University of Cambridge > > Computer Laboratory Security Seminar > On the Insecurity of PLC Systems

On the Insecurity of PLC Systems

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Hridoy Sankar Dutta.

In a series of papers, we studied the security of Siemens PLC systems. We first showed that it is possible to fakely and stealthily download any control program into Siemens PLCs, bypassing cryptographic protections (with a variant of HMAC -SHA256 under a supposedly secret key). We could even download a fake executable unrelated to the downloaded source program, thus disabling the ability of the PLC engineers to identify the fake program even if they suspect the PLC behaviour. Following Siemens recommendations to protect against these attacks by using passwords, we studied the passwords schemes and found various vulnerabilities in some versions of the PLCs. A major protection step made by Siemens was to use TLS instead of the Siemens home-grown cryptographic protection. This change seems a good practice in general, but have several weaknesses. One is the long upgrade cycle of firmware in PLCs once a vulnerability is found, which makes any standard (complex) IT software installed on the PLC a security threat. Moreover, we show that the TLS protection allows attacker to perform new strong attacks which were not possible in the home-grown cryptographic version. Last but not least, in a recent openPLC product Siemens use Intel processors that run the (encrypted) PLC firmware and Windows OS on different cores of the same processor, under an hypervisor. Unfortunately, nothing prohibits an attacker to run his own fake version of the PLC firmware. We conclude that the whole security ecosystem and security assumptions of PLCs should be revisited – the currently existing protection schemes do not address the real threats on PLCs. In another work we proposed a framework for a cryptographic protection of PLC communications.

This talk is part of the Computer Laboratory Security Seminar series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.


© 2006-2024, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity