Identity-based cryptography (IBC) based key management system (KMS) for industrial control systems (ICS)

Often considered as the brain of an industrial process, Industrial control systems are presented as the vital part of today's critical infrastructure due to their crucial role in process control and monitoring. Any failure or error in the system will have a considerable damage. Their openness to the internet world raises the risk related to cyber-attacks. Therefore, it's necessary to consider cyber security challenges while designing an ICS in order to provide security services such as authentication, integrity, access control and secure communication channels. To implement such services, it's necessary to provide an efficient key management system (KMS) as an infrastructure for all cryptographic operations, while preserving the functional characteristics of ICS. In this paper we will analyze existing KMS and their suitability for ICS, then we propose a new KMS based on Identity Based Cryptography (IBC) as a better alternative to traditional KMS. In our proposal, we consider solving two security problems in IBC which brings it up to be more suitable for ICS.

[1]  Dongho Won,et al.  Efficient Secure Group Communications for SCADA , 2010, IEEE Transactions on Power Delivery.

[2]  Sherali Zeadally,et al.  Critical Control System Protection in the 21st Century , 2013, Computer.

[3]  Qi Shi,et al.  A Survey on Cryptography Key Management Schemes for Smart Grid , 2015 .

[4]  Cristina Alcaraz,et al.  Key management systems for sensor networks in the context of the Internet of Things , 2011, Comput. Electr. Eng..

[5]  Farokh B. Bastani,et al.  Scalable Authentication and Key Management in SCADA , 2010, 2010 IEEE 16th International Conference on Parallel and Distributed Systems.

[6]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[7]  Steven M. Bellovin,et al.  Guidelines for Cryptographic Key Management , 2005, RFC.

[8]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[9]  Nicolai Kuntze,et al.  Injecting trust to cryptographic Key Management , 2009, 2009 11th International Conference on Advanced Communication Technology.

[10]  Ahmed Serhrouchni,et al.  Taxonomy of attacks on industrial control protocols , 2015, 2015 International Conference on Protocol Engineering (ICPE) and International Conference on New Technologies of Distributed Systems (NTDS).

[11]  Joonsang Baek,et al.  A Survey of Identity-Based Cryptography , 2004 .

[12]  Ed Dawson,et al.  SKMA - A Key Management Architecture for SCADA Systems , 2006 .

[13]  Dong-Joo Kang,et al.  Proposal strategies of key management for data encryption in SCADA network of electric power systems , 2009 .

[14]  Jiejun Kong,et al.  Providing robust and ubiquitous security support for mobile ad-hoc networks , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[15]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[