산업제어시스템 계층간 특성을 고려한 MODBUS 보안 기법

As the industrial control protocol MODBUS-TCP doesn’t provide security services that can against the increasing cyber threats, research for improving security has continued. However, previous researches have provided partial security services or experimented their availability in general-purpose computing environments. Providing partial security services makes system exposed to vulnerabilities of security services that aren’t provided, and general-purpose computing environments don’t reflect specificities such as the hierarchy of ICS and OS. In this paper, the frame is configured to provide authentication, confidentiality, integrity, and non-repudiation as security service in the MODBUS-TCP, and the different digital signature algorithm was used for each layer because of the characteristics of device performance according to the ICS layers to improve performance. This paper has been analyzed in limited resource environment and real-time OS VxWorks compared to the previous research, and as a result, it was confirmed that the security function was robust than before. And, it shows about 1.36~3.43 times faster than E-Modbus.