IT security extensions for PROFINET

Niemann, Karl-Heinz

doi:10.1109/indin41052.2019.8972209

Cited by 9 publications

(7 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Security Class 2 and 3 extensions target cases where an (active or passive) attacker may inject, manipulate, or read messages on the network [20]. Currently, these types of attacks are countered by a zone concept, which strictly limits the access to network zones.…”

Section: B Discussion and Related Workmentioning

confidence: 99%

“…The security extensions improve this situation by providing state-of-the-art cryptographic protection for PROFINET messages. However, PROFINET Security is just one building block, and further measures (outside the scope of the PROFINET specification) are necessary for holistic security [15].…”

Section: B Discussion and Related Workmentioning

confidence: 99%

“…We start by providing a conceptual overview of PROFINET Security as defined and specified by PI [13]- [15]. A discussion of requirements and attack vectors, as well as the extent to which these can be addressed respectively countered by PROFINET Security can be found in a PI white paper [14].…”

Section: Profinet Security: Conceptual Overviewmentioning

confidence: 99%

See 2 more Smart Citations

PROFINET Security: A Look on Selected Concepts for Secure Communication in the Automation Domain

Walz,

Niemann,

Göppert

et al. 2023

2023 IEEE 21st International Conference on Industrial Informatics (INDIN)

Self Cite

View full text Add to dashboard Cite

We provide a brief overview of the cryptographic security extensions for PROFINET, as defined and specified by PROFIBUS & PROFINET International (PI). These come in three hierarchically defined Security Classes, called Security Class 1, 2 and 3. Security Class 1 provides basic security improvements with moderate implementation impact on PROFINET components. Security Classes 2 and 3, in contrast, introduce an integrated cryptographic protection of PROFINET communication. We first highlight and discuss the security features that the PROFINET specification offers for future PROFINET products. Then, as our main focus, we take a closer look at some of the technical challenges that were faced during the conceptualization and design of Security Class 2 and 3 features. In particular, we elaborate on how secure application relations between PROFINET components are established and how a disruption-free availability of a secure communication channel is guaranteed despite the need to refresh cryptographic keys regularly. The authors are members of the PI Working Group CB/PG10 Security.

show abstract

Section: B Discussion and Related Workmentioning

confidence: 99%

Section: B Discussion and Related Workmentioning

confidence: 99%

See 1 more Smart Citation

PROFINET Security: A Look on Selected Concepts for Secure Communication in the Automation Domain

Walz,

Niemann,

Göppert

et al. 2023

2023 IEEE 21st International Conference on Industrial Informatics (INDIN)

Self Cite

View full text Add to dashboard Cite

show abstract

“…Such a process field bus, which is meant for interfacing decentralized peripherals, where can drastically reduce the wiring costs. However, one of the serious concerns in the Profibus is the authentication issues among the master and slave nodes in the network [365]. Moreover, they are also susceptible to DoS threats, which need isolation from the other devices in the network.…”

Section: ) Profibusmentioning

confidence: 99%

Communications Security in Industry X: A Survey

Ahmad¹,

Rodríguez²,

Kumar³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…A useful performance comparison of eleven TLS cyphers suites is provided by [14]. Of the hard real time protocols in existence, [15] take issue with the security of EtherCAT and for PROFINET we observe a substantial time-gap between the initial voicing of concerns [16] and results from the relevant specification committees [17].…”

Section: B Relevant Workmentioning

confidence: 99%

Towards Securing Hard Real-Time Networked Embedded Devices and Systems: a cBPF Implementation for an FPGA

Doran,

Schneider,

Leibundgut

et al. 2023

2023 IEEE 28th International Conference on Emerging Technologies and Factory Automation (ETFA)

View full text Add to dashboard Cite

In this body of work, we describe preliminary work in implementing a Berkely Packet Filter in its original conception, in an FPGA. The purpose is packet filtering and ingress traffic shaping in security-relevant applications in distributed embedded nodes. We specifically target PROFINET nodes in hard-real-time applications where network security is a known issue. We describe the motivation, implementation and verification including performance characteristics. We posit that such a filter can be used to not only for protection against simple denial-of-service attacks but also for ingress protocol management and be used in the implementation of system-wide security policies.

show abstract

IT security extensions for PROFINET

Cited by 9 publications

References 9 publications

PROFINET Security: A Look on Selected Concepts for Secure Communication in the Automation Domain

PROFINET Security: A Look on Selected Concepts for Secure Communication in the Automation Domain

Communications Security in Industry X: A Survey

Towards Securing Hard Real-Time Networked Embedded Devices and Systems: a cBPF Implementation for an FPGA

Contact Info

Product

Resources

About