PropFuzz -- An IT-Security Fuzzing Framework for Proprietary ICS Protocols

TL;DR

PropFuzz is a novel fuzzing framework designed to test the security of proprietary industrial control system protocols, addressing the rising security risks in connected industrial networks.

Contribution

We introduce PropFuzz, a new framework capable of fuzzing proprietary ICS protocols and monitoring controller behavior for security assessment.

Findings

Initial security assessment results demonstrate PropFuzz's effectiveness.

PropFuzz can identify vulnerabilities in proprietary ICS protocols.

Framework supports comprehensive protocol fuzzing and behavior monitoring.

Abstract

Programmable Logic Controllers are used for smart homes, in production processes or to control critical infrastructures. Modern industrial devices in the control level are often communicating over proprietary protocols on top of TCP/IP with each other and SCADA systems. The networks in which the controllers operate are usually considered as trustworthy and thereby they are not properly secured. Due to the growing connectivity caused by the Internet of Things (IoT) and Industry 4.0 the security risks are rising. Therefore, the demand of security assessment tools for industrial networks is high. In this paper, we introduce a new fuzzing framework called PropFuzz, which is capable to fuzz proprietary industrial control system protocols and monitor the behavior of the controller. Furthermore, we present first results of a security assessment with our framework.