Security Analysis for PLC Access Control

doi:10.3969/j.issn.1006-2475.2019.09.008

Abstract

Abstract: PLC is a very common ICS device that receives and processes data from input devices and controls the output devices. As the core equipment in industrial control systems, PLC has always been the target of choice for attackers. For example, the Stuxnet for ICS, its main target is PLC. Currently, most attacks against PLCs originate from unauthorized access by PLCs. In order to improve the security of PLC equipment, this paper studies the PLC access control problem and discusses several access control models. The password-based access control model is the focus of this paper. Through the traffic analysis and violent cracking methods, this paper analyzes the security of password-based access control mechanism, shows how to store passwords in PLC memory, how to intercept passwords in the network, how to crack passwords, and so on. And through these vulnerabilities, this paper launches more advanced attacks on the ICS system, such as replay, PLC memory corruption, and so on. Finally, in view of the above security issues, this paper gives recommendations and summary of security protection.

Key words: PLC, SCADA, industrial control system, access control, password

CLC Number:

TP29

MIAO Si-wei1， YU Wen-hao1， YAO Feng2， GAO Jing3. Security Analysis for PLC Access Control[J]. Computer and Modernization, doi: 10.3969/j.issn.1006-2475.2019.09.008.

References ［24］

［1］	NARAYAN J, SHUKLA S K, CLANCY T C. A survey of automatic protocol reverse engineering tools［J］. ACM Computing Surveys, 2015,48(3):1-26.
［2］	KOTTLER S, KHAYAMY M, HASAN S R, et al. Formal verification of ladder logic programs using NuSMV［C］// IEEE SoutheastCon 2017. 2017:1-5.
［3］	FORMBY D, SRINIVASAN P, LEONARD A, et al. Whos in control of your control system? Device fingerprinting for cyber-physical systems［C］// Network and Distributed System Security Symposium. 2016.
［4］	YOON K L, YANG J W, CHONG S C, et al. Perceptual sensitivity and response bias in social anxiety: An application of signal detection theory［J］. Cognitive Therapy and Research, 2014,38(5):551-558.
［5］	KOSCHER K, CZESKIS A, ROESNER F, et al. Experimental security analysis of a modern automobile［C］// Proceedings of the 31st IEEE Symposium on Security and Privacy. 2010:447-462.
［6］	SADEGHI A R, WACHSMANN C, WAIDNER M. Security and privacy challenges in industrial internet of things［C］// 2015 52nd ACM/EDAC/IEEE Design Automation Conference. 2015:54.
［7］	CHEN X, ANDERSEN J, MORLEY Z, et al. Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware［C］// IEEE/IFIP International Conference on Dependable Systems & Networks. 2015:177-186.
［8］	COOPRIDER N, ARCHER W, EIDE E, et al. Efficient memory safety for TinyOS［C］// Proceedings of the 5th ACM International Conference on Embedded Networked Sensor Systems. 2007:205-218.
［9］	LANGNER R. Stuxnet: Dissecting a cyberwarfare weapon［J］. IEEE Security & Privacy, 2011,9(3):49-51.
［10］	CHANG K, SHIN K G. Distributed authentication of program integrity verification in wireless sensor networks［J］. ACM Transactions on Information and System Security, 2008,11(3):1-35.
［11］	MAJDALAWIEH M, PARISI-PRESICCE F, WIJESEKERA D. DNPSec: Distributed network protocol version 3 (DNP3) security framework［M］// Advances in Computer, Information, and Systems Sciences, and Engineering. Springer,Dordrecht, 2007:227-234.
［12］	JOON H, CHOONG S H, SEONG H J, et al. A security mechanism for automation control in PLC-based networks［C］// IEEE International Symposium on Power Line Communications & Its Applications. 2007:466-470.
［13］	JOHNSON R E. Survey of SCADA security challenges and potential attack vectors［C］// IEEE International Conference on Internet Technology & Secured Transactions. 2010:1-5.
［14］	CHIEN E, OMURCHU L, FALLIERE N. W32.Duqu:The precursor to the next Stuxnet［C］// USENIX Conference on Large-scale Exploits & Emergent Threats. 2012.
［15］	CHRISTIE R. Power Systems Test Case Archive［D］. University of Washington, 2000.
［16］	COOPER D, SANTESSON S, FARRELL S, et al. Internet X. 509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, RFC 5280［S］. 2008.
［17］	DAVIS K R, DAVIS C M, ZONOUZ S A, et al. A cyber-physical modeling and assessment framework for power grid infrastructures［J］. IEEE Transactions on Smart Grid, 2015,6(5):1.
［18］	DEFRAWY K E, FRANCILLON A, PERITO D, et al. SMART: Secure and minimal architecture for (establishing a dynamic) root of trust［C］// 2012 19th Annual Network and Distributed System Security Symposium. 2012:1-15.
［19］	CHECKOWAY S, MCCOY D, ANDERSON D, et al. Comprehensive experimental analyses of automotive attack surfaces［C］// Proceedings of the 20th USENIX Security Symposium. 2011.
［20］	GARCIA L, BRASSER F, CINTUGLU M H, et al. Hey, My malware knows physics! Attacking PLCs with physical model aware rootkit［C］// NDSS. 2017.
［21］	ETIGOWNI S, TIAN D, HERNANDEZ G, et al. CPAC: Securing critical infrastructure with cyber-physical access control［C］// Annual ACM Conference on Computer Security Applications. 2016.
［22］	MIYACHI T. Protecting industrial control systems［J］. Journal of the Institute of Electrical Engineers of Japan, 2012,132(6):354-358.
［23］	CHEREPANOV A, LIPOVSKY R. Blackenergy:What We Really Know About the Notorious Cyber Attacks［R］. VirusBulletin, 2016.
［24］	FALLIERE N, MURCHU L O, CHIEN E. W32. stuxnet dossier［R］. White Paper, Symantec Corp., Security Response, 2011,5(6):29.

