Abstract
Many operational Industrial Control Systems (ICSs) were designed and deployed years ago with little or no consideration of security issues arising from an interconnected world. It is well-known that attackers can read and write sensor and actuator data from Programmable Logic Controllers (PLCs) as legacy ICS offer little means of protection. Replacing such legacy ICS is expensive, requires extensive planning and a major programme of updates often spanning several years. Yet augmenting deployed ICS with established security mechanisms is rarely possible. Legacy PLCs cannot support computationally expensive (i.e., cryptographic) operations while maintaining real-time control. Intrusion Detection Systems (IDSs) have been employed to improve security of legacy ICS. However, attackers can avoid detection by learning acceptable system behaviour from observed data. In this paper, we present LASARUS, a lightweight approach that can be implemented on legacy PLCs to reduce their attack surface, making it harder for an attacker to learn system behaviour and craft useful attacks. Our approach involves applying obfuscation to PLC data whenever it is stored or accessed which leads to a continuous change of the target surface. Obfuscation keys can be refreshed depending on the threat situation, striking a balance between system performance and protection level. Using real-world and simulated ICS data sets, we demonstrate that LASARUS is able to prevent a set of well-known attacks like random or replay injection, by reducing their passing rate significantly—up to a 100 times.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
This term is used for Siemens PLC equipment but a similar data construct is used by other vendors too.
References
Almalawi, A., Fahad, A., Tari, Z., Alamri, A., AlGhamdi, R., Zomaya, A.Y.: An efficient data-driven clustering technique to detect attacks in SCADA systems. IEEE Trans. Inf. Forensics Secur. 11(5), 893–906 (2016)
Antrobus, R., Frey, S., Green, B., Rashid, A.: SimaticScan: towards a specialised vulnerability scanner for industrial control systems. In: Proceedings of the 4th International Symposium on ICS and SCADA Cyber Security Research (ICS-CSR 2016) (2016)
Jardine, W., Frey, S., Green, B., Rashid, A.: Selective non-invasive active monitoring for ICS intrusion detection. In: Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy, CPS-SPC@CCS 2016, Vienna, Austria, pp. 23–34, 28 October 2016
Colbert, E.J.M., Kott, A.: Cyber-security of SCADA and Other Industrial Control Systems. Advances in Information Security. Springer, Cham (2016)
Hadziosmanovic, D., Sommer, R., Zambon, E., Hartel, P.H.: Through the eye of the PLC: semantic security monitoring for industrial processes. In: Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC 2014, New Orleans, LA, USA, pp. 126–135, 8–12 December 2014
Sainz, M., Armengol, J., Vehi, J.: Fault detection and isolation of the three-tank system using the modal interval analysis. J. Process Control 12(2), 325–338 (2002)
Evans, D., Nguyen-Tuong, A., Knight, J.: Effectiveness of moving target defenses. In: Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.) Moving Target Defense, pp. 29–48. Springer, New York (2011)
Infracritical: Project SHINE findings report (2014). http://www.slideshare.net/BobRadvanovsky/project-shine-findings-report-dated-1oct2014. Accessed 12 Apr 2016
Stouffer, K., Falco, J., Scarfone, K.: Guide to industrial control systems (ICS) security. NIST Special Publication 800(82), p. 16 (2011)
Morris, T., Gao, W.: Industrial control system cyber attacks. In: Proceedings of the 1st International Symposium on ICS and SCADA Cyber Security Research, pp. 22–29. BCS (2013)
Maynard, P., McLaughlin, K., Haberler, B.: Towards understanding Man-In-The-Middle attacks on IEC 60870-5-104 SCADA networks. In: Proceedings of the 2nd International Symposium on ICS and SCADA Cyber Security Research, pp. 30–42. BCS (2014)
Yang, Y., Jiang, H.T., McLaughlin, K., Gao, L., Yuan, Y.B., Huang, W., Sezer, S.: Cybersecurity test-bed for IEC 61850 based smart substations. In: 2015 IEEE Power and Energy Society General Meeting, pp. 1–5. IEEE (2015)
Mahan, R.E., Fluckiger, J.D., Clements, S.L., Tews, C.W., Burnette, J.R., Goranson, C.A., Kirkham, H.: Secure data transfer guidance for industrial control and SCADA systems. Pacific Northwest National Lab (PNNL) Report (2011). http://www.pnnl.gov/main/publications/external/technical_reports/PNNL-20776.pdf. Accessed 4 Jan 2016
Davidson, C., Andel, T.: Feasibility of applying moving target defensive techniques in a SCADA system. In: 11th International Conference on Cyber Warfare and Security, ICCWS 2016, p. 363. Academic Conferences and Publishing Limited (2016)
McLaughlin, S., McDaniel, P.: Specification-based payload generation for programmable logic controllers. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 439–449. ACM (2012)
Krutz, R.L.: Securing SCADA Systems. Wiley, Hoboken (2005)
Gao, W., Morris, T., Reaves, B., Richey, D.: On SCADA control system command and response injection and intrusion detection. In: eCrime Researchers Summit (eCrime), pp. 1–9. IEEE (2010)
Morris, T.H., Thornton, Z., Turnipseed, I.: Industrial control system simulation and data logging for intrusion detection system research (2015)
Rezai, A., Keshavarzi, P., Moravej, Z.: Key management issue in SCADA networks: a review. Eng. Sci. Technol. Int. J. 20, 354–363 (2017)
Green, B., Frey, S.A.F., Rashid, A., Hutchison, D.: Testbed diversity as a fundamental principle for effective ICS security research. In: SERECIN (2016)
Acknowledgements
Supported by EPSRC/Chist-Era grant: EP/N021657/1.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Le, A., Roedig, U., Rashid, A. (2017). LASARUS: Lightweight Attack Surface Reduction for Legacy Industrial Control Systems. In: Bodden, E., Payer, M., Athanasopoulos, E. (eds) Engineering Secure Software and Systems. ESSoS 2017. Lecture Notes in Computer Science(), vol 10379. Springer, Cham. https://doi.org/10.1007/978-3-319-62105-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-62105-0_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-62104-3
Online ISBN: 978-3-319-62105-0
eBook Packages: Computer ScienceComputer Science (R0)