On the Detection of Replay Attacks in Industrial Automation Networks Operated with Profinet IO

Steffen Pfrang; David Meier

doi:10.5220/0006288106830693

On the Detection of Replay Attacks in Industrial Automation Networks Operated with Profinet IO

Steffen Pfrang, David Meier

2017

Abstract

Modern industrial facilities consist of controllers, actuators and sensors that are connected via traditional IT equipment. The ongoing integration of these systems into the communication network yields to new threats and attack possibilities. In industrial networks, often distinct communication protocols like Profinet IO (PNIO) are used. These protocols are often not supported by typical network security tools. In this paper, we present two attack techniques that allow to take over the control of a PNIO device, enabling an attacker to replay formerly recorded traffic. We model attack detection rules and propose an intrusion detection system (IDS) for industrial networks which is capable of detecting those replay attacks by correlating alerts from traditional IT IDS with specific PNIO alarms. Thereafter, we evaluate our IDS in a physical demonstrator and compare it with another IDS dedicated to securing PNIO networks.

Download

Paper Citation

in Harvard Style

Pfrang S. and Meier D. (2017). On the Detection of Replay Attacks in Industrial Automation Networks Operated with Profinet IO . In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ForSE, (ICISSP 2017) ISBN 978-989-758-209-7, pages 683-693. DOI: 10.5220/0006288106830693

in Bibtex Style

@conference{forse17,
author={Steffen Pfrang and David Meier},
title={On the Detection of Replay Attacks in Industrial Automation Networks Operated with Profinet IO},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ForSE, (ICISSP 2017)},
year={2017},
pages={683-693},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006288106830693},
isbn={978-989-758-209-7},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ForSE, (ICISSP 2017)
TI - On the Detection of Replay Attacks in Industrial Automation Networks Operated with Profinet IO
SN - 978-989-758-209-7
AU - Pfrang S.
AU - Meier D.
PY - 2017
SP - 683
EP - 693
DO - 10.5220/0006288106830693