Skip to main content
SpringerLink
Log in

Security Issues and Mitigation in Ethernet POWERLINK

  • Conference paper
  • First Online:
Security of Industrial Control Systems and Cyber-Physical Systems (CyberICPS 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10166))

Abstract

Ethernet POWERLINK is an industrial Ethernet protocol created for applications with high degree of determinism, and amongst the closest to real-time (class 3 industrial Ethernet protocol). Consequently, it was developed for efficiency and short cycle times, with no security as it would only slow down the communications. In this paper, we show that most of the common known industrial Ethernet attacks cannot be carried out for Ethernet POWERLINK due to its isochronous real-time characteristics. We also show that it is still possible to perform attacks to affect such a system. We thus present five different attacks: a denial of service, a command insertion for a slave and then for a master, and impersonation of a slave and, finally, of a master. These attacks are afterwards validated on a testbed. We finally present proposals to defend against them without adding any major delay in the cyclic communications, by modifying transitions of the state machines of the protocol.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://www.br-automation.com/.

References

  1. Neumann, P.: Communication in industrial automation what is going on? Contr. Eng. Pract. 15, 1332–1347 (2007)

    Article  Google Scholar 

  2. Jasperneite, J., Schumacher, M., Weber, K.: Limits of increasing the performance of industrial ethernet protocols. In: IEEE Conference on Emerging Technologies and Factory Automation (ETFA), pp. 17–24. IEEE (2007)

    Google Scholar 

  3. Ethernet POWERLINK Standardization Group: EPSG Draft Standard 301. Ethernet POWERLINK Communication Profile Specification (2013)

    Google Scholar 

  4. CAN in Automation: CiA 301 CANopen application layer specification (2011)

    Google Scholar 

  5. Falliere, N., Murchu, L.O., Chien, E.: W32. stuxnet dossier. White paper, Symantec Corp., Security Response 5 (2011)

    Google Scholar 

  6. Spenneberg, R., BrĂĽggemann, M., Schwartke, H.: PLC-blaster: a worm living solely in the PLC (2016)

    Google Scholar 

  7. Huitsing, P., Chandia, R., Papa, M., Shenoi, S.: Attack taxonomies for the modbus protocols. Int. J. Crit. Infrastruct. Protect. 1, 37–44 (2008)

    Article  Google Scholar 

  8. Bristow, M.: Modscan: a scada modbus network scanner. In: DefCon-16 Conference, Las Vegas, NV (2008)

    Google Scholar 

  9. Spyridopoulos, T., Topa, I.-A., Tryfonas, T., Karyda, M.: A holistic approach for cyber assurance of critical infrastructure with the viable system model. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 438–445. Springer, Heidelberg (2014). doi:10.1007/978-3-642-55415-5_37

    Chapter  Google Scholar 

  10. Antonioli, D., Tippenhauer, N.O.: Minicps: a toolkit for security research on CPS networks. In: Proceedings of the First ACM Workshop on Cyber-Physical Systems-Security and/or Privacy, pp. 91–100.1 ACM (2015)

    Google Scholar 

  11. Åkerberg, J., Björkman, M.: Exploring security in profinet IO. In: 33rd Annual IEEE International Computer Software and Applications Conference (COMPSAC 2009), vol. 1, pp. 406–412. IEEE (2009)

    Google Scholar 

  12. Paul, A., Schuster, F., König, H.: Towards the protection of industrial control systems – conclusions of a vulnerability analysis of profinet IO. In: Rieck, K., Stewin, P., Seifert, J.-P. (eds.) DIMVA 2013. LNCS, vol. 7967, pp. 160–176. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39235-1_10

    Chapter  Google Scholar 

  13. Bhatia, S., Kush, N., Djamaludin, C., Akande, J., Foo, E.: Practical modbus flooding attack and detection. In: Proceedings of the Twelfth Australasian Information Security Conference, vol. 149, pp. 57–65. Australian Computer Society, Inc. (2014)

