Description
PROFINET is a widely used low-level communication protocol in industrial systems,
enabling fast and reliable data exchange between devices. As industrial networks
become increasingly interconnected with broader IT networks and the internet, the
security risks associated with PROFINET have grown significantly. The protocol itself
lacks built-in security features, as its primary design focus has been reliability and
operational safety. Numerous studies have demonstrated working attacks against PROFINET
systems, clearly highlighting that security is inadequate. To support the evaluation of
the security of PROFINET systems, we see a need for tooling that simplifies interaction
with devices and demonstrates practical, broadly applicable attack scenarios. This work
addresses that need by presenting a tool that facilitates penetration testing of PROFINET
environments and serves as a solid foundation for future security research and development.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching