Abstract
Current supervisory control and data acquisition (SCADA) systems do not have adequately tailored security solutions. Programmable logic controllers (PLCs) in SCADA systems are particularly vulnerable due to a lack of firmware auditing capabilities. Since a PLC is a field device that directly connects to a physical system for monitoring and control, a compromise of its firmware could have devastating consequences. This paper describes a tool developed specifically for verifying PLC firmware in SCADA systems. The tool captures serial data during firmware uploads and verifies it against a known good firmware executable. It can also replay captured data and analyze firmware without the presence of a PLC. The tool does not require any modifications to a SCADA system and can be implemented on a variety of platforms. These features, along with the ability to isolate the tool from production systems and adapt it to various architectures, make the tool attractive for use in diverse SCADA environments.
Chapter PDF
Similar content being viewed by others
References
Allen-Bradley, DF1 Protocol and Command Set: Reference Manual, Publication No. 1770-6.5.16, Milwaukee, Wisconsin, 1996.
C. Basile, S. Di Carlo and A. Scionti, FPGA-based remote-code integrity verification of programs in distributed embedded systems, IEEE Transactions on Systems, Man and Cybernetics; Part C: Applications and Reviews, vol. 42(2), pp. 187–200, 2011.
W. Bolton, Programmable Logic Controllers, Elsevier Newnes, Oxford, United Kingdom, 2006.
S. Boyer, SCADA: Supervisory Control and Data Acquisition, Instrumentation, Systems and Automation Society, Research Triangle Park, Durham, North Carolina, 2004.
Department of Homeland Security, National Infrastructure Protection Plan, Washington, DC, 2009.
N. Falliere, Exploring Stuxnet’s PLC Infection Process, Symantec, Mountain View, California, 2010.
N. Falliere, L. O’Murchu and E. Chien, W32.Stuxnet Dossier, Symantec, Mountain View, California, 2011.
W. Gao, T. Morris, B. Reaves and D. Richey, On SCADA control system command and response injection and intrusion detection, Proceedings of the eCrime Researchers Summit, 2010.
G. Gilchrist, Secure authentication for DNP3, Proceedings of the IEEE Power and Energy Society General Meeting on the Conversion and Delivery of Electrical Energy in the 21st Century, 2008.
S. Gorman, A. Cole and Y. Dreazen, Computer spies breach fighter-jet project, Wall Street Journal, April 21, 2009.
D. Hristu-Varsakelis and W. Levine (Eds.), Handbook of Networked and Embedded Control Systems, Birkhauser, Boston, Massachusetts, 2008.
Institute of Electrical and Electronics Engineers, 1815-2010 – IEEE Standard for Electric Power Systems Communications – Distributed Network Protocol (DNP3), Piscataway, New Jersey, 2010.
M. Jakobsson and K. Johansson, Practical and secure software-based attestation, Proceedings of the Workshop on Lightweight Security and Privacy: Devices, Protocols and Applications, 2011.
Modicon, Modicon Modbus Protocol Reference Guide, PI-MBUS-300 Revision J, North Andover, Massachusetts, 1996.
T. Morris and K. Pavurapu, A retrofit network transaction data logger and intrusion detection system for transmission and distribution substations, Proceedings of the IEEE International Conference on Power and Energy, pp. 958–963, 2010.
National Institute of Standards and Technology, Managing Information Security Risk: Organization, Mission and Information System View, NIST Special Publication 800-39, Gaithersburg, Maryland, 2011.
O. Pal, S. Saiwan, P. Jain, Z. Saquib and D. Patel, Cryptographic key management for SCADA systems: An architectural framework, Proceedings of the International Conference on Advances in Computing, Control and Telecommunication Technologies, pp. 169–174, 2009.
M. Schwartz, J. Mulder, J. Trent and W. Atkins, Control System Devices: Architectures and Supply Channels Overview, Sandia Report SAND2010-5183, Sandia National Laboratories, Albuquerque, New Mexico, 2010.
W. Shaw, Cybersecurity for SCADA Systems, PennWell, Tulsa, Oklahoma, 2006.
K. Song, D. Seo, H. Park, H. Lee and A. Perrig, OMAP: One-way memory attestation protocol for smart meters, Proceedings of the Ninth IEEE International Symposium on Parallel and Distributed Processing with Applications Workshops, pp. 111–118, 2011.
K. Stouffer, J. Falco and K. Kent, Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security, NIST Special Publication 800-82, National Institute of Standards and Technology, Gaithersburg, Maryland, 2006.
J. Stradley and D. Karraker, The electronic part supply chain and risks of counterfeit parts in defense applications, IEEE Transactions on Components and Packaging Technologies, vol. 29(3), pp. 703–705, 2006.
R. Turk, Cyber Incidents Involving Control Systems, Technical Report INL/EXT-05-00671, Idaho National Laboratory, Idaho Falls, Idaho, 2005.
X. Wang, M. Tehranipoor and J. Plusquellic, Detecting malicious inclusions in secure hardware: Challenges and solutions, Proceedings of the IEEE International Workshop on Hardware-Oriented Security and Trust, pp. 15–19, 2008.
G. Wilshusen, Information Security: Cyber Threats and Vulnerabilities Place Federal Systems at Risk, GAO Report GAO-09-661T, Government Accountability Office, Washington, DC, 2009.
G. Wilshusen, Cybersecurity: Continued Attention Needed to Protect Our Nation’s Critical Infrastructure, GAO Report GAO-11-865T, Government Accountability Office, Washington, DC, 2011.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
McMinn, L., Butts, J. (2012). A Firmware Verification Tool for Programmable Logic Controllers. In: Butts, J., Shenoi, S. (eds) Critical Infrastructure Protection VI. ICCIP 2012. IFIP Advances in Information and Communication Technology, vol 390. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35764-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-35764-0_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35763-3
Online ISBN: 978-3-642-35764-0
eBook Packages: Computer ScienceComputer Science (R0)