Accession Number : ADA603391


Title :   Programmable Logic Controller Modification Attacks for use in Detection Analysis


Descriptive Note : Master's thesis


Corporate Author : AIR FORCE INSTITUTE OF TECHNOLOGY WRIGHT-PATTERSON AFB OH GRADUATE SCHOOL OF ENGINEERING AND MANAGEMENT


Personal Author(s) : Schuett, Carl D


Full Text : http://www.dtic.mil/get-tr-doc/pdf?AD=ADA603391


Report Date : 27 Mar 2014


Pagination or Media Count : 118


Abstract : Unprotected Supervisory Control and Data Acquisition (SCADA) systems offer promising targets to potential attackers. Field devices, such as Programmable Logic Controllers (PLCs), are of particular concern as they directly control and monitor physical industrial processes. Although attacks targeting SCADA systems have increased, there has been little work exploring the vulnerabilities associated with exploitation of field devices. As attacks increase in sophistication, it is reasonable to expect targeted exploitation of field device firmware. This thesis examines the feasibility of modifying PLC firmware to execute a remotely triggered attack. Such a modification is referred to as a repackaging attack. A general method is used to reverse engineer the firmware to determine its structure. Once understood, the firmware is modified to add an exploitable feature that can remotely disable the PLC. The attacks utilize a variety of triggers and take advantage of already existing functions to exploit the PLC. Notable areas of the firmware are described to demonstrate how they can be used in attack development. The performance of the repackaged firmwares are compared to known unmodified firmwares to determine if the modifications negatively impact performance. Findings demonstrate that repackaging attacks targeting PLCs are feasible and that the repackaged firmware does not impact the PLC s ability to execute programmed tasks. Finally, design recommendations are suggested to help mitigate potential weaknesses in future firmware development.


Descriptors :   *COMPUTER PROGRAMMING , *DETECTION , *INDUSTRIAL PRODUCTION , ATTACK , CONTROL , CONTROL SYSTEMS , DATA ACQUISITION , FEASIBILITY STUDIES , FIELD EQUIPMENT , IMPACT , LOGIC , PROTECTION , REVERSIBLE , TARGETING , TARGETS , THESES , TRIGGER CIRCUITS , VULNERABILITY


Subject Categories : Computer Programming and Software
      Computer Systems Management and Standards


Distribution Statement : APPROVED FOR PUBLIC RELEASE