Radio Frequency (RF) Security in Industrial Engineering Processes
Interconnection and information transparency are major players when it comes to the 4th Industrial Revolution, also known as the Industry 4.0 (I4.0). Hence, wireless transmission systems have a growing potential in the engineering of new industrial machines. In fact, Radio Frequency (RF) technologies have already found their ways into the engineering process. This trend, however, goes hand in hand with a rising awareness for IT security. Since industrial machines are known to have a great lifetime, it is inevitable to not consider security from the very first development phase onward. To improve the security of any industrial system findings from industrial penetration tests as well as possible mitigations should be already considered at an early stage of the design and development process. This chapter therefore discusses use cases and security measures of wireless systems in industrial facilities. Based on an overview of RF technologies in the industrial field, several devices and software products (software-defined radios) for the analysis of such systems are introduced. Furthermore, the feasibility for Penetration Testing of these devices is addressed to strengthen the security aspect when it comes to the I4.0.
KeywordsRF Software-defined radio Information security
Unable to display preview. Download preview PDF.
- Airspy. (2018). Airspy low cost high performance sdr. https://airspy.com/. Accessed 15 August 2018.
- Akerberg, J., Gidlund, M., & Bjoerkman, M. (2011). Future research challenges in wireless sensor and actuator networks targeting industrial automation. In 2011 9th IEEE International Conference on Industrial Informatics (pp. 410–415). https://doi.org/10.1109/INDIN.2011.6034912.
- Alliance, W. F. (2006). Wpa2™ security now mandatory for wi-fi certified™ products. https://www.wi-fi.org/news-events/newsroom/wpa2-security-now-mandatory-for-wi-fi-certified-products. Accessed 04 March 2019.Google Scholar
- Alliance, W. F. (2018). Wi-fi alliance® introduces wi-fi certified wpa3™ security. https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-wpa3-security. Accessed: 04 March 2019.Google Scholar
- Analog Devices Inc. (2018a). Adalm-pluto. http://www.analog.com/en/design-center/evaluation-hardware-and-software/evaluation-boards-kits/ADALM-PLUTO.html. Accessed 11 August 2018.
- Analog Devices Inc. (2018b). Adalm-pluto sdr: Unboxing and initial testing. https://www.rtl-sdr.com/adalm-pluto-sdr-unboxing-and-initial-testing/. Accessed 11 August 2018.
- Analog Devices Inc. (2018c). Why “pluto”. https://wiki.analog.com/university/tools/pluto/users/name. Accessed 11 August 2018.
- atlas0fd00m.atlas0fd00m. (2018). Rfcat. https://github.com/atlas0fd00m/rfcat. Accessed 15 August 2018.
- Audacity. (2018). Audacity. https://www.audacityteam.org/. Accessed 15 August 2018.
- Bluetooth, S. (2016). Bluetooth core specification v5. 0. San Jose, CA: Bluetooth SIG.Google Scholar
- Bowers, B. (2012). Zigbee wireless security: A new age penetration testers toolkit.Google Scholar
- Caro, D., et al. (2014). Wireless networks for industrial automation. ISA.Google Scholar
- Chapman, A. (2014). Hacking into internet connected light bulbs. Context 4.Google Scholar
- Chernyshev, M. (2013). Verification of primitive sub ghz rf replay attack techniques based on visual signal analysis.Google Scholar
- Clancy, T. C., & Goergen, N. (2008). Security in cognitive radio networks: Threats and mitigation. In 2008 3rd International Conference on Cognitive Radio Oriented Wireless Networks and Communications (CrownCom 2008) (pp. 1–8). https://doi.org/10.1109/CROWNCOM.2008.4562534.
- Cryptic Apps. (2018). Hopper v4. https://www.hopperapp.com/. Accessed 19 December 2018.
- Ettus. (2018) Usrp b200. https://www.ettus.com/product/details/UB200-KIT. Accessed 11 August 2018.
- FCC. (2018). Fcc - what we do. https://www.fcc.gov/about-fcc/what-we-do. Accessed 19 August 2018.
- Frotzscher, A., Wetzker, U., Bauer, M., Rentschler, M., Beyer, M., Elspass, S., et al. (2014). Requirements and current solutions of wireless communication in industrial automation. In 2014 IEEE International Conference on Communications Workshops (ICC) (pp. 67–72). https://doi.org/10.1109/ICCW.2014.6881174.
- Github. (2018). Github. https://github.com/. Accessed 20 August 2018.
- Great Scott Gadgets. (2016). Hackrf one. https://greatscottgadgets.com/hackrf/. Accessed 01 March 2018.
- Haataja, K. M. J., & Hypponen, K. (2008). Man-in-the-middle attacks on bluetooth: A comparative analysis, a novel attack, and countermeasures. In 2008 3rd International Symposium on Communications, Control and Signal Processing (pp. 1096–1102). https://doi.org/10.1109/ISCCSP.2008.4537388.
- Hayes, K. (2016). Penetration testing vs red teaming. https://blog.rapid7.com/2016/06/23/penetration-testing-vs-red-teaming-the-age-old-debate-of-pirates-vs-ninja-continues/. Accessed. 26 July 2018.
