Hadjer Benkraouda, Muhammad Ashif Chakkantakath, A. Keliris, M. Maniatakos
{"title":"SNIFU:旧plc固件更新的安全网络拦截","authors":"Hadjer Benkraouda, Muhammad Ashif Chakkantakath, A. Keliris, M. Maniatakos","doi":"10.1109/VTS48691.2020.9107609","DOIUrl":null,"url":null,"abstract":"Attacks on Industrial Control Systems (ICS) are increasingly targeting field devices and the firmware that instruments their operation. Securing the firmware images and their update procedure has, therefore, become an important challenge. This is especially true for widely deployed legacy devices which are not equipped with the necessary security mechanisms/capabilities. In this paper, we address the problem by reverse engineering PLC firmware update tools to build a device that ensures the integrity and authenticity of firmware updates, before allowing them to be flashed onto a field device. Our tool is directly connected to field devices and consists of a firmware signing mechanism, a PLC emulation module, and a payload detection classifier – all integrated in a bump-in-the-wire device, SNIFU. SNIFU monitors serial traffic sent to the PLC for firmware update commands. When it identifies such commands, it emulates a PLC, capturing the entire firmware image and verifying it before relaying it to the PLC. We implement and evaluate a prototype of SNIFU using a Raspberry Pi, that secures the update process of a commercial PLC by Wago.","PeriodicalId":326132,"journal":{"name":"2020 IEEE 38th VLSI Test Symposium (VTS)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"SNIFU: Secure Network Interception for Firmware Updates in legacy PLCs\",\"authors\":\"Hadjer Benkraouda, Muhammad Ashif Chakkantakath, A. Keliris, M. Maniatakos\",\"doi\":\"10.1109/VTS48691.2020.9107609\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Attacks on Industrial Control Systems (ICS) are increasingly targeting field devices and the firmware that instruments their operation. Securing the firmware images and their update procedure has, therefore, become an important challenge. This is especially true for widely deployed legacy devices which are not equipped with the necessary security mechanisms/capabilities. In this paper, we address the problem by reverse engineering PLC firmware update tools to build a device that ensures the integrity and authenticity of firmware updates, before allowing them to be flashed onto a field device. Our tool is directly connected to field devices and consists of a firmware signing mechanism, a PLC emulation module, and a payload detection classifier – all integrated in a bump-in-the-wire device, SNIFU. SNIFU monitors serial traffic sent to the PLC for firmware update commands. When it identifies such commands, it emulates a PLC, capturing the entire firmware image and verifying it before relaying it to the PLC. We implement and evaluate a prototype of SNIFU using a Raspberry Pi, that secures the update process of a commercial PLC by Wago.\",\"PeriodicalId\":326132,\"journal\":{\"name\":\"2020 IEEE 38th VLSI Test Symposium (VTS)\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-04-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 IEEE 38th VLSI Test Symposium (VTS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/VTS48691.2020.9107609\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 38th VLSI Test Symposium (VTS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/VTS48691.2020.9107609","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
SNIFU: Secure Network Interception for Firmware Updates in legacy PLCs
Attacks on Industrial Control Systems (ICS) are increasingly targeting field devices and the firmware that instruments their operation. Securing the firmware images and their update procedure has, therefore, become an important challenge. This is especially true for widely deployed legacy devices which are not equipped with the necessary security mechanisms/capabilities. In this paper, we address the problem by reverse engineering PLC firmware update tools to build a device that ensures the integrity and authenticity of firmware updates, before allowing them to be flashed onto a field device. Our tool is directly connected to field devices and consists of a firmware signing mechanism, a PLC emulation module, and a payload detection classifier – all integrated in a bump-in-the-wire device, SNIFU. SNIFU monitors serial traffic sent to the PLC for firmware update commands. When it identifies such commands, it emulates a PLC, capturing the entire firmware image and verifying it before relaying it to the PLC. We implement and evaluate a prototype of SNIFU using a Raspberry Pi, that secures the update process of a commercial PLC by Wago.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
