Top

Published in:

2019 | OriginalPaper | Chapter

No Need to Marry to Change Your Name! Attacking Profinet IO Automation Networks Using DCP

Authors : Stefan Mehner, Hartmut König

Published in: Detection of Intrusions and Malware, and Vulnerability Assessment

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Current developments in digitization and industry 4.0 bear new challenges for automation systems. In order to enable interoperability and vertical integration of corporate management systems, these networks have evolved from formerly proprietary solutions to the application of Ethernet-based communication and internet standards. This development is accompanied by an increase in the number of threats. Although the most critical IT protection objective for automation systems is availability, usually no security mechanisms have been integrated into automation protocols. Also Ethernet offers no protection by design for these protocols. One of the most popular real-time protocols for industrial applications is Profinet IO. In this paper, we describe a Denial-of-Service attack on Profinet IO that exploits a vulnerability in the Discovery and Basic Configuration Protocol (DCP) which interrupts the Application Relationship between an IO Controller and an IO Device, and thus prevents the system from being repaired by the operator. The attack combines port stealing with the sending of forged DCP packets and causes a system downtime, which in affected production networks probably lead to a serious financial damage and, in case of critical infrastructures, even represents a high risk for the supply of society. We demonstrate the practical feasibility of the attack using realistic hardware and scenarios and discuss its significance for also other setups.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Security in Plain TXT

next chapter DPX: Data-Plane eXtensions for SDN Security Service Instantiation

International Electrotechnical Commission.

Search engine Shodan. https://www.shodan.io. Accessed 05 Feb 2019

IEC 61158-6-10:2014: Industrial communication networks - Fieldbus specifications - Part 6–10: Application layer protocol specification - Type 10 elements (2014)

IEC 61784–2:2014: Industrial communication networks - Profiles - Part 2: Additional fieldbus profiles for real-time networks based on ISO/IEC 8802–3 (2014)

Akerberg, J., Bjorkman, M.: Exploring security in Profinet IO. In: 2009 33rd Annual IEEE International Computer Software and Applications Conference, vol. 1, pp. 406–412, July 2009. https://doi.org/10.1109/COMPSAC.2009.61

Akerberg, J., Bjorkman, M.: Introducing security modules in Profinet IO (2009). https://doi.org/10.1109/ETFA.2009.5347205

Baud, M., Felser, M.: Profinet io-device emulator based on the man-in-the-middle attack. In: 2006 IEEE Conference on Emerging Technologies and Factory Automation, pp. 437–440, September 2006. https://doi.org/10.1109/ETFA.2006.355228

Biondi, P.: Packet crafting for Python2 and Python3 (2018)

Dias, A.L., Sestito, G.S., Turcato, A.C., Brandao, D.: Panorama, challenges and opportunities in PROFINET protocol research. In: 2018 13th IEEE International Conference on Industry Applications (INDUSCON). IEEE, November 2018. https://doi.org/10.1109/induscon.2018.8627173

Hui, H., McLaughlin, K.: Investigating current plc security issues regarding siemens s7 communications and TIA portal. In: 5th International Symposium for ICS & SCADA Cyber Security Research 2018: Proceedings, pp. 67–73. BCS, August 2018). https://doi.org/10.14236/ewic/ICS2018.8

10.

Liang, G., Weller, S.R., Zhao, J., Luo, F., Dong, Z.Y.: The 2015 ukraine blackout: Implications for false data injection attacks. IEEE Trans. Power Syst. 32(4), 3317–3318 (2017). https://doi.org/10.1109/TPWRS.2016.2631891CrossRef

11.

McLaughlin, S., et al.: The cybersecurity landscape in industrial control systems. Proc. IEEE 104(5), 1039–1057 (2016). https://doi.org/10.1109/JPROC.2015.2512235CrossRef

12.

Mo, Y., Sinopoli, B.: Secure control against replay attacks. In: 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton), pp. 911–918, September 2009. https://doi.org/10.1109/ALLERTON.2009.5394956

13.

Muller, T., Doran, H.D.: Profinet real-time protection layer: performance analysis of cryptographic and protocol processing overhead. In: 2018 IEEE 23rd International Conference on Emerging Technologies and Factory Automation (ETFA), vol. 1, pp. 258–265, September 2018. https://doi.org/10.1109/ETFA.2018.8502670

14.

Paul, A., Schuster, F., König, H.: Towards the protection of industrial control systems – conclusions of a vulnerability analysis of profinet IO. In: Rieck, K., Stewin, P., Seifert, J.-P. (eds.) DIMVA 2013. LNCS, vol. 7967, pp. 160–176. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39235-1_10CrossRef

15.

Pfrang, S., Meier, D.: Detecting and preventing replay attacks in industrial automation networks operated with Profinet IO. J. Comput. Virol. Hacking Tech. 14(4), 253–268 (2018). https://doi.org/10.1007/s11416-018-0315-0CrossRef

16.

Pigan, R., Metter, M.: Automating with PROFINET: Industrial Communication Based on Industrial Ethernet. Wiley, Hoboken (2015)

17.

Popp, M.: Industrial Communication with PROFINET. PROFIBUS Nutzerorganisation (2014)

18.

Poresky, C., Andreades, C., Kendrick, J., Peterson, P.: Cyber security in nuclear power plants: insights for advanced nuclear technologies. Department of Nuclear Engineering, University of California, Berkeley, Publication UCBTH-17-004 (2017)

19.

PROFIBUS & PROFINET International: PROFINET Security Guideline, November 2013. https://www.profibus.com/download/profinet-security-guideline

20.

Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of the 13th USENIX Conference on System Administration LISA 1999, pp. 229–238. USENIX Association, Berkeley, CA, USA (1999). http://dl.acm.org/citation.cfm?id=1039834.1039864

Title: No Need to Marry to Change Your Name! Attacking Profinet IO Automation Networks Using DCP
Authors: Stefan Mehner
Hartmut König
Publisher: Springer International Publishing
Book: Detection of Intrusions and Malware, and Vulnerability Assessment
Print ISBN: 978-3-030-22037-2

Electronic ISBN: 978-3-030-22038-9

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-22038-9_19

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner