(2021) vBump: Securing Ethernet-based Industrial Control System Networks with VLAN-based Traffic Aggregation.
|
Text
vBump.pdf Download (756kB) | Preview |
Abstract
Bump-in-the-wire (bump) devices can be used to protect critical endpoints in Industrial Control System (ICS) networks. However, bump devices cannot be used to authenticate incoming broadcast traffic, are complex to manage, and one bump is needed per host. In this work, we propose a virtual bump-like solution called vBump, which allows to insert virtual bumps in front of Ethernet- based legacy ICS devices. The vBumps can be used to limit traffic to whitelisted destinations, inspect all traffic on or above Link- layer like a centralized intrusion detection systems (or monitoring systems), or even police the traffic like a centralized intrusion pre- vention systems. In particular, this also allows the network to apply fine-grained control on traffic between nodes that need to be in the same Link-layer broadcast domain. Compared to traditional bumps, vBumps do not require any changes in physical network topology, and the central server’s global view allows for more informed deci- sion, with less computational constraints. We implement the system in a high-fidelity ICS testbed, and demonstrate its capabilities to support even time-critical protection control traffic in smart grids. Our system can handle traffic rates of 150Mbps with one-way delay of ≈ 1ms.
| Item Type: | Conference or Workshop Item (A Paper) (Paper) |
|---|---|
| Divisions: | Nils Ole Tippenhauer (SCy-Phy) |
| Conference: | UNSPECIFIED |
| Depositing User: | Nils Ole Tippenhauer |
| Date Deposited: | 23 Apr 2022 06:43 |
| Last Modified: | 23 Apr 2022 06:49 |
| Primary Research Area: | NRA3: Threat Detection and Defenses |
| URI: | https://publications.cispa.saarland/id/eprint/3612 |
Actions
Actions (login required)
 |
View Item |