Added support for IEC 60870-5-104 protocol

[Limraj]

Description. Added support for protocol IEC 60870-5-104 (IEC104). We have Data Source IEC101 Ethernet implemented, it seems that the difference between IEC101 and IEC104 is the transport, same function and data types in application layer . It would be worth checking how our implementation differs from IEC104. Perhaps the implementation of Data Source IEC101 Ethernet will be sufficient.

IEC101 vs IEC104 [2]: " IEC 60870-5-104 (IEC 104) protocol is an extension of IEC 101 protocol with the changes in transport, network, link & physical layer services to suit the complete network access. The standard uses an open TCP/IP interface to network to have connectivity to the LAN (local area network) and routers with different facility (ISDN, X.25, Frame Relay etc.) can be used to connect to the wide area network (WAN). Application layer of IEC 104 is preserved same as that of IEC 101 with some of the data types and facilities not used. There are two separate link layers defined in the standard, which is suitable for data transfer over Ethernet & serial line (PPP - Point-to-Point Protocol). The control field data of IEC104 contains various types of mechanisms for effective handling of network data synchronization.

The security of IEC 104, by design has been proven to be problematic,[2] as many of the other SCADA protocols developed around the same time. Though the IEC technical committee (TC) 57 have published a security standard IEC 62351, which implements encryption tunneling and network monitoring in an effort to address attacks such as packet replay and man-in-the-middle. Due to the increase in complexity and cost, system owners are reluctant to roll this out on their networks. "

Security [7]: " Unfortunately, the IEC80670-5-101 protocol does not protect the secrecy of sensitive and critical data that are exchanged between a control centre and remote substations [1,7,19]. Moreover, it also does not validate the authenticity of the source and the integrity of the data being received [20]. Hence, a protection mechanism is required in the application layer to protect the SCADA systems from eavesdropping, spoofing and non-repudiation attacks. Additionally, a protection mechanism is needed to defend against Sniffing, Data modification and Replay attacks. Although the IEC 62351 standard has suggested several security countermeasures to be implemented in this protocol at the application layer, no practical solution has been clearly proposed to protect against data link layer attacks [3]. Thus, the comprehensive implementation of the IEC 62351 guidelines in the IEC80670-5-101 protocols is still missing and unclear. " and [9]: " The security of IEC 104, by design, has been proven to be problematic. Though the IEC technical committee has published a security standard IEC 62351, which implements end-to-end encryption which would prevent such attacks as a replay, man-in-the-middle (MitM), and packet injection. Unfortunately, due to the increase in complexity vendors are reluctant to roll this out on their networks. The insecure IEC 104 designed in the ’90s is still used widespread in European power systems. "

Perhaps we could help the project with our implementation: https://plc4x.apache.org/users/protocols/index.html

Solution To implement support for the IEC104 protocol, we can use the following library: https://www.openmuc.org/iec-60870-5-104/download/ For tests you can use the following: https://camel.apache.org/components/3.20.x/iec60870-server-component.html

Make sure that the solution complies with the IEC 62351 standard.

Additional context [1] https://en.wikipedia.org/wiki/IEC_60870 [2] https://en.wikipedia.org/wiki/IEC_60870-5 [3] https://camel.apache.org/components/3.20.x/iec60870-server-component.html [4] https://camel.apache.org/components/3.20.x/iec60870-client-component.html [5] https://www.openmuc.org/iec-60870-5-104/user-guide/ [6] https://webstore.iec.ch/preview/info_iec60870-5-104%7Bed2.0%7Den_d.pdf

Security [7] https://iopscience.iop.org/article/10.1088/1742-6596/2261/1/012019/pdf [8] https://www.researchgate.net/publication/303914771_A_security_evaluation_of_IEC_62351 [9] https://ceur-ws.org/Vol-2874/paper13.pdf