Formally and Practically Verifying Flow Integrity Properties in Industrial Systems

Abstract : Industrial systems are nowadays regularly the target of cyberattacks, the most famous being Stuxnet. At the same time such systems are increasingly interconnected with other systems and insecure media such as Internet. In contrast to other IT systems, industrial systems often do not only require classical properties like data confidentiality or authentication of the communication, but have special needs due to their interaction with physical world. For example, the reordering or deletion of some commands sent to a machine can cause the system to enter an unsafe state with potentially catastrophic effects. To prevent such attacks, the integrity of the message flow is necessary. We provide a formal definition of Flow Integrity. We apply our definitions to two well-known industrial protocols: OPC-UA and MODBUS. Using TAMARIN, a cryptographic protocol verification tool, we confirm that most of the secure modes of these protocols ensure Flow Integrity given a resilient network. However, we also identify weaknesses in a supposedly secure version of MODBUS, as well as subtleties in the handling of sequence numbers in OPC-UA. We also practically examine an OPC-UA stack named python-opcua, where some of the subtleties are not handled correctly.
Type de document :
Article dans une revue
Computers and Security, Elsevier, 2018, 〈10.1016/j.cose.2018.09.018〉
Liste complète des métadonnées

https://hal.archives-ouvertes.fr/hal-01959766
Contributeur : Pascal Lafourcade <>
Soumis le : mercredi 19 décembre 2018 - 00:37:34
Dernière modification le : jeudi 20 décembre 2018 - 14:03:20

Fichier

cose18.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Jannik Dreier, Maxime Puys, Marie-Laure Potet, Pascal Lafourcade, Jean-Louis Roch. Formally and Practically Verifying Flow Integrity Properties in Industrial Systems. Computers and Security, Elsevier, 2018, 〈10.1016/j.cose.2018.09.018〉. 〈hal-01959766〉

Partager

Métriques

Consultations de la notice

51

Téléchargements de fichiers

14