kth.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Ethical hacking: Threat modeling and penetration testing a remote terminal unit
KTH, School of Electrical Engineering and Computer Science (EECS).
2020 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Remote terminal units are microprocessor controlled electronic devices that acts as an interface between control systems and objects in the real world. They are used in a range of highly critical infrastructures, and thus their security is of high priority. This thesis will present a security analysis and testing of a remote terminal unit. A threat model was created to identify threats to the system and a few key threats were selected for further penetration testing. The testing lead to the identification of a denial of service vulnerability as well as code injection vulnerability in the SD card storage of the remote terminal unit. The conclusions is that the system is rather robust from a remote attackers perspective although more vulnerabilities arise as an attacker gains physical access to the device. 

Abstract [sv]

Fjärrkontrollsterminaler är elektroniska enheter som agerar som ett gränssnitt mellan kontrollsystem och objekt i den riktiga världen. De används i många kritiska infrastrukturer och därför är deras säkerhet högt prioriterad. I denna rapport presenteras säkerhetsanalys och testning av en fjärrkontrollsterminal. En hotmodell skapades för att identifiera hot mot systemet och ett antal hot valdes för vidare penetrationstestning. Testandet visade på svagheter mot denial of service attacker mot TCP/Ethernet gränssnittet samt kodinjicering mot SD-kortet som sitter i fjärrkontrollsterminalen. Slutsatsen är att systemet är relativt säkert mot fjärrattacker medan svagheterna mot attacker som kräver en fysisk tillgång till fjärrkontrollsterminalen är fler.

Place, publisher, year, edition, pages
2020. , p. 66
Series
TRITA-EECS-EX ; 2020:859
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:kth:diva-288887OAI: oai:DiVA.org:kth-288887DiVA, id: diva2:1517798
Subject / course
Computer Science
Educational program
Master of Science - Computer Science
Supervisors
Examiners
Available from: 2021-01-15 Created: 2021-01-14 Last updated: 2022-06-25Bibliographically approved

Open Access in DiVA

fulltext(1930 kB)3581 downloads
File information
File name FULLTEXT01.pdfFile size 1930 kBChecksum SHA-512
d9006a33ef0432c56530c0b862f3be96a551ff0c23e7a59c5fa9b65e498d749dc02b86614a6a3291a9239fc61e8c371c0c7b54a8f5eaf78e8091f153bf408de0
Type fulltextMimetype application/pdf

By organisation
School of Electrical Engineering and Computer Science (EECS)
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 3595 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 2326 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf