應用人工智慧於變電所自動化故障診斷，國立中山大學電機工程學系研究所碩士，2002。
[47]王儒生，陣列式感測架構應用於消防即時監控系統之研究，國立海洋大學機械與輪機工程學系碩士，2002。
[48]高信豪，熱環境模式應用於水簾式畜舍環控管理系統之研究，國立中興大學農業機械工程學系碩士，2000。
[49]吳東馨，水產養殖用自動化監控系統之研製，國立臺北科技大學自動化科技研究所碩士，2010。
[50]賴嘉祥，資料採集與監控系統SCADA於水產養殖之應用，國立虎尾科技大學機械與機電工程研究所碩士，2014。