Universidad de Zaragoza Repository

Resumen: Industrial control systems (ICSs) increasingly rely on legacy communication protocols such as ModbusTCP, which lack built-in security mechanisms and remain widely exposed to network-based attacks. This paper investigates the security limitations of authentication mechanisms in ModbusTCP-enabled programmable logic controllers (PLCs) and demonstrates how plaintext credential transmission and limited connection handling capabilities can be exploited to perform brute-force and denial-of-service (DoS) attacks. An experimental testbed based on two industrial Delta PLC families (DVP-13SE and DVP-311SV3) was developed to systematically evaluate these vulnerabilities under realistic conditions. The results show that authentication credentials can be easily captured through network sniffing, while the PLC communication stack supports a maximum of 16 concurrent connections and can process up to approximately 8600 Modbus operations per second, making it susceptible to resource exhaustion and performance degradation under distributed attack scenarios. To address these limitations, this paper proposes a lightweight deception-based protection mechanism, termed the PLC misleading algorithm (PMA), which is implemented directly within the PLC ladder logic. Unlike traditional network-level defenses, PMA operates at the device level and dynamically misleads attackers by generating controlled randomized responses while preserving consistent behavior for legitimate clients. Experimental results demonstrate that PMA significantly mitigates brute-force effectiveness by preventing reliable password extraction while introducing minimal overhead (2.2% memory usage) and maintaining acceptable communication latency. Additionally, the proposed approach significantly reduces observable attack traffic, with only 0.246 Modbus operations per second observed during the attack phase, thereby limiting the effectiveness of automated exploitation tools. These findings highlight the potential of in-device deception mechanisms as a practical and deployable security layer for legacy industrial systems, and provide new insights into the resilience of PLC-based infrastructures against network-level attacks. This work bridges the gap between lightweight PLC-level protections and the growing need for robust cybersecurity mechanisms in industrial IoT environments.
Idioma: Inglés
DOI: 10.3390/fi18050259
Año: 2026
Publicado en: FUTURE INTERNET 18, 259 (2026), 23
ISSN: 1999-5903
Financiación: info:eu-repo/grantAgreement/ES/DGA/T31-20R
Financiación: info:eu-repo/grantAgreement/ES/MICIU/PID2022-136476OB-I00
Tipo y forma: Article (Published version)
Área (Departamento): Área Ingeniería Telemática (Dpto. Ingeniería Electrón.Com.)

You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.

Exportado de SIDERAL (2026-06-03-11:05:37)


Visitas y descargas

Este artículo se encuentra en las siguientes colecciones:
Articles > Artículos por área > Ingenieria Telematica