Section: New Software and Platforms


SCADA and IoT security assessment platform

Participants : Abdelkader Lahmadi [contact] , Jérôme François, Olivier Festor.

SCADA Supervisory Control and Data Acquisitions refers to a centralized control and monitoring system for a variety of machinery and equipment involved with many industrial activities including: power generation and distribution, transportation, nuclear plants, manufacturing processes, etc. The most threaten accidents in SCADA networks are caused by targeted attacks, where adversaries exploit vulnerabilities available in software or network protocols components to disturb and make damage to the physical process. Therefore, it is important to provide new methods and tools for protecting SCADA networks from malicious cyber attacks targeting physical processes and infrastructures.

We are developing and maintaining a platform to assess and analyse the security of SCADA systems. The current version of the testbed combines real hardware Programmable Logic Controllers (PLCs) and simulation tools of physical processes. It also provides a set of tools that we have developed to capture and analyse control messages exchanged between a PLC and the physical processes. During the year 2015, we have received a regional funding to extend our platform with more devices and off-the-shelf solutions for home automation.

We have also extended the platform with IoT devices dedicated to home automation solutions (smart plugs, home boxes, lighting systems , door locks and detectors, etc). Our main goal is to rely on Software Defined Radio solution to evaluate the security of these devices and finding their communication protocol vulnerabilities.