VBump: Securing Ethernet-based Industrial Control System Networks with VLAN-based Traffic Aggregation

Nils Ole Tippenhauer, Binbin Chen, Daisuke Mashima, David M. Nicol

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Bump-in-the-wire (bump) devices can be used to protect critical endpoints in Industrial Control System (ICS) networks. However, bump devices cannot be used to authenticate incoming broadcast traffic, are complex to manage, and one bump is needed per host. In this work, we propose a virtual bump-like solution called vBump, which allows to insert virtual bumps in front of Ethernet-based legacy ICS devices. The vBumps can be used to limit traffic to whitelisted destinations, inspect all traffic on or above Link-layer like a centralized intrusion detection systems (or monitoring systems), or even police the traffic like a centralized intrusion prevention systems. In particular, this also allows the network to apply fine-grained control on traffic between nodes that need to be in the same Link-layer broadcast domain. Compared to traditional bumps, vBumps do not require any changes in physical network topology, and the central server's global view allows for more informed decision, with less computational constraints. We implement the system in a high-fidelity ICS testbed, and demonstrate its capabilities to support even time-critical protection control traffic in smart grids. Our system can handle traffic rates of 150Mbps with one-way delay of ∼1ms.

Original languageEnglish (US)
Title of host publicationCPSIoTSec 2021 - Proceedings of the 2nd Workshop on CPS and IoT Security and Privacy, co-located with CCS 2021
PublisherAssociation for Computing Machinery, Inc
Pages3-14
Number of pages12
ISBN (Electronic)9781450384872
DOIs
StatePublished - Nov 15 2021
Event2nd Workshop on CPS and IoT Security and Privacy, CPSIoTSec 2021, in conjunction with ACM Conference on Computer and Communications Security, CCS 2021 - Virtual, Online, Korea, Republic of
Duration: Nov 15 2021 → …

Publication series

NameCPSIoTSec 2021 - Proceedings of the 2nd Workshop on CPS and IoT Security and Privacy, co-located with CCS 2021

Conference

Conference2nd Workshop on CPS and IoT Security and Privacy, CPSIoTSec 2021, in conjunction with ACM Conference on Computer and Communications Security, CCS 2021
Country/TerritoryKorea, Republic of
CityVirtual, Online
Period11/15/21 → …

Keywords

  • ics security
  • industrial control system
  • traffic filtering
  • vlan

ASJC Scopus subject areas

  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'VBump: Securing Ethernet-based Industrial Control System Networks with VLAN-based Traffic Aggregation'. Together they form a unique fingerprint.

Cite this