Explore a comprehensive case study on fuzzing and protocol analysis of DNP3 (IEEE-1815), the predominant SCADA protocol used in the electric power industry in North America and Australia. Delve into the findings of a 2013-2014 bug campaign that uncovered over thirty vulnerabilities in various DNP3 implementations using a custom smart fuzzer. Examine the protocol structure, review the resulting CVEs, and analyze the complexity of the "DNP3 Secure Authentication" security addendum. Gain insights into the gaps in critical infrastructure standards design and implementation, including scattered parsing and validation approaches and the lack of reference implementations in the design phase. Learn about the potential vulnerabilities in critical infrastructure systems and the importance of robust security measures in SCADA protocols.
Overview
Syllabus
A fuzzing and protocol analysis case-study of DNP3
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
-
Fuzzing RDP Client and Server
-
Low Level BootROM Protocol Fuzzing Secure Memory Regions
-
Fuzzing and Exploiting Virtual Channels in Microsoft Remote Desktop Protocol for Fun and Profit
-
FuzzUSB - Hybrid Stateful Fuzzing of USB Gadget Stacks
-
NEUZZ - Efficient Fuzzing with Neural Program Smoothing
-
VIDEZZO - Dependency-Aware Virtual Device Fuzzing
