Industrial Control and Building Automation System Penetrating Testing using Modbus TCP Testbed
DOI:
https://doi.org/10.21015/vtse.v10i3.1113Abstract
Industrial Control System (ICS) plays a vital role in industries as it controls industrial processes such as power plants, food production, transportation, water and gas distribution etc. Similarly Building Automation System (BAS) is utilized for control, energy efficiency and conservation of modern buildings. As both BAS and ICS systems are becoming increasingly interconnected with networking technologies and becoming a lucrative target for attacks thus pose a serious threat to the infrastructure they control. ICS and BAS networks have been using legacy protocols with implementation of ICT protocols and technologies to be connected with modern networks. Thus, they have lack of security implementation. This paper presented a test-bed for testing vulnerabilities in Modbus protocol on HVAC control system. Two MITM attack scenarios were discussed and performed to demonstrate the weakness in the Modbus TCP protocol. The proposed system was tested using EasyIO-FS-32 server class controller having Modbus RTU, TCP and BACnet MSTP, TCP.
References
X. Fan, K. Fan, Y. Wang, and R. Zhou, “Overview of cyber-security of industrial control system,” in 2015 international conference on cyber security of smart cities, industrial control system and communications (SSIC). IEEE, 2015, pp. 1–7. DOI: https://doi.org/10.1109/SSIC.2015.7245324
K. Stouffer, J. Falco, K. Scarfone et al., “Guide to industrial control systems (ics) security,” NIST special publication, vol. 800, no. 82, pp. 16–16, 2011.
D. Bhamare, M. Zolanvari, A. Erbad, R. Jain, K. Khan, and N. Meskin, “Cybersecurity for industrial control systems: A survey,” vol. 89, p. 101677.
T. Macaulay and B. L. Singer, Cybersecurity for industrial control systems: SCADA, DCS, PLC, HMI, and SIS. CRC Press, 2011.
W. Knowles, D. Prince, D. Hutchison, J. F. P. Disso, and K. Jones, “A survey of cyber security management in industrial control systems,” International journal of critical infrastructure protection, vol. 9, pp. 52– 80, 2015. DOI: https://doi.org/10.1016/j.ijcip.2015.02.002
S. S. S. R. Depuru, L. Wang, V. Devabhaktuni, and N. Gudi, “Smart meters for power gridchallenges, issues, advantages and status,” in 2011 IEEE/PES Power Systems Conference and Exposition. IEEE, 2011, pp. 1–7. DOI: https://doi.org/10.1109/PSCE.2011.5772451
N. Falliere, L. O. Murchu, and E. Chien, “W32. stuxnet dossier,” vol. 5, no. 6, p. 29.
D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, and N. Weaver, “Inside the slammer worm,” vol. 1, no. 4, pp. 33–39. DOI: https://doi.org/10.1109/MSECP.2003.1219056
M. Conti, D. Donadel, and F. Turrin, “A survey on industrial control system testbeds and datasets for security research,” arXiv preprint arXiv:2102.05631, 2021.
R. Nardone, R. J. Rodrguez, and S. Marrone, “Formal security assessment of modbus protocol,” in 2016 11th International Conference for Internet Technology and Secured Transactions (ICITST), 2016, pp. 142– 147. DOI: https://doi.org/10.1109/ICITST.2016.7856685
J. Men, G. Xu, Z. Han, Z. Sun, X. Zhou, W. Lian, and X. Cheng,“Finding sands in the eyes: vulnerabilities discovery in iot with eufuzzer on human machine interface,” IEEE Access, vol. 7, pp. 103 751–103 759, 2019.
V. Manes, H. Han, and C. Han, “sang cha, manuel egele, edward schwartz, and maverick woo. 2019. the art,” Science, and Engineering of Fuzzing: A Survey. IEEE Transactions on Software Engineering PP
(10 2019), pp. 1–1, 2019.
H. Liang, X. Pei, X. Jia, W. Shen, and J. Zhang, “Fuzzing: State of the art,” IEEE Transactions on Reliability, vol. 67, no. 3, pp. 1199–1218, 2018.
H. Lan, X. Zhu, J. Sun, and S. Li, “Traffic data classification to detect man-in-the-middle attacks in industrial control system,” in 2019 6th International Conference on Dependable Systems and Their Applications (DSA). IEEE, 2020, pp. 430–434.
O. Eigner, P. Kreimel, and P. Tavolato, “Detection of man-in-the-middle attacks on industrial control networks,” in 2016 International Conference on Software Security and Assurance (ICSSA). IEEE, 2016, pp. 64–69. DOI: https://doi.org/10.1109/ICSSA.2016.19
Ahmed, I., Roussev, V., Johnson, W., Senthivel, S., Sudhakaran, S., 2016. A scada system testbed for cybersecurity and forensic research and pedagogy, in: Proceedings of the 2nd Annual Industrial Control System Security Workshop, ACM. pp. 1–9 DOI: https://doi.org/10.1145/3018981.3018984
Parian, Christopher, Terry Guldimann, and Sajal Bhatia. "Fooling the master: Exploiting weaknesses in the Modbus protocol." Procedia Computer Science 171 (2020): 2453-2458.
Luswata, John, Pavol Zavarsky, Bobby Swar, and Davison Zvabva. "Analysis of scada security using penetration testing: A case study on modbus tcp protocol." In 2018 29th Biennial Symposium on Communications (BSC), pp. 1-5. IEEE, 2018
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC-By) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
This work is licensed under a Creative Commons Attribution License CC BY
