本論文針對監控與資料採集(Supervisory Control And Data Acquisition, SCADA)系統，設計並實作具有過濾機制的網路閘道器，目標是將SCADA控制中心所下達的控制命令，先經過本論文所設計的網路閘道器，判斷該控制命令是否會造成整個系統損壞或導致設備執行不當操作。實現當控制決策錯誤時的容錯能力、與防止控制中心遭到駭客入侵時下達使設備損壞的控制指令。
本論文的實驗在ARM9為基礎的開發板上進行實踐，與控制中心的傳輸使用MQTT；與各個遠端終端裝置(Remote terminal unit, RTU)以RS-485進行連線，通訊協定採用Modbus。使用者可以在閘道器上進行各個RTU的建模，本論文設計的建模方式為該RTU各功能對應的Modbus協定細節，閘道器每隔數秒就會透過Modbus指令得到RTU及時的測量數值，這些數值用來定義目前整體系統狀態；系統狀態將用於對控制命令做出過濾，過濾機制可以由使用者自行定義。實驗結果顯示網路閘道器對威脅系統運作的控制指令能正確阻擋；且經過大量實驗測試，過濾的平均延遲時間在0.1毫秒左右，該延遲時間在SCADA系統中的影響極小。

This research proposes a filtering mechanism based on system status and implements a network gateway with this filtering mechanism for Supervisory Control And Data Acquisition (SCADA) systems. The proposed filtering mechanism is used to determine whether the control command will cause damage to the entire system or cause improper operations of the devices. It can prevent the gateway from issuing control commands that damage the devices when the remote(cloud) control center is invaded.
The experiment is implemented on an ARM9-based development board. The communication between the control center and the gateway uses MQTT. The connection with each remote terminal unit (RTU) is RS-485 and the communication protocol adopts Modbus. The user can model each RTU on the gateway. The modeling method is based on understanding of the details of the Modbus protocol corresponding to each function of the RTU. The gateway will get the RTU's timely measurement values through Modbus commands every few seconds. These values are used to define the current system status. The system status is used to filter the just-received control commands. And users can define the rules of the filtering mechanism by themselves.
The experimental results show that the network gateway can correctly block the control commands of the system maloperations. And after many experiments and tests, the average delay time of filtering mechanism is about 0.1 milliseconds.

[1] R. A. Gupta and M. Y. Chow, "Networked control system: Overview and research trends", IEEE Trans. Ind. Electron., vol. 57, no. 7, pp. 2527-2535, Jul. 2010.
[2] Volkova, M. Niedermeier, R. Basmadjian and H. de Meer, "Security challenges in control network protocols: A survey", IEEE Commun. Surveys Tuts., vol. 21, no. 1, pp. 619-639, 1st Quart. 2018.
[3] Polish teen derails tram after hacking train network, Apr. 2008, [online] Available: http://www.theregister.co.uk/2008/01/11/tram_hack/.
[4] Ghenadie Corotinschi and Vasile Gheorghiţă Găitan, "Enabling IoT connectivity for Modbus networks by using IoT edge gateways", 2018 International Conference on Development and Application Systems (DAS), 2018.
[5] T. John and M. Vorbröcker, "Enabling IoT connectivity for ModbusTCP sensors," 2020 25th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), pp. 1339-1342, doi: 10.1109/ETFA46521.2020.9211999, 2020.
[6] Sensor Measurement Lists (SenML), [online] Available: https://www.iana.org/assignments/senml/senml.xhtml
[7] Sagarika Ghosh, Srinivas Sampalli, "A survey of security in SCADA networks: Current issues and future challenges", Access IEEE, vol. 7, pp. 135812-135831, 2019.
[8] D.-J. Kang, J.-J. Lee, S.-J. Kim and J.-H. Park, "Analysis on cyber threats to SCADA systems", Proc. Transmiss. Distrib. Conf. Expo. Asia–Pacific, pp. 1-4, Oct. 2009.
[9] B. Karabacak , S. O. Yildirim, and N. Baykal, "Regulatory approaches for cyber security of critical infrastructures: The case of Turkey", Computer Law & Security Review, vol. 32, no. 3, pp. 526–539, Jun. 2016.
[10] Trihedral Inc., Managing SCADA complexity-minimizing risk: Balancing system growth against destabilizing uncertainty, Trihedral Eng. Ltd., Bedford, NS, Canada, 2016.
[11] I. N. Fovino, A. Coletta, A. Carcano and M. Masera, "Critical state-based filtering system for securing SCADA network protocols", Industrial Electronics IEEE Transactions on, vol. 59, no. 10, pp. 3943-3950, 2012.
[12] Jun Yang, Chunjie Zhou, Yu-Chu Tian, Shuang-Hua Yang, "A software-defined security approach for securing field zones in industrial control systems", Access IEEE, vol. 7, pp. 87002-87016, 2019.
[13] Modbus, Modbus application protocol specification, [online] available: http://www.modbus.org/docs/modbus\_application\_protocol\_v1\_1b3.pdf.
[14] Kwang-Ting Cheng, Anjur Sundaresan Krishnakumar. "Automatic functional test generation using the extended finite state machine model". International Design Automation Conference (DAC). ACM. pp. 86–91, 1993.
[15] Shi-Yu Huang, "Improving the timing of extended finite state machines via catalyst", VLSI Design, vol. 15, Article ID 104845, 7 pages, 2002.
[16] Yang, Yu-Sheng, Shih-Hsiung Lee, Wei-Che Chen, Chu-Sing Yang, Yuen-Min Huang, and Ting-Wei Hou. "TTAS: Trusted token authentication service of securing SCADA network in energy management system for industrial internet of things" Sensors 21, no. 8: 2685. 2021.