Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis

Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis

Cyberattacks on the Industrial Control System (ICS) have recently been increasing, made more intelligent by advancing technologies. As such, cybersecurity for such systems is attracting attention. As a core element of control devices, the Programmable Logic Controller (PLC) in an ICS carries out on-...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers, materials & continua materials & continua, 2020-01, Vol.65 (1), p.53-67
Hauptverfasser: Lee, JooChan, Choi, HyunPyo, Kim, JangHoon, Kim, JunWon, Jung, DaUn, Shin, JiHo, Seo, JungTaek
Format: Artikel
Sprache:eng
Schlagworte:
Control systems
Cybersecurity
File servers
Industrial electronics
Integrated circuits
Preempting
Programmable logic controllers
Protocol (computers)
Structural analysis
Theft
Web services
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 67
container_issue 1
container_start_page 53
container_title Computers, materials & continua
container_volume 65
creator Lee, JooChan
Choi, HyunPyo
Kim, JangHoon
Kim, JunWon
Jung, DaUn
Shin, JiHo
Seo, JungTaek
description Cyberattacks on the Industrial Control System (ICS) have recently been increasing, made more intelligent by advancing technologies. As such, cybersecurity for such systems is attracting attention. As a core element of control devices, the Programmable Logic Controller (PLC) in an ICS carries out on-site control over the ICS. A cyberattack on the PLC will cause damages on the overall ICS, with Stuxnet and Duqu as the most representative cases. Thus, cybersecurity for PLCs is considered essential, and many researchers carry out a variety of analyses on the vulnerabilities of PLCs as part of preemptive efforts against attacks. In this study, a vulnerability analysis was conducted on the XGB PLC. Security vulnerabilities were identified by analyzing the network protocols and memory structure of PLCs and were utilized to launch replay attack, memory modulation attack, and FTP/Web service account theft for the verification of the results. Based on the results, the attacks were proven to be able to cause the PLC to malfunction and disable it, and the identified vulnerabilities were defined.
doi_str_mv 10.32604/cmc.2020.011251
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2429477154</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2429477154</sourcerecordid><originalsourceid>FETCH-LOGICAL-c313t-13815871b7eef88f9d064f915c58c726095e38513a72c40e603bc3dcdd62c8003</originalsourceid><addsrcrecordid>eNpNkEtPwzAQhC0EEqVw52iJc4ofseMcq4pHpQKVgF6t1HbalCQua0co_57Q9sBpdqTZ1c6H0C0lE84kSe9NYyaMMDIhlDJBz9CIilQmjDF5_m--RFch7AjhkudkhOzcujZWZV-1G1y0Fq8cnNyqq1sHxbqqq1i5gOMWfLfZ4uVihl9d_PHwhZfgoze-Pqy-uMZDj98jdCZ24PC0Leo-VOEaXZRFHdzNScfo8_HhY_acLN6e5rPpIjGc8phQrqhQGV1nzpVKlbklMi1zKoxQJhtK5sJxJSgvMmZS4iTha8OtsVYyo4ZKY3R3vLsH_925EPXOdzA8ETRLWZ5m2YBhSJFjyoAPAVyp91A1BfSaEn1gqQeW-o-lPrLkvys8Z9Q</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2429477154</pqid></control><display><type>article</type><title>Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis</title><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>Lee, JooChan ; Choi, HyunPyo ; Kim, JangHoon ; Kim, JunWon ; Jung, DaUn ; Shin, JiHo ; Seo, JungTaek</creator><creatorcontrib>Lee, JooChan ; Choi, HyunPyo ; Kim, JangHoon ; Kim, JunWon ; Jung, DaUn ; Shin, JiHo ; Seo, JungTaek</creatorcontrib><description>Cyberattacks on the Industrial Control System (ICS) have recently been increasing, made more intelligent by advancing technologies. As such, cybersecurity for such systems is attracting attention. As a core element of control devices, the Programmable Logic Controller (PLC) in an ICS carries out on-site control over the ICS. A cyberattack on the PLC will cause damages on the overall ICS, with Stuxnet and Duqu as the most representative cases. Thus, cybersecurity for PLCs is considered essential, and many researchers carry out a variety of analyses on the vulnerabilities of PLCs as part of preemptive efforts against attacks. In this study, a vulnerability analysis was conducted on the XGB PLC. Security vulnerabilities were identified by analyzing the network protocols and memory structure of PLCs and were utilized to launch replay attack, memory modulation attack, and FTP/Web service account theft for the verification of the results. Based on the results, the attacks were proven to be able to cause the PLC to malfunction and disable it, and the identified vulnerabilities were defined.