No Attacks Are Available: Securing the OpenPLC and Related Systems
| dc.contributor.author | Alsabbagh, Wael | |
| dc.contributor.author | Kim, Chaerin | |
| dc.contributor.author | Langendörfer, Peter | |
| dc.contributor.editor | Klein, Maike | |
| dc.contributor.editor | Krupka, Daniel | |
| dc.contributor.editor | Winter, Cornelia | |
| dc.contributor.editor | Wohlgemuth, Volker | |
| dc.date.accessioned | 2023-11-29T14:50:26Z | |
| dc.date.available | 2023-11-29T14:50:26Z | |
| dc.date.issued | 2023 | |
| dc.description.abstract | The use of Programmable Logic Controllers (PLCs) expands in industrial domains, which makes ensuring the security of Industrial Control Systems (ICSs) become paramount. The OpenPLC project, the first open-source initiative, provides flexible and cost-effective PLC solutions to build up affordable test-beds, as well as conduct experiments and academic researches. This project has wildly grown in the last few years, thus it is essential to address the most emerging security challenges it encounters. This paper introduces a new OpenPLC architecture, called OpenPLC Aqua, provided with a set of security solutions designed specifically to overcome the vulnerabilities that the current OpenPLC versions are prone to. The new OpenPLC architecture includes four security features: 1) user credentials encryption, securing the Webserver, Whitelisting and secure SSL/TLS communication channel. The OpenPLC Aqua software was tested against several attack scenarios that were feasible against the old OpenPLC versions. Our experimental results showed our enhanced OpenPLC software is secure and resistant against several attack scenarios e.g., authentication, injection, Man-in-the- Middle and replay attacks. The OpenPLC Aqua is publicly available and a proof of concept demo is also published with this paper. | en |
| dc.identifier.doi | 10.18420/inf2023_206 | |
| dc.identifier.isbn | 978-3-88579-731-9 | |
| dc.identifier.pissn | 1617-5468 | |
| dc.identifier.uri | https://dl.gi.de/handle/20.500.12116/43137 | |
| dc.language.iso | en | |
| dc.publisher | Gesellschaft für Informatik e.V. | |
| dc.relation.ispartof | INFORMATIK 2023 - Designing Futures: Zukünfte gestalten | |
| dc.relation.ispartofseries | Lecture Notes in Informatics (LNI) - Proceedings, Volume P-337 | |
| dc.subject | OpenPLC | |
| dc.subject | Security Solutions | |
| dc.subject | Mitigation Solutions | |
| dc.subject | Industrial Control Systems | |
| dc.title | No Attacks Are Available: Securing the OpenPLC and Related Systems | en |
| dc.type | Text/Conference Paper | |
| gi.citation.endPage | 2096 | |
| gi.citation.publisherPlace | Bonn | |
| gi.citation.startPage | 2085 | |
| gi.conference.date | 26.-29. September 2023 | |
| gi.conference.location | Berlin | |
| gi.conference.sessiontitle | Wirtschaft, Management Industrie - 8th Industrial Automation and Control Systems Standardization Workshop (IACS 2023) |
Dateien
Originalbündel
1 - 1 von 1
Vorschaubild nicht verfügbar
- Name:
- 09_06_08_Alsabbagh.pdf
- Größe:
- 1019.02 KB
- Format:
- Adobe Portable Document Format