计算机与现代化

• 信息安全 • 上一篇    下一篇

针对PLC访问控制的安全分析

  

  1. (1.中国电力科学研究院有限公司,北京100192; 2.国网河北省电力有限公司,河北石家庄050000;
    3.国网甘肃省电力公司信息通信公司,甘肃兰州730050)
  • 出版日期:2019-09-23 发布日期:2019-09-23

Security Analysis for PLC Access Control

  1. (1. China Electric Power Research Institute, Beijing 100192, China;
    2. State Grid Hebei Electric Power Comapany, Shijiazhuang 050000, China;
    3. State Grid Gansu Electric Power Company Information and Communication Company, Lanzhou 730050, China)
  • Online:2019-09-23 Published:2019-09-23

摘要: 可编程逻辑控制器(Programing Logic Controller, PLC)是一种很常见的工业控制系统(Industrial Control System, ICS)设备,用于接收和处理输入设备的数据以及对输出设备进行控制。作为工业控制系统中的核心设备,PLC一直是攻击者的首选目标,例如针对ICS的“震网”病毒,其主要攻击目标就是PLC。目前,大多数针对PLC的攻击都源于PLC的未授权访问。为了提高PLC设备的安全性,本文对PLC访问控制问题进行研究,对几种访问控制模型进行讨论,其中基于密码的访问控制模型是本文研究的重点,通过使用流量分析和暴力破解的方法,对PLC基于密码的访问控制机制进行安全性分析,展示如何将密码存储在PLC内存中、如何在网络中拦截密码、如何破解密码等。并通过这些漏洞,对ICS系统发起更高级的攻击,例如重放、PLC内存损坏等。最后,针对上述安全问题,本文给出安全防护建议以及总结。

关键词: PLC, SCADA, 工业控制系统, 访问控制, 密码

Abstract: PLC is a very common ICS device that receives and processes data from input devices and controls the output devices. As the core equipment in industrial control systems, PLC has always been the target of choice for attackers. For example, the Stuxnet for ICS, its main target is PLC. Currently, most attacks against PLCs originate from unauthorized access by PLCs. In order to improve the security of PLC equipment, this paper studies the PLC access control problem and discusses several access control models. The password-based access control model is the focus of this paper. Through the traffic analysis and violent cracking methods, this paper analyzes the security of password-based access control mechanism, shows how to store passwords in PLC memory, how to intercept passwords in the network, how to crack passwords, and so on. And through these vulnerabilities, this paper launches more advanced attacks on the ICS system, such as replay, PLC memory corruption, and so on. Finally, in view of the above security issues, this paper gives recommendations and summary of security protection.

Key words: PLC, SCADA, industrial control system, access control, password

中图分类号: