On the Feasibility of Device Fingerprinting in Industrial Control Systems

As Industrial Control Systems (ICS) and standard IT networks are becoming one heterogeneous entity, there has been an increasing effort in adjusting common security tools and methodologies to fit the industrial environment. Fingerprinting of industrial devices is still an unexplored research field. In this paper we provide an overview of standard device fingerprinting techniques and an assessment on the application feasibility in ICS infrastructures. We identify challenges that fingerprinting has to face and mechanisms to be used to obtain reliable results. Finally, we provide guidelines for implementing reliable ICS fingerprinters.

[1]  Chen-Ching Liu,et al.  Vulnerability Assessment of Cybersecurity for SCADA Systems Using Attack Trees , 2007, 2007 IEEE Power Engineering Society General Meeting.

[2]  Ken Munro SCADA: SCADA - A critical situation , 2008 .

[3]  Franck Veysset,et al.  New Tool And Technique For Remote Operating System Fingerprinting , 2002 .

[4]  Sy-Yen Kuo,et al.  Xprobe2++: Low volume remote network information gathering tool , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[5]  Radia Perlman,et al.  Network Security , 2002 .

[6]  G. Manimaran,et al.  Vulnerability Assessment of Cybersecurity for SCADA Systems , 2008, IEEE Transactions on Power Systems.

[7]  Tatsuya Mori,et al.  Router-Level Spam Filtering Using TCP Fingerprints: Architecture and Measurement-Based Evaluation , 2009, CEAS 2009.

[8]  Vern Paxson,et al.  Automated packet trace analysis of TCP implementations , 1997, SIGCOMM '97.

[9]  David Moore,et al.  The CoralReef Software Suite as a Tool for System and Network Administrators , 2001, LISA.

[10]  Mark Stamp,et al.  Handbook of Information and Communication Security , 2010, Handbook of Information and Communication Security.

[11]  Avi Ostfeld,et al.  Handbook of water and wastewater systems protection , 2011 .

[12]  Greg Taleck,et al.  Ambiguity Resolution via Passive OS Fingerprinting , 2003, RAID.

[13]  Pieter H. Hartel,et al.  Challenges and opportunities in securing industrial control systems , 2012, 2012 Complexity in Engineering (COMPENG). Proceedings.

[14]  Patrick Haffner,et al.  ACAS: automated construction of application signatures , 2005, MineNet '05.

[15]  Mohamed Endi,et al.  Three-layer PLC/SCADA system Architecture in process automation and data monitoring , 2010, 2010 The 2nd International Conference on Computer and Automation Engineering (ICCAE).

[16]  Jiankun Hu,et al.  Network Traffic Analysis and SCADA Security , 2010, Handbook of Information and Communication Security.

[17]  T. Kohno,et al.  Remote physical device fingerprinting , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[18]  Shari Lawrence Pfleeger,et al.  A methodology for penetration testing , 1989, Comput. Secur..

[19]  Mani Mina,et al.  Device Identification via Analog Signal Fingerprinting: A Matched Filter Approach , 2006, NDSS.

[20]  Konstantina Papagiannaki,et al.  Toward the Accurate Identification of Network Applications , 2005, PAM.

[21]  Patrice Auffret SinFP, unification of active and passive operating system fingerprinting , 2008, Journal in Computer Virology.

[22]  David Watson,et al.  Protocol scrubbing: network security through transparent flow modification , 2004, IEEE/ACM Transactions on Networking.

[23]  R.H. McClanahan The benefits of networked SCADA systems utilizing IP-enabled networks , 2002, 2002 Rural Electric Power Conference. Papers Presented at the 46th Annual Conference (Cat. No. 02CH37360).

[24]  Robert Beverly,et al.  A Robust Classifier for Passive TCP/IP Fingerprinting , 2004, PAM.