IEEE Access (Jan 2024)
Cross Domain Solution With Stateful Correlation of Outgoing and Incoming Application- Layer Packets
Abstract
While Smart Grid offers high efficiency in power delivery, it is susceptible to cyberattacks because of vulnerabilities in the information and communication technologies. Network segregation lowers threats by limiting their consequences within segregated network. Network segregation can be achieved either logically or physically. Logical segregation relies on firewalls to filter and manage network traffic. Whereas physical segregation employs methods such as air gaps or data diodes, which provide heightened security by necessitating physical access for a breach. Although air gaps entirely isolate domains from communication, data diodes allow only unidirectional data flow. Effective communication regulation between domains is emphasized owing to its restricted nature, leading to the development of cross-domain solutions (CDS). Certain types of CDS facilitate bidirectional communication by combining two data diodes. The issue lies in the inability of current CDS solutions to consider application-level protocol intricacies. The Modbus protocol is a representative example. To ensure secure communication, a CDS must match the incoming response packets with outgoing request packets, which requires the extraction and correlation of state variables. However, the current CDS, next-gen firewalls, and intrusion prevention systems lack this capability. Thus, this study proposed a next-gen CDS architecture capable of stateful correlation of outgoing and incoming application-layer packets. The proposed method extracts user-defined state variables from outgoing traffic and evaluates incoming packets based on rulesets. A prototype based on this method exhibits superior filtering accuracy compared to traditional CDS, despite a 51.08% increase in processing delay, thereby demonstrating its potential in enhancing network security.
Keywords