OPC DoS Paper at S4
The S4 papers have been pouring in this week as we get ready to send the Proceedings to press. There is some very interesting and impressive work going on out there. I’ll highlight a few of the papers over the next two weeks.
The first paper I’ll preview comes from Germany starting a theme that you will see at S4 that there is a lot of good research around the world getting little publicity.
Ralph Langner’s OPC Exposed - Part 1 paper focuses on OPC Denial of Service conditions. All too often discussion of OPC focuses on the lack of security functionality in the protocol and DCOM, but what if the OPC servers can be easily tipped over using only valid OPC communications?
The highlight of the paper in my opinion is Ralph’s description of three different stress tests that implement different portions of protocol. These tests are run against eight different versions of OPC servers on a variety of operating systems. The results are ugly. Ralph’s paper details the tests and provides results based on Operating System and other factors. He will discuss and demo the tool he designed for the stress tests as well.
The paper also includes some man-in-the-middle attack scenarios and recommendations to increase resiliency against DoS attacks. My guess is a lot of people will be pulling Ralph aside for a private conversation after this talk.
Author: Dale Peterson
Posted: December 6th, 2006 under OPC, S4.
Comments: 2
Comments
Comment from Erik Hjelmvik
Time: December 8, 2006, 5:22 am
I havn’t read Ralph’s paper, so I might have misunderstood what he means by “using only valid OPC communications”. However with proper use of DCOM security (or Web Services Security) an attacker will not even be able to send OPC commands to an OPC server. Hence the OPC-based DoS attacks will not work in these cases.
OPC might be bad in several ways (as for example being dependant on Windows RPC), however it still has a streanght in that it uses an underlying protocol that provides reasonably good security.
However I guess the results in his papers put more pressure on the asset owners to secure their OPC communication properly.
Comment from Dale Peterson
Time: December 8, 2006, 8:47 am
Eric, let me try to clarify. The stress tests in the paper test implementation vulnerabilities of OPC. An OPC server that was developed with sound software development practices should withstand these valid uses of the protocol.
DCOM security is interesting in that many OPC vendors highly discourage the use, and the question is would DCOM security prevent a DoS via these stress tests. As a virtual attendee you can ask Ralph that yourself at the S4 event. We’re looking forward to these kind of discussions in person and virtually.
Write a comment