https://www.mdu.se/

mdu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Exploring Security in PROFINET IO
ABB AB, Corporate Research.ORCID iD: 0000-0002-7159-7508
Mälardalen University, School of Innovation, Design and Engineering.ORCID iD: 0000-0002-2419-2735
2009 (English)In: Proceedings - International Computer Software and Applications Conference, vol. 1, 2009, , p. 7p. 406-412Conference paper, Published paper (Refereed)
Abstract [en]

In this paper we show that it is possible to attack and gain control over PROFINET IO nodes and also that this can be done without any of the communicating peers detecting the attack. Analysis of attacks in both shared and packet switched networks show that the attacker can control the process data and thus the state of the machines connected to the I/O modules.

As the security risks are increasing in automation with the level of vertical and horizontal integration, the concept of security modules is proposed towards a method to retrofit security in PROFINET IO. The concept of security modules can be applied without changing anything in the underlying transmission system and is extendable if and when new security threats are identified.

Place, publisher, year, edition, pages
2009. , p. 7p. 406-412
Series
33rd Annual IEEE International Computer Software and Applications Conference, ISSN 0730-3157 ; 1
Keywords [en]
PROFINET IO, network security, attack, security modules
National Category
Engineering and Technology
Identifiers
URN: urn:nbn:se:mdh:diva-7301DOI: 10.1109/COMPSAC.2009.61ISI: 000274261400055Scopus ID: 2-s2.0-70449642862ISBN: 9780769537269 (print)OAI: oai:DiVA.org:mdh-7301DiVA, id: diva2:240883
Conference
2009 33rd Annual IEEE International Computer Software and Applications Conference, COMPSAC 2009; Seattle, WA; United States; 20 July 2009 through 24 July 2009
Available from: 2009-09-30 Created: 2009-09-30 Last updated: 2014-05-16Bibliographically approved
In thesis
1. On Security in Safety-Critical Process Control
Open this publication in new window or tab >>On Security in Safety-Critical Process Control
2009 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

This Licentiate thesis is about security in automation networks with emphasis on fieldbus communication. In the process industry, network and system security have become even more important since the introduction of Ethernet-based fieldbus protocols. As an example, a successful attack on a power plant, supporting large cities with energy, could result in a temporal but total power loss. Such attacks could be devastating for the society. The security threats are real, and motivations for attacking industrial communication systems may be political or economical.

The visions of autonomous systems, which can be supervised, diagnosed and maintained from remote is not far from reality, but stress the need for security and safety measures. Wired fieldbus protocols are mature when it comes to safety and there are existing standards for safe communication. In a setup like an autonomous system security measures over safe communication has to be taken into account.

The state-of-the-art in automation security is to use firewalls to restrict incoming and outgoing traffic to the networks. Firewalls can be deployed between different automation networks, i.e. server, control, and fieldbus networks, and even protect a single automation cell with a dedicated firewall. If an adversary can penetrate the perimeter defenses, no other security countermeasures exist in process automation to protect the safety-critical communication from sabotage.

In this thesis we initially explore the possibilities of security attacks on the automation protocols PROFINET IO and PROFIsafe. We show that it is possible to attack safety-related communication to take control of safety-critical fieldbus nodes. We propose the concept of Security Modules in combination with PROFINET IO and PROFIsafe to achieve safe and secure real-time fieldbus communication.

Place, publisher, year, edition, pages
Västerås: Mälardalen University, 2009
Series
Mälardalen University Press Licentiate Theses, ISSN 1651-9256 ; 110
National Category
Information Systems
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-7334 (URN)978-91-86135-42-3 (ISBN)
Presentation
2009-11-13, Kappa, Mälardalens högskola, Västerås, 13:15 (English)
Opponent
Supervisors
Available from: 2009-10-14 Created: 2009-10-08 Last updated: 2018-01-13Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Åkerberg, JohanBjörkman, Mats

Search in DiVA

By author/editor
Åkerberg, JohanBjörkman, Mats
By organisation
School of Innovation, Design and Engineering
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 303 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf