Theme 3: Research and theory

I chose the article Securing DNP3 Broadcast Communications in SCADA Systems by Raphael Amoah, Member, IEEE, Seyit Camtepe, Member, IEEE, and Ernest Foo, Member, IEEE, submitted in the journal IEEE Transactions on Industrial Informatics. It has an impact factor of 3.381 (2013) and today 4.708.

The article presents DNP3 Secure Authentication for Broadcast (DNP3-SAB), which is a new lightweight security scheme for broadcast mode communication.

The paper is the first to present DNP3 Secure Authentication for Broadcast (DNP3-SAB), which is a new lightweight security scheme for broadcast mode communication.

The researchers have made a performance analysis on their scheme and the existing DNP3-SA modes (NACR and AGM) and presents the result of their DNP3-SAB. The result shows that it reduces the communication overhead significantly at the cost of an increase with a constant term in processing and storage overhead.

The article is divided in sections:

Section II presents the related work.

Section III presents the overview of the DNP3-SA protocol.

Section IV presents the proposed DNP3-SAB scheme.

The CPN modeling of DNP3-SAB and its approach are presented in The CPN model description is presented in Section VI.

The formal analysis of DNP3-SAB CPN model using state-space tool is presented and discussed in Section VII.

The performance analysis is presented in Section VIII.

Section IX presents the discussions and conclusion of the paper.

(http://ieeexplore.ieee.org.focus.lib.kth.se/xpls/icp.jsp?arnumber=7506334)

1. Gregor proclaims that a theory could be a mental view or a contemplation and according Sutton and Staw "Theory is the answer to queries of why. Theory is about the connections among phenomena, a story about why acts, events structure and thoughts occur." This is an enhancement of our understanding of the world. The logic of which a theory is built upon must be traceable. The hypothesis is not a theory it is just saying what is expected to occur, but not why.

Referring to something someone else says or a theory without using it, makes references to not be a theory itself. Neither data nor statistics are theories and do not generate theories but “may form the foundation for theoretical development”. Data answers questions to empirical patterns that has been observed. A list of variables and constructs are not theories either since they must be explained why they exists or why they are connected.

2. The theories that are used in the article are of both an explanation and prediction (EP) nature, which says what is, how, why, when, where, and what will be. The theories provides predictions and has both testable propositions and causal explanations. It has also the theories design and action which says how to do something. The theory gives explicit prescriptions (e.g., methods, techniques, principles of form and function) for constructing an artifact.

In the paper they present an existing protocol and provide us with an explanation of the limitations of it. They predict that there will be villains who will attack the systems because of these limitations. They are also predicting that this new scheme will make the process more secure. Then they present the design of their scheme. In the end they set up a test environment, run some tests and analysing the data.

3. The benefits of using the explanation and prediction (EP) theories are that it will give you an comprehension of an existing phenomenon and will in the end provide you with measurable data and test results. The benefits of using the theories design and action are that it proposes how to fix the problem.

The combination of these theories covers the most of it in a research. Therefore, there is no bigger limitation. Using just one of the theories would be a limitation, because then you would not cover all aspects when investigating a phenomenon.