PLC access control: A security analysis

Haroon Wardak; Sami Zhioua; Ahmad Almulhem

doi:10.1109/WCICSS.2016.7882935

PLC access control: A security analysis

Haroon Wardak, Sami Zhioua, Ahmad Almulhem

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

28 Scopus citations

Abstract

A Programmable Logic Controller (PLC) is a very common industrial control system device used to control output devices based on data received (and processed) from input devices. Given the central role that PLCs play in deployed industrial control systems, it has been a preferred target of ICS attackers. A quick search in the ICS-CERT repository reveals that out of a total of 589 advisories, more than 80 target PLCs. Stuxnet attack, considered the most famous reported incident on ICS, targeted mainly PLCs. Most of the PLC reported incidents are rooted in the fact that the PLC being accessed in an unauthorized way. In this paper, we investigate the PLC access control problem. We discuss several access control models but we focus mainly on the commonly adopted password-based access control. We show how such passwordbased mechanism can be compromised in a realistic scenario as well as the list the attacks that can be derived as a consequence. This paper details a set of vulnerabilities targeting recent versions of PLCs (2016) which have not been reported in the literature.

Original language	English
Title of host publication	2016 World Congress on Industrial Control Systems Security, WCICSS 2016
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	56-61
Number of pages	6
ISBN (Electronic)	9781908320636
DOIs	https://doi.org/10.1109/WCICSS.2016.7882935
State	Published - 20 Mar 2017

Publication series

Name	2016 World Congress on Industrial Control Systems Security, WCICSS 2016

Bibliographical note

Funding Information:
This research was supported by The National Science, Technology and Innovation Plan (NSTIP) grant, NSTIP 13-INF281-04 at King Fahd University of Petroleum and Minerals.

Publisher Copyright:
© 2016 IEEE.

Keywords

Access Control
Industrial Control Systems
PLC
Passwords
SCADA

ASJC Scopus subject areas

Control and Systems Engineering
Control and Optimization
Artificial Intelligence
Computer Networks and Communications
Industrial and Manufacturing Engineering
Safety, Risk, Reliability and Quality

Access to Document

10.1109/WCICSS.2016.7882935

Cite this

@inproceedings{76f603ea231b4c00918617ec7c7a7fc3,

title = "PLC access control: A security analysis",

abstract = "A Programmable Logic Controller (PLC) is a very common industrial control system device used to control output devices based on data received (and processed) from input devices. Given the central role that PLCs play in deployed industrial control systems, it has been a preferred target of ICS attackers. A quick search in the ICS-CERT repository reveals that out of a total of 589 advisories, more than 80 target PLCs. Stuxnet attack, considered the most famous reported incident on ICS, targeted mainly PLCs. Most of the PLC reported incidents are rooted in the fact that the PLC being accessed in an unauthorized way. In this paper, we investigate the PLC access control problem. We discuss several access control models but we focus mainly on the commonly adopted password-based access control. We show how such passwordbased mechanism can be compromised in a realistic scenario as well as the list the attacks that can be derived as a consequence. This paper details a set of vulnerabilities targeting recent versions of PLCs (2016) which have not been reported in the literature.",

keywords = "Access Control, Industrial Control Systems, PLC, Passwords, SCADA",

author = "Haroon Wardak and Sami Zhioua and Ahmad Almulhem",

note = "Funding Information: This research was supported by The National Science, Technology and Innovation Plan (NSTIP) grant, NSTIP 13-INF281-04 at King Fahd University of Petroleum and Minerals. Publisher Copyright: {\textcopyright} 2016 IEEE.",

year = "2017",

month = mar,

day = "20",

doi = "10.1109/WCICSS.2016.7882935",

language = "English",

series = "2016 World Congress on Industrial Control Systems Security, WCICSS 2016",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "56--61",

booktitle = "2016 World Congress on Industrial Control Systems Security, WCICSS 2016",

address = "United States",

}

PLC access control: A security analysis. / Wardak, Haroon; Zhioua, Sami; Almulhem, Ahmad.
2016 World Congress on Industrial Control Systems Security, WCICSS 2016. Institute of Electrical and Electronics Engineers Inc., 2017. p. 56-61 7882935 (2016 World Congress on Industrial Control Systems Security, WCICSS 2016).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - PLC access control

T2 - A security analysis

AU - Wardak, Haroon

AU - Zhioua, Sami

AU - Almulhem, Ahmad

N1 - Funding Information: This research was supported by The National Science, Technology and Innovation Plan (NSTIP) grant, NSTIP 13-INF281-04 at King Fahd University of Petroleum and Minerals. Publisher Copyright: © 2016 IEEE.

PY - 2017/3/20

Y1 - 2017/3/20

N2 - A Programmable Logic Controller (PLC) is a very common industrial control system device used to control output devices based on data received (and processed) from input devices. Given the central role that PLCs play in deployed industrial control systems, it has been a preferred target of ICS attackers. A quick search in the ICS-CERT repository reveals that out of a total of 589 advisories, more than 80 target PLCs. Stuxnet attack, considered the most famous reported incident on ICS, targeted mainly PLCs. Most of the PLC reported incidents are rooted in the fact that the PLC being accessed in an unauthorized way. In this paper, we investigate the PLC access control problem. We discuss several access control models but we focus mainly on the commonly adopted password-based access control. We show how such passwordbased mechanism can be compromised in a realistic scenario as well as the list the attacks that can be derived as a consequence. This paper details a set of vulnerabilities targeting recent versions of PLCs (2016) which have not been reported in the literature.

AB - A Programmable Logic Controller (PLC) is a very common industrial control system device used to control output devices based on data received (and processed) from input devices. Given the central role that PLCs play in deployed industrial control systems, it has been a preferred target of ICS attackers. A quick search in the ICS-CERT repository reveals that out of a total of 589 advisories, more than 80 target PLCs. Stuxnet attack, considered the most famous reported incident on ICS, targeted mainly PLCs. Most of the PLC reported incidents are rooted in the fact that the PLC being accessed in an unauthorized way. In this paper, we investigate the PLC access control problem. We discuss several access control models but we focus mainly on the commonly adopted password-based access control. We show how such passwordbased mechanism can be compromised in a realistic scenario as well as the list the attacks that can be derived as a consequence. This paper details a set of vulnerabilities targeting recent versions of PLCs (2016) which have not been reported in the literature.

KW - Access Control

KW - Industrial Control Systems

KW - PLC

KW - Passwords

KW - SCADA

UR - http://www.scopus.com/inward/record.url?scp=85018436373&partnerID=8YFLogxK

U2 - 10.1109/WCICSS.2016.7882935

DO - 10.1109/WCICSS.2016.7882935

M3 - Conference contribution

AN - SCOPUS:85018436373

T3 - 2016 World Congress on Industrial Control Systems Security, WCICSS 2016

SP - 56

EP - 61

BT - 2016 World Congress on Industrial Control Systems Security, WCICSS 2016

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

PLC access control: A security analysis

Abstract

Publication series

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this