Programmable Logic Controllers (PLCs) are a core component of an Industrial
Control System (ICS). However, if a PLC is compromised or the commands sent
across a network from the PLCs are spoofed, consequences could be catastrophic.
In this work, a novel technique to authenticate PLCs is proposed that aims at
raising the bar against powerful attackers while being compatible with
real-time systems. The proposed technique captures timing information for each
controller in a non-invasive manner. It is argued that Scan Cycle is a unique
feature of a PLC that can be approximated passively by observing network
traffic. An attacker that spoofs commands issued by the PLCs would deviate from
such fingerprints. To detect replay attacks a PLC Watermarking technique is
proposed. PLC Watermarking models the relationship between the scan cycle and
the control logic by modeling the input/output as a function of
request/response messages of a PLC. The proposed technique is validated on an
operational water treatment plant (SWaT) and smart grid (EPIC) testbed. Results
from experiments indicate that PLCs can be distinguished based on their scan
cycle timing characteristics.

By admin