Controller-aware false data injection against programmable logic controllers

Stephen McLaughlin, Saman Zonouz

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Citations (Scopus)

Abstract

Control systems rely on accurate sensor measurements to safely regulate physical processes. In False Data Injection (FDI) attacks, adversaries inject forged sensor measurements into a control system in hopes of misguiding control algorithms into taking dangerous actions. Traditional FDI attacks mostly require adversaries to know the full system topology, i.e., hundreds or thousands of lines and buses, while having unpredictable consequences. In this paper, we present a new class of FDI attacks directly against individual Programmable Logic Controllers (PLCs), which are ubiquitous in power generation and distribution. Our attack allows the adversary to have only partial information about the victim subsystem, and produces a predictable malicious result. Our attack tool analyzes an I/O trace of the compromised PLCs to produce a set of inputs to achieve the desired PLC outputs, i.e., the system behavior. It proceeds in two steps. First, our tool constructs a model of the PLC's internal logic from the I/O traces. Second, it searches for a set of inputs that cause the model to calculate the desired malicious behavior. We evaluate our tool against a set of representative control systems and show that it is a practical threat against insecure sensor configurations.

Original languageEnglish
Title of host publication2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages848-853
Number of pages6
ISBN (Print)9781479949342
DOIs
StatePublished - Jan 12 2015
Event2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014 - Venice, Italy
Duration: Nov 3 2014Nov 6 2014

Other

Other2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014
CountryItaly
CityVenice
Period11/3/1411/6/14

Fingerprint

Programmable logic controllers
control system
Controllers
Control systems
Sensors
subsystem
threat
Power generation
cause
Topology

ASJC Scopus subject areas

  • Communication
  • Computer Networks and Communications
  • Computer Science Applications

Cite this

McLaughlin, S., & Zonouz, S. (2015). Controller-aware false data injection against programmable logic controllers. In 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014 (pp. 848-853). [7007754] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SmartGridComm.2014.7007754

Controller-aware false data injection against programmable logic controllers. / McLaughlin, Stephen; Zonouz, Saman.

2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014. Institute of Electrical and Electronics Engineers Inc., 2015. p. 848-853 7007754.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

McLaughlin, S & Zonouz, S 2015, Controller-aware false data injection against programmable logic controllers. in 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014., 7007754, Institute of Electrical and Electronics Engineers Inc., pp. 848-853, 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014, Venice, Italy, 11/3/14. https://doi.org/10.1109/SmartGridComm.2014.7007754
McLaughlin S, Zonouz S. Controller-aware false data injection against programmable logic controllers. In 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014. Institute of Electrical and Electronics Engineers Inc. 2015. p. 848-853. 7007754 https://doi.org/10.1109/SmartGridComm.2014.7007754
McLaughlin, Stephen ; Zonouz, Saman. / Controller-aware false data injection against programmable logic controllers. 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014. Institute of Electrical and Electronics Engineers Inc., 2015. pp. 848-853
@inproceedings{165c13522eea40328325b054b327b4fb,
title = "Controller-aware false data injection against programmable logic controllers",
abstract = "Control systems rely on accurate sensor measurements to safely regulate physical processes. In False Data Injection (FDI) attacks, adversaries inject forged sensor measurements into a control system in hopes of misguiding control algorithms into taking dangerous actions. Traditional FDI attacks mostly require adversaries to know the full system topology, i.e., hundreds or thousands of lines and buses, while having unpredictable consequences. In this paper, we present a new class of FDI attacks directly against individual Programmable Logic Controllers (PLCs), which are ubiquitous in power generation and distribution. Our attack allows the adversary to have only partial information about the victim subsystem, and produces a predictable malicious result. Our attack tool analyzes an I/O trace of the compromised PLCs to produce a set of inputs to achieve the desired PLC outputs, i.e., the system behavior. It proceeds in two steps. First, our tool constructs a model of the PLC's internal logic from the I/O traces. Second, it searches for a set of inputs that cause the model to calculate the desired malicious behavior. We evaluate our tool against a set of representative control systems and show that it is a practical threat against insecure sensor configurations.",
author = "Stephen McLaughlin and Saman Zonouz",
year = "2015",
month = "1",
day = "12",
doi = "10.1109/SmartGridComm.2014.7007754",
language = "English",
isbn = "9781479949342",
pages = "848--853",
booktitle = "2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Controller-aware false data injection against programmable logic controllers

AU - McLaughlin, Stephen

AU - Zonouz, Saman

PY - 2015/1/12

Y1 - 2015/1/12

N2 - Control systems rely on accurate sensor measurements to safely regulate physical processes. In False Data Injection (FDI) attacks, adversaries inject forged sensor measurements into a control system in hopes of misguiding control algorithms into taking dangerous actions. Traditional FDI attacks mostly require adversaries to know the full system topology, i.e., hundreds or thousands of lines and buses, while having unpredictable consequences. In this paper, we present a new class of FDI attacks directly against individual Programmable Logic Controllers (PLCs), which are ubiquitous in power generation and distribution. Our attack allows the adversary to have only partial information about the victim subsystem, and produces a predictable malicious result. Our attack tool analyzes an I/O trace of the compromised PLCs to produce a set of inputs to achieve the desired PLC outputs, i.e., the system behavior. It proceeds in two steps. First, our tool constructs a model of the PLC's internal logic from the I/O traces. Second, it searches for a set of inputs that cause the model to calculate the desired malicious behavior. We evaluate our tool against a set of representative control systems and show that it is a practical threat against insecure sensor configurations.

AB - Control systems rely on accurate sensor measurements to safely regulate physical processes. In False Data Injection (FDI) attacks, adversaries inject forged sensor measurements into a control system in hopes of misguiding control algorithms into taking dangerous actions. Traditional FDI attacks mostly require adversaries to know the full system topology, i.e., hundreds or thousands of lines and buses, while having unpredictable consequences. In this paper, we present a new class of FDI attacks directly against individual Programmable Logic Controllers (PLCs), which are ubiquitous in power generation and distribution. Our attack allows the adversary to have only partial information about the victim subsystem, and produces a predictable malicious result. Our attack tool analyzes an I/O trace of the compromised PLCs to produce a set of inputs to achieve the desired PLC outputs, i.e., the system behavior. It proceeds in two steps. First, our tool constructs a model of the PLC's internal logic from the I/O traces. Second, it searches for a set of inputs that cause the model to calculate the desired malicious behavior. We evaluate our tool against a set of representative control systems and show that it is a practical threat against insecure sensor configurations.

UR - http://www.scopus.com/inward/record.url?scp=84922439086&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84922439086&partnerID=8YFLogxK

U2 - 10.1109/SmartGridComm.2014.7007754

DO - 10.1109/SmartGridComm.2014.7007754

M3 - Conference contribution

SN - 9781479949342

SP - 848

EP - 853

BT - 2014 IEEE International Conference on Smart Grid Communications, SmartGridComm 2014

PB - Institute of Electrical and Electronics Engineers Inc.

ER -