Abstract
The trend of introducing common information and communication technologies into automation control systems induces besides many benefits new security risks to industrial plants and critical infrastructures. The increasing use of Internet protocols in industrial control systems combined with the introduction of Industrial Ethernet on the field level facilitate malicious intrusions into automation systems. The detection of such intrusions requires a detailed vulnerability analysis of the deployed protocols to find possible attacks. Profinet IO is one of the emerging protocols for decentralized control in the European automation industry which has found wide application. In this paper, we describe as results of a vulnerability analysis of the Profinet IO protocol several possible attacks on this protocol. Thereafter we discuss an appropriate protection of automation networks using anomaly-based intrusion detection as an effective countermeasure to address these attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Falliere, N., Murchu, L.O., Chien, E.: W32.Stuxnet Dossier, Version 1.4. Symantec Security Response, Cupertino (2011)
W32.Duqu – The precursor to the next Stuxnet, Version 1.4. Symantec Security Response, Mountain View (2011)
Feld, J.: PROFINET - Scalable Factory Communication for all Applications. In: Proc. of the 2004 IEEE Intl. Workshop on Factory Communication Systems (WFCS 2004), pp. 33–38. IEEE (2004)
Jasperneite, J., Feld, J.: PROFINET: An Integration Platform for Heterogeneous Industrial Communication Systems. In: Proc. of the 10th IEEE Intl. Conf. on Emerging Technologies and Factory Automation (ETFA 2005). IEEE (2005)
Kleines, H., Detert, S., Drochner, M., Suxdorf, F.: Performance Aspects of PROFINET IO. Proc. of the IEEE Transactions on Nuclear Science 55, 290–294 (2008)
Antolovic, M., Acton, K., Kalappa, N., Mantri, S., Parrott, J., Luntz, J.E., Moyne, J.R., Tilbury, D.M.: PLC Communication using PROFINET: Experimental Results and Analysis. In: Proc. of the 11th IEEE Intl. Conf. on Emerging Technologies and Factory Automation (ETFA 2006). IEEE (2006)
Åkerberg, J., Björkman, M.: Exploring Security in PROFINET IO. In: Proc. of the 33rd Annual IEEE Intl. Computer Software and Applications Conference (COMPSAC 2009), pp. 406–412. IEEE (2009)
Baud, M., Felser, M.: Profinet IO-Device Emulator based on the Man-in-the-Middle Attack. In: Proc. of the 11th IEEE Intl. Conf. on Emerging Technologies and Factory Automation (ETFA 2006), pp. 437–440. IEEE (2006)
Åkerberg, J., Björkman, M.: Exploring Network Security in PROFIsafe. In: Buth, B., Rabe, G., Seyfarth, T. (eds.) SAFECOMP 2009. LNCS, vol. 5775, pp. 67–80. Springer, Heidelberg (2009)
Schafer, I., Felser, M.: Topology Discovery in PROFINET. In: Proc. of the 12th IEEE Intl. Conf. on Emerging Technologies and Factory Automation (ETFA 2007), pp. 704–707. IEEE (2007)
Jäger, M., Just, R., Niggemann, O.: Using Automatic Topology Discovery to Diagnose PROFINET Networks. In: Proc. of the 16th IEEE Intl. Conf. on Emerging Technologies and Factory Automation (ETFA 2011), pp. 1–4. IEEE (2011)
Åkerberg, J., Björkman, M.: Introducing Security Modules in PROFINET IO. In: Proc. of the 14th IEEE Intl. Conf. on Emerging Technologies and Factory Automation (ETFA 2009), pp. 1–8. IEEE (2009)
Snort 2.9.4 with ICS protocol support, http://s3.amazonaws.com/snort-org/www/assets/166/snort_manual.pdf
Verba, J., Milvich, M.: Idaho National Laboratory Supervisory Control and Data Acquisition Intrusion Detection System (SCADA IDS). In: Proc. of the IEEE Conf. on Technologies for Homeland Security (THS 2008), pp. 469–473. IEEE (2008)
Carcano, A., Fovino, I.N., Masera, M., Trombetta, A.: State-Based Network Intrusion Detection Systems for SCADA Protocols: A Proof of Concept. In: Rome, E., Bloomfield, R. (eds.) CRITIS 2009. LNCS, vol. 6027, pp. 138–150. Springer, Heidelberg (2010)
Barbosa, R.R.R., Pras, A.: Intrusion Detection in SCADA Networks. In: Stiller, B., De Turck, F. (eds.) AIMS 2010. LNCS, vol. 6155, pp. 163–166. Springer, Heidelberg (2010)
Linda, O., Vollmer, T., Manic, M.: Neural Network based Intrusion Detection System for critical infrastructures. In: Proc. of the Intl. Joint Conference on Neural Networks (IJCNN 2009), pp. 1827–1834. IEEE (2009)
Bigham, J., Gamez, D., Lu, N.: Safeguarding SCADA Systems with Anomaly Detection. In: Gorodetsky, V., Popyack, L.J., Skormin, V.A. (eds.) MMM-ACNS 2003. LNCS, vol. 2776, pp. 171–182. Springer, Heidelberg (2003)
Gao, W., Morris, T., Reaves, B., Richey, D.: On SCADA Control System Command and Response Injection and Intrusion Detection. In: Proc. of the Fifth eCrime Researchers Summit (eCrime 2010), pp. 1–9. IEEE (2010)
IEC 61158-6-10 Industrial communication networks - Fieldbus specifications - Part 6-10: Application layer protocol specification - Type 10 elements (2007)
Hadziosmanović, D., Bolzoni, D., Etalle, S., Hartel, P.H.: Challenges and Opportunities in Securing Industrial Control Systems. In: Proc. of the IEEE Workshop on Complexity in Engineering (COMPENG 2012), pp. 1–6. IEEE (2012)
Hadžiosmanović, D., Simionato, L., Bolzoni, D., Zambon, E., Etalle, S.: N-gram Against the Machine: On the Feasibility of the N-gram Network Analysis for Binary Protocols. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 354–373. Springer, Heidelberg (2012)
Schuster, F., Paul, A., König, H.: Towards learning normality for anomaly detection in industrial control networks. In: Doyen, G., Waldburger, M., Celeda, P., Sperotto, A., Stiller, B. (eds.) AIMS 2013. LNCS, vol. 7943, pp. 62–73. Springer, Heidelberg (2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Paul, A., Schuster, F., König, H. (2013). Towards the Protection of Industrial Control Systems – Conclusions of a Vulnerability Analysis of Profinet IO. In: Rieck, K., Stewin, P., Seifert, JP. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2013. Lecture Notes in Computer Science, vol 7967. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39235-1_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-39235-1_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39234-4
Online ISBN: 978-3-642-39235-1
eBook Packages: Computer ScienceComputer Science (R0)