Logo des Repositoriums
 

No Attacks Are Available: Securing the OpenPLC and Related Systems

dc.contributor.authorAlsabbagh, Wael
dc.contributor.authorKim, Chaerin
dc.contributor.authorLangendörfer, Peter
dc.contributor.editorKlein, Maike
dc.contributor.editorKrupka, Daniel
dc.contributor.editorWinter, Cornelia
dc.contributor.editorWohlgemuth, Volker
dc.date.accessioned2023-11-29T14:50:26Z
dc.date.available2023-11-29T14:50:26Z
dc.date.issued2023
dc.description.abstractThe use of Programmable Logic Controllers (PLCs) expands in industrial domains, which makes ensuring the security of Industrial Control Systems (ICSs) become paramount. The OpenPLC project, the first open-source initiative, provides flexible and cost-effective PLC solutions to build up affordable test-beds, as well as conduct experiments and academic researches. This project has wildly grown in the last few years, thus it is essential to address the most emerging security challenges it encounters. This paper introduces a new OpenPLC architecture, called OpenPLC Aqua, provided with a set of security solutions designed specifically to overcome the vulnerabilities that the current OpenPLC versions are prone to. The new OpenPLC architecture includes four security features: 1) user credentials encryption, securing the Webserver, Whitelisting and secure SSL/TLS communication channel. The OpenPLC Aqua software was tested against several attack scenarios that were feasible against the old OpenPLC versions. Our experimental results showed our enhanced OpenPLC software is secure and resistant against several attack scenarios e.g., authentication, injection, Man-in-the- Middle and replay attacks. The OpenPLC Aqua is publicly available and a proof of concept demo is also published with this paper.en
dc.identifier.doi10.18420/inf2023_206
dc.identifier.isbn978-3-88579-731-9
dc.identifier.pissn1617-5468
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/43137
dc.language.isoen
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofINFORMATIK 2023 - Designing Futures: Zukünfte gestalten
dc.relation.ispartofseriesLecture Notes in Informatics (LNI) - Proceedings, Volume P-337
dc.subjectOpenPLC
dc.subjectSecurity Solutions
dc.subjectMitigation Solutions
dc.subjectIndustrial Control Systems
dc.titleNo Attacks Are Available: Securing the OpenPLC and Related Systemsen
dc.typeText/Conference Paper
gi.citation.endPage2096
gi.citation.publisherPlaceBonn
gi.citation.startPage2085
gi.conference.date26.-29. September 2023
gi.conference.locationBerlin
gi.conference.sessiontitleWirtschaft, Management Industrie - 8th Industrial Automation and Control Systems Standardization Workshop (IACS 2023)

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
09_06_08_Alsabbagh.pdf
Größe:
1019.02 KB
Format:
Adobe Portable Document Format