On the Feasibility of Device Fingerprinting in Industrial Control Systems

  • Marco Caselli
  • Dina Hadžiosmanović
  • Emmanuele Zambon
  • Frank Kargl
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8328)


As Industrial Control Systems (ICS) and standard IT networks are becoming one heterogeneous entity, there has been an increasing effort in adjusting common security tools and methodologies to fit the industrial environment. Fingerprinting of industrial devices is still an unexplored research field. In this paper we provide an overview of standard device fingerprinting techniques and an assessment on the application feasibility in ICS infrastructures. We identify challenges that fingerprinting has to face and mechanisms to be used to obtain reliable results. Finally, we provide guidelines for implementing reliable ICS fingerprinters.


Fingerprinting Critical Infrastructure ICS SCADA PLC 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Robles, R., Choi, M., Cho, E., Kim, S., Park, G., Yeo, S.: Vulnerabilities in SCADA and critical infrastructure systems. International J. of Future Generation and Networking (2008)Google Scholar
  2. 2.
    Ten, C., Liu, C., Manimaran, G.: Vulnerability assessment of cybersecurity for SCADA systems. IEEE Trans. Power Systems (2008)Google Scholar
  3. 3.
    Pfleeger, C., Pfleeger, S., Theofanos, M.: A methodology for penetration testing. Computers & Security (1989)Google Scholar
  4. 4.
    Endi, M., Elhalwagy, Y., Hashad, A.: Three-layer PLC/SCADA system architecture in process automation and data monitoring. In: Computer and Automation Engineering, ICCAE. IEEE (2010)Google Scholar
  5. 5.
    Fovino, I.N., Coletta, A., Masera, M.: Taxonomy of security solutions for the SCADA sector (2010)Google Scholar
  6. 6.
    Clark, R., Hakim, S., Ostfeld, A.: Handbook of Water and Wastewater Systems Protection. Springer (2011)Google Scholar
  7. 7.
    McClanahan, R.: The benefits of networked SCADA systems utilizing IP-enabled networks. In: Rural Electric Power Conference. IEEE (2002)Google Scholar
  8. 8.
    Munro, K.: Scada - a critical situation. Network Security (2008)Google Scholar
  9. 9.
    Lyon, G.: Nmap security scanner (February 2013),
  10. 10.
    Zalewski, M.: p0f: Passive OS fingerprinting tool (2006), (February 1, 2002)
  11. 11.
    Yarochkin, F., Arkin, O., Kydyraliev, M., Dai, S., Huang, Y., Kuo, S.: Xprobe2++: Low volume remote network information gathering tool. In: Dependable Systems & Networks, DSN 2009. IEEE/IFIP (2009)Google Scholar
  12. 12.
    Deraison, R., Meer, H., Walt, C.V.D.: Nessus network auditing. Syngress Media Incorporated (2004)Google Scholar
  13. 13.
    Cisco Systems Inc. User guide for Cisco security manager 4.3 (2012)Google Scholar
  14. 14.
    Taleck, G.: Ambiguity resolution via passive os fingerprinting. In: Vigna, G., Kruegel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 192–206. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Esquivel, H., Mori, T., Akella, A.: Router-level spam filtering using TCP fingerprints: Architecture and measurement-based evaluation. In: Proceedings of the Sixth Conference on Email and Anti-Spam (2009)Google Scholar
  16. 16.
    Paxson, V.: Automated packet trace analysis of TCP implementations. ACM SIGCOMM Computer Communication Review (1997)Google Scholar
  17. 17.
    Haffner, P., Sen, S., Spatscheck, O., Wang, D.: ACAS: automated construction of application signatures. In: Proceedings of the 2005 ACM SIGCOMM Workshop on Mining Network Data (2005)Google Scholar
  18. 18.
    Matherly, J.: Expose online devices (May 2013),
  19. 19.
    Gerdes, R., Daniels, T., Mina, M., Russell, S.: Device identification via analog signal fingerprinting: A matched filter approach. In: Network and Distributed System Security Symposium, NDSS (2006)Google Scholar
  20. 20.
    Kohno, T., Broido, A., Claffy, K.: Remote physical device fingerprinting. IEEE Trans. Dependable and Secure Computing (2005)Google Scholar
  21. 21.
    Moore, A., Papagiannaki, K.: Toward the accurate identification of network applications. Passive and Active Network Measurement (2005)Google Scholar
  22. 22.
    Veysset, F., Courtay, O., Heen, O.: New tool and technique for remote operating system fingerprinting. Intranode Software Technologies (2002)Google Scholar
  23. 23.
    Moore, D., Keys, K., Koga, R., Lagache, E., Claffy, K.: The coralreef software suite as a tool for system and network administrators. In: Proceedings of the 15th USENIX Conference on System Administration (2001)Google Scholar
  24. 24.
    Beverly, R.: A robust classifier for passive TCP/IP fingerprinting. Passive and Active Network Measurement (2004)Google Scholar
  25. 25.
    Auffret, P.: Sinfp, unification of active and passive operating system fingerprinting. Journal in Computer Virology (2010)Google Scholar
  26. 26.
    Watson, D., Smart, M., Malan, G., Jahanian, F.: Protocol scrubbing: network security through transparent flow modification. IEEE/ACM Trans. on Networking, TON (2004)Google Scholar
  27. 27.
    Mahmood, A., Leckie, C., Hu, J., Tari, Z., Atiquzzaman, M.: Network traffic analysis and SCADA security. In: Handbook of Information and Communication Security (2010)Google Scholar
  28. 28.
    Hadziosmanovic, D., Bolzoni, D., Etalle, S., Hartel, P.: Challenges and opportunities in securing industrial control systems. In: Proceedings of the IEEE Workshop on Complexity in Engineering, COMPENG 2012, Aachen, Germany (2012)Google Scholar
  29. 29.
    Gordeychik, S.: SCADA strangelove or: How i learned to start worrying and love nuclear plants (February 2013)Google Scholar
  30. 30.
    ICS-CERT, ICS-ALERT-11-343-01 Control System Internet Accessibility, U.S. Department of Homeland Security (December 2011)Google Scholar
  31. 31.
    Duggan, D., Berg, M., Dillinger, J., Stamp, J.: Penetration testing of industrial control systems. Sandia National Laboratories (2005)Google Scholar
  32. 32.
    CRitical Infrastructure Security AnaLysIS (CRISALIS) (2012),

Copyright information

© Springer International Publishing Switzerland 2013

Authors and Affiliations

  • Marco Caselli
    • 1
  • Dina Hadžiosmanović
    • 1
  • Emmanuele Zambon
    • 1
  • Frank Kargl
    • 1
    • 2
  1. 1.Distributed and Embedded Security GroupUniversity of TwenteThe Netherlands
  2. 2.University of UlmGermany

Personalised recommendations