Abstract
Message authentication with low latency is necessary to ensure secure operations in legacy industrial control networks such as those in the power grid. Previous authentication solutions that examine single messages incur noticeable latency. This paper describes Predictive YASIR, a bump-in-the-wire device that reduces the latency by considering broader patterns of messages. The device predicts the incoming plaintext based on previous observations; compresses, encrypts and authenticates data online; and pre-sends a portion of the ciphertext before receiving the entire plaintext. The performance of Predictive YASIR is evaluated using a simulation involving the Modbus/ASCII protocol. By considering broader message patterns and using predictive analysis, improvements in latency of 15.48 ± 0.35% are obtained.
Chapter PDF
Similar content being viewed by others
References
J. Banks, J. Carson, B. Nelson and D. Nicol, Discrete-Event System Simulation, Prentice Hall, Upper Saddle River, New Jersey, 2005.
DNP Users Group, Overview of the DNP3 Protocol, Pasadena, California (www.dnp.org/About), 2010.
D. Dolev, C. Dwork and M. Naor, Non-malleable cryptography, Proceedings of the Twenty-Third ACM Symposium on the Theory of Computing, pp. 542–552, 1991.
T. Fleury, H. Khurana and V. Welch, Towards a taxonomy of attacks against energy control systems, in Critical Infrastructure Protection II, M. Papa and S. Shenoi (Eds.), Springer, Boston, Massachusetts, pp. 71–85, 2008.
S. Ganguly, A. Singh and S. Shankar, Finding frequent items over general update streams, Proceedings of the Twentieth International Conference on Scientific and Statistical Database Management, pp. 204–221, 2008.
P. Indyk and D. Woodruff, Optimal approximations of the frequency moments of data streams, Proceedings of the Thirty-Seventh ACM Symposium on the Theory of Computing, pp. 202–208, 2009.
A. Menezes, P. van Oorschot and S. Vanstone, Handbook of Applied Cryptography, CRC Press, Boca Raton, Florida, 2001.
Modbus IDA, MODBUS Application Protocol Specification v1.1b, North Grafton, Massachusetts (www.modbus.org/specs.php), 2006.
National Institute of Standards and Technology, Secure Hash Standard, FIPS Publication 180-3, Gaithersburg, Maryland (csrc.nist.gov/pub lications/fips/fips180-3/fips180-3_final.pdf), 2008.
Schweitzer Engineering Laboratories, SEL-3021-2 Serial Encrypting Transceiver, Pullman, Washington (www.selinc.com/SEL-3021-2), 2007.
Schweitzer Engineering Laboratories, SEL-3021-2 Serial Encrypting Transceiver Data Sheet, Pullman, Washington (www.selinc.com/Work Area/DownloadAsset.aspx?id=2855), 2007.
R. Solomakhin, Predictive YASIR: High Security with Lower Latency in Legacy SCADA, Technical Report TR2010-665, Department of Computer Science, Dartmouth College, Hanover, New Hampshire, 2010.
S. Stubblebine and V. Gligor, On message integrity in cryptographic protocols, Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 85–104, 1992.
P. Tsang and S. Smith, YASIR: A low-latency, high-integrity security retrofit for legacy SCADA systems, Proceedings of the Twenty-Third IFIP TC 11 International Information Security Conference, pp. 445–459, 2008.
A. Wright, AGA 12 Part 2-AKW Proposed SCADA Encryption Protocol (scadasafe.sourceforge.net/Protocol), 2006.
A. Wright, ScadaSafe (scadasafe.sourceforge.net).
A. Wright, J. Kinast and J. McCarty, Low-latency cryptographic protection for SCADA communications, Proceedings of the Second International Conference on Applied Cryptography and Network Security, pp. 263–277, 2004.
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 IFIP International Federation for Information Processing
About this paper
Cite this paper
Solomakhin, R., Tsang, P., Smith, S. (2010). High Security with Low Latency in Legacy SCADA Systems. In: Moore, T., Shenoi, S. (eds) Critical Infrastructure Protection IV. ICCIP 2010. IFIP Advances in Information and Communication Technology, vol 342. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16806-2_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-16806-2_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16805-5
Online ISBN: 978-3-642-16806-2
eBook Packages: Computer ScienceComputer Science (R0)