摘要
可编程逻辑控制器(Programing Logic Controller,PLC)是一种很常见的工业控制系统(Industrial Control System,ICS)设备,用于接收和处理输入设备的数据以及对输出设备进行控制。作为工业控制系统中的核心设备,PLC一直是攻击者的首选目标,例如针对ICS的“震网”病毒,其主要攻击目标就是PLC。目前,大多数针对PLC的攻击都源于PLC的未授权访问。为了提高PLC设备的安全性,本文对PLC访问控制问题进行研究,对几种访问控制模型进行讨论,其中基于密码的访问控制模型是本文研究的重点,通过使用流量分析和暴力破解的方法,对PLC基于密码的访问控制机制进行安全性分析,展示如何将密码存储在PLC内存中、如何在网络中拦截密码、如何破解密码等。并通过这些漏洞,对ICS系统发起更高级的攻击,例如重放、PLC内存损坏等。最后,针对上述安全问题,本文给出安全防护建议以及总结。
PLC is a very common ICS device that receives and processes data from input devices and controls the output devices.As the core equipment in industrial control systems,PLC has always been the target of choice for attackers.For example,the Stuxnet for ICS,its main target is PLC.Currently,most attacks against PLCs originate from unauthorized access by PLCs.In order to improve the security of PLC equipment,this paper studies the PLC access control problem and discusses several access control models.The password-based access control model is the focus of this paper.Through the traffic analysis and violent cracking methods,this paper analyzes the security of password-based access control mechanism,shows how to store passwords in PLC memory,how to intercept passwords in the network,how to crack passwords,and so on.And through these vulnerabilities,this paper launches more advanced attacks on the ICS system,such as replay,PLC memory corruption,and so on.Finally,in view of the above security issues,this paper gives recommendations and summary of security protection.
作者
缪思薇
余文豪
姚峰
高婧
MIAO Si-wei;YU Wen-hao;YAO Feng;GAO Jing(China Electric Power Research Institute,Beijing 100192,China;State Grid Hebei Electric Power Comapany,Shijiazhuang 050000,China;State Grid Gansu Electric Power Company Information and Communication Company,Lanzhou 730050,China)
出处
《计算机与现代化》
2019年第9期41-45,共5页
Computer and Modernization
基金
国家电网公司资金资助项目(XXB17201700056)
