ScadaSafe is an implementation of a proposed protocol for link encryption and integrity checking of SCADA messages passed over slow serial lines.


Release 0.7.4 adds the ability to dynamically load cipher suites from separaely compiled jar files and support programs for encrypting and decrypting known answer tests.  It is otherwise identical to the previous release.

03/20/2006:  Release 0.7.3 incorporates the protocol changes discussed at the December meeting at GTI in Chicago as well as a number of changes resulting from a cryptographic review by Sandia National Labs.  Few further changes are expected prior to publication of AGA 12 Part 2 as an AGA recommended practice.

  Release 0.7.2 fixes a number of bugs in 0.7.1 and appears to be reasonably stable.

Release 0.7.1 incorporates several protocol changes that have been discussed recently, and includes support for BSAP.

Release 0.7.0 supports several significant protocol revisions, including relative time-based sequence numbers and SHA256 cipher suites.

Release 0.6.4 now supports operation with dialup modems with modem command, response, and control signals (DTR, DSR, DCD) pass thru.

Release 0.6.2 is feature complete for field testing!  This release has the following capabilities:
  • automatic session establishment
    • dynamic session key generation
    • configurable session timeout
  • configurable cipher suites, including
    • low-latency PE-mode encryption with SHA1 MAC
    • AES/CTR mode encryption with SHA1 MAC
    • cleartext with SHA1 hash
  • mixed-mode support
    • mixed ciphertext/cleartext communication with protected/unprotected RTUs
    • protected broadcast to protected RTUs, unprotected broadcast to unprotected RTUs
  • flexible network topology
    • point to point
    • multidrop
    • none, xonxoff, and rtscts flow control
    • tested at baud rates up to 9600
  • configurable SCADA protocols, including
    • Modbus Rtu
    • Modbus Ascii
    • DNP3
    • Fisher Roc
    • SC1801
  • modem support
    • command & reponse passthru
    • RTS assertion for RS485, radio modems
  • portable Java implementation runs on
    • Windows 2k, XP
    • Linux
    • Arcom Viper embedded linux

Poll/response cycle timing results are available for Modbus messages comparing the time for encrypted polls using both PE-mode and full holdback against unencrypted polls.

response timings normalized cycle timings

07/15/2004:  The latest file release (v041) is undergoing testing at GTI on a Modbus RS485 multidrop network with mixed mode and broadcast.  Initial results are encouraging!

04/15/2004:  The paper titled "Low-Latency Cryptographic Protection for SCADA Communications" describing our Position Embedding encryption mode and proving its security has been accepted to Applied Cryptography and Network Security 2004 and will be published in a Springer Lecture Notes in Computer Science volume.  See

03/26/2004:  The latest file release (v03) supports multidrop lines, mixed mode, and address parsing for Modbus/RTU, Modbus/ASCII, and SC1801.

01/29/2004:  A draft paper describing the proposed encryption technique and proving its security is now available!


The American Gas Association (AGA) develops and publishes standards that are used throughout the natural gas industry in the United States.  AGA 12-2 is a draft standard currently in development for protecting legacy Supervisory Control And Data Aquisition (SCADA) communications links.  These links utilize primarily slow (1200 - 9600 baud) serial protocols over leased lines, dialup lines, and microwave links.  These communications links, used for remote telemetry and control, have at best rudimentary security controls.  Malicious interference with the operation of controlled devices via these SCADA lines is a very realistic possibility that could have severe consequences.  While newer IP-based industrial control technologies are beginning to gain market traction, the shear number of SCADA systems deployed throughout the industry ensures that these legacy networks will be with us for many years.  Similar networks are used throughout the power industry and water industries, and it is likely that this AGA standard will be directly applicable to protecting those SCADA networks as well.

This work is sponsored by Cisco System's Critical Infrastructure Assurance Group.


Encryption source code posted on this web site is eligible for export as specified by Bureau of Industry and Security (BIS), of the U.S. Department of Commerce at 15 CFR Part 740.13 (e) (5).  The source code is considered publicly available and is free of charge. (15 CFR Part 734.3 (b) (3).)

Any source code derived from this web site that is made publicly available for download on the Internet would be subject to notification and review requirements of the BIS to export.

Any derived encryption product incorporating the encryption source code from this web site is considered a new product and is subject to notification and review requirements of the BIS.

Commercial encryption products that incorporate source code are eligible for export under the appropriate provisions of Export Administration Regulations (EAR), depending on the key length and the type of product, regardless of the source of the underlying encryption.

Users are urged to consult the Export Administration Regulations, the Bureau of Industry and Security, and other appropriate sources before exporting any encryption products. Users are responsible for compliance with U.S. and international laws.

For more information, see: Logo