

#### Leveraging Physical Models for Attacking and Defending PLCs

Luis Garcia 4N6 Cyber Security & Forensics Research Lab ECE Department Rutgers University



# Outline

- Background
- Harvey: Model-Aware Rootkit
  - System Model
  - Physics-Awareness
  - Implementation and Evaluation
- Device-Oriented Verification of CPS
- Conclusions



## Programmable Logic Controllers (PLCs) and Industrial Control Systems (ICSs)



#### What is a Programmable Logic Controller(PLC)?

 The interface between cyber and physical components in many CPS applications



#### What is a Programmable Logic Controller(PLC)?

- The interface between cyber and physical components in many CPS applications
- Contain simple logic code that is easy to verify



#### What is a Programmable Logic Controller(PLC)?

- The interface between cyber and physical components in many CPS applications
- Contain simple logic code that is easy to verify
- Typically the target in CPS attacks
  - E.g., Stuxnet



#### PLC Architecture









In this example, the opening/closing of a circuit breaker in this scenario is controlled by a PLC







A programmer will be allowed to change The PLC configuration as well as the Control logic of the system





#### Network

#### Previous Attacks on PLC's: Stuxnet

- Advanced malware worm that attacked Siemens S7 PLC's and WinCC systems
- Targeted high frequency drives controlling centrifuges
- Caused billions of dollars in damages

#### Going back to our Example ICS...



Network

#### Stuxnet's PLC Attack Overview



#### Stuxnet's PLC Attack Overview



Programmer's PC

#### Stuxnet's PLC Attack Overview



Programmer's PC

#### Prior Efforts to Mitigate Attacks like Stuxnet

- Typically offline, passive solutions
- External solutions for PLCs







#### Hey, My Malware Knows Physics! Attacking PLCs with Physical Model Aware Rootkit

Luis Garcia, Saman Zonouz

ECE Department Rutgers University

Ferdinand Brasser, Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt

Mehmet H. Cintuglu, Osama Mohammed

ECE Department Florida International University

NDSS 2017

#### Harvey: Model-Aware Rootkit

- A rootkit that takes into account the physical topology of the ICS
- Model
  - Uses physical models to optimize control commands for an adversarial objective function
- PLC infection: compromising the PLC's firmware
  - Utilize the firmware update mechanism to replace firmware over the network
  - Local firmware modifications, e.g., SD card or JTAG implantation
  - Run-time attacks, e.g., network exploits or remote code execution vulnerabilities (FrostyURL)



#### System Model



#### Adversary Model

• Stealthiness



#### **Adversary Model**

- Stealthiness
- PLC-only attack



#### **Adversary Model**

- Stealthiness
- PLC-only attack
- Physical model extraction



#### Physics-Awareness: 2-Way Data Manipulation

RUTGERS



#### Back to ICS Example...



#### Back to ICS Example...

Our attack focuses on the interface Between the PLC and it's own I/O Modules (i.e., the interface between The PLC and the underly physical System)



Network

#### Implementing Harvey: Device Selection and Specification

- Allen Bradley
  CompactLogix L1
- Based on Texas
  Instruments Stellaris
  LM3S2793
  Microcontroller
  - Arm Cortex-M3 ISA



#### CompactLogix L1 PLC



#### CompactLogix L1 PLC

- High Value (1) ~ 24 V DC
- Low Value (0) ~ 8 V DC



#### CompactLogix L1 PLC

- High Value (1) ~ 24 V DC
- Low Value (0) ~ 8 V DC



# Analyzing the CompactLogix L1 Firmware Update Files

- There have been prior works that reverse engineer the firmware update procedure of different Allen Bradley PLCs
  - Although these works simply bricked the PLCs, they did provide a means of updating the firmware
- Although we spent a lot of time analyzing the firmware update files, we eventually found that analyzing the dumped memory was more efficient for our goals



## JTAG Debugging

- Joint Test Action Group (JTAG) standard was designed to assist with device, board, and system testing, diagnosis and fault isolation
- Usually one of the first approaches used for reverse engineering efforts





#### Memory Analysis with JTAG





#### Memory Analysis with JTAG

- Used JTAG interface to dump memory for code disassembly
- Used TI Stellaris LM3S2793 data sheet to find memory layout and built-in ROM functions



