Remote field device fingerprinting using device-specific modbus information

Anastasis Keliris, Michail Maniatakos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Device fingerprinting can provide useful information for vulnerability assessment and penetration testing, and can also facilitate the reconnaissance phase of a malicious campaign. This information becomes critical when the target devices are deployed in industrial environments, given the potential impact of cyber-Attacks on critical infrastructure devices. In this paper, we propose a method for fingerprinting industrial devices that utilize the Modbus protocol. Our technique is based on the observation that implementations of the Modbus protocol differ between vendors. Although the Modbus protocol specification defines a device identification mechanism, several vendors do not implement this mechanism or use different methods for identifying their devices. We utilize these implementation differences, in conjunction with the lack of authentication in the Modbus protocol, to fingerprint remote field devices. We evaluate our proposed methodology on Modbus-enabled devices that are directly connected to the internet and indexed by the Shodan search engine. Our analysis focuses on devices from four vendors used across different industry verticals. We have accurately identified make and model information for 308 devices, improving the fingerprinting capabilities of Shodan by 28%.

Original languageEnglish (US)
Title of host publication2016 IEEE 59th International Midwest Symposium on Circuits and Systems, MWSCAS 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781509009169
DOIs
StatePublished - Jul 2 2016
Event59th IEEE International Midwest Symposium on Circuits and Systems, MWSCAS 2016 - Abu Dhabi, United Arab Emirates
Duration: Oct 16 2016Oct 19 2016

Publication series

NameMidwest Symposium on Circuits and Systems
Volume0
ISSN (Print)1548-3746

Other

Other59th IEEE International Midwest Symposium on Circuits and Systems, MWSCAS 2016
CountryUnited Arab Emirates
CityAbu Dhabi
Period10/16/1610/19/16

ASJC Scopus subject areas

  • Electronic, Optical and Magnetic Materials
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Remote field device fingerprinting using device-specific modbus information'. Together they form a unique fingerprint.

  • Cite this

    Keliris, A., & Maniatakos, M. (2016). Remote field device fingerprinting using device-specific modbus information. In 2016 IEEE 59th International Midwest Symposium on Circuits and Systems, MWSCAS 2016 [7870006] (Midwest Symposium on Circuits and Systems; Vol. 0). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/MWSCAS.2016.7870006