2 research outputs found
Efficient Passive ICS Device Discovery and Identification by MAC Address Correlation
Owing to a growing number of attacks, the assessment of Industrial Control
Systems (ICSs) has gained in importance. An integral part of an assessment is
the creation of a detailed inventory of all connected devices, enabling
vulnerability evaluations. For this purpose, scans of networks are crucial.
Active scanning, which generates irregular traffic, is a method to get an
overview of connected and active devices. Since such additional traffic may
lead to an unexpected behavior of devices, active scanning methods should be
avoided in critical infrastructure networks. In such cases, passive network
monitoring offers an alternative, which is often used in conjunction with
complex deep-packet inspection techniques. There are very few publications on
lightweight passive scanning methodologies for industrial networks. In this
paper, we propose a lightweight passive network monitoring technique using an
efficient Media Access Control (MAC) address-based identification of industrial
devices. Based on an incomplete set of known MAC address to device
associations, the presented method can guess correct device and vendor
information. Proving the feasibility of the method, an implementation is also
introduced and evaluated regarding its efficiency. The feasibility of
predicting a specific device/vendor combination is demonstrated by having
similar devices in the database. In our ICS testbed, we reached a host
discovery rate of 100% at an identification rate of more than 66%,
outperforming the results of existing tools.Comment: http://dx.doi.org/10.14236/ewic/ICS2018.
LICSTER -- A Low-cost ICS Security Testbed for Education and Research
Unnoticed by most people, Industrial Control Systems (ICSs) control entire
productions and critical infrastructures such as water distribution, smart grid
and automotive manufacturing. Due to the ongoing digitalization, these systems
are becoming more and more connected in order to enable remote control and
monitoring. However, this shift bears significant risks, namely a larger attack
surface, which can be exploited by attackers. In order to make these systems
more secure, it takes research, which is, however, difficult to conduct on
productive systems, since these often have to operate twenty-four-seven.
Testbeds are mostly very expensive or based on simulation with no real-world
physical process. In this paper, we introduce LICSTER, an open-source low-cost
ICS testbed, which enables researchers and students to get hands-on experience
with industrial security for about 500 Euro. We provide all necessary material
to quickly start ICS hacking, with the focus on low-cost and open-source for
education and research