research-article

ACE: Advanced CIP Evaluator

Authors:

Zachary Birnbaum,

Andrey DolgikhAuthors Info & Claims

CPS-SPC '18: Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy

Pages 90 - 101

https://doi.org/10.1145/3264888.3264891

Published: 15 January 2018 Publication History

Abstract

Industrial control systems (ICS) are key enabling systems that drive the productivity and efficiency of omnipresent industries such as power, gas, water treatment, transportation, and manufacturing. These systems consist of interconnected components that communicate over industrial networks using industrial protocols such as the Common Industrial Protocol (CIP). CIP is one of the most commonly used network-based process control protocols, and utilizes an object-oriented communication structure for device to device interaction. Due to this object-oriented structure, CIP communication reveals detailed information about the devices, the communication patterns, and the system, providing an in-depth view of the system. The details from this in-depth system perspective can be utilized as part of a system cybersecurity or discovery approach. However, due to the variety of commands, corresponding parameters, and variable layer structure of the CIP network layer, processing this layer is a challenging task. This paper presents a tool, Advanced CIP Evaluator (ACE), which passively processes the CIP communication layer and automatically extracts device, communication, and system information from observed network traffic. ACE was tested and verified using a representative ICS power generation testbed. Since ACE operates passively, without generating any network traffic of its own, system operations are not disturbed. This novel tool provides ICS information, such as networked devices, communication patterns, and system operation, at a depth and breadth that is unique compared with other known tools.

References

[1]

2007. The CIP Networks Library Volume 1: Common Industrial Protocol (CIP). Open DeviceNet Vendor Association (ODVA), Ann Arbor.

[2]

2007. The CIP Networks Library Volume 2: Ethernet/IP Adaptation of CIP. Open DeviceNet Vendor Association (ODVA), Ann Arbor.

[3]

Advantech. 2015. EtherNet/IP Supported SCADA Manageable ProView Ethernet Switches. (27 5 2015). www.advantech.com/intelligent-transportation/

[4]

Allen-Bradley. 2016. Logix5000 Controllers I/O and Tag Data. Rockwell Automation.

[5]

P Biondi. 2010. Scapy. (22 4 2010). www.secdev.org/projects/scapy/doc/

[6]

Gerald Combs. 1998. Wireshark. (1998). www.wireshark.org/

[7]

iadgov. 2016. GRASSMARLIN. (2 2 2016). github.com/iadgov/GRASSMARLIN

[8]

Marco Caselli; Dina HadÅ¿iosmanovi Emmanuele Zambon; Frank Kargl. 2013. On the Feasibility of Device Fingerprinting in Indsutrial Control Systems. Critical Information Infrastructures Security.

[9]

Perry Kundert. 2013. Communications Protocol Python Parser and Originator. (2013). https://github.com/pjkundert/cpppo

[10]

Fedor V Yarochkin; Ofir Arkin; Meder Kydyraliev; Shih-Yao Dai; Yennun Huang; Sy-Yen Kuo. 2009. Xprobe2++: Low Volume Remote Network Information Gathering Tool. IEEE/IFIP International Conference on Dependable Systems And Networks.

[11]

Gordon Lyon. 1997. Nmap Security Scanner. (9 1997). nmap.org/

[12]

Ryan Grandgenett; Robin Gandhi; William Mahoney. 2014. Exploitation of Allen Bradley's implementation of EtherNet/IP for denial of service against industrial control systems. 9th International Conference on Cyber Warfare and Security 2014, ICCWS 2014.

[13]

Tend Micro. 2017. Industrial Control System. (2017). www.trendmicro.com/ vinfo/us/security/definition/industrial-control-system

[14]

D C Miller, B; Rowe. 2012. A Survey of SCADA and Critical Infrastructure Incidents. 1st Annual Conference on Research in Information Technology.

Digital Library

[15]

Bradley Mitchell. 2017. The Layers of the OSI Model Illustrated. (7 4 2017). www.lifewire.com/layers-of-the-osi-model-illustrated-818017

[16]

Neo4J. 2012. Neo4J. (2012). neo4j.com/

[17]

ODVA. 2018. ODVA. (16 8 2018). https://www.odva.org/

[18]

ODVA. 2018. ODVA MultiVendor Demo CIP Security. (16 8 2018). https://www.odva.org/Happenings/News/ID/234/ CIP-Security-to-be-Demonstrated-at-SPS-IPC-Drives-2017

[19]

ODVA. 2018. ODVA Standards. (16 8 2018). https://www. odva.org/Technology-Standards/Common-Industrial-Protocol-CIP/ CIP-Specifications-Library

[20]

ODVA. 2018. ODVA Vendor CIP Security. (16 8 2018). https: //www.odva.org/Portals/0/Library/Conference/2015_ODVA_Conference_ Batke-Wiberg-Dube_CIP-Security-Phase-1.pdf

[21]

Process Online. 2017. Industrial Ethernet and wireless growing in market share according to HMS. (6 3 2017). www.processonline.com.au/content/ industrial-networks-buses/news/

[22]

Franka; Konig Hartmut Paul, Andreas; Schuster. 2017. Network Topology Exploration for Industrial Networks. International Conference on Industrial Networks and Intelligent Systems.