</description><identifier>ISSN: 1546-2226</identifier><identifier>ISSN: 1546-2218</identifier><identifier>EISSN: 1546-2226</identifier><identifier>DOI: 10.32604/cmc.2020.011251</identifier><language>eng</language><publisher>Henderson: Tech Science Press</publisher><subject>Control systems ; Cybersecurity ; File servers ; Industrial electronics ; Integrated circuits ; Preempting ; Programmable logic controllers ; Protocol (computers) ; Structural analysis ; Theft ; Web services</subject><ispartof>Computers, materials &amp; continua, 2020-01, Vol.65 (1), p.53-67</ispartof><rights>2020. This work is licensed under https://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c313t-13815871b7eef88f9d064f915c58c726095e38513a72c40e603bc3dcdd62c8003</citedby></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27901,27902</link.rule.ids></links><search><creatorcontrib>Lee, JooChan</creatorcontrib><creatorcontrib>Choi, HyunPyo</creatorcontrib><creatorcontrib>Kim, JangHoon</creatorcontrib><creatorcontrib>Kim, JunWon</creatorcontrib><creatorcontrib>Jung, DaUn</creatorcontrib><creatorcontrib>Shin, JiHo</creatorcontrib><creatorcontrib>Seo, JungTaek</creatorcontrib><title>Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis</title><title>Computers, materials &amp; continua</title><description>Cyberattacks on the Industrial Control System (ICS) have recently been increasing, made more intelligent by advancing technologies. As such, cybersecurity for such systems is attracting attention. As a core element of control devices, the Programmable Logic Controller (PLC) in an ICS carries out on-site control over the ICS. A cyberattack on the PLC will cause damages on the overall ICS, with Stuxnet and Duqu as the most representative cases. Thus, cybersecurity for PLCs is considered essential, and many researchers carry out a variety of analyses on the vulnerabilities of PLCs as part of preemptive efforts against attacks. In this study, a vulnerability analysis was conducted on the XGB PLC. Security vulnerabilities were identified by analyzing the network protocols and memory structure of PLCs and were utilized to launch replay attack, memory modulation attack, and FTP/Web service account theft for the verification of the results. Based on the results, the attacks were proven to be able to cause the PLC to malfunction and disable it, and the identified vulnerabilities were defined.</description><subject>Control systems</subject><subject>Cybersecurity</subject><subject>File servers</subject><subject>Industrial electronics</subject><subject>Integrated circuits</subject><subject>Preempting</subject><subject>Programmable logic controllers</subject><subject>Protocol (computers)</subject><subject>Structural analysis</subject><subject>Theft</subject><subject>Web services</subject><issn>1546-2226</issn><issn>1546-2218</issn><issn>1546-2226</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><sourceid>BENPR</sourceid><recordid>eNpNkEtPwzAQhC0EEqVw52iJc4ofseMcq4pHpQKVgF6t1HbalCQua0co_57Q9sBpdqTZ1c6H0C0lE84kSe9NYyaMMDIhlDJBz9CIilQmjDF5_m--RFch7AjhkudkhOzcujZWZV-1G1y0Fq8cnNyqq1sHxbqqq1i5gOMWfLfZ4uVihl9d_PHwhZfgoze-Pqy-uMZDj98jdCZ24PC0Leo-VOEaXZRFHdzNScfo8_HhY_acLN6e5rPpIjGc8phQrqhQGV1nzpVKlbklMi1zKoxQJhtK5sJxJSgvMmZS4iTha8OtsVYyo4ZKY3R3vLsH_925EPXOdzA8ETRLWZ5m2YBhSJFjyoAPAVyp91A1BfSaEn1gqQeW-o-lPrLkvys8Z9Q</recordid><startdate>20200101</startdate><enddate>20200101</enddate><creator>Lee, JooChan</creator><creator>Choi, HyunPyo</creator><creator>Kim, JangHoon</creator><creator>Kim, JunWon</creator><creator>Jung, DaUn</creator><creator>Shin, JiHo</creator><creator>Seo, JungTaek</creator><general>Tech Science