A lightweight key generation scheme for end-to-end data authentication in Industrial Control Systems

Béla Genge 1 , Piroska Haller 1 , Adrian-Vasile Duka 2  and Hunor Sándor 1
  • 1 Department of Informatics, University of Medicine, Pharmacy, Sciences and Technology of Targu Mures, Mures, Romania
  • 2 Department of Electrical Engineering and Computer Science, University of Medicine, Pharmacy, Sciences and Technology of Targu Mures, Mures, Romania
Béla Genge
  • Corresponding author
  • Department of Informatics, University of Medicine, Pharmacy, Sciences and Technology of Targu Mures, Mures, Romania, 540088
  • Email
  • Further information
  • Béla Genge is an Associate Professor of Computer Science and a Marie Curie Fellow at Petru Maior University of Tirgu-Mures, Mures, Romania. His research interests include critical infrastructure protection, secure and resilient design of critical control systems, and network security.
  • Search for other articles:
  • degruyter.comGoogle Scholar
, Piroska Haller
  • Department of Informatics, University of Medicine, Pharmacy, Sciences and Technology of Targu Mures, Mures, Romania, 540088
  • Email
  • Further information
  • Piroska Haller is an Associate Professor of Computer Science at Petru Maior University of Tirgu-Mures, Mures, Romania. Her research interests include industrial control system security and distributed systems.
  • Search for other articles:
  • degruyter.comGoogle Scholar
, Adrian-Vasile Duka
  • Department of Electrical Engineering and Computer Science, University of Medicine, Pharmacy, Sciences and Technology of Targu Mures, Mures, Romania, 540088
  • Email
  • Further information
  • Adrian-Vasile Duka is an Assistant Professor of Engineering at Petru Maior University of Tirgu-Mures, Mures, Romania. His research interests include control systems engineering and cyber-physical system protection.
  • Search for other articles:
  • degruyter.comGoogle Scholar
and Hunor Sándor
  • Department of Informatics, University of Medicine, Pharmacy, Sciences and Technology of Targu Mures, Mures, Romania, 540088
  • Email
  • Further information
  • Hunor Sándor is a Ph.D. student in Computer Science at the Technical University of Cluj-Napoca, Cluj-Napoca, Romania; and a Researcher in the Department of Computer Science at Petru Maior University of Tirgu-Mures, Mures, Romania. His research interests include reconfigurable networked systems, linear optimization techniques, software-defined networks, and network function virtualization.
  • Search for other articles:
  • degruyter.comGoogle Scholar

Abstract

The recent advances in technology had an exceptional impact on the performance optimization and the provisioning of more flexible Industrial Control Systems (ICS). Nevertheless, most ICS communication protocols, as they are currently and widely implemented, are extremely vulnerable to various cyber attacks. This paper proposes a lightweight application-oriented data authentication scheme applicable to existing ICS infrastructures by adopting the characteristics and computational advantages of hash functions and hash chains. Extensive experimental results on a Phoenix Contact industrial controller, which runs the control logic of a real ICS implemented in a Romanian gas transportation network, demonstrate the effectiveness of the proposed scheme and its immediate applicability to existing installations.

  • 1.

    E. Schweigert, “SCADA Security Basics: Why are PLCs so Insecure?” Tofino Security, 2012, https://www.tofinosecurity.com/blog/scada-security-basics-why-are-plcs-so-insecure.

  • 2.

    M. E. Luallen, “Results of the SANS SCADA Security Survey,” SANS Institute InfoSec Reading Room, 2013, https://www.sans.org/reading-room/whitepapers/analyst/results-scada-security-survey-35135.

  • 3.

    T. Chen and S. Abu-Nimeh, “Lessons from Stuxnet,” Computer, vol. 44, no. 4, pp. 91–93, april 2011.

  • 4.

    CrySiS Lab, “sKyWIper (a. k. a. Flame a. k. a. Flamer): A complex malware for targeted attacks,” May 2012.

  • 5.

    A. Cherepanov, “BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry,” 2016.

  • 6.

    K. Stouffer, S. Lightman, V. Pillitteri, M. Abrams, and A. Hahn, “NIST special publication 800-82 guide to industrial control systems (ICS) security – revision 2 final public draft,” National Institute of Standards and Technology, 2015.

  • 7.

    International Electrotechnical Commission, “IEC62351 security standard, parts 1–8,” http://www.iec.ch/smartgrid/standards/, 2016, [Online; accessed January 2018].

  • 8.

    R. Schlegel, S. Obermeier and J. Schneider, “A security evaluation of IEC 62351,” Journal of Information Security and Applications, vol. 34, no. Part 2, pp. 197–204, 2017.

  • 9.

    M. Hadley, K. Huston, and T. Edgar, “AGA-12, Part 2 Performance Test Results,” US Department of Energy, Office of Electricity Delivery and Energy Reliability, 2007.

  • 10.

    OPC Foundation, “OPC Unified Architecture – The universal communication platform for standardised information models,” 2014.

  • 11.

    U. Premarathne, A. Abuadbba, A. Alabdulatif, I. Khalil, Z. Tari, A. Zomaya and R. Buyya, “Hybrid cryptographic access control for cloud-based ehr systems,” IEEE Cloud Computing, vol. 3, no. 4, pp. 58–64, July 2016.

