In Proceedings of the 48th IEEE Conference on Local Computer Networks (LCN '23), IEEE, 2023
PDF
Cite
@inproceedings{wrw+23,
author = {Wagner, Eric and Rothaug, Nils and Wolsing, Konrad and Bader, Lennart and Henze, Martin and Wehrle, Klaus},
title = {{Retrofitting Integrity Protection into Unused Header Fields of Legacy Industrial Protocols}},
booktitle = {Proceedings of the 48th IEEE Conference on Local Computer Networks (LCN '23)},
year = {2023},
publisher = {IEEE},
}
Abstract
Industrial networks become increasingly interconnected, which opens the floodgates for cyberattacks on legacy networks designed without security in mind.
Consequently, the vast landscape of legacy industrial communication protocols urgently demands a universal solution to integrate security features retroactively.
However, current proposals are hardly adaptable to new scenarios and protocols, even though most industrial protocols share a common theme:
Due to their progressive development, previously important legacy features became irrelevant and resulting unused protocol fields now offer a unique opportunity for retrofitting security.
Our analysis of three prominent protocols shows that headers offer between 36 and 63 bits of unused space.
To take advantage of this space, we designed the REtrofittable ProtEction Library (RePeL), which supports embedding authentication tags into arbitrary combinations of unused header fields.
We show that RePeL incurs negligible overhead beyond the cryptographic processing, which can be adapted to hit performance targets or fulfill legal requirements.