Model-Based Stealth Attack to Networked Control System Based on Real-Time Ethernet

In this article, industrial control systems include networked control systems (NCS), which use real-time Ethernet (RTE) protocols since many years, well before the time sensitive networking initiative debut. Today, ethernet-based control systems are used all across Industry 4.0, including in critical applications, allowing for straight integration with information technology layers. Even if it is known that current RTE protocols do not have strong authentication or ciphering options, it is still very challenging to perform undetected cyber-attacks to these protocols while the NSC is in operation, in particular because such attacks must comply with very strict and small temporal constraints. In this article, a model-based attack is proposed for service degradation of NCS. The attack is carried out in real-time and it can remain undetected for the entire plant life. The attack can be applied to any RTE protocols and, without loss of generality, a detailed analysis of stealth techniques is provided for a specific real use case based on PROFINET. The experimental results demonstrate the feasibility of the proposed attack and its high effectiveness. The article also points out some possible future investigation directions in order to mitigate the attack.