Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Design of an Example Network Protocol for Security Tests Targeting Industrial Automation Systems

: Pfrang, Steffen; Giraud, M.; Borcherding, Anne; Meier, David; Beyerer, Jürgen

Fulltext urn:nbn:de:0011-n-5496090 (515 KByte PDF)
MD5 Fingerprint: 0b5a9260a6570b028b84d4852127440b
Created on: 3.7.2019

Mori, Paolo (Ed.) ; Institute for Systems and Technologies of Information, Control and Communication -INSTICC-, Setubal:
ICISSP 2019, 5th International Conference on Information Systems Security and Privacy : Prague, Czech Republic, February 23 - 25, 2019; Proceedings
Setubal: SciTePress, 2019
ISBN: 978-989-758-359-9
International Conference on Information Systems Security and Privacy (ICISSP) <5, 2019, Prague>
International Workshop on Formal Methods for Security Engineering (ForSE) <3, 2019, Prague>
Conference Paper, Electronic Publication
Fraunhofer IOSB ()
security testing; Industrial Automation and Control System; IACS; Example Network Protocol; Packet Structure; Protocol Behavior

Emerging concepts like Industrial Internet of Things (IIOT) and Industrie 4.0 require Industrial Automation and Control Systems (IACS) to be connected via networks and even to the Internet. These connections raise the importance of security for those devices enormously. Security testing for IACS aims at searching for vulnerabilities which can be utilized by attackers from the network. Once discovered, those gaps should be closed with patches before they can get exploited. Different tools utilized for this kind of security testing are dealing with network protocols. In practice, they suffer from peculiarities being present in common industrial automation protocols like OPC UA and Profinet IO. This paper tries to improve the situation by providing an extensive overview of network packet structures and network protocol behavior. Based on this analysis, an example protocol has been developed. The idea behind this artificial network protocol is that tools which are able to handle all the specialties of this protocol, are able to handle every imaginable protocol. Finally, those tools can be used to conduct exhaustive security tests for IACS.