Static Memory Analysis

- We followed the boot sequence to determine the control flow of the program
- We used the notion that for Cortex-M3 processors, the Reset Handler is located at address 0x000004

| Vectors | DCD            | initial_sp         | ; Top of Stack        |
|---------|----------------|--------------------|-----------------------|
|         | DCD            | Reset_Handler      | ; Reset Handler       |
|         | DCD            | NMI_Handler        | ; NMI Handler         |
|         | DCD            | HardFault_Handler  | ; Hard Fault Handler  |
|         | DCD            | MemManage_Handler  | ; MPU Fault Handler   |
|         | DCD            | BusFault_Handler   | ; Bus Fault Handler   |
|         | DCD            | UsageFault Handler | ; Usage Fault Handler |
|         | [more vectors] |                    |                       |

#### Following the Boot Sequence with IDA Pro

RUTGERS



#### Following the Boot Sequence with IDA Pro

RUTGERS

•

•



38/71

#### Static/Dynamic Analysis for I/O Interception

- Couldn't analyze every possible path to determine I/O interception point
- Halted the CPU (via JTAG) during slow boot-up LED sequence and stepped through execution to see how LEDs values were being updated
  - Memory addresses of LED values led us to ISR's responsible for forwarding GPIO values to and from PLCs



#### Static/Dynamic Analysis for I/O Interception

- Couldn't analyze every possible path to determine I/O interception point
- Halted the CPU (via JTAG) during slow boot-up LED sequence and stepped through execution to see how LEDs values were being updated
  - Memory addresses of LED values led us to ISR's responsible for forwarding GPIO values to and from PLCs



40/71

#### Modified GPIO-Output Update ISR





#### Example Attack Scenario

- Simple logic system:
  - If input ports 0 and 1 are high, then output port 1 is high (AND gate)
  - If input port 0 is low or input port 1 is low, then output port 0 is high (NOR gate)
- This system can represent a safety condition
  - We can only start a process (output port 1) if two safety conditions (input port 0 and input port 1) are met.
     Otherwise, we are in an idle position (output 0)



#### Simple Ladder Logic Program

- Ladder logic is a graphical programming language used to program simple circuit diagrams of relay logic hardware
- The system on the right represents the aforementioned AND and NOR gates
- The programming/ monitoring software, RSLogix 5000, is considered our HMI
  - LEDs and HMI read the updated values from the same addresses in memory



#### **Spoofing Inputs**





- The LEDs/HMI Indicators show that both input ports 0 and 1 are high, so output port 1 is high according to our ladder logic program
- There is no input connected! Output port 0 should be high and port 1 should be low!

#### **Spoofing Outputs**

Hothrevienstthe tabs/Wevlattach invlidencerter to sludpustapbigH0, aabliet fshrows a buv/puct/paget 0 (8.54 V DC)

Similary, the voltage for output port 1 is read as high (24 V DC) despite the indicator showing a low voltage

#### More Advanced Code Injection: PID Controller

- Compiled an open-source PID controller code to determine space constraints
  - Did not have access to proprietary PID ladder logic instruction
  - Code was not optimized/stripped
  - PID implementation may only implement P or PI cases

| Proportional Integral [ | Derivative |
|-------------------------|------------|
| PID                     | ?          |
| Process variable        | ?          |
| PV Data Type            | ?          |
| Tieback                 | ?          |
| Control variable        | ?          |
| CV Data Type            | ?          |
| PID Master Loop         | ?          |
| Inhold bit              | ?          |
| Inhold Value            | ?          |
| Setpoint                | 77         |
| Process Variable        | 22         |
| Output %                | 22         |

Sample PID Code (collapsed) pid\_update PUSH {R4-R6} (collapsed code) STRD.W R3, R4, [R7,#0x30] (collapsed code) ; integration with windup guarding BEO loc\_81D0 LDR R3,=int error ; int error >= windup guard (collapsed code) loc\_81F2 R3,=int\_error ;int\_error-=windup\_guard (collapsed code) loc 81F2 R3,=windup\_guard LDR ;int\_error>windup\_guard ; int error=windup guard (collapsed code) R3,=prev error ; differentiation LDR (collapsed code) STRD.W R3,R4,[R7#0x28] LDR R3,=proportional\_gain ;scaling (collapsed code) BL \_muldf3 (collapsed code) LDR R3,=integral gain LDRD.W R0,R1,[R3] LDR R3,=int\_error (collapsed code) BT. muldf3 (collapsed code) LDR R3,=derivative gain (collapsed code) BT. muldf3 (collapsed code) R2,=control LDR ;summation of terms(control=p+i+d) (collapsed code) LDR R2,=prev\_error ;prev\_error=curr\_error (collapsed code) POP (R4-R7, PC)

