Design and Implementation of Fuzzing Technology for OPC Protocol

With the rapid development of information and automatic control technology, more and more industrial control system(ICS) like SCADA, is interconnected with Ethernet and directly connected to internet, which greatly improve the efficiency of data sharing and introduced in security threats at the same time. As the important components of critical infrastructure, if attacked, will behave abnormal and result in disasters to society countries and national economy. As one of the most import industrial protocols applied widely in the industry field, OPC is responsible to provide producing related data to HMI and database gathered from field devices like PLC and RTU. Because of the unique nature of industrial control system, traditional fuzzing technology cannot be applied to vulnerability detecting of OPC protocols directly. So it is urgent to develop a novel fuzzing technology for OPC protocol. This paper first described motivation of vulnerability detecting for OPC with fuzzing tool, then introduced the design and implementation of fuzzing technology for OPC protocol, the structure, workflow and algorithm is also described in detail. Finally, a experiment for OPC protocol fuzzing is proposed and the result is analyzed, some conclusion can be reached that the fuzzing technology proposed in this paper can fully satisfy the requirement of vulnerability detecting of OPC protocol.