Abstract
Recent technological advances have had a strong impact on performance optimization and the provisioning of flexible supervisory control and data acquisition (SCADA) systems. However, most SCADA communications protocols, as currently implemented, are extremely vulnerable to cyber attacks. Several international organizations have been developing security standards to alleviate these threats. Nevertheless, investigations reveal that the vast majority of high-end control hardware devices do not incorporate security features (i.e., security protocols). Therefore, the enforcement of data security in end-to-end communications flows must be addressed at the application layer. This chapter evaluates the feasibility of performing cryptographic computations at the application layer of a programmable logic controller. It shows that, despite the modest computational resources of modern programmable logic controllers, it is possible to develop efficient cryptographic applications that enforce several data security properties in the application layer. The experimental evaluations compare the performance of AES, SHA1 and HMAC-SHA1 against the performance of the new Speck and Simon lightweight block cipher algorithms executing on a Phoenix Contact ILC 350 PN controller with the control logic of a real SCADA system used in the Romanian gas transportation network.
Chapter PDF
Similar content being viewed by others
References
R. Beaulieu, D. Shors, J. Smith, S. Treatman-Clark, B. Weeks and L. Wingers, The Simon and Speck Families of Lightweight Block Ciphers, National Security Agency, Fort Meade, Maryland (eprint.iacr.org/2013/404.pdf), 2013.
R. Beaulieu, S. Treatman-Clark, D. Shors, B. Weeks, J. Smith and L. Wingers, The Simon and Speck lightweight block ciphers, Proceedings of the Fifty-Second ACM/EDAC/IEEE Design Automation Conference, 2015.
J. Black, P. Rogaway and T. Shrimpton, Black-box analysis of the block-cipher-based hash-function constructions from PGV, Proceedings of the Twenty-Second Annual International Cryptography Conference, pp. 320–335, 2002.
J. Black, P. Rogaway, T. Shrimpton and M. Stam, An analysis of the block-cipher-based hash functions from PGV, Journal of Cryptology, vol. 23(4), pp. 519–545, 2010.
T. Chen and S. Abu-Nimeh, Lessons from Stuxnet, IEEE Computer, vol. 44(4), pp. 91–93, 2011.
A. Cherepanov, BlackEnergy by the SSHBearDoor: Attacks against Ukrainian news media and electric industry, WeLiveSecurity, January 3, 2016.
M. Hadley, K. Huston and T. Edgar, AGA-12, Part 2 Performance Test Results, PNNL-17117, Pacific Northwest National Laboratory, Richland, Washington, 2007.
F. Hohlbaum, M. Braendle and F. Alvarez, Cyber security: Practical considerations for implementing IEC 62351, presented at the Protection, Automation and Control World Conference, 2010.
International Electrotechnical Commission, IEC/TS Technical Specifications 62351-1 to 62351-7, Power Systems Management and Associated Information Exchange – Data and Communications Security, Geneva, Switzerland, 2012.
E. Knapp and J. Langill, Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA and Other Industrial Control Systems, Syngress, Waltham, Massachusetts, 2015.
A. Mohan, G. Brainard, H. Khurana and S. Fischer, A cyber security architecture for microgrid deployments, in Critical Infrastructure Protection IX, M. Rice and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 245–259, 2015.
I. Nai Fovino, A. Carcano, M. Masera and A. Trombetta, Design and implementation of a secure Modbus protocol, in Critical Infrastructure Protection III, C. Palmer and S. Shenoi (Eds.), Springer, Heidelberg, Germany, pp. 83–96, 2009.
OPC Foundation, Unified Architecture – The Universal Communication Platform for Standardized Information Models, V1.1 GB, Scottsdale, Arizona (opcfoundation.org/wp-content/uploads/2014/05/OPC-UA_CollaborationOverview_EN.pdf), 2015.
N. Saxena and B. Choi, State of the art authentication, access control and secure integration in smart grid, Energies, vol. 8(10), pp. 11883–11915, 2015.
A. Shahzad, M. Lee, Y. Lee, S. Kim, N. Xiong, J. Choi and Y. Cho, Real-time Modbus transmissions and cryptography security designs and enhancements of protocol sensitive information, Symmetry, vol. 7(3), pp. 1176–1210, 2015.
Siemens, SICAM/SIPROTEC: System Hardening for Substation Automation and Protection, Guideline (Best-Practice Guide), V1.11, Release 12.2012, Nuremberg, Germany, 2012.
K. Stouffer, J. Falco and K. Scarfone, Guide to Industrial Control Systems (ICS) Security, NIST Special Publication 800-82, Revision 1, National Institute of Standards and Technology, Gaithersburg, Maryland, 2011.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 IFIP International Federation for Information Processing
About this paper
Cite this paper
Duka, AV., Genge, B., Haller, P., Crainicu, B. (2017). ENFORCING END-TO-END SECURITY IN SCADA SYSTEMS VIA APPLICATION-LEVEL CRYPTOGRAPHY. In: Rice, M., Shenoi, S. (eds) Critical Infrastructure Protection XI. ICCIP 2017. IFIP Advances in Information and Communication Technology, vol 512. Springer, Cham. https://doi.org/10.1007/978-3-319-70395-4_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-70395-4_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-70394-7
Online ISBN: 978-3-319-70395-4
eBook Packages: Computer ScienceComputer Science (R0)