Ladder Logic Instruction

#### Assessing Reusable Memory for Malware Injection

- Manually inspected code to determine "available" and "reusable" memory
  - "Reusable": code that is inaccessible due to the control flow of the code and can be overwritten
  - "Available": areas of memory that are not being used
- Available and reusable memory were sufficient enough to implement a PID attack code
  - PID attack code could be much leaner
  - Built-in PID instructions are significantly smaller than attack code



#### **Evaluation on Smart Grid Test Bed**



#### Benign and Malicious Physical Models

#### Benign Optimal Power Flow (bOPF)

 Uses optimal power flow equations of power grid to minimize cost while ensuring safe operation, i.e.,

$$\begin{split} \min_{u} & c(x,u) \\ \text{s.t.} & P_{i}^{g} - P_{i}^{l} = \sum_{k} |V_{i}||V_{k}| (G_{ik}\cos\theta_{ik} + B_{ik}\sin\theta_{ik}) \\ & Q_{i}^{g} - Q_{i}^{l} = \sum_{k \in C} |V_{i}||V_{k}| (G_{ik}\sin\theta_{ik} - B_{ik}\cos\theta_{ik}) \\ & P_{l}^{g} \leq P_{l}^{gmax} \\ & \forall i, j \in N, \ \forall l \in G, \ \forall k \in C \end{split}$$

#### Malicious Optimal Power Flow (mOPF)

 Modified optimal power flow that maximizes cost while disregarding safety constraints, i.e.,

$$\begin{aligned} \max_{u} \quad c(x,u) \\ \text{s.t.} \quad P_{i}^{g} - P_{i}^{l} &= \sum_{k} |V_{i}| |V_{k}| (G_{ik} \cos \theta_{ik} + B_{ik} \sin \theta_{ik}) \\ Q_{i}^{g} - Q_{i}^{l} &= \sum_{k \in C} |V_{i}| |V_{k}| (G_{ik} \sin \theta_{ik} - B_{ik} \cos \theta_{ik}) \\ \forall i, j \in N, \forall l \in G, \forall k \in C \end{aligned}$$

#### PID Controllers for Inner Loops of OPF Models

- Calculated commands of OPF models are used as setpoints to be maintained by inner-loop proportionalintegral-derivative (PID) controllers
- Harvey maintains an benign PID controller and associated set of variables along with a malicious PID controller



### Steady-State System Malicious Attack: Actual Power System Measurements

- Repeated heavy load circuit breaker open/close triggering without loss of power system stability
  - Transmission line is opened/closed several times via a circuit breaker
- Although attack resulted in the system exceeding permissible limits, stability was maintained





### Rutgers

## Steady-State System Malicious Attack: Faked Measurements

- Harvey ran parallel benign model to generate fake legitimatelooking sensor measurements to operators
- Such an attack caused minor perturbations due to equipment operational noise
  - They are shown as minor perturbations within safety limits
  - Such minor perturbations are normally observed



### Adversary-Optimal Control Attack: Actual Power System Measurements

- Optimal malicious attack using real-world control algorithms, mOPF
  - Remove safety margin conditions
  - Replace cost minimization with maximization
  - Predefined stealthy conditions, e.g., "no power generator disconnect from the rest of the power grid"
  - Set nominal frequency reference to 62 Hz



### Rutgers

## Adversary-Optimal Control Attack: Faked Measurements

- Harvey ran benign OPF in parallel and sent fabricated measurements back to HMI
- Similar perturbations were observed



#### Limitations

- Current implementation relies on JTAG implantation
- Accuracy of the physical models are limited to the amount of memory required by the implementations
- For a distributed attack, PLCs cannot rely on network communication
  - Communication relies on sensing and actuating, e.g., side-channel attack

