Towards understanding Man-on-the-Side Attacks (MotS) in SCADA networks

Peter Maynard, Kieran McLaughlin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

We describe a new class of packet injection attacks called Man-on-the-Side (MotS), previously only seen where state actors have “compromised” a number of telecommunication companies. MotS injection attacks have not been widely investigated in scientific literature, despite having been discussed by news outlets and security blogs. MotS came to attention after the Edward Snowden revelations, which described large scale pervasive monitoring of the Internet's infrastructure. For an advanced adversary attempting to interfere with IT connected systems, the next logical step is to adapt this class of attack to a smaller scale, such as enterprise or critical infrastructure networks. MotS is a weaker form of attack compared to a Man-in-the-Middle (MitM). A MotS attack allows an adversary to read and inject packets, but not modify packets sent by other hosts. This paper presents practical experiments where we have implemented and performed MotS attacks against two testbeds: 1) on HTTP connections, by redirecting a victim to a host controlled by an adversary; and 2) on an Industrial Control network, where we inject falsified command responses to the victim. In both cases, the victims accept the injected packets without generating a suspiciously large number of unusual packets on the network. We then perform an analysis of three leading Network Intrusion Detection Systems (IDSs) to determine whether the attacks are detected, and discuss mitigation methods.

Original languageEnglish
Title of host publicationICETE 2020 - Proceedings of the 17th International Joint Conference on e-Business and Telecommunications
EditorsChristian Callegari, Soon Xin Ng, Panagiotis Sarigiannidis, Sebastiano Battiato, Angel Serrano Sanchez de Leon, Adlen Ksentini, Pascal Lorenz, Mohammad Obaidat, Mohammad Obaidat, Mohammad Obaidat
PublisherSciTePress
Pages287-294
Number of pages8
ISBN (Electronic)9789897584459
ISBN (Print)9789897584466
DOIs
Publication statusPublished - 01 Apr 2020
Event17th International Conference on Security and Cryptography, SECRYPT 2020 - Part of the 17th International Joint Conference on e-Business and Telecommunications, ICETE 2020 - Virtual, Online, France
Duration: 08 Jul 202010 Jul 2020

Publication series

NameProceedings of the International Joint Conference on e-Business and Telecommunications
Volume3
ISSN (Print)2184-7711

Conference

Conference17th International Conference on Security and Cryptography, SECRYPT 2020 - Part of the 17th International Joint Conference on e-Business and Telecommunications, ICETE 2020
Country/TerritoryFrance
CityVirtual, Online
Period08/07/202010/07/2020

Bibliographical note

Publisher Copyright:
Copyright © 2020 by SCITEPRESS - Science and Technology Publications, Lda. All rights reserved

Keywords

  • SCADA
  • ICS
  • IEC 60870-5-104
  • Man-in-the-Middle
  • Man-on-the-Side

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Signal Processing
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Towards understanding Man-on-the-Side Attacks (MotS) in SCADA networks'. Together they form a unique fingerprint.

Cite this