网络与信息安全学报 (Oct 2018)
Security test of 101 protocol of FTU
Abstract
The IEC60870-5-101 protocol is mainly used for transmitting messages between the primary station and the substation of the power SCADA data monitoring and acquisition system.Since the message mainly adopts “frame check and sum” to ensure communication security,there is a common security risk among the intermediate personnel.In order to verify the communication problems of the 101 protocol,the communication system between the FTU and the main station of the feeder terminal was constructed,which collected the telemetry signal of the FTU mobile IoT card on the cloud server,and used the man-in-the-middle attack mode to use the ARP to intercept the communication data packet.To analyze the telemetry information in the data packet,try data tampering and successfully make the monitoring data not updated in time.Finally,an enhancement mechanism against external attacks was proposed.