[1]	HAN Dong-song, SHA Le-tian, ZHAO Chuang-ye. Worm and Agent-based Attack Modeling for Industrial Control Systems [J]. Computer and Modernization, 2023, 0(10): 107-114.
[2]	MO Yan, TANG Rong-chuan, JU Hao, SUN Shao-fei, WANG An. Commercial Cryptographic Upgrade for Industrial Internet Platform [J]. Computer and Modernization, 2023, 0(06): 118-126.
[3]	YANG Jun, WANG Jin-lin, NI Hong, SHENG Yi-qiang, . Dynamic Transfer Method Based on Sensitivity in Industrial Control Network Anomaly Detection [J]. Computer and Modernization, 2023, 0(05): 46-51.
[4]	JIANG Xing-yu, XU Rui, ZHANG Ruo-yu, ZHANG Zhi-yong, . Research on Network Asset Detection Technology of Industrial Control System [J]. Computer and Modernization, 2023, 0(02): 89-95.
[5]	Gulbostan Akim, Nurmamat Helil. ABAC Decision Recycling with Dynamic Policy Change [J]. Computer and Modernization, 2022, 0(10): 47-54.
[6]	LIU Zheng, WU Ke-hua, YE Chun-xiao. Security-enhanced Data Access Control for Multi-authority Cloud Storage [J]. Computer and Modernization, 2021, 0(10): 119-126.
[7]	LI Wen-quan, XU Su-ping. Tourism Resource Information Database System Based on Geographic Information [J]. Computer and Modernization, 2021, 0(08): 100-103.
[8]	LIU Xue-zhen, CUI Yan, DENG Xiao-fei, PENG Jie. An Efficient Attribute Revocation Scheme of Supporting Rights Management [J]. Computer and Modernization, 2021, 0(07): 95-101.
[9]	ZHAO Wei, QIN Li-han, YUN Chen-chao. Cross Platform Access Control of Technology Achievement Data Based on Portal Authentication Technology#br# [J]. Computer and Modernization, 2021, 0(07): 102-106.
[10]	SUN Guang-cheng, LI Hong-zhe, LI Sai-fei, ZHANG Xiao-wei. Internet of Things Access Control System Based on Blockchain [J]. Computer and Modernization, 2020, 0(11): 100-108.
[11]	YANG Yang, CAO Yan. Adaptive Access Control Model Based on Hazardous Events [J]. Computer and Modernization, 2019, 0(08): 98-.
[12]	ZHANG Peng, ZHOU Liang. Trust-based Dynamic Multi-level Access Control Model [J]. Computer and Modernization, 2019, 0(07): 116-.
[13]	CHEN Cheng, Nurmamat HELIL. Hidden Attribute Outsourced Decryption Access Control Scheme Based on CP-ABE [J]. Computer and Modernization, 2018, 0(05): 74-.
[14]	LIU Sai1, NIE Qing-jie1, LIU Jun1, LI Dong-min2, LI Jing2. A New Access Control Model for Real Time Database #br# Backup System Based on Quantified Action [J]. Computer and Modernization, 2018, 0(01): 116-122.
[15]	SHI Ting-jun, ZHANG Ying-jie. Method of Access Control of Attribute-based Ciphertext Policy for Cloud Storage [J]. Computer and Modernization, 2017, 0(7): 111-116.