Scanning the Cycle: Timing-based Authentication on PLCs

by   Chuadhry Mujeeb Ahmed, et al.

Programmable Logic Controllers (PLCs) are a core component of an Industrial Control System (ICS). However, if a PLC is compromised or the commands sent across a network from the PLCs are spoofed, consequences could be catastrophic. In this work, a novel technique to authenticate PLCs is proposed that aims at raising the bar against powerful attackers while being compatible with real-time systems. The proposed technique captures timing information for each controller in a non-invasive manner. It is argued that Scan Cycle is a unique feature of a PLC that can be approximated passively by observing network traffic. An attacker that spoofs commands issued by the PLCs would deviate from such fingerprints. To detect replay attacks a PLC Watermarking technique is proposed. PLC Watermarking models the relationship between the scan cycle and the control logic by modeling the input/output as a function of request/response messages of a PLC. The proposed technique is validated on an operational water treatment plant (SWaT) and smart grid (EPIC) testbed. Results from experiments indicate that PLCs can be distinguished based on their scan cycle timing characteristics.


SeqL: Secure Scan-Locking for IP Protection

Existing logic-locking attacks are known to successfully decrypt functio...

Scan Correlation – Revealing distributed scan campaigns

Public networks are exposed to port scans from the Internet. Attackers s...

ScheduLeak: A Novel Scheduler Side-Channel Attack Against Real-Time Autonomous Control Systems

Real-time autonomous control systems are often the core of safety critic...

Assessing the Effectiveness of Attack Detection at a Hackfest on Industrial Control Systems

A hackfest named SWaT Security Showdown (S3) has been organized consecut...

Evaluating Cascading Effects of Attacks on Resilience of Industrial Control Systems: A Design-Centric Modeling Approach

A design-centric modeling approach was proposed to model the behavior of...

ScanSAT: Unlocking Static and Dynamic Scan Obfuscation

While financially advantageous, outsourcing key steps, such as testing, ...

Please sign up or login with your details

Forgot password? Click here to reset