Vulnerabilities in Industrial Control Encryption Mechanisms

Vulnerabilities in Industrial Control Encryption Mechanisms

This article is an excellent piece from the Kexue Forum.

Kexue Forum Author ID: wmsuper

In industrial control systems, to prevent unauthorized modifications to configuration project files, many configuration software support encryption of project files. When opening a password-protected configuration project file, it is necessary to enter the correct password to view and edit the file; otherwise, it cannot be opened, thus achieving secure management of configuration project files in industrial control systems.
This article introduces the security issues of configuration project file encryption from three aspects: vendor backdoors, design flaws, and algorithm weaknesses. It concludes with a summary of a correct design mechanism for configuration project file encryption.
1

Vulnerability in Encryption Mechanism

Vendor Backdoors

When designing the encryption mechanism for configuration project files, vendors consider the need for users to recover forgotten passwords. This allows users to bypass verification and directly open project files without entering a password. Users only need to prove that the configuration project file belongs to them, after which they send the file to the vendor. The vendor can then use a reserved backdoor (bypassing the password) to decrypt the user’s configuration project file and send it back to them. Although this design is convenient for users, it opens the door for malicious actors. Attackers only need to find the backdoor password in the configuration software to edit the configuration project file without entering a password.
Below is a backdoor issue found in a domestic configuration software; when the pass field of the configuration file is set to 1, it can directly bypass the password protection mechanism for opening the configuration project file.
Vulnerabilities in Industrial Control Encryption Mechanisms

Design Flaws

Of course, many vendors do not reserve backdoors at the design stage. However, when designing the encryption of configuration project files, they do not consider all factors and adopt the following password verification mechanism.Vulnerabilities in Industrial Control Encryption MechanismsAt first glance, it seems fine, but upon closer analysis, the entered password does not participate in the encryption of the configuration project file; it merely compares the hash value of the password. This leads to the possibility of modifying the password hash in the configuration project file or using a patch to change the processing branch that should lead to an error to the correct one. This way, one can forcibly bypass the password protection mechanism and edit the configuration project file without knowing the password.
This security issue is not only present in domestic industrial control vendors; similar problems can occur with foreign vendors as well. The following image shows a password protection mechanism bypass issue in a Mitsubishi configuration software:
Vulnerabilities in Industrial Control Encryption Mechanisms

Algorithm Weaknesses

The password for the configuration project file needs to participate as an encryption key in the encryption operations to ensure the security of the file. However, care must be taken in algorithm selection, as choosing a weak encryption algorithm can also lead to bypass issues.
Below is an example of a problematic encryption algorithm:
Vulnerabilities in Industrial Control Encryption Mechanisms

This configuration project file encryption algorithm uses cyclic XOR encryption, which is well known to be very easy to break. Given a sufficient length of plaintext, one can calculate the key for the configuration project file.

2

Vulnerability Discovery

How to Quickly Discover Such Vulnerabilities? For those familiar with binary analysis, it is quite simple:

Vulnerabilities in Industrial Control Encryption Mechanisms
1. Find the location where the password is compared and force it to go to the correct branch; if the password does not participate in the encryption process, you can directly open the project file.
2. Reverse the encryption or decryption algorithm and analyze its weaknesses. If it is vulnerable to known plaintext attacks, write an exploit program to decrypt the project file.
Depending on different scenarios, provide corresponding ratings and report:Vulnerabilities in Industrial Control Encryption MechanismsThe vulnerability ratings for such issues tend to be low, but low ratings do not mean they are insignificant vulnerabilities. When combined with other vulnerabilities, they can often yield surprising results.
3

Secure Encryption Mechanism

Undoubtedly, the implementation of encryption algorithms for configuration project files must ensure that the configuration project password participates in the data encryption and decryption operations; otherwise, any encrypted storage form of the password (such as SHA1, MD5, SHA256, etc.) will be ineffective. The design of the configuration project encryption mechanism must consider the following principles:
1. The encryption algorithm must be very reliable and capable of preventing attackers from deducing plaintext or keys from the encrypted ciphertext. Here, mature encryption algorithms such as AES (Advanced Encryption Standard) can be chosen.
2. A sufficiently long salt is necessary; the salt value should be appended to the password as the encryption key to ensure key strength, effectively resisting dictionary and brute-force attacks.
3. Considering that users may forget their passwords, software manufacturers must have the ability to recover passwords from users’ configuration project files (of course, leaving a backdoor password is unacceptable). Therefore, the correct encryption key must be stored in the project file encrypted with an asymmetric algorithm (such as RSA2048). Once it is proven that the configuration project file belongs to the user, the software manufacturer can use the private key they possess to decrypt the ciphertext and recover the password.
4. Algorithm selection should preferably utilize existing encryption libraries, such as OpenSSL, to reduce the cost of developers writing code.

The encryption process is illustrated in Figure 2:Vulnerabilities in Industrial Control Encryption MechanismsIf some careless users forget their configuration project passwords, as long as they can prove that the configuration project file is theirs, they can recover the password through the developer. The specific password recovery process is illustrated in Figure 3:Vulnerabilities in Industrial Control Encryption Mechanisms

Conclusion

It can be seen that these vulnerabilities are very easy to discover but difficult to fix—vendors often need to redesign the encryption mechanism, which leads to a lack of patches for such vulnerabilities among domestic vendors. If anyone wants to discover their own industrial control CNVD number, they can start from this aspect, as many industrial control software vendors have similar issues, and I will not enumerate them all.

Vulnerabilities in Industrial Control Encryption Mechanisms

Kexue ID: wmsuper

https://bbs.pediy.com/user-home-651413.htm

*This article was originally written by wmsuper from Kexue Forum, please indicate the source when reprinting from Kexue Community.

Vulnerabilities in Industrial Control Encryption Mechanisms

Kexue 2022 KCTF Autumn Competition Official Website: https://ctf.pediy.com/game-team_list-18-29.htm

# Previous Recommendations

1. CVE-2022-21882 Privilege Escalation Vulnerability Study Notes

2. Wibu Certificate – Initial Exploration

3. Win10 1909 Reverse Engineering of APIC Interrupts and Experiments

4. EMET EAF Mechanism Analysis and Simulation Implementation

5. SQL Injection Learning Sharing

6. V8 Array.prototype.concat Function Issues and Their POCs

Vulnerabilities in Industrial Control Encryption Mechanisms
Vulnerabilities in Industrial Control Encryption Mechanisms

Share

Vulnerabilities in Industrial Control Encryption Mechanisms

Like

Vulnerabilities in Industrial Control Encryption Mechanisms

Watching

Leave a Comment