Exploring Security in PROFINET IO

In this paper we show that it is possible to attack and gain control over PROFINET IO nodes and also that this can be done without any of the communicating peers detecting the attack. Analysis of attacks in both shared and packet switched networks show that the attacker can control the process data and thus the state of the machines connected to the I/O modules. As the security risks are increasing in automation with the level of vertical and horizontal integration, the concept of security modules is proposed towards a method to retrofit security in PROFINET IO. The concept of security modules can be applied without changing anything in the underlying transmission system and is extendable if and when new security threats are identified.

[1]  Peter Neumann,et al.  Communication in industrial automation—What is going on? , 2004 .

[2]  Sirkka-Liisa Jämsä Jounela Future trends in process automation , 2007, Annu. Rev. Control..

[3]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[4]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[5]  P. Neumann Virtual automation network - reality or dream , 2003, IEEE International Conference on Industrial Technology, 2003.

[6]  W. Granzer,et al.  Key set management in networked building automation systems using multiple key servers , 2008, 2008 IEEE International Workshop on Factory Communication Systems.

[7]  Wolfgang Granzer,et al.  Denial-of-service in automation systems , 2008, 2008 IEEE International Conference on Emerging Technologies and Factory Automation.

[8]  Erik Tews,et al.  Practical attacks against WEP and WPA , 2009, WiSec '09.

[9]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[10]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[11]  A. Treytl,et al.  Security measures for industrial fieldbus systems - state of the art and solutions for IP-based approaches , 2004, IEEE International Workshop on Factory Communication Systems, 2004. Proceedings..

[12]  Michel Baud,et al.  Profinet IO-Device Emulator based on the Man-in-the-middle Attack , 2006, 2006 IEEE Conference on Emerging Technologies and Factory Automation.

[13]  A. Treytl,et al.  Security measures in automation systems-a practice-oriented approach , 2005, 2005 IEEE Conference on Emerging Technologies and Factory Automation.

[14]  Sirkka-Liisa Jamsa Future trends in process automation , 2007 .

[15]  Thomas P. von Hoff,et al.  Security for Industrial Communication Systems , 2005, Proceedings of the IEEE.

[16]  Erik Tews,et al.  Breaking 104 Bit WEP in Less Than 60 Seconds , 2007, WISA.

[17]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.