Skip to content

Klagarge/BachelorThesis-OTSecurity

Repository files navigation


HEI Logo Logo HEI Logo Logo
Bachelor Thesis - OT Security - Rémi Heredero

This repo hosts my Bachelor's thesis about OT Security.

Table of contents

AbstractContent of the ThesisStackCreditsLicense

Abstract

This thesis examines the security of embedded systems in a world where the boundary between IT and OT become increasingly thinner. Traditionally, OT systems were physically isolated to ensure security. However, with the advent of the IoT, these systems are becoming more interconnected, making them more susceptible to cyberattacks.

In response to these evolving challenges, the University of applied Sciences Western Switzerland, HES-SO Valais Wallis overhauled its teaching laboratory dedicated to OT security. This lab will focus on practical, hands-on exercises to help students understand the unique challenges of securing embedded systems.

The primary objective of this thesis was to create realistic attack scenarios for use in these laboratories, with a focus on Modbus communication protocols and wireless systems. These scenarios are designed to help students identify vulnerabilities in OT systems and learn how to secure them effectively.

The thesis centres on two key attacks scenarios. The first is a Man-in-the-Middle attack on Modbus/TCP communication, demonstrating how an attacker can intercept and alter unencrypted messages. This scenario underlines the importance of implementing TLS and verifying digital certificates to mitigate such threats. The second scenario involves a replay attack on a wireless communication system, using the Flipper Zero device to capture and retransmit signals.

Content of the Thesis

(Back to top)

  • Introduction (P.3-4)
  • Impact on Sustainability (P.5)
  • Analysis (P.6-14)
    • Attacks (Sniffing, Spoofing, Denial of Service, Replay, Man in the Middle)
    • Communication media (Modbus, wireless M-bus)
    • Simulation environments (Factory I/O, Home I/O, Minecraft)
  • Attack by Man in the Middle (P.15-24)
    • Environment and requierements
    • Attack on Modbus/TCP
    • Implementation of TLS
    • Attack on Modbus/TLS
  • Attack by Replay (P.25-30)
    • Environment and requierements
    • Attack on Wireless M-Bus
    • Attack on 433MHz transceiver
    • Securits in wireless broadcast isolated device
  • Conclusion (P.31-32)

Full report of this thesis available at 06-pdf/OT_Security-Heredero_Remi-FinalReport.pdf

Man in the Middle attack

The Man-in-the-Middle (MitM) scenario focuses on intercepting, modifying, and forwarding packets to gain control over a Modbus/TCP installation. This protocol, commonly used in industrial settings, was selected for this thesis because it is widely adopted and fulfils the requirement to demonstrate an attack on it. The MitM attack was chosen due to its prevalence and potential for significant impact. It is a comprehensive attack that encompasses several other techniques, such as sniffing and spoofing through ARP poisoning. This scenario assumes that the attacker has already gained access to the network, enabling them to intercept and manipulate the data packets

Main repo for this part are:

Replay attack

The replay attack scenario involves intercepting and resending a message on a wireless connection to trigger the same effect as the original message, like, for example, a garage door opening remote. This scenario is particularly engaging because it can be easily implemented with the Flipper Zero device, making it more interactive and enjoyable for students to witness a physical attack in action. Additionally, it highlights the significance of wireless attacks, a critical topic in the OT world. This scenario operates at the physical layer, providing a complementary perspective to the MitM scenario.

Main repo for this part is:

(Back to top)

Stack

(Back to top)

typst git kali linux wireshark python rust go ettercap iptables scapy flipper zero

home io modbus wireless m-bus

For Go programmation a nice startup is what made cm0x4D for HEI Synd IIot security course. You can find it on https://hei-synd-iiot.github.io/golang/

Credits

(Back to top)

License

(Back to top)

  • The Typst template used is on MIT license.
  • Some Typst module are under Apache 2.0 or GPL 3.0
  • The content of this Thesis is under GPL 3.0

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •