Author URLs
Professor Breitinger's Faculty Profile
Professor Breitinger's web page
Professor Breitinger's Full Bibliography
Professor Baggili's Faculty Profile
UNHcFREG (UNH Cyber Forensics Research & Education Group / Lab)
Document Type
Article
Publication Date
2017
Subject: LCSH
Process control, Computer input-output equipment, Computer crimes--Investigation
Disciplines
Computer Engineering | Computer Sciences | Electrical and Computer Engineering | Forensic Science and Technology | Information Security
Abstract
Programmable Logic Controllers (PLCs) are common components implemented across many industries such as manufacturing, water management, travel, aerospace and hospitals to name a few. Given their broad deployment in critical systems, they became and still are a common target for cyber attacks; the most prominent one being Stuxnet. Often PLCs (especially older ones) are only protected by an outer line of defense (e.g., a firewall) but once an attacker gains access to the system or the network, there might not be any other defense layers. In this scenario, a forensic investigator should not rely on the existing software as it might have been compromised. Therefore, we reverse engineered the GE-SRTP network protocol using a GE Fanuc Series 90-30 PLC and provide two major contributions: We first describe the Service Request Transport protocol (GE-SRTP) which was invented by General Electric (GE) and is used by many of their Ethernet connected controllers. Note, to the best of our knowledge, prior to this work, no publicly available documentation on the protocol was available affording users' security by obscurity. Second, based on our understanding of the protocol, we implemented a software application that allows direct network-based communication with the PLC (no intermediate server is needed). While the tool's forensic mode is harmless and only allows for reading registers, we discovered that one can manipulate/write to the registers in its default configuration, e.g., turn off the PLC, or manipulate the items/processes it controls.
DOI
10.1016/j.diin.2017.06.005
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Repository Citation
Denton, George; Karpisek, Filip; Breitinger, Frank; and Baggili, Ibrahim, "Leveraging the SRTP Protocol for Over-the-Network Memory Acquisition of a GE Fanuc Series 90-30" (2017). Electrical & Computer Engineering and Computer Science Faculty Publications. 70.
https://digitalcommons.newhaven.edu/electricalcomputerengineering-facpubs/70
Publisher Citation
Denton, G., Karpisek, F., Breitinger, F., & Baggili, I. (2017). Leveraging the SRTP protocol for over-the-network memory acquisition of a GE Fanuc Series 90-30. Digital Investigation, 22, S26-S38.
Included in
Computer Engineering Commons, Electrical and Computer Engineering Commons, Forensic Science and Technology Commons, Information Security Commons
Comments
© 2017 The Author(s). Published by Elsevier Ltd. on behalf of DFRWS. This is an open access article under CC-BY-NC-ND 4.0
Dr. Baggili was appointed to the University of New Haven’s Elder Family Endowed Chair in 2015.