Papers
Topics
Authors
Recent
Search
2000 character limit reached

Enhancing Modbus TCP Protocol Security with eBPF Technology

Published 9 Dec 2023 in cs.CR | (2312.05665v1)

Abstract: The core component of an Industrial Control System (ICS) is often a Programmable Logic Controller (PLC) combined with various modules. In such systems, the communication between devices is mainly based on the Modbus protocol, which was developed by Modicon (now Schneider Electric) in 1979 as an application-level communication protocol and has become a de facto standard for ICS for the past 40 years. Modbus TCP is a variant of this protocol for communications over the TCP/IP network. However, the Modbus protocol was not designed with security in mind, and the use of plaintext transmissions during communication makes information easily accessible to the attackers, while the lack of an authentication mechanism gives any protocol-compliant device the ability to take over control. In this study, we use the eBPF technology to shift the process of protocol change to the lower level of the operating system, making the change transparent to the existing software, and enhancing the security of the Modbus TCP protocol without affecting the existing software ecosystem as much as possible.

Authors (2)
Definition Search Book Streamline Icon: https://streamlinehq.com
References (11)
  1. M. Organization. Modbus application protocol specification. [Online]. Available: https://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b3.pdf
  2. eBPF.io authors. ebpf documentation. [Online]. Available: https://ebpf.io/what-is-ebpf/
  3. HAProxy. [Online]. Available: https://www.haproxy.org/
  4. Linux Virtual Server project. [Online]. Available: http://www.linuxvirtualserver.org/
  5. T. Høiland-Jørgensen, J. D. Brouer, D. Borkmann, J. Fastabend, T. Herbert, D. Ahern, and D. Miller, “The express data path: Fast programmable packet processing in the operating system kernel,” in Proceedings of the 14th International Conference on Emerging Networking EXperiments and Technologies, ser. CoNEXT ’18.   New York, NY, USA: Association for Computing Machinery, 2018, p. 54–66. [Online]. Available: https://doi.org/10.1145/3281411.3281443
  6. iproute2. [Online]. Available: https://wiki.linuxfoundation.org/networking/iproute2
  7. Q. Monnet. Understanding tc “direct action” mode for BPF. [Online]. Available: https://qmonnet.github.io/whirl-offload/2020/04/11/tc-bpf-direct-action/
  8. I. N. Fovino, A. Carcano, M. Masera, and A. Trombetta, “Design and implementation of a secure modbus protocol,” in Critical Infrastructure Protection III, C. Palmer and S. Shenoi, Eds.   Berlin, Heidelberg: Springer Berlin Heidelberg, 2009, pp. 83–96.
  9. T. Martins and S. V. G. Oliveira, “Enhanced modbus/tcp security protocol: Authentication and authorization functions supported,” Sensors, vol. 22, no. 20, 2022. [Online]. Available: https://www.mdpi.com/1424-8220/22/20/8024
  10. L. Xuan and L. Yongzhong, “Research and implementation of modbus tcp security enhancement protocol,” Journal of Physics: Conference Series, vol. 1213, no. 5, p. 052058, 6 2019. [Online]. Available: https://dx.doi.org/10.1088/1742-6596/1213/5/052058
  11. M. Organization. Modbus tcp security protocol. [Online]. Available: https://modbus.org/docs/MB-TCP-Security-v36_2021-07-30.pdf

Summary

No one has generated a summary of this paper yet.

Sign Up to Summarize

Paper to Video (Beta)

No one has generated a video about this paper yet.

Sign Up to Generate All Videos Subscribe on YouTube

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Generate Now

Collections

Sign up for free to add this paper to one or more collections.

Sign Up