Critical infrastructure

PROFIBUS and PROFINET

Nitesh Malviya
February 11, 2020 by
Nitesh Malviya

Introduction

Profibus and Profinet were created and designed by the same organization. Profibus stands for Process Field Bus and Profinet stands for Process Field Net. 

Since both were created by the same organization, they are similar in design and engineering concepts to define the hardware of each device. Thus, a user benefits in moving from Profibus to Profinet due to the similarity in engineering, design and implementation.

Learn ICS/SCADA Security

Learn ICS/SCADA Security

Explore realistic critical infrastructure scenarios and build your security skills with hands-on labs, on-demand courses and live boot camps.

Profibus is a serial protocol, while Profinet is an Ethernet-based protocol. Profinet is an advanced version of Profibus, as it works on an Ethernet-based protocol and provides more speed, more bandwidth and larger message size than Profibus. Profibus lacks authentication and allows spoofed nodes to impersonate master nodes.

Let’s discuss each protocol in detail.

Profibus

Profibus is a fieldbus communication standard for automation technology. It was promoted in 1989 by the German Department of Education and Research and first used by Siemens. It is a serial communication protocol using RS-485 cable or optical fiber.

There are two variants of Profibus: Profibus DP and Profibus PA. Profibus DP is widely used as compared to Profibus PA. This is because Profibus PA is application-specific, while Profibus DP is used for general purpose.

Profibus PA stands for Process Automation and is widely used to monitor measuring equipment. Profibus DP stands for Decentralized Periphery and is also used to monitor measuring equipment. Profibus DP itself has three variants: Profibus DP-V0, DP-V1 and DP-V2.

Profibus is a master-slave protocol in which master devices control slaves for transferring data between two or more slaves. It also supports multiple master nodes, and this is managed through the use of token-sharing. 

Once the master has control of the token, it can communicate with its slaves. Slaves can also initiate communications to the master or other slaves under certain conditions. Usually a master is a PLC (Programmable Logic Controller) or RTU (Remote Terminal Unit) and the slave is a motor and sensor.

Security issues in Profibus

Profibus lacks authentication, thus allowing any spoofed node to impersonate a master node which provides control over all the slaves in the network. Profibus is also susceptible to DoS attack; thus it should be isolated from remaining components within the network.

Profinet

Profinet is an Ethernet implementation of the Profibus protocol. Profinet runs on Ethernet as its physical interface and is widely used in industrial automation applications for performing tasks such as exchanging data, alarms and diagnostics with PLCs and automation controllers. Like Profibus, Profinet also makes use of token-sharing for data transfer and communication.

Profinet uses three communication channels for exchanging data with PLC’s and other devices:

  1. TCP/IP channel: This channel is used for acyclic read/write operations, configuration and parameterization
  2. Real-time channel: This channel is used for standard cyclic data transfers and alarms.
  3. Isochronous real-time channel: This channel is used for motion control applications and is implemented using ASIC (application-specific integrated circuits)

Profinet benefits over Profibus

Since Profinet is an advanced implementation of Profibus, it provides numerous benefits over Profibus. Some of the important benefits of Profinet are:

  1. High-speed operation
  2. Support to time-critical and motion-control applications
  3. Short startup time
  4. Easy to install and integrate
  5. Less communication time and engineering support

Profinet device classification

Profinet classifies devices into three types. They are as follows:

  1. IO controllers: These devices execute automation programs. IO controllers exchange data with IO devices. The controller is responsible for mapping IO data from IO devices into the process image and these data values are used by control programs. Typical IO controllers support following kinds of service:
    1. Cyclic data exchange: Exchange of data between IO devices and IO controllers
    2. Acyclic data exchange: Exchange of configuration and diagnostic data
    3. Alarms: Exchange alarm data from an IO device to an IO controller
    4. Context management: Connection processing
  2. IO devices: These devices are connected to an IO controller over Ethernet. These devices are usually sensor/actuators
  3. IO supervisors: These devices are HMI PCs, diagnostic analysis or monitoring devices. They are similar to Profibus masters and are used in commissioning and diagnostic data collection

Security issues in Profinet

Profinet lacks authentication, thus allowing any spoofed node to impersonate a master node which provides control over all the slaves in the network. Various authentication methods need to be used for authenticating components in the network.

Conclusion

Profibus and Profinet make a great industrial protocol for automation and cross-device communication. As per the usage and implementation, they can be used. With necessary security issues addressed, Profibus/Profinet can be an all-around protocol for catering to the majority of needs in process automation.

Sources

Protocols and network security in ICS infrastructures, Incibe

Learn ICS/SCADA Security

Learn ICS/SCADA Security

Explore realistic critical infrastructure scenarios and build your security skills with hands-on labs, on-demand courses and live boot camps.

The Difference between PROFIBUS and PROFINET, PI North America

Nitesh Malviya
Nitesh Malviya

Nitesh Malviya is a Security Consultant. He has prior experience in Web Appsec, Mobile Appsec and VAPT. At present he works on IoT, Radio and Cloud Security and open to explore various domains of CyberSecurity. He can be reached on his personal blog - https://nitmalviya03.wordpress.com/ and Linkedin - https://www.linkedin.com/in/nitmalviya03/.