  • 12.

    V. H. Nguyen, Q. T. Tran and Y. Besanger, “SCADA as a service approach for interoperability of micro-grid platforms,” Sustainable Energy, Grids and Networks, vol. 8, pp. 26–36, 2016.

  • 13.

    P. Church, H. Mueller, C. Ryan, S. V. Gogouvitis, A. Goscinski, H. Haitof and Z. Tari, SCADA Systems in the Cloud. Cham: Springer International Publishing, 2017, pp. 691–718.

  • 14.

    K. Sha, N. Alatrash and Z. Wang, “A secure and efficient framework to read isolated smart grid devices,” IEEE Transactions on Smart Grid, vol. 8, no. 6, pp. 2519–2531, Nov 2017.

  • 15.

    R. Amoah, S. Camtepe and E. Foo, “Securing DNP3 broadcast communications in SCADA systems,” IEEE Transactions on Industrial Informatics, vol. 12, no. 4, pp. 1474–1485, Aug 2016.

  • 16.

    I. Nai Fovino, A. Carcano, M. Masera and A. Trombetta, Design and Implementation of a Secure Modbus Protocol. Berlin, Heidelberg: Springer Berlin Heidelberg, 2009, pp. 83–96.

  • 17.

    A. Shahzad, M. Lee, Y. K. Lee, S. Kim, N. Xiong, J. Choi and Y. Cho, “Real time Modbus transmissions and cryptography security designs and enhancements of protocol sensitive information,” Symmetry, vol. 7, no. 3, pp. 1176–1210, 2015.

  • 18.

    F. Hohlbaum, M. Braendle, and F. Alvare, “Practical considerations for implementing IEC 62351,” ABB Group, Presented at the PAC World Conference, 2010.

  • 19.

    V. Kounev, D. Tipper, A. A. Yavuz, B. M. Grainger and G. F. Reed, “A secure communication architecture for distributed microgrid control,” IEEE Transactions on Smart Grid, vol. 6, no. 5, pp. 2484–2492, 2015.

  • 20.

    D. Choi, S. Lee, D. Won and S. Kim, “Efficient secure group communications for scada,” IEEE Transactions on Power Delivery, vol. 25, no. 2, pp. 714–722, April 2010.

  • 21.

    X. Long, D. Tipper and Y. Qian, “A key management architecture and protocols for secure smart grid communications,” Security and Communication Networks, vol. 9, no. 16, pp. 3602–3617, 2016, sec.1564.

  • 22.

    L. Lamport, “Constructing digital signatures from one-way function,” Technical Report SRI-CSL-98, SRI International Computer Lab, 1979.

  • 23.

    Q. Wang, H. Khurana, Y. Huang and K. Nahrstedt, “Time valid one-time signature for time-critical multicast data authentication,” in IEEE INFOCOM 2009, April 2009, pp. 1233–1241.

  • 24.

    Q. Li and G. Cao, “Multicast authentication in the smart grid with one-time signature,” IEEE Transactions on Smart Grid, vol. 2, no. 4, pp. 686–696, Dec 2011.

  • 25.

    Y. W. Law, M. Palaniswami, G. Kounga and A. Lo, “Wake: Key management scheme for wide-area measurement systems in smart grid,” IEEE Communications Magazine, vol. 51, no. 1, pp. 34–41, 2013.

  • 26.

    H. Cao, P. Zhu, X. Lu and A. Gurtov, “A layered encryption mechanism for networked critical infrastructures,” IEEE Network, vol. 27, no. 1, pp. 12–18, January 2013.

  • 27.

    PLCopen Technical Committee 1, TC1, “IEC 61131-3 Programming Languages,” 2013.

  • 28.

    X. Li, X. Liang, R. Lu, X. Shen, X. Lin and H. Zhu, “Securing smart grid: cyber attacks, countermeasures, and challenges,” IEEE Communications Magazine, vol. 50, no. 8, pp. 38–45, August 2012.

  • 29.

    M. Dworkin, “Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, NIST Special Publication 800-38B,” National Institute of Standards and Technology, Tech. Rep., October 2016.

  • 30.

    R. Beaulieu, D. Shors, J. Smith, S. Treatman-Clark, B. Weeks and L. Wingers, “The simon and speck families of lightweight block ciphers,” Cryptology ePrint Archive, Report 2013/404, 2013.

  • 31.

    R. Beaulieu, S. Treatman-Clark, D. Shors, B. Weeks, J. Smith and L. Wingers, “The simon and speck lightweight block ciphers,” in 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC), June 2015, pp. 1–6.

  • 32.

    C. Liu and J. Layland, “Scheduling algorithms for multiprogramming in a hard-real-time environment,” Journal of the Association for Computing Machinery, vol. 20, no. 1, pp. 46–61, 1973.

  • 33.

    E. Barker, “Recommendation for key management,” NIST Special Publication 800-57 Part 1, Revision 4, january 2016.

Purchase article
Get instant unlimited access to the article.
$42.00
Log in
Already have access? Please log in.


or
Log in with your institution

Journal + Issues

AT – Automatisierungstechnik covers the entire field of automation technology. It presents the development of theoretical procedures and their possible applications. Topics include new discoveries about the development and application of methods. It presents the function, properties, and applications of tools and includes contributions from the worlds of research, academia, and industry.

Search