Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Engineering Secure Software and Systems

ESSoS 2017: Engineering Secure Software and Systems pp 36–52Cite as

LASARUS: Lightweight Attack Surface Reduction for Legacy Industrial Control Systems

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10379))

Abstract

Many operational Industrial Control Systems (ICSs) were designed and deployed years ago with little or no consideration of security issues arising from an interconnected world. It is well-known that attackers can read and write sensor and actuator data from Programmable Logic Controllers (PLCs) as legacy ICS offer little means of protection. Replacing such legacy ICS is expensive, requires extensive planning and a major programme of updates often spanning several years. Yet augmenting deployed ICS with established security mechanisms is rarely possible. Legacy PLCs cannot support computationally expensive (i.e., cryptographic) operations while maintaining real-time control. Intrusion Detection Systems (IDSs) have been employed to improve security of legacy ICS. However, attackers can avoid detection by learning acceptable system behaviour from observed data. In this paper, we present LASARUS, a lightweight approach that can be implemented on legacy PLCs to reduce their attack surface, making it harder for an attacker to learn system behaviour and craft useful attacks. Our approach involves applying obfuscation to PLC data whenever it is stored or accessed which leads to a continuous change of the target surface. Obfuscation keys can be refreshed depending on the threat situation, striking a balance between system performance and protection level. Using real-world and simulated ICS data sets, we demonstrate that LASARUS is able to prevent a set of well-known attacks like random or replay injection, by reducing their passing rate significantly—up to a 100 times.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    This term is used for Siemens PLC equipment but a similar data construct is used by other vendors too.

References

  1. Almalawi, A., Fahad, A., Tari, Z., Alamri, A., AlGhamdi, R., Zomaya, A.Y.: An efficient data-driven clustering technique to detect attacks in SCADA systems. IEEE Trans. Inf. Forensics Secur. 11(5), 893–906 (2016)

    Article  Google Scholar 

  2. Antrobus, R., Frey, S., Green, B., Rashid, A.: SimaticScan: towards a specialised vulnerability scanner for industrial control systems. In: Proceedings of the 4th International Symposium on ICS and SCADA Cyber Security Research (ICS-CSR 2016) (2016)

    Google Scholar 

  3. Jardine, W., Frey, S., Green, B., Rashid, A.: Selective non-invasive active monitoring for ICS intrusion detection. In: Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy, CPS-SPC@CCS 2016, Vienna, Austria, pp. 23–34, 28 October 2016

    Google Scholar 

  4. Colbert, E.J.M., Kott, A.: Cyber-security of SCADA and Other Industrial Control Systems. Advances in Information Security. Springer, Cham (2016)

    Book  Google Scholar 

  5. Hadziosmanovic, D., Sommer, R., Zambon, E., Hartel, P.H.: Through the eye of the PLC: semantic security monitoring for industrial processes. In: Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC 2014, New Orleans, LA, USA, pp. 126–135, 8–12 December 2014

    Google Scholar 

  6. Sainz, M., Armengol, J., Vehi, J.: Fault detection and isolation of the three-tank system using the modal interval analysis. J. Process Control 12(2), 325–338 (2002)

    Article  Google Scholar 

  7. Evans, D., Nguyen-Tuong, A., Knight, J.: Effectiveness of moving target defenses. In: Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S. (eds.) Moving Target Defense, pp. 29–48. Springer, New York (2011)

    Chapter  Google Scholar 

  8. Infracritical: Project SHINE findings report (2014). http://www.slideshare.net/BobRadvanovsky/project-shine-findings-report-dated-1oct2014. Accessed 12 Apr 2016

  9. Stouffer, K., Falco, J., Scarfone, K.: Guide to industrial control systems (ICS) security. NIST Special Publication 800(82), p. 16 (2011)

    Google Scholar 

  10. Morris, T., Gao, W.: Industrial control system cyber attacks. In: Proceedings of the 1st International Symposium on ICS and SCADA Cyber Security Research, pp. 22–29. BCS (2013)

    Google Scholar 

  11. Maynard, P., McLaughlin, K., Haberler, B.: Towards understanding Man-In-The-Middle attacks on IEC 60870-5-104 SCADA networks. In: Proceedings of the 2nd International Symposium on ICS and SCADA Cyber Security Research, pp. 30–42. BCS (2014)

    Google Scholar 

  12. Yang, Y., Jiang, H.T., McLaughlin, K., Gao, L., Yuan, Y.B., Huang, W., Sezer, S.: Cybersecurity test-bed for IEC 61850 based smart substations. In: 2015 IEEE Power and Energy Society General Meeting, pp. 1–5. IEEE (2015)

    Google Scholar 

  13. Mahan, R.E., Fluckiger, J.D., Clements, S.L., Tews, C.W., Burnette, J.R., Goranson, C.A., Kirkham, H.: Secure data transfer guidance for industrial control and SCADA systems. Pacific Northwest National Lab (PNNL) Report (2011). http://www.pnnl.gov/main/publications/external/technical_reports/PNNL-20776.pdf. Accessed 4 Jan 2016

  14. Davidson, C., Andel, T.: Feasibility of applying moving target defensive techniques in a SCADA system. In: 11th International Conference on Cyber Warfare and Security, ICCWS 2016, p. 363. Academic Conferences and Publishing Limited (2016)

    Google Scholar 

  15. McLaughlin, S., McDaniel, P.: Specification-based payload generation for programmable logic controllers. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 439–449. ACM (2012)

    Google Scholar 

  16. Krutz, R.L.: Securing SCADA Systems. Wiley, Hoboken (2005)

    Google Scholar 

  17. Gao, W., Morris, T., Reaves, B., Richey, D.: On SCADA control system command and response injection and intrusion detection. In: eCrime Researchers Summit (eCrime), pp. 1–9. IEEE (2010)

    Google Scholar 

  18. Morris, T.H., Thornton, Z., Turnipseed, I.: Industrial control system simulation and data logging for intrusion detection system research (2015)

    Google Scholar 

  19. Rezai, A., Keshavarzi, P., Moravej, Z.: Key management issue in SCADA networks: a review. Eng. Sci. Technol. Int. J. 20, 354–363 (2017)

    Article  Google Scholar 

  20. Green, B., Frey, S.A.F., Rashid, A., Hutchison, D.: Testbed diversity as a fundamental principle for effective ICS security research. In: SERECIN (2016)

    Google Scholar 

Download references

Acknowledgements

Supported by EPSRC/Chist-Era grant: EP/N021657/1.

Author information

Authors and Affiliations

  1. Security Lancaster Institute, Lancaster University, Lancaster, UK

    Anhtuan Le, Utz Roedig & Awais Rashid

Authors
  1. Anhtuan Le
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Utz Roedig
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Awais Rashid
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Anhtuan Le .

Editor information

Editors and Affiliations

  1. University of Paderborn, Paderborn, Germany

    Eric Bodden

  2. Purdue University, West Lafayette, USA

    Mathias Payer

  3. University of Cyprus, Nicosia, Cyprus

    Elias Athanasopoulos

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Le, A., Roedig, U., Rashid, A. (2017). LASARUS: Lightweight Attack Surface Reduction for Legacy Industrial Control Systems. In: Bodden, E., Payer, M., Athanasopoulos, E. (eds) Engineering Secure Software and Systems. ESSoS 2017. Lecture Notes in Computer Science(), vol 10379. Springer, Cham. https://doi.org/10.1007/978-3-319-62105-0_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-62105-0_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-62104-3

  • Online ISBN: 978-3-319-62105-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation