Physical Layer Encryption for Industrial Ethernet in Gigabit Optical Links

Industrial Ethernet is a technology widely spread in factory floors and critical infrastructures where a high amount of data need to be collected and transported. Fiber optic networks at gigabit rates fit well with that type of environment, where speed, system performance, and reliability are critical. In this paper, a new encryption method for high-speed optical communications suitable for such kinds of networks is proposed. This new encryption method consists of a symmetric streaming encryption of the 8b/10b data flow at physical coding sublayer level. It is carried out thanks to a format preserving encryption block cipher working in CTR (counter) mode. The overall system has been simulated and implemented in a field programmable gate array. Thanks to experimental results, it can be concluded that it is possible to cipher traffic at this physical level in a secure way. In addition, no overhead is introduced during encryption, getting minimum latency and maximum throughput.

[1]  David Bol,et al.  A Robust 10-Gb/s Duobinary Transceiver in 0.13-μm SOI CMOS for Short-Haul Optical Networks , 2018, IEEE Transactions on Industrial Electronics.

[2]  Lihua Xie,et al.  Network delay analysis of EtherCAT and PROFINET IRT protocols , 2014, IECON 2014 - 40th Annual Conference of the IEEE Industrial Electronics Society.

[3]  Jesus Lazaro,et al.  MACsec Layer 2 Security in HSR Rings in Substation Automation Systems , 2017 .

[4]  Zsigmond Szilárd,et al.  Physical-layer security in evolving optical networks , 2016, IEEE Communications Magazine.

[5]  Morris Dworkin 800-38 G Recommendation for Block Cipher Modes of Operation : Methods for Format-Preserving Encryption , 2013 .

[6]  Elaine B. Barker,et al.  The Keyed-Hash Message Authentication Code (HMAC) | NIST , 2002 .

[7]  Pierre L'Ecuyer,et al.  TestU01: A C library for empirical testing of random number generators , 2006, TOMS.

[8]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[9]  Phillip Rogaway,et al.  A Synopsis of Format-Preserving Encryption , 2010 .

[10]  W. Kastner,et al.  The Evolution of Factory and Building Automation , 2011, IEEE Industrial Electronics Magazine.

[11]  Morris J. Dworkin,et al.  Recommendation for Block Cipher Modes of Operation: Methods and Techniques , 2001 .

[12]  Matthew J. B. Robshaw,et al.  New Stream Cipher Designs: The eSTREAM Finalists , 2008 .

[13]  Concepción Aldea,et al.  Continuous-Time Linear Equalizer for Multigigabit Transmission Through SI-POF in Factory Area Networks , 2015, IEEE Transactions on Industrial Electronics.

[14]  Suk Lee,et al.  Worst Case Communication Delay of Real-Time Industrial Switched Ethernet With Multiple Levels , 2006, IEEE Transactions on Industrial Electronics.

[15]  Lazaros F. Merakos,et al.  A generic characterization of the overheads imposed by IPsec and associated cryptographic algorithms , 2006, Comput. Networks.

[16]  Elaine B. Barker,et al.  A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications , 2000 .

[17]  Thilo Sauter,et al.  How to Access Factory Floor Information Using Internet Technologies and Gateways , 2011, IEEE Transactions on Industrial Informatics.

[18]  Robert F. Mills,et al.  Evaluation of Format- Preserving Encryption Algorithms for Critical Infrastructure Protection , 2014, Critical Infrastructure Protection.

[19]  Jean-Dominique Decotignie,et al.  Ethernet-Based Real-Time and Industrial Communications , 2005, Proceedings of the IEEE.

[20]  Thilo Sauter,et al.  The Three Generations of Field-Level Networks—Evolution and Compatibility Issues , 2010, IEEE Transactions on Industrial Electronics.