Analysis of the security of VPN configurations in industrial control environments

被引:12
作者
Rahimi, Sanaz [1 ]
Zargham, Mehdi [1 ]
机构
[1] So Illinois Univ, Dept Comp Sci, Carbondale, IL 62901 USA
来源
INTERNATIONAL JOURNAL OF CRITICAL INFRASTRUCTURE PROTECTION | 2012年 / 5卷 / 01期
关键词
Control systems; Virtual private networks; Security analysis; Simulation;
D O I
10.1016/j.ijcip.2012.01.001
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Virtual private networks (VPNs) are a popular approach for protecting otherwise insecure industrial control protocols. VPNs provide confidentiality, integrity and availability, and are often considered to be secure. However, implementation vulnerabilities and protocol flaws expose VPN weaknesses in many industrial deployments. This paper employs a probabilistic model to evaluate and quantify the security of VPN configurations. Simulations of the VPN model are conducted to investigate the trade-offs and parameter dependence in various VPN configurations. The experimental results provide recommendations for securing VPN deployments in industrial control environments. (C) 2012 Elsevier B.V. All rights reserved.
引用
收藏
页码:3 / 13
页数:11
相关论文
共 28 条
  • [1] Alsiherov Farkhod, 2010, Proceedings of the 12th WSEAS International Conference on Automatic Control, Modelling & Simulation (ACMOS 2010), P434
  • [2] [Anonymous], WSEAS T SYST CONTROL
  • [3] Balbo G., 2001, Lectures on Formal Methods and Performance Analysis. First EEF/Euro Summer School on Trends in Computer Science. Revised Lectures (Lecture Notes in Computer Science Vol.2090), P84
  • [4] Bellare M., 1996, Advances in Cryptology - CRYPTO'96. 16th Annual International Cryptology Conference. Proceedings, P1
  • [5] Security and auditing of VPN
    Boukari, N
    Aljane, A
    [J]. THIRD INTERNATIONAL WORKSHOP ON SERVICES IN DISTRIBUTED AND NETWORKED ENVIRONMENTS, PROCEEDINGS, 1996, : 132 - 138
  • [6] Brown R., 2010, STUXNET WORM CAUSES
  • [7] The Mobius framework and its implementation
    Deavours, DD
    Clark, G
    Courtney, T
    Daly, D
    Derisavi, S
    Doyle, JM
    Sanders, WH
    Webster, PG
    [J]. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2002, 28 (10) : 956 - 969
  • [8] Dispensa S., 2010, REDUCE MALWARE INDUC
  • [9] A survey on communication networks for electric system automation
    Gungor, VC
    Lambert, FC
    [J]. COMPUTER NETWORKS, 2006, 50 (07) : 877 - 897
  • [10] Hamed H., 2005, ICNP '05: Proceedings of the 13TH IEEE International Conference on Network Protocols, P259
123