Abstract
Open Platform Communications (OPC), the interoperability standard for the secure and reliable exchange of data in the industrial automation space, consists of two main types of protocol – classic and unified. The paper reviews a classic set of DA/HDA/A&E protocols, which is based on Microsoft DCOM and RPC technologies. Architectural cyber threats of the classic type of OPC are systematized in this work.
Similar content being viewed by others
REFERENCES
Levykin, M.V., New features of self-propagating malware, Sist. Sredstva Inf., 2011, vol. 21, no. 2, pp. 69–72.
The RPC Model. The RPC programming model in the official MSDN documentation. https://docs.microsoft.com/ en-us/windows/desktop/Rpc/microsoft-rpc-model.
Authentication-Level Constants. Description of RPC levels in the official MSDN documentation. https://docs.microsoft.com/en-us/windows/desktop/rpc/authentication-level-constants.
RPC_IF_CALLBACK_FN callback function. Procedure callback function that implements data security checks. https://docs.microsoft.com/ru-ru/windows/desktop/api/rpcdce/nc-rpcdce-rpc_if_callback_fn.
BadLock attack description. https://adsecurity.org/?p=2812.
Siering, P., Badlock—Why the Windows and Samba Vulnerability is Important. https://www.heise.de/ct/artikel/ Badlock-Why-the-Windows-and-Samba-Vulnerability-is-Important-3175176.html.
Impacket Framework. Impacket Source Code. https://github.com/SecureAuthCorp/impacket.
SpoolSample Utility. SpoolSample Source Code. https://github.com/leechristensen/SpoolSample.
NetNTLMtoSilverTicket Utility. Source Code. https://github.com/NotMedic/NetNTLMtoSilverTicket.
Grusho, A.A., Grusho, N.A., Levykin, M.V., and Timonina, E.E., Methods of identifying host capture in distributed metadata-protected computing systems, Inf. Primen., 2018, vol. 12, no. 4, pp. 39–43.
LogonTracer Utility. LogonTracer Source Code. https://github.com/JPCERTCC/LogonTracer.
Funding
The reported study was funded by RFBR according to the research project no. 18-29-03102.
Author information
Authors and Affiliations
Corresponding authors
Ethics declarations
The authors declare that they have no conflicts of interest.
Additional information
Translated by A. Muravev
About this article
Cite this article
Zegzhda, D.P., Kalinin, M.O. & Levykin, M.V. Actual Vulnerabilities of Industrial Automation Protocols of an Open Platform Communications Series. Aut. Control Comp. Sci. 53, 972–979 (2019). https://doi.org/10.3103/S0146411619080339
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411619080339