Security Issues and Mitigation in Ethernet POWERLINK

Ethernet POWERLINK is an industrial Ethernet protocol created for applications with high degree of determinism, and amongst the closest to real-time (class 3 industrial Ethernet protocol). Consequently, it was developed for efficiency and short cycle times, with no security as it would only slow down the communications. In this paper, we show that most of the common known industrial Ethernet attacks cannot be carried out for Ethernet POWERLINK due to its isochronous real-time characteristics. We also show that it is still possible to perform attacks to affect such a system. We thus present five different attacks: a denial of service, a command insertion for a slave and then for a master, and impersonation of a slave and, finally, of a master. These attacks are afterwards validated on a testbed. We finally present proposals to defend against them without adding any major delay in the cyclic communications, by modifying transitions of the state machines of the protocol.