Aye: A Trusted Forensic Method for Firmware Tampering Attacks
The Programmable Logic Controller (PLC) is located at the junction of the virtual network and physical reality in the Industrial Control System (ICS), which is vulnerable to attacks due to its weak security. Specifically, firmware tampering attacks take the firmware under the PLC operating system as...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2023-01-01
|
Series: | Symmetry |
Subjects: | |
Online Access: | https://www.mdpi.com/2073-8994/15/1/145 |
_version_ | 1797436798369005568 |
---|---|
author | Yipeng Zhang Ye Li Zhoujun Li |
author_facet | Yipeng Zhang Ye Li Zhoujun Li |
author_sort | Yipeng Zhang |
collection | DOAJ |
description | The Programmable Logic Controller (PLC) is located at the junction of the virtual network and physical reality in the Industrial Control System (ICS), which is vulnerable to attacks due to its weak security. Specifically, firmware tampering attacks take the firmware under the PLC operating system as the primary attack target. The firmware provides the bridge between PLC’s hardware and software, which means tampering against the firmware can be more destructive and harmful than other attacks. However, existing defense and forensics methods against firmware tampering attacks are asymmetrical, which directly leads to the proliferation of such attacks and the difficulty of forensic tracing. How to accurately, quickly, and efficiently conduct forensics for such attacks is an urgent problem. In this paper, we designed and implemented a reliable detection method based on Joint Test Action Group (JTAG) and memory comparison—Aye, which can detect mainstream firmware tampering attacks reliably. To determine the effectiveness and reliability of Aye, we selected a widely used PLC to observe Aye’s performance in defense and forensics by simulating the two latest PLC firmware tampering attack methods. The experimental results show that Aye can effectively defend against firmware tampering attacks, helping improve the efficiency and accuracy of such attack detection and forensics. |
first_indexed | 2024-03-09T11:07:50Z |
format | Article |
id | doaj.art-1b45a39e1f404c60ad6efd78c389e223 |
institution | Directory Open Access Journal |
issn | 2073-8994 |
language | English |
last_indexed | 2024-03-09T11:07:50Z |
publishDate | 2023-01-01 |
publisher | MDPI AG |
record_format | Article |
series | Symmetry |
spelling | doaj.art-1b45a39e1f404c60ad6efd78c389e2232023-12-01T00:52:32ZengMDPI AGSymmetry2073-89942023-01-0115114510.3390/sym15010145Aye: A Trusted Forensic Method for Firmware Tampering AttacksYipeng Zhang0Ye Li1Zhoujun Li2Department of Computer Science and Engineering, Beihang University, Beijing 100191, ChinaDepartment of Computer Science and Engineering, Beihang University, Beijing 100191, ChinaDepartment of Computer Science and Engineering, Beihang University, Beijing 100191, ChinaThe Programmable Logic Controller (PLC) is located at the junction of the virtual network and physical reality in the Industrial Control System (ICS), which is vulnerable to attacks due to its weak security. Specifically, firmware tampering attacks take the firmware under the PLC operating system as the primary attack target. The firmware provides the bridge between PLC’s hardware and software, which means tampering against the firmware can be more destructive and harmful than other attacks. However, existing defense and forensics methods against firmware tampering attacks are asymmetrical, which directly leads to the proliferation of such attacks and the difficulty of forensic tracing. How to accurately, quickly, and efficiently conduct forensics for such attacks is an urgent problem. In this paper, we designed and implemented a reliable detection method based on Joint Test Action Group (JTAG) and memory comparison—Aye, which can detect mainstream firmware tampering attacks reliably. To determine the effectiveness and reliability of Aye, we selected a widely used PLC to observe Aye’s performance in defense and forensics by simulating the two latest PLC firmware tampering attack methods. The experimental results show that Aye can effectively defend against firmware tampering attacks, helping improve the efficiency and accuracy of such attack detection and forensics.https://www.mdpi.com/2073-8994/15/1/145industrial control system securityprogrammable logic controllerfirmware tampering attackdigital forensicsjoint test action group |
spellingShingle | Yipeng Zhang Ye Li Zhoujun Li Aye: A Trusted Forensic Method for Firmware Tampering Attacks Symmetry industrial control system security programmable logic controller firmware tampering attack digital forensics joint test action group |
title | Aye: A Trusted Forensic Method for Firmware Tampering Attacks |
title_full | Aye: A Trusted Forensic Method for Firmware Tampering Attacks |
title_fullStr | Aye: A Trusted Forensic Method for Firmware Tampering Attacks |
title_full_unstemmed | Aye: A Trusted Forensic Method for Firmware Tampering Attacks |
title_short | Aye: A Trusted Forensic Method for Firmware Tampering Attacks |
title_sort | aye a trusted forensic method for firmware tampering attacks |
topic | industrial control system security programmable logic controller firmware tampering attack digital forensics joint test action group |
url | https://www.mdpi.com/2073-8994/15/1/145 |
work_keys_str_mv | AT yipengzhang ayeatrustedforensicmethodforfirmwaretamperingattacks AT yeli ayeatrustedforensicmethodforfirmwaretamperingattacks AT zhoujunli ayeatrustedforensicmethodforfirmwaretamperingattacks |