ModSec: A secure Modbus protocol

Thumbnail Image
Wilson, Paul Lawrence
Beyah, Raheem A.
Copeland, John A.
Grijalva, Santiago
Associated Organizations
Supplementary to
Many of todays most critical infrastructures rely on the successful operation of Supervisory Control and Data Acquisition (SCADA) systems distributed all around the world. Infrastructures such as water treatment plants, gas stations, and transportation all rely on SCADA systems, and any form of disruption has the potential to cause grave harm to a society. As technology has continued to grow and evolve, networks have also been able to grow in both space and complexity while also allowing for system operators to more efficiently manage these systems. Despite this growth, many of the communication pro- tocols that these systems use have failed to change, and systems that were never meant to be brought to an insecure environment like the Internet are being exposed, bringing forth a wide range of security vulnerabilities to these infrastructures. Modbus, introduced in 1979, is one of the original communication protocols used in SCADA environments and, to this day, is still implemented in nearly all industrial and automation equipment. The protocol is popularly used by programmable logic controllers (PLCs) to control actuators and gates within a system through a master-slave architecture. Despite its popularity, the protocol lacks any form of security and exposes the ability for a nefarious actor to easily control devices in a network and cause chaos. This thesis presents ModSec, a protocol that brings practical security enhancements to the Modbus protocol. The contribution can be separated into two separate goals: to add security to each of the protocols messages through a means of authentication and integrity, as well as a permission-based scheme to limit the effects that an unintended message can pose. ModSec is shown to prevent against many of the attacks that have already been proven against the Modbus protocol, while also taking into consideration the end systems. Many of the systems that are implements in SCADA environments are either low or lack processing power that would be necessary to fully implement common security mechanisms, like encryption. ModSec takes a novel approach to this problem, resulting in little overhead to the systems or the messages, thus allowing for the protocol to continue to be used without being effected by a large amount of latency or stress on the system.
Date Issued
Resource Type
Resource Subtype
Rights Statement
Rights URI