    Google Scholar 

  14. Basecamp Digital Bond: Attacking ControlLogix: ControlLogix Vulnerability Report (2012)

    Google Scholar 

  15. Patel, S.C.: Secure Internet-Based Communication Protocol for SCADA Networks. University of Louisville (2006)

    Google Scholar 

  16. International Electrotechnical Commission: AGA Report No. 12. Cryptographic Protection of SCADA Communications Part 1: Background, Policies and Test Plan (2006)

    Google Scholar 

  17. West, A.: Securing DNP3 and modbus with AGA12-2J. In: 2008 IEEE Power and Energy Society General Meeting-Conversion and Delivery of Electrical Energy in the 21st Century, pp. 1–4. IEEE (2008)

    Google Scholar 

  18. Tsang, P.P., Smith, S.W.: YASIR: a low-latency, high-integrity security retrofit for legacy SCADA systems. In: Jajodia, S., Samarati, P., Cimato, S. (eds.) SEC 2008. ITIFIP, vol. 278, pp. 445–459. Springer, Boston, MA (2008). doi:10.1007/978-0-387-09699-5_29

    Chapter  Google Scholar 

  19. Shahzad, A., Musa, S., Aborujilah, A., Irfan, M.: Secure cryptography testbed implementation for scada protocols security. In: 2013 International Conference on Advanced Computer Science Applications and Technologies (ACSAT), pp. 315–320. IEEE (2013)

    Google Scholar 

  20. Fovino, I.N., Carcano, A., Masera, M., Trombetta, A.: Design and implementation of a secure modbus protocol. In: Palmer, C., Shenoi, S. (eds.) ICCIP 2009. IAICT, vol. 311, pp. 83–96. Springer, Heidelberg (2009). doi:10.1007/978-3-642-04798-5_6

    Chapter  Google Scholar 

  21. Hayes, G., El-Khatib, K.: Securing modbus transactions using hash-based message authentication codes and stream transmission control protocol. In: 2013 Third International Conference on Communications and Information Technology (ICCIT), pp. 179–184. IEEE (2013)

    Google Scholar 

  22. Wang, Y.: sSCADA: securing scada infrastructure communications. Int. J. Commun. Netw. Distrib. Syst. 6, 59–78 (2010)

    Article  Google Scholar 

  23. Czybik, B., Hausmann, S., Heiss, S., Jasperneite, J.: Performance evaluation of MAC algorithms for real-time ethernet communication systems. In: 2013 11th IEEE International Conference on Industrial Informatics (INDIN), pp. 676–681. IEEE (2013)

    Google Scholar 

  24. IEEE Power, Energy Society: IEEE 1815. IEEE Standard for Electric Power Systems Communications - Distributed Network Protocol (DNP3) (2012)

    Google Scholar 

  25. Ethernet POWERLINK Standardization Group: EPSG Draft Standard Proposal 302-A. Ethernet POWERLINK Part A, High Availability (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Telecom SudParis, 9 rue Charles Fourier, 91011, Evry, France

    Jonathan Yung & Hervé Debar

  2. Airbus Group Innovations, 12 rue Pasteur, 92152, Suresnes, France

    Jonathan Yung & Louis Granboulan

Authors
  1. Jonathan Yung
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hervé Debar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Louis Granboulan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jonathan Yung .

Editor information

Editors and Affiliations

  1. Telecom Bretagne , Cesson Sevigne, France

    Nora Cuppens-Boulahia

  2. University of Piraeus , Piraeus, Greece

    Costas Lambrinoudakis

  3. Telecom Bretagne, Cesson Sevigne , France

    Frédéric Cuppens

  4. Norwegian University of Science & Technology, Gjøvik, Norway

    Sokratis Katsikas

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Yung, J., Debar, H., Granboulan, L. (2017). Security Issues and Mitigation in Ethernet POWERLINK. In: Cuppens-Boulahia, N., Lambrinoudakis, C., Cuppens, F., Katsikas, S. (eds) Security of Industrial Control Systems and Cyber-Physical Systems. CyberICPS 2016. Lecture Notes in Computer Science(), vol 10166. Springer, Cham. https://doi.org/10.1007/978-3-319-61437-3_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-61437-3_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-61436-6

  • Online ISBN: 978-3-319-61437-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation