PropFuzz -- An IT-Security Fuzzing Framework for Proprietary ICS Protocols
This addresses security vulnerabilities in industrial networks for sectors like smart homes and critical infrastructure, but it is incremental as it builds on existing fuzzing techniques for a specific domain.
The paper tackles the security risks in industrial control systems (ICS) by introducing PropFuzz, a fuzzing framework for proprietary ICS protocols, and presents initial security assessment results.
Programmable Logic Controllers are used for smart homes, in production processes or to control critical infrastructures. Modern industrial devices in the control level are often communicating over proprietary protocols on top of TCP/IP with each other and SCADA systems. The networks in which the controllers operate are usually considered as trustworthy and thereby they are not properly secured. Due to the growing connectivity caused by the Internet of Things (IoT) and Industry 4.0 the security risks are rising. Therefore, the demand of security assessment tools for industrial networks is high. In this paper, we introduce a new fuzzing framework called PropFuzz, which is capable to fuzz proprietary industrial control system protocols and monitor the behavior of the controller. Furthermore, we present first results of a security assessment with our framework.