Internet-scale Probing of CPS: Inference, Characterization and Orchestration Analysis

Fachkha, Claude; Bou‐Harb, Elias; Keliris, Anastasis; Memon, Nasir; Ahamad, Mustaque

doi:10.14722/ndss.2017.23149

Cited by 63 publications

(24 citation statements)

References 61 publications

(54 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Devices using these legacy and insecure industrial protocols are often subject to scanning activities [4,17,35]. While standard scanning tools, e.g., zmap [16], not necessarily influence normal operations of industrial devices [8], malicious activities can compromise such unprotected devices.…”

Section: Related Workmentioning

confidence: 99%

Easing the Conscience with OPC UA

Dahlmanns

Lohmöller

Fink

et al. 2020

Proceedings of the ACM Internet Measurement Conference

View full text Add to dashboard Cite

Due to increasing digitalization, formerly isolated industrial networks, e.g., for factory and process automation, move closer and closer to the Internet, mandating secure communication. However, securely setting up OPC UA, the prime candidate for secure industrial communication, is challenging due to a large variety of insecure options. To study whether Internet-facing OPC UA appliances are configured securely, we actively scan the IPv4 address space for publicly reachable OPC UA systems and assess the security of their configurations. We observe problematic security configurations such as missing access control (on 24% of hosts), disabled security functionality (24%), or use of deprecated cryptographic primitives (25%) on in total 92% of the reachable deployments. Furthermore, we discover several hundred devices in multiple autonomous systems sharing the same security certificate, opening the door for impersonation attacks. Overall, in this paper, we highlight commonly found security misconfigurations and underline the importance of appropriate configuration for security-featuring protocols.

show abstract

Section: Related Workmentioning

confidence: 99%

Easing the Conscience with OPC UA

Dahlmanns

Lohmöller

Fink

et al. 2020

Proceedings of the ACM Internet Measurement Conference

View full text Add to dashboard Cite

show abstract

“…More in general, projects such as Shodan's ICS radar 3 provide insights on the non-trivial amount of industrial control systems and PLCs directly exposed to the Internet. As shown by [15], a significant amount of probing activities targeted at cyberphysical systems is happening in the wild, both for research and for nefarious purposes.…”

Section: The Network Attack Surfacementioning

confidence: 99%

Security of controlled manufacturing systems in the connected factory: the case of industrial robots

Pogliani

Quarta

Polino

et al. 2019

J Comput Virol Hack Tech

View full text Add to dashboard Cite

In modern factories, "controlled" manufacturing systems, such as industrial robots, CNC machines, or 3D printers, are often connected in a control network, together with a plethora of heterogeneous control devices. Despite the obvious advantages in terms of production and ease of maintenance, this trend raises non-trivial cybersecurity concerns. Often, the devices employed are not designed for an interconnected world, but cannot be promptly replaced: In fact, they have essentially become legacy systems, embodying design patterns where components and networks are accounted as trusted elements. In this paper, we take a holistic view of the security issues (and challenges) that arise in designing and securely deploying controlled manufacturing systems, using industrial robots as a case study-indeed, robots are the most representative instance of a complex automatically controlled industrial device. Following up to our previous experimental analysis, we take a broad look at the deployment of industrial robots in a typical factory network

show abstract

“…For instance, in Rossow, the author evaluated UDP‐based network protocols if they are vulnerable to amplification attacks and proposed a method based on darknet monitoring to detect them. In Fachkha et al, the authors proposed a formal probabilistic model that aims at analyzing activities targeting Cyber‐Physical System (CPS) protocols. In Bou‐Harb et al, the authors passively monitored close to 16.5 million darknet IP addresses from a /8 and a /13 network telescopes.…”

Section: Background and Related Workmentioning

confidence: 99%

Deep mining port scans from darknet

2019

View full text Add to dashboard Cite

TCP/UDP port scanning or sweeping is one of the most common technique used by attackers to discover accessible and potentially vulnerable hosts and applications. Although extracting and distinguishing different port scanning strategies is a challenging task, the identification of dependencies among probed ports is primordial for profiling attacker behaviors, with a final goal of better mitigating them. In this paper, we propose an approach that allows to track port scanning behavior patterns among multiple probed ports and identify intrinsic properties of observed group of ports. Our method is fully automated based on graph modeling and data mining techniques, including text mining.It provides to security analysts and operators relevant information about services that are jointly targeted by attackers. This is helpful to assess the strategy of the attacker by understanding the types of applications or environment he or she targets. We applied our method to data collected through a large Internet telescope (or darknet).

show abstract

Internet-scale Probing of CPS: Inference, Characterization and Orchestration Analysis

Cited by 63 publications

References 61 publications

Easing the Conscience with OPC UA

Easing the Conscience with OPC UA

Security of controlled manufacturing systems in the connected factory: the case of industrial robots

Deep mining port scans from darknet

Contact Info

Product

Resources

About