Overview
Explore a comprehensive case study on fuzzing and protocol analysis of DNP3 (IEEE-1815), the predominant SCADA protocol used in the electric power industry in North America and Australia. Delve into the findings of a 2013-2014 bug campaign that uncovered over thirty vulnerabilities in various DNP3 implementations using a custom smart fuzzer. Examine the protocol structure, review the resulting CVEs, and analyze the complexity of the "DNP3 Secure Authentication" security addendum. Gain insights into the gaps in critical infrastructure standards design and implementation, including scattered parsing and validation approaches and the lack of reference implementations in the design phase. Learn about the potential vulnerabilities in critical infrastructure systems and the importance of robust security measures in SCADA protocols.
Syllabus
A fuzzing and protocol analysis case-study of DNP3
Taught by
IEEE Symposium on Security and Privacy