|
On Shaky Ground - A Study of Security Vulnerabilities in Control Protocols
Eric J. Byres, Dan Hoffman & Nate Kube
Wurldtech Research Inc.:
7178 Lancrest Tr., PO Box 178,
Lantzville, BC, Canada, V0R 2H0,
ebyres@wurldtech.com
Wurldtech Analytics Inc.:
401 W Georgia Street, Suite 1680
Vancouver BC Canada
V6B 5A1
nkube@wurldtech.com
University of Victoria:
Department of Computer Science,
PO Box 3055 STN CSC,
Victoria, BC, Canada, V8W 3P6,
dhoffman@cs.uvic.ca
Abstract – The recent introduction of information technologies such as Ethernet® into nuclear industry control devices has resulted in significantly less isolation from the outside world. This raises the question of whether these systems could be attacked by malware, network hackers or professional criminals to cause disruption to critical operations in a manner similar to the impacts now felt in the business world.
To help answer this question, a study was undertaken to test a representative control protocol to determine if it had vulnerabilities that could be exploited. A framework was created in which a test could express a large number of test cases in very compact formal language. This in turn, allowed for the economical automation of both the generation of selectively malformed protocol traffic and the measurement of device under test's (DUT) behavior in response to this traffic.
Approximately 5000 protocol conformance tests were run against two major brands of industrial controller. More than 60 categories of errors were discovered, the majority of which were in the form of incorrect error responses to malformed traffic. Several malformed packets however, caused the device to respond or communicate in inappropriate ways. These would be relatively simple for an attacker to inject into a system and could result in the plant operator losing complete view or control of the control device. Based on this relatively small set of devices, we believe that the nuclear industry urgently needs to adopt better security robustness testing of control devices as standard practice.
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | Next »
|
