Logo des Repositoriums

No Attacks Are Available: Securing the OpenPLC and Related Systems

Vorschaubild nicht verfügbar

Volltext URI


Text/Conference Paper





ISSN der Zeitschrift



Gesellschaft für Informatik e.V.


The use of Programmable Logic Controllers (PLCs) expands in industrial domains, which makes ensuring the security of Industrial Control Systems (ICSs) become paramount. The OpenPLC project, the first open-source initiative, provides flexible and cost-effective PLC solutions to build up affordable test-beds, as well as conduct experiments and academic researches. This project has wildly grown in the last few years, thus it is essential to address the most emerging security challenges it encounters. This paper introduces a new OpenPLC architecture, called OpenPLC Aqua, provided with a set of security solutions designed specifically to overcome the vulnerabilities that the current OpenPLC versions are prone to. The new OpenPLC architecture includes four security features: 1) user credentials encryption, securing the Webserver, Whitelisting and secure SSL/TLS communication channel. The OpenPLC Aqua software was tested against several attack scenarios that were feasible against the old OpenPLC versions. Our experimental results showed our enhanced OpenPLC software is secure and resistant against several attack scenarios e.g., authentication, injection, Man-in-the- Middle and replay attacks. The OpenPLC Aqua is publicly available and a proof of concept demo is also published with this paper.


Alsabbagh, Wael; Kim, Chaerin; Langendörfer, Peter (2023): No Attacks Are Available: Securing the OpenPLC and Related Systems. INFORMATIK 2023 - Designing Futures: Zukünfte gestalten. DOI: 10.18420/inf2023_206. Bonn: Gesellschaft für Informatik e.V.. PISSN: 1617-5468. ISBN: 978-3-88579-731-9. pp. 2085-2096. Wirtschaft, Management Industrie - 8th Industrial Automation and Control Systems Standardization Workshop (IACS 2023). Berlin. 26.-29. September 2023