Security analysis of industrial control network protocols based on Peach

YI Shengwei; ZHANG Chongbin; XIE Feng; XIONG Qi; XIANG Chong; LIANG Lulu

doi:10.16511/j.cnki.qhdxxb.2017.21.010

PDF(1217 KB)

Journal of Tsinghua University(Science and Technology) ›› 2017, Vol. 57 ›› Issue (1) : 50-54. DOI: 10.16511/j.cnki.qhdxxb.2017.21.010

COMPUTER SCIENCE AND TECHNOLOGY

Security analysis of industrial control network protocols based on Peach

{{article.zuoZhe_EN}}

Author information +

History +

Abstract

Fuzzing tests are important for discovery of unknown vulnerabilities and risks. A security analysis method was developed for industrial control networks using the Peach fuzzing framework. The system uses the mutation strategy by fabricating abnormal network packets, sending these packets to the target and then executing tests. The tests monitor the status of the industrial control network protocols. The system then identifies exceptions in the industrial control network protocols. Modbus TCP, a widely used industrial control network protocol is analyzed as an example using a fuzzy Modbus TCP protocol. The results show that this method can effectively identify vulnerabilities in industrial control network protocols.

Key words

industrial control systems / industrial control network protocols / Peach / fuzzing test / vulnerability analyses

Cite this article

EndNote

Ris (Procite)

Bibtex

Download Citations

YI Shengwei, ZHANG Chongbin, XIE Feng, XIONG Qi, XIANG Chong, LIANG Lulu. Security analysis of industrial control network protocols based on Peach[J]. Journal of Tsinghua University(Science and Technology). 2017, 57(1): 50-54 https://doi.org/10.16511/j.cnki.qhdxxb.2017.21.010

References

[1] ISA99 Committee. ISA99 committee on industrial automation and control systems security[Z/OL].[2015-05-10]. http://isa99.isa.org/ISA99%20Wiki/Home.aspx. [2] 熊琦, 彭勇, 伊胜伟, 等. 工控网络协议Fuzzing测试技术研究综述[J]. 小型微型计算机系统, 2015, 36(3):497-502. XIONG Qi, PENG Yong, YI Shengwei, et al. Survey on the fuzzing technology in industrial network protocols[J]. Journal of Chinese Computer Systems, 2015, 36(3):497-502. (in Chinese) [3] 李鸿培, 于旸, 忽朝俭, 等. 2013工业控制系统及其安全性研究报告[R]. 北京:绿盟科技, 2013. LI Hongpei, YU Yang, HU Chaojian, et al. 2013 Report on Industrial Control System and Its Security[R]. Beijing:NSFOCUS, 2013. (in Chinese) [4] 吴世忠, 郭涛, 董国伟, 等. 软件漏洞分析技术[M]. 北京:科学出版社, 2014. WU Shizhong, GUO Tao, DONG Guowei, et al. Software Vulnerability Analysis Technology[M]. Beijing:Science Press, 2014. (in Chinese) [5] Miller B, Fredriksen L, So B. An empirical study of the reliability of UNIX utilities[J]. Communications of the ACM, 1990, 33(12):32-44. [6] Roning J, et al. PROTOS:Systematic approach to eliminate software vulnerabilities, presented at microsoft research[Z/OL].[2015-05-10]. http://www.ee.oulu.fi/research/ouspg/PROTOSMSR2002-protos. [7] Aitel D. An introduction to SPIKE, the fuzzer creation kit, presented at the BlackHat USA conference[Z/OL].[2015-05-10]. http://www.blackhat.com/presentations/bh-usa-02/bh-us-02-aitel-spike.ppt. [8] Biyani A, Sharma G, Aghav J, et al. Extension of SPIKE for encrypted protocol fuzzing[C]//The Third International Conference on Multimedia Information Networking and Security (MINES). Shanghai:IEEE Computer Society Conference Publishing Services, 2011:343-347. [9] Amini P. Sulley:Pure python fully automated and unattended fuzzing framework[Z/OL].[2015-05-10]. http://code.google.com/p/sulley. [10] Eddington M. Peach fuzzing platform[Z/OL].[2015-03-16]. http://peachfuzzer.com. [11] 刘奇旭, 张玉清. 基于Fuzzing的TFTP漏洞挖掘技术[J]. 计算机工程, 2007, 33(20):142-144. LIU Qixu, ZHANG Yuqing. TFTP vulnerability exploiting technique based on fuzzing[J].Computer Engineering, 2007, 33(20), 142-144. (in Chinese) [12] TONG Yongxin, CHEN Lei, CHENG Yuyong, et al. Mining frequent itemsets over uncertain databases[C]//Proceedings of the 38th International Conference on Very Large Databases, (VLDB2012). Istanbul, Turkey:VLDB Endowment Inc, 2012:1650-1661. [13] TONG Yongxin, CHEN Lei, DING Bolin. Discovering threshold-based frequent closed itemsets over probabilistic data[C]//Proceedings of the 28th International Conference on Data Engineering, (ICDE 2012). Washington DC, USA:IEEE Computer Society, 2012:270-281. [14] TONG Yongxin, CAO Caleb Chen, CHEN Lei. TCS:Efficient topic discovery over crowd-oriented service data[C]//Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, (SIGKDD 2014). New York, NY, USA:ACM DL, 2014:861-870. [15] TONG Yongxin, CHEN Lei, SHE Jieying. Mining frequent itemsets in correlated uncertain databases[J]. Journal of Computer Science and Technology, 2015, 30(4):696-712. [16] TONG Yongxin, SHE Jieying, CHEN Lei. Towards better understanding of app functions[J]. Journal of Computer Science and Technology, 2015, 30(5):1130-1140. [17] YI Shengwei, XU Jize, PENG Yong, et al. Mining frequent rooted ordered tree generators efficiently[C]//CyberC2013. Beijing:IEEE Computer Society, 2013:132-139. [18] YI Shengwei, ZHAO Tianheng, ZHANG Yuanyuan. SeqGen:Mining sequential generator patterns from sequence databases[J].Advanced Science Letters, 2012,11(1):340-345.