Authors:
Nikolaos Tsalis
;
George Stergiopoulos
;
Evangelos Bitsikas
;
Dimitris Gritzalis
and
Theodore Apostolopoulos
Affiliation:
Information Security & Critical Infrastructure Protection (INFOSEC) Laboratory, Dept. of Informatics, Athens University of Economics and Business and Greece
Keyword(s):
Modbus, Protocol, Side, Channel, Attack, Decision, Tree, Sequence, Unpadded, Cryptography, Scada, TCP.
Related
Ontology
Subjects/Areas/Topics:
Applied Cryptography
;
Cryptographic Techniques and Key Management
;
Data Engineering
;
Databases and Data Security
;
Information and Systems Security
;
Network Security
;
Security Engineering
;
Security in Distributed Systems
;
Security in Information Systems
;
Wireless Network Security
Abstract:
With HMI systems becoming increasingly connected with the internet, more and more critical infrastructures are starting to query PLC/RTU units through the Web through MODBUS ports. Commands sent from such interfaces are inevitably exposed to potential attacks even if encryption measures are in place. During the last decade, side channels have been widely exploited, focusing mostly on information disclosure. In this paper, we show that despite encryption, targeted side channel attacks on encrypted packets may lead to information disclosure of functionality over encrypted TCP/IP running MODBUS RTU protocol. Specifically, we found that any web interface that implements unpadded encryption with specific block cipher modes (e.g. CFB, GCM, OFB and CTR modes) or most stream ciphers (e.g. RC4) to send MODBUS functions over TCP/IP is subject to differential packet size attacks. A major cause for this attack is the very small number of potential MODBUS commands and differences in packet sizes,
which leads to distinctions in traffic. To support the importance of these findings, we conducted research on Shodan looking for relevant devices with open MODBUS ports over TCP/IP that utilize encrypted web traffic. The result was that a significant amount of web interfaces communicate with MODBUS ports and many use unpadded ciphers and SSL with AES-GCM or RC4. We also implemented a PoC on a simulated architecture to validate our attack models.
(More)