Press</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope></search><sort><creationdate>20200101</creationdate><title>Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis</title><author>Lee, JooChan ; Choi, HyunPyo ; Kim, JangHoon ; Kim, JunWon ; Jung, DaUn ; Shin, JiHo ; Seo, JungTaek</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c313t-13815871b7eef88f9d064f915c58c726095e38513a72c40e603bc3dcdd62c8003</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>Control systems</topic><topic>Cybersecurity</topic><topic>File servers</topic><topic>Industrial electronics</topic><topic>Integrated circuits</topic><topic>Preempting</topic><topic>Programmable logic controllers</topic><topic>Protocol (computers)</topic><topic>Structural analysis</topic><topic>Theft</topic><topic>Web services</topic><toplevel>online_resources</toplevel><creatorcontrib>Lee, JooChan</creatorcontrib><creatorcontrib>Choi, HyunPyo</creatorcontrib><creatorcontrib>Kim, JangHoon</creatorcontrib><creatorcontrib>Kim, JunWon</creatorcontrib><creatorcontrib>Jung, DaUn</creatorcontrib><creatorcontrib>Shin, JiHo</creatorcontrib><creatorcontrib>Seo, JungTaek</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><jtitle>Computers, materials &amp; continua</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Lee, JooChan</au><au>Choi, HyunPyo</au><au>Kim, JangHoon</au><au>Kim, JunWon</au><au>Jung, DaUn</au><au>Shin, JiHo</au><au>Seo, JungTaek</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis</atitle><jtitle>Computers, materials &amp; continua</jtitle><date>2020-01-01</date><risdate>2020</risdate><volume>65</volume><issue>1</issue><spage>53</spage><epage>67</epage><pages>53-67</pages><issn>1546-2226</issn><issn>1546-2218</issn><eissn>1546-2226</eissn><abstract>Cyberattacks on the Industrial Control System (ICS) have recently been increasing, made more intelligent by advancing technologies. As such, cybersecurity for such systems is attracting attention. As a core element of control devices, the Programmable Logic Controller (PLC) in an ICS carries out on-site control over the ICS. A cyberattack on the PLC will cause damages on the overall ICS, with Stuxnet and Duqu as the most representative cases. Thus, cybersecurity for PLCs is considered essential, and many researchers carry out a variety of analyses on the vulnerabilities of PLCs as part of preemptive efforts against attacks. In this study, a vulnerability analysis was conducted on the XGB PLC. Security vulnerabilities were identified by analyzing the network protocols and memory structure of PLCs and were utilized to launch replay attack, memory modulation attack, and FTP/Web service account theft for the verification of the results. Based on the results, the attacks were proven to be able to cause the PLC to malfunction and disable it, and the identified vulnerabilities were defined.</abstract><cop>Henderson</cop><pub>Tech Science Press</pub><doi>10.32604/cmc.2020.011251</doi><tpages>15</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 1546-2226
ispartof Computers, materials & continua, 2020-01, Vol.65 (1), p.53-67
issn 1546-2226
1546-2218
1546-2226
language eng
recordid cdi_proquest_journals_2429477154
source Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals
subjects Control systems
Cybersecurity
File servers
Industrial electronics
Integrated circuits
Preempting
Programmable logic controllers
Protocol (computers)
Structural analysis
Theft
Web services
title Identifying and Verifying Vulnerabilities through PLC Network Protocol and Memory Structure Analysis
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-09T08%3A13%3A55IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Identifying%20and%20Verifying%20Vulnerabilities%20through%20PLC%20Network%20Protocol%20and%20Memory%20Structure%20Analysis&rft.jtitle=Computers,%20materials%20&%20continua&rft.au=Lee,%20JooChan&rft.date=2020-01-01&rft.volume=65&rft.issue=1&rft.spage=53&rft.epage=67&rft.pages=53-67&rft.issn=1546-2226&rft.eissn=1546-2226&rft_id=info:doi/10.32604/cmc.2020.011251&rft_dat=%3Cproquest_cross%3E2429477154%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2429477154&rft_id=info:pmid/&rfr_iscdi=true