#### Possible Mitigation Solutions for Harvey

- Remote-attestation
  - Verifier to check the software integrity of the system
- Secure boot

RUTGERS

- Trusted platform module to verify by the device itself
- External bump-in-the-wire between PLC and physical plant
  - Monitor sensor-to-PLC and PLC-to-actuator data streams

#### Responsible Disclosure

- We notified Allen Bradley of the possible repercussions of previously demonstrated firmware vulnerabilities
- The company allowed us to publish the details of our work in the Network and Distributed System Symposium (NDSS) 2017 conference

# VERIFICATION OF CYBER-PHYSICAL MODELS

#### Hybrid Systems

#### Hybrid automata: Thermostat example





#### Hybrid Verification of Cyber-Physical Systems





#### Verifying the Transient Stability of Single-Machine Infinite-Bus (SMIB) System





#### Final SMIB Hybrid Program

*init*  $\Rightarrow$  [{*ctrl*; *plant* &*H*}\*](*req*)  $init \equiv P_M = 1 \wedge P_{e,max} = \frac{3}{2} \wedge \omega = 0 \wedge \theta = \arcsin(\frac{P_M}{P_{e,max}})$  $\wedge \theta_{max} = \pi - \theta \wedge \sin(\theta) = \frac{P_M}{P_{e,max}} \wedge \cos(\theta) = \sqrt{1 - \frac{P_m^2}{P_{e,max}^2}}$  $\wedge c = 2P_M \theta_{max} - 2P_{e,max} \cos(\theta)$  $ctrl \equiv (a := P_M - P_{e,max} \sin(\theta))$  $plant \equiv \theta' = \omega, \omega' = a, \sin \theta' = \omega \cos \theta, \cos \theta' = -\omega \sin \theta$  $H \equiv \sin^2 \theta + \cos^2 \theta = 1$  $req \equiv \theta \leq \theta_{max}$ 

Current and Future Work: Extending SMIB Model

 Extending SMIB model to include model for governor of hydro power unit



<sup>64/71</sup> 













#### Conclusion

- We presented Harvey, a PLC rootkit that implements a physicsaware man-in-the-middle attack against cyber-physical control systems
- Harvey damages the underlying physical system while providing the operators with the exact view of the system that they would expect to see following their commands
- We presented device-oriented verification of cyber-physical systems with a focus on the electric power grid using differential dynamic logic

#### Thank You!

Luis Garcia E-mail: l.garcia2@rutgers.edu

## List of Publications

• Journal Articles:

GERS

- Katherine R. Davis, Charles M. Davis, Saman A. Zonouz, Rakesh B. Bobba, Robin Berthier, Luis Garcia, Peter W. Sauer, A Cyber-Physical Modeling and Assessment Framework for Power Grid Infrastructures, IEEE Transactions on Smart Grid, 2015
- Conference/Workshop Articles:
  - Luis Garcia, Henry Senyondo, Stephen McLaughlin, Saman Zonouz, Covert Channel Communication Through Physical Interdependencies in Cyber-Physical Infrastructures, IEEE SmartGridComm, 2014
  - Saman Zonouz, Luis Garcia, TMQ: Threat Model Quantification in Smart Grid Critical Infrastructures, IEEE SmartGridComm, 2014
  - Gabriel Salles-Loustau, Luis Garcia, Kaustubh Joshi, Saman Zonouz, Swirls: Context-Aware Information-Flow-Based Micro-Security Perimeters for Mobile Devices, IEEE/FIP International Conference on Dependable Systems and Networks (DSN), 2016
  - Luis Garcia, Dong Wei, Leandro Pfleger de Aguiar, Saman Zonouz, Detecting PLC Control Corruption via On-Device Runtime Verification, IEEE Resilience Week (RWS), 2016
  - Luis Garcia, Ferdinand Brasser, Mehmet Hazar, Osama Mohammed, Ahmad-Reza Sadeghi, Saman Zonouz, Hey, My Malware Knows Physics!
    Attacking PLCs with Physical Model Aware Rootkit, Network and Distributed System Security Symposium (NDSS), 2017
  - Luis Garcia, Khalil Ghorbal, Saman Zonouz, Transient Stability of Power Systems: A Case Study in Formal Verification, ACM International Conference on Hybrid Systems: Computation and Control (HSCC), 2017
     70/71

