All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”

Leveraging the SRTP protocol for over-the-network memory acquisition of a GE Fanuc Series 90-30

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F17%3APU126449" target="_blank" >RIV/00216305:26230/17:PU126449 - isvavai.cz</a>

  • Result on the web

    <a href="http://www.sciencedirect.com/science/article/pii/S1742287617301925" target="_blank" >http://www.sciencedirect.com/science/article/pii/S1742287617301925</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1016/j.diin.2017.06.005" target="_blank" >10.1016/j.diin.2017.06.005</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Leveraging the SRTP protocol for over-the-network memory acquisition of a GE Fanuc Series 90-30

  • Original language description

    Programmable Logic Controllers (PLCs) are common components implemented across many industries such as manufacturing, water management, travel, aerospace and hospitals to name a few. Given their broad deployment in critical systems, they became and still are a common target for cyber attacks; the most prominent one being Stuxnet. Often PLCs (especially older ones) are only protected by an outer line of defense (e.g., a  firewall) but once an attacker gains access to the system or the network, there might not be any other defense layers. In this scenario, a forensic investigator should not rely on the existing software as it might have been compromised. Therefore, we reverse engineered the GE-SRTP network protocol using a GE Fanuc Series 90-30 PLC and provide two major contributions: We first describe the Service Request Transport protocol (GE-SRTP) which was invented by General Electric (GE) and is used by many of their Ethernet connected controllers. Note, to the best of our knowledge, prior to this work, no publicly available documentation on the protocol was available affording users' security by obscurity. Second, based on our understanding of the protocol, we implemented a software application that allows direct network-based communication with the PLC (no intermediate server is needed). While the tool's forensic mode is harmless and only allows for reading registers, we discovered that one can manipulate/write to the registers in its default configuration, e.g., turn off the PLC, or manipulate the items/processes it controls.

  • Czech name

  • Czech description

Classification

  • Type

    J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

    <a href="/en/project/VG20102015022" target="_blank" >VG20102015022: Modern tools for detection and mitigation of cyber criminality on the New Generation Internet</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2017

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Name of the periodical

    Digital Investigation

  • ISSN

    1742-2876

  • e-ISSN

    1873-202X

  • Volume of the periodical

    2017

  • Issue of the periodical within the volume

    22

  • Country of publishing house

    NL - THE KINGDOM OF THE NETHERLANDS

  • Number of pages

    13

  • Pages from-to

    26-38

  • UT code for WoS article

    000407728500004

  • EID of the result in the Scopus database

    2-s2.0-85026746386