Browse Prior Art Database

Usage of Inverse Filtering to Prevent Denial-of-Service Attacks on Network Embedded Devices

IP.com Disclosure Number: IPCOM000196315D
Published in the IP.com Journal: Volume 10 Issue 6A (2010-06-10)
Included in the Prior Art Database: 2010-Jun-10
Document File: 2 page(s) / 93K

Publishing Venue

Siemens

Related People

Juergen Carstens: CONTACT

Abstract

Embedded devices with touch screens based on Human-Machine Interaction (HMI) are usually used in industrial automation. The used Operating Systems are usually based on Linux. Some of the devices support industrial Ethernet standards for automation which means they have an Ethernet port with a MAC (Media Access Control) address and a corresponding IP (Internet Protocol) address dynamically assigned using DHCP (Dynamic Host Configuration Protocol) or statically assigned associated with each device. These panels communicate using the standard TCP/IP (TCP: Transmission Control Protocol) communication stack which is part of the Linux kernel. Under normal circumstances the communication proceeds at a low rate with other Programmable Logic Controllers (PLC), personal computers, etc.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

Usage of Inverse Filtering to Prevent Denial-of-Service Attacks on Network

Embedded Devices

Idea: Carlos de Sa, IN-Bangalore

Embedded devices with touch screens based on Human-Machine Interaction (HMI) a
in industrial automation. The used Operating Systems are usually based on Li
devices support industrial Ethernet standards for automation which means they have an Ethernet po with a MAC (Media Access Control) address and a corresponding IP (Internet Pro
dynamically assigned using DHCP (Dynamic Host Configuration Protocol) or static
associated with each device. These panels communicate using the standard TC
Transmission Control Protocol) communication stack which is part of the Linux ker
circumstances the communication proceeds at a low rate with other Programmable
(PLC), personal computers, etc.

However, since the interface of the standard networks is possibly connected to a sta
network at the customer end, the panel can also be detected by any other device b
ping. Thus, persons with malicious intentions may scan ports of the device to disc
are running on which p
attack as an attacker may simply ping the device at a very high rate preventing any other legiti data from reaching this panel and overloading the panel in terms of processing as
such network requests. Thus, it is possible to achieve that the actual runtime a
runs on freezes or responds very slowly to user commands regardless of whet
actually reaching the device.

Currently, there is no specific solution for this security problem. Specific attacks on sp be handled by way of a software firewall, e.g. using the built-in IP filtering mechanis does still not resolve the issue that the processor has at least to respond to the con interrupt caused by the Ethernet controller. Since network embedded devices usuall processing capabilities such a type of attack results in the Operating System experie lockup state wherein it continuously tries to respond to the network interrupts.

Additionally, such attacks may also be prevented by means of other network prot detect and prevent such an attack at the network level. For examples, Access Cont implemented at the router level. Since the panels are meant for a specific commun exam
panel is beyond its scope and abilities. It is also not possible to predict what the end be.

In order to provide the means to tackle a DOS attack and other malicious routines, proposed in the following. The main intention of the solution is to enable the en interact with the device, perhaps to check the configuration or view past alarm implementing a routine that tells the Ethernet controller to stop processing any m during a DOS attac
handle.

This routine can be based on Address Filtering w
any Ethernet controller. In particular, most Ethernet devices support Inverse Filtering Inverse Filtering mode, the packet filter block accepts incoming frames with a destination ad matching the perfect address, i.e. the MAC address of the device. Thus, in this mo
are meant for this Ethernet d...