Towards Obfuscation of Programmable Logic Controllers

Recently published scan data on Shodan shows how 105K Industrial Control Systems (ICSs) around the world are directly accessible from the Internet. In particular, highly sensitive components, such as Programmable Logic Controllers (PLCs), are potentially accessible to attackers who can implement several kinds of attacks. On the other hand, to accomplish non-trivial cyber-physical attacks the attacker must possess a suffcient degree of process comprehension on the physical processes within the target ICS. In this paper, we explore the feasibility of designing obfuscation strategies to prevent the attacker from comprehending the behavior of the physical process within an ICS by accessing PLC memory registers. We propose two generic obfuscation strategies for PLC memories, involving memory registers, PLC code, and simulated physical processes controlled by the obfuscated PLCs. We then measure the effectiveness of the proposed obfuscation strategies in terms of potency, resilience, and cost on a non-trivial case study.