Abstract
As Industrial Control Systems (ICS) and standard IT networks are becoming one heterogeneous entity, there has been an increasing effort in adjusting common security tools and methodologies to fit the industrial environment. Fingerprinting of industrial devices is still an unexplored research field. In this paper we provide an overview of standard device fingerprinting techniques and an assessment on the application feasibility in ICS infrastructures. We identify challenges that fingerprinting has to face and mechanisms to be used to obtain reliable results. Finally, we provide guidelines for implementing reliable ICS fingerprinters.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Robles, R., Choi, M., Cho, E., Kim, S., Park, G., Yeo, S.: Vulnerabilities in SCADA and critical infrastructure systems. International J. of Future Generation and Networking (2008)
Ten, C., Liu, C., Manimaran, G.: Vulnerability assessment of cybersecurity for SCADA systems. IEEE Trans. Power Systems (2008)
Pfleeger, C., Pfleeger, S., Theofanos, M.: A methodology for penetration testing. Computers & Security (1989)
Endi, M., Elhalwagy, Y., Hashad, A.: Three-layer PLC/SCADA system architecture in process automation and data monitoring. In: Computer and Automation Engineering, ICCAE. IEEE (2010)
Fovino, I.N., Coletta, A., Masera, M.: Taxonomy of security solutions for the SCADA sector (2010)
Clark, R., Hakim, S., Ostfeld, A.: Handbook of Water and Wastewater Systems Protection. Springer (2011)
McClanahan, R.: The benefits of networked SCADA systems utilizing IP-enabled networks. In: Rural Electric Power Conference. IEEE (2002)
Munro, K.: Scada - a critical situation. Network Security (2008)
Lyon, G.: Nmap security scanner (February 2013), http://nmap.org/
Zalewski, M.: p0f: Passive OS fingerprinting tool (2006), http://lcamtuf.coredump.cx/p0f.shtml (February 1, 2002)
Yarochkin, F., Arkin, O., Kydyraliev, M., Dai, S., Huang, Y., Kuo, S.: Xprobe2++: Low volume remote network information gathering tool. In: Dependable Systems & Networks, DSN 2009. IEEE/IFIP (2009)
Deraison, R., Meer, H., Walt, C.V.D.: Nessus network auditing. Syngress Media Incorporated (2004)
Cisco Systems Inc. User guide for Cisco security manager 4.3 (2012)
Taleck, G.: Ambiguity resolution via passive os fingerprinting. In: Vigna, G., Kruegel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 192–206. Springer, Heidelberg (2003)
Esquivel, H., Mori, T., Akella, A.: Router-level spam filtering using TCP fingerprints: Architecture and measurement-based evaluation. In: Proceedings of the Sixth Conference on Email and Anti-Spam (2009)
Paxson, V.: Automated packet trace analysis of TCP implementations. ACM SIGCOMM Computer Communication Review (1997)
Haffner, P., Sen, S., Spatscheck, O., Wang, D.: ACAS: automated construction of application signatures. In: Proceedings of the 2005 ACM SIGCOMM Workshop on Mining Network Data (2005)
Matherly, J.: Expose online devices (May 2013), http://www.shodanhq.com/
Gerdes, R., Daniels, T., Mina, M., Russell, S.: Device identification via analog signal fingerprinting: A matched filter approach. In: Network and Distributed System Security Symposium, NDSS (2006)
Kohno, T., Broido, A., Claffy, K.: Remote physical device fingerprinting. IEEE Trans. Dependable and Secure Computing (2005)
Moore, A., Papagiannaki, K.: Toward the accurate identification of network applications. Passive and Active Network Measurement (2005)
Veysset, F., Courtay, O., Heen, O.: New tool and technique for remote operating system fingerprinting. Intranode Software Technologies (2002)
Moore, D., Keys, K., Koga, R., Lagache, E., Claffy, K.: The coralreef software suite as a tool for system and network administrators. In: Proceedings of the 15th USENIX Conference on System Administration (2001)
Beverly, R.: A robust classifier for passive TCP/IP fingerprinting. Passive and Active Network Measurement (2004)
Auffret, P.: Sinfp, unification of active and passive operating system fingerprinting. Journal in Computer Virology (2010)
Watson, D., Smart, M., Malan, G., Jahanian, F.: Protocol scrubbing: network security through transparent flow modification. IEEE/ACM Trans. on Networking, TON (2004)
Mahmood, A., Leckie, C., Hu, J., Tari, Z., Atiquzzaman, M.: Network traffic analysis and SCADA security. In: Handbook of Information and Communication Security (2010)
Hadziosmanovic, D., Bolzoni, D., Etalle, S., Hartel, P.: Challenges and opportunities in securing industrial control systems. In: Proceedings of the IEEE Workshop on Complexity in Engineering, COMPENG 2012, Aachen, Germany (2012)
Gordeychik, S.: SCADA strangelove or: How i learned to start worrying and love nuclear plants (February 2013)
ICS-CERT, ICS-ALERT-11-343-01 Control System Internet Accessibility, U.S. Department of Homeland Security (December 2011)
Duggan, D., Berg, M., Dillinger, J., Stamp, J.: Penetration testing of industrial control systems. Sandia National Laboratories (2005)
CRitical Infrastructure Security AnaLysIS (CRISALIS) (2012), http://www.crisalis-project.eu/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer International Publishing Switzerland
About this paper
Cite this paper
Caselli, M., Hadžiosmanović, D., Zambon, E., Kargl, F. (2013). On the Feasibility of Device Fingerprinting in Industrial Control Systems. In: Luiijf, E., Hartel, P. (eds) Critical Information Infrastructures Security. CRITIS 2013. Lecture Notes in Computer Science, vol 8328. Springer, Cham. https://doi.org/10.1007/978-3-319-03964-0_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-03964-0_14
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-03963-3
Online ISBN: 978-3-319-03964-0
eBook Packages: Computer ScienceComputer Science (R0)