Advertisement

Supporting the Integration of New Security Features in Embedded Control Devices Through the Digitalization of Production

  • Tobias RauterEmail author
  • Johannes Iber
  • Michael Krisper
  • Christian Kreiner
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 748)

Abstract

Security is a vital property of Industrial Control Systems (ICS), especially in the context of critical infrastructure. In this work, we focus on distributed control devices for hydro-electric power plants. Much work has been done for specific lifecylce phases of distributed control devices such as development or operational phase. Our aim here is to consider the entire product lifecycle and the consequences of security feature implementations for a single lifecycle stage on other stages. At the same time, recent trends such as the digitization of production is an enabler of production process extensions that support the integration of such security features during the operational phase of a control devices. In particular, we propose a security concept that enables assurance of the integrity of software components and product configuration of other control devices in the same network. Moreover, we show how these concepts result in additional requirements for the production stages. We show how we meet these requirements and focus on a production process by extending previously proposed methods that enable the commissioning of secrets such as private keys during the manufacturing phase. We extend this process by extracting information about the configurations of the actually produced devices during production. Based on this information, the proposed security techniques can be integrated without considerable overhead for bootstrapping.

References

  1. 1.
    Ceccato, M., Ofek, Y., Tonella, P.: A protocol for property-based attestation. Theory Pract. Comput. Sci. 7 (2008). http://portal.acm.org/citation.cfm?doid=1179474.1179479, http://link.springer.com/chapter/10.1007/978-3-540-77566-9_8
  2. 2.
    Chen, L., Löhr, H., Manulis, M., Sadeghi, A.-R.: Property-based attestation without a trusted third party. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 31–46. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-85886-7_3 CrossRefGoogle Scholar
  3. 3.
    Coker, G., Guttman, J., Loscocco, P., Herzog, A., Millen, J., O’Hanlon, B., Ramsdell, J., Segall, A., Sheehy, J., Sniffen, B.: Principles of remote attestation. Int. J. Inf. Secur. 10(2), 63–81 (2011)CrossRefGoogle Scholar
  4. 4.
    Sharing, E.I., Center, A.: Analysis of the cyber attack on the ukrainian power grid. Technical report (2016)Google Scholar
  5. 5.
    Fischer, K., Gesner, J.: Security architecture elements for IoT enabled automation networks. In: International Conference on Emerging Technologies and Factory Automation (2012)Google Scholar
  6. 6.
    Kylänpää, M., Rantala, A.: Remote attestation for embedded systems. In: Security of Industrial Control Systems and Cyber Physical Systems (2015)Google Scholar
  7. 7.
    Liserre, M., Sauter, T., Hung, J.: Future energy systems: integrating renewable energy sources into the smart power grid through industrial electronics. IEEE Ind. Electron. Mag. 4(1), 18–37 (2010). http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=5439057 CrossRefGoogle Scholar
  8. 8.
    Miller, B., Rowe, D.: A survey SCADA of and critical infrastructure incidents. In: Annual Conference on Research in Information Technology p. 51 (2012). http://dl.acm.org/citation.cfm?doid=2380790.2380805
  9. 9.
    Mitchell, R., Chen, I.R.: A survey of intrusion detection techniques for cyber-physical systems. ACM Comput. Surv. (CSUR) 46(4), 1–29 (2014)CrossRefGoogle Scholar
  10. 10.
    Rauter, T., Höller, A., Iber, J., Kreiner, C.: Development and production processes for secure embedded control devices. In: Kreiner, C., Connor, R., Poth, A., Messnarz, R. (eds.) EuroSPI 2016. Communications in Computer and Information Science, vol. 633, pp. 119–131. Springer, Cham (2016). doi: 10.1007/978-3-319-44817-6_10 CrossRefGoogle Scholar
  11. 11.
    Rauter, T., Iber, J., Krisper, M., Kreiner, C.: Integration of integrity enforcing technologies into embedded control devices: experiences and evaluation. In: The 22nd IEEE Pacific Rim International Symposium on Dependable Computing (2017)Google Scholar
  12. 12.
    Sadeghi, A., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: Proceedings of the 2004 Workshop on New Security Paradigms, pp. 67–77 (2004). http://dl.acm.org/citation.cfm?id=1066038
  13. 13.
    Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: USENIX Security (2004)Google Scholar
  14. 14.
    Urbina, D.I., Giraldo, J., Cardenas, A.A., Tippenhauer, N.O., Valente, J., Faisal, M., Ruths, J., Candell, R., Sandberg, H.: Limiting the impact of stealthy attacks on industrial control systems. In: 23rd ACM Conference on Computer and Communications Security (2016)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Tobias Rauter
    • 1
    Email author
  • Johannes Iber
    • 1
  • Michael Krisper
    • 1
  • Christian Kreiner
    • 1
  1. 1.Institute of Technical InformaticsGraz University of TechnologyGrazAustria

Personalised recommendations