- Heinaearo, K. (2015). Cyber attacking tactical radio networks. In 2015 International Conference on Military Communications and Information Systems (ICMCIS) (pp. 1–6). https://doi.org/10.1109/ICMCIS.2015.7158684.
- Hex-Rays. (2018). Ida:about. https://www.hex-rays.com/products/ida/index.shtml. Accessed 19 December 2018.
- Howard, M., & Lipner, S. (2006). The security development lifecycle, Vol. 8. Redmond: Microsoft Press.Google Scholar
- Kamkar, S. (2018). Rolljam. https://www.wired.com/2015/08/hackers-tiny-device-unlocks-cars-opens-garages/. Accessed 06 July 2018.Google Scholar
- Kar, G., Mustafa, H., Wang, Y., Chen, Y., Xu, W., Gruteser, M., et al. (2014). Detection of on-road vehicles emanating gps interference. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS ’14 (pp. 621–632). New York, NY: ACM. https://doi.org/10.1145/2660267.2660336.Google Scholar
- Li, C., Raghunathan, A., & Jha, N. K. (2011). Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system. In 13th IEEE International Conference on e-Health Networking Applications and Services (Healthcom), 2011 (pp. 150–156). Piscataway: IEEE.Google Scholar
- Liechti, M., Lenders, V., & Giustiniano, D. (2015). Jamming mitigation by randomized bandwidth hopping. In Proceedings of the 11th ACM Conference on Emerging Networking Experiments and Technologies, CoNEXT ’15 (pp. 11:1–11:13). New York, NY: ACM. https://doi.org/10.1145/2716281.2836096
- Miek. (2018). Inspectrum. https://github.com/miek/inspectrum. Accessed 12 August 2018.
- NooElec. (2018). Nooelec nesdr mini sdr and dvb-t usb stick. http://www.nooelec.com/store/sdr/sdr-receivers/nesdr-mini-rtl2832-r820t.html. Accessed 01 March 2018.
- Nuand. (2018). Bladerf. https://www.nuand.com/. Accessed 01 March 2018.
- Ossmann, M. (2016). Rapid radio reversing. Tech. rep.Google Scholar
- Ossmann, M., & Spill, D. (2017). What’s on the wireless? Automating rf signal identification. Tech. rep.Google Scholar
- Owor, R. S., Dajani, K., Okonkwo, Z., & Hamilton, J. (2007). An elliptical cryptographic algorithm for rf wireless devices. In Proceedings of the 39th Conference on Winter Simulation: 40 Years! The Best is Yet to Come, WSC ’07 (pp. 1424–1429). Piscataway, NJ: IEEE Press.Google Scholar
- Pancake. (2018). Radare. https://www.radare.org/r/. Accessed 19 August 2018.
- Picod, J., Lebrun, A., & Demay, J. (2014). Bringing software defined radio to the penetration testing community. In Black Hat USA Conference Google Scholar
- Pohl, J., & Noack, A. (2018). Universal radio hacker: A suite for analyzing and attacking stateful wireless protocols. In 12th USENIX Workshop on Offensive Technologies (WOOT 18). Baltimore, MD: USENIX Association.Google Scholar
- Punal, O., Aguiar, A., & Gross, J. (2012). In vanets we trust?: Characterizing rf jamming in vehicular networks. In Proceedings of the Ninth ACM International Workshop on Vehicular Inter-networking, Systems, and Applications, VANET ’12 (pp. 83–92). New York, NY: ACM. https://doi.org/10.1145/2307888.2307903.CrossRefGoogle Scholar
- Qu, Y., & Chan, P. (2016). Assessing vulnerabilities in bluetooth low energy (ble) wireless network based iot systems. In 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS) (pp. 42–48). https://doi.org/10.1109/BigDataSecurity-HPSC-IDS.2016.63.
- Ronen, E., Shamir, A., Weingarten, A., & O’Flynn, C. (2017). Iot goes nuclear: Creating a zigbee chain reaction. In 2017 IEEE Symposium on Security and Privacy (SP) (pp. 195–212). https://doi.org/10.1109/SP.2017.14.
- RTL-SDR. (2018). About rtl-sdr. https://www.rtl-sdr.com/about-rtl-sdr/. Accessed 10 August 2018.
- Shafagh, H., & Hithnawi, A. (2014). Poster: Come closer: Proximity-based authentication for the internet of things. In Proceedings of the 20th Annual International Conference on Mobile Computing and Networking, MobiCom ’14 (pp. 421–424). New York, NY: ACM. https://doi.org/10.1145/2639108.2642904.Google Scholar
- Shodan. (2018). Shodan. https://www.shodan.io/. Accessed 29 July 2018.
- Stolnikov, D. (2018). osmocom gnu radio blocks. https://osmocom.org/projects/gr-osmosdr/wiki/GrOsmoSDR. Accessed 12 August 2018.
- The GNU Radio Foundation (2018) What is gnu radio? https://www.gnuradio.org/about/. Accessed 12 August 2018.
- Vanhoef, M., & Piessens, F. (2017). Key reinstallation attacks: Forcing nonce reuse in WPA2. In Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS). New York, NY: ACM.Google Scholar
- Wright, J., & Cache, J. (2015). Hacking exposed wireless: Wireless security secrets & solutions (3rd ed.). New York: McGraw-Hill Education Group.Google Scholar