Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
194 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
46 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Enhancing Modbus TCP Protocol Security with eBPF Technology (2312.05665v1)

Published 9 Dec 2023 in cs.CR

Abstract: The core component of an Industrial Control System (ICS) is often a Programmable Logic Controller (PLC) combined with various modules. In such systems, the communication between devices is mainly based on the Modbus protocol, which was developed by Modicon (now Schneider Electric) in 1979 as an application-level communication protocol and has become a de facto standard for ICS for the past 40 years. Modbus TCP is a variant of this protocol for communications over the TCP/IP network. However, the Modbus protocol was not designed with security in mind, and the use of plaintext transmissions during communication makes information easily accessible to the attackers, while the lack of an authentication mechanism gives any protocol-compliant device the ability to take over control. In this study, we use the eBPF technology to shift the process of protocol change to the lower level of the operating system, making the change transparent to the existing software, and enhancing the security of the Modbus TCP protocol without affecting the existing software ecosystem as much as possible.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (11)
  1. M. Organization. Modbus application protocol specification. [Online]. Available: https://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b3.pdf
  2. eBPF.io authors. ebpf documentation. [Online]. Available: https://ebpf.io/what-is-ebpf/
  3. HAProxy. [Online]. Available: https://www.haproxy.org/
  4. Linux Virtual Server project. [Online]. Available: http://www.linuxvirtualserver.org/
  5. T. Høiland-Jørgensen, J. D. Brouer, D. Borkmann, J. Fastabend, T. Herbert, D. Ahern, and D. Miller, “The express data path: Fast programmable packet processing in the operating system kernel,” in Proceedings of the 14th International Conference on Emerging Networking EXperiments and Technologies, ser. CoNEXT ’18.   New York, NY, USA: Association for Computing Machinery, 2018, p. 54–66. [Online]. Available: https://doi.org/10.1145/3281411.3281443
  6. iproute2. [Online]. Available: https://wiki.linuxfoundation.org/networking/iproute2
  7. Q. Monnet. Understanding tc “direct action” mode for BPF. [Online]. Available: https://qmonnet.github.io/whirl-offload/2020/04/11/tc-bpf-direct-action/
  8. I. N. Fovino, A. Carcano, M. Masera, and A. Trombetta, “Design and implementation of a secure modbus protocol,” in Critical Infrastructure Protection III, C. Palmer and S. Shenoi, Eds.   Berlin, Heidelberg: Springer Berlin Heidelberg, 2009, pp. 83–96.
  9. T. Martins and S. V. G. Oliveira, “Enhanced modbus/tcp security protocol: Authentication and authorization functions supported,” Sensors, vol. 22, no. 20, 2022. [Online]. Available: https://www.mdpi.com/1424-8220/22/20/8024
  10. L. Xuan and L. Yongzhong, “Research and implementation of modbus tcp security enhancement protocol,” Journal of Physics: Conference Series, vol. 1213, no. 5, p. 052058, 6 2019. [Online]. Available: https://dx.doi.org/10.1088/1742-6596/1213/5/052058
  11. M. Organization. Modbus tcp security protocol. [Online]. Available: https://modbus.org/docs/MB-TCP-Security-v36_2021-07-30.pdf

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now