As a guest user you are not logged in or recognized by your IP address. You have
access to the Front Matter, Abstracts, Author Index, Subject Index and the full
text of Open Access publications.
The study of cyber-attacks in industrial control systems is of growing interest among the research community. Nevertheless, restricted access to real industrial control systems that can be used to test attacks has limited the study of their implementation and potential impact. In this work, we discuss practical attacks applied to a room-sized water treatment testbed. The testbed includes a complete physical process, industrial communication systems, and supervisory controls. We implement scenarios in which the attacker manipulates or replaces sensor data as reported from the field devices to the control components. As a result, the attacker can change the system state vector as perceived by the controls, which will cause incorrect control decisions and potential catastrophic failures. We discuss practical challenges in setting up Man-In-The-Middle attacks on fieldbus communications in the industrial EtherNet/IP protocol and topologies such as Ethernet rings using the Device-Level-Ring protocol. We show how the attacker can overcome those challenges, and insert herself into the ring. Once established as a Man-in-the-Middle attacker, we launched a range of attacks to modify sensor measurements and manipulate actuators. We show the efficacy of the proposed methodology in two experimental examples, where an adversary can intelligently design attacks that remain undetected for a typical bad-data detection mechanism.
This website uses cookies
We use cookies to provide you with the best possible experience. They also allow us to analyze user behavior in order to constantly improve the website for you. Info about the privacy policy of IOS Press.
This website uses cookies
We use cookies to provide you with the best possible experience. They also allow us to analyze user behavior in order to constantly improve the website for you. Info about the privacy policy of IOS Press.