The core component of an Industrial Control System (ICS) is often a Programmable Logic Controller (PLC) combined with various modules. In such systems, the communication between devices is mainly based on the Modbus protocol, which was developed by Modicon (now Schneider Electric) in 1979 as an application-level communication protocol and has become a de facto standard for ICS for the past 40 years. Modbus TCP is a variant of this protocol for communications over the TCP/IP network. However, the Modbus protocol was not designed with security in mind, and the use of plaintext transmissions during communication makes information easily accessible to the attackers, while the lack of an authentication mechanism gives any protocol-compliant device the ability to take over control. In this study, we use the eBPF technology to shift the process of protocol change to the lower level of the operating system, making the change transparent to the existing software, and enhancing the security of the Modbus TCP protocol without affecting the existing software ecosystem as much as possible.

翻译：工业控制系统（ICS）核心组件通常由可编程逻辑控制器（PLC）与各类模块组成。此类系统中设备间的通信主要基于 1979 年由 Modicon（现施耐德电气）开发的 Modbus 应用层通信协议，该协议在过去 40 年间已成为 ICS 的事实标准。Modbus TCP 是该协议的变体，支持通过 TCP/IP 网络进行通信。然而，Modbus 协议在设计之初未考虑安全性问题，通信过程中采用明文传输使得攻击者可轻易获取信息，同时缺乏认证机制导致任何符合协议规范的设备均具备控制接管能力。本研究采用 eBPF 技术，将协议修改过程下沉至操作系统底层，使修改对现有软件透明，在最大限度减少对现有软件生态系统影响的前提下，提升 Modbus TCP 协议的安全性。