Fuzz testing of industrial network protocols in programmable logic controllers
Gormley, James J., III
Nguyen, Thuy D.
MetadataShow full item record
Daily operations of U.S. Navy afloat and ashore systems are heavily reliant on industrial control systems (ICSs) to manage critical infrastructure services. Programmable logic controllers (PLCs) are vital components in these cyber-physical systems. The industrial network protocols used to communicate between nodes in a control network are complex and vulnerable to a myriad of cyber attacks, as reported by Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team. This thesis utilizes protocol fuzz testing techniques to investigate potential vulnerabilities in the Allen-Bradley/Rockwell Automation (AB/RA) MicroLogix 1100 PLC through its implementation of EtherNet/IP, Common Industrial Protocol (CIP), and Programmable Controller Communication Commands (PCCC) communication protocols. This research also examines whether cross-generational vulnerabilities exist in the more advanced AB/RA ControlLogix 1756-L71 PLC. Our results discover several deviations from the EtherNet/IP and PCCC specifications in the MicroLogix 1100 implementation of these protocols. Additionally, we find that a recently disclosed denial-of-service vulnerability that renders the MicroLogix 1100 inoperable does not trigger a similar fault condition in the ControlLogix PLC.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Tacliad, Francisco (Monterey, California: Naval Postgraduate School, 2016-09);EtherNet/IP is an industrial protocol that is built on top of the TCP/IP protocol suite. Though extending TCP/IP connectivity to industrial control systems (ICS) has enabled operators to implement more agile practices, ...
Brown, Justin C. (Monterey, CA; Naval Postgraduate School, 2019-09);Heuristic analysis can reveal honeypots (decoy computer systems doing intelligence gathering) among Internet-connected industrial-control sites. Detectability of honeypots is undesirable, as it enables a careful adversary ...
Desso, Nathan H. (Monterey, California: Naval Postgraduate School, 2014-09);Industrial control systems (ICS) face daily cyber security threats, can have a significant impact to the security of our nation, and present a difficult challenge to defend. Critical infrastructures, including military ...