Securing legacy communication buses: industrial control systems, in-vehicle and in-aircraft networks

Prof. Avishai Wool

Tel Aviv University, Israel

Many important networking systems were designed decades ago, with a "closed environment" as a fundamental invariant: the networking infrastructure in a moving car, a flying aircraft, or a fenced power plant, were implicitly assumed to be isolated. As a result, the communication bus protocols were designed to function well despite natural phenomena such as noise, interference, radiation and so forth. No defenses against malicious adversaries were designed in.

Once these isolated systems are connected to the Internet, the old design choices are exposed, and become easy attack surfaces. And then we find that the legacy networks are victims of their own success: Replacing the networking technology with secure alternatives is extremely expensive and slow. Power plants, cars and aircraft are not cellphones: they continue to function for 25-50 years! So there is a need to retrofit security mechanisms into the old insecure designs.

In this talk I will survey the leading communication bus protocols, with a focus on their inherent security vulnerabilities: Modbus and the Siemens protocols in industrial control systems, CAN bus in automotive in-vehicle networks, and ARINC429 in civilian aircraft networks. I will then highlight what can be done in the areas of anomaly detection and intrusion prevention. Somewhat surprisingly, these specialized networks sometimes have unique features that can be repurposed to achieve defensive goals.


Prof. Avishai Wool
is a professor in the School of Electrical Engineering at Tel Aviv University. He is also deputy-director of the Interdisciplinary Cyber Research Center at TAU. He received a B.Sc. in Mathematics and Computer Science with honors from Tel Aviv University (1989). He has a M.Sc. (1992) and a Ph.D. (1997), both in Computer Science from the Weizmann Institute of Science. His research interests include computer, network, and wireless security, SCADA systems, smart-card and RFID systems, sidechannel cryptanalysis, and firewall technology.

Prior to joining Tel Aviv University, Prof. Wool spent four years as a Member of Technical Staff at Bell Laboratories, Murray Hill, NJ, USA. In 2000 he co-founded Lumeta Corp. In 2003 he co-founded AlgoSec Systems, a network security company, for which he continues to serve as Chief Technical Officer.

He has published more than 120 research papers and holds 15 US Patents. He advised 5 Ph.D. and 40 M.Sc. students, and has served on the program committee of the leading IEEE and ACM conferences on computer and network security.

web site