Identifying Vulnerabilities in Industrial Control System Protocols using Mutation-based Fuzzing

As we are heading towards the future of technological developments, we see that industrial automation is getting to the forefront. The combination of information and operation technology is making remarkable wonders. But the price to be paid for this revolution is the security of old mechanisms as they were not built to work with such advanced systems. Programmable Logic Controllers (PLC) are being used in the industry to control field devices for a long time now. These devices tend to be easy targets for cyber-attacks. Stuxnet and Triton are well-known examples of PLCs being compromised. Many of those PLCs are still working on the proprietary protocols. Through this research, we try to acknowledge the security risks of such proprietary protocols. These protocols are being used by many devices which support ethernet connectivity. We develop a plugin that consists of two utilities: packet sniffer and fuzzing section. The sniffer is used to analyze packets. It studies various header fields which can become a target for manipulation. The information gathered using this sniffer is then fed to the fuzzing section to perform a fuzz test. We implement the mutation-based fuzzing approach to study various security aspects of these protocols. Using this plugin we can study various security risks possessed by protocols. This will further help in securing the communication channels in industrial control systems.