[23]

John Rinaldi. 2010. CIP Assemblies - Revisited. (3 3 2010). www.rtaautomation. com/cip-assemblies-revisited/

[24]

V Schiffer. 2016. The Common Industrial Protocol (CIP) and the Family of CIP Networks. Open DeviceNet Vendor Association (ODVA), Ann Arbor.

[25]

Jason Smith. 2018. ICS-pcap. (16 8 2018). https://github.com/automayt/ICS-pcap

[26]

Tenable. 2018. Nessus. (16 8 2018). https://www.tenable.com/products/nessus/ nessus-professional

[27]

Design World. 2017. How HMIs can solve the industrial Ethernet communication problem. (2 2 2017). www.designworldonline.com/ hmis-can-solve-industrial-ethernet-communication-problem/

[28]

Michal Zalewski. 2012. P0F V3: Passive Fingerprinter. (2012). lcamtuf.coredump. cx/p0f3/README

Cited By

Malzahn DBirnbaum ZWright-Hamor C(2020)Automated Vulnerability Testing via Executable Attack Graphs2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)10.1109/CyberSecurity49315.2020.9138852(1-10)Online publication date: Jun-2020
https://doi.org/10.1109/CyberSecurity49315.2020.9138852
Birnbaum ZDavis MSalman SCervini JWatkins LYamajala SPaul S(2020)Cyber-Resilient SCADA Systems via Secure State RestorationCritical Infrastructure Protection XIV10.1007/978-3-030-62840-6_9(183-207)Online publication date: 15-Dec-2020
https://doi.org/10.1007/978-3-030-62840-6_9
S RR RMoharir MG S(2018)SCAPY- A powerful interactive packet manipulation program2018 International Conference on Networking, Embedded and Wireless Systems (ICNEWS)10.1109/ICNEWS.2018.8903954(1-5)Online publication date: Dec-2018
https://doi.org/10.1109/ICNEWS.2018.8903954

Index Terms

ACE: Advanced CIP Evaluator
1. Computer systems organization
  1. Embedded and cyber-physical systems
    1. Sensor networks
2. Networks
  1. Network architectures
  2. Network protocols

Recommendations

A brief look at the security of DeviceNet communication in industrial control systems
CECC 2018: Proceedings of the Central European Cybersecurity Conference 2018

Security is a vital aspect of industrial control systems since they are used in critical infrastructures and manufacturing processes. As demonstrated by the increasing number of emerging exploits, securing such systems is still a challenge as the ...
Towards the protection of industrial control systems: conclusions of a vulnerability analysis of profinet IO
DIMVA'13: Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment

The trend of introducing common information and communication technologies into automation control systems induces besides many benefits new security risks to industrial plants and critical infrastructures. The increasing use of Internet protocols in ...
Cyber attack detection and mitigation: Software Defined Survivable Industrial Control Systems
Abstract
Modern Industrial Control Systems (ICS) constitute complex and heterogeneous ‘system of systems’ embracing the numerous advantages of traditional Information and Communication Technology (ICT). The pervasive integration of off-the-...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CPS-SPC '18: Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy

October 2018

114 pages

ISBN:9781450359924

DOI:10.1145/3264888

General Chairs:
David Lie
University of Toronto, Canada
,
Mohammad Mannan
Concordia University, Canada
,
Program Chairs:
Awais Rashid
University of Bristol, UK
,
Nils Ole Tippenhaeur
CISPA Helmholtz-Zentrum I.G., Saarbrücken, Germany

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 January 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '18

Sponsor:

SIGSAC

CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security

October 15 - 19, 2018

Toronto, Canada

Acceptance Rates

CPS-SPC '18 Paper Acceptance Rate 22 of 10 submissions, 220%;

Overall Acceptance Rate 53 of 66 submissions, 80%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
206
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 25 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Malzahn DBirnbaum ZWright-Hamor C(2020)Automated Vulnerability Testing via Executable Attack Graphs2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)10.1109/CyberSecurity49315.2020.9138852(1-10)Online publication date: Jun-2020
https://doi.org/10.1109/CyberSecurity49315.2020.9138852
Birnbaum ZDavis MSalman SCervini JWatkins LYamajala SPaul S(2020)Cyber-Resilient SCADA Systems via Secure State RestorationCritical Infrastructure Protection XIV10.1007/978-3-030-62840-6_9(183-207)Online publication date: 15-Dec-2020
https://doi.org/10.1007/978-3-030-62840-6_9
S RR RMoharir MG S(2018)SCAPY- A powerful interactive packet manipulation program2018 International Conference on Networking, Embedded and Wireless Systems (ICNEWS)10.1109/ICNEWS.2018.8903954(1-5)Online publication date: Dec-2018
https://doi.org/10.1109/ICNEWS.2018.8903954

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents