Towards Obfuscation of Programmable Logic Controllers

Recently published scan data on Shodan shows how 105K IndustrialControl Systems (ICSs) around the world are directly accessiblefrom the Internet. In particular, highly sensitive components, suchas Programmable Logic Controllers (PLCs), are potentially accessibleto attackers who can implement several kinds of attacks. On theother hand, to accomplish non-trivial cyber-physical attacks theattacker must possess a sufficient degree of process comprehensionon the physical processes within the target ICS.In this paper, we explore the feasibility of designing obfuscationstrategies to prevent the attacker from comprehending the behaviorof the physical process within an ICS by accessing PLC memoryregisters. We propose two generic obfuscation strategies for PLCmemories, involving memory registers, PLC code, and simulatedphysical processes controlled by the obfuscated PLCs. We thenmeasure the effectiveness of the proposed obfuscation strategies interms of potency, resilience, and cost on a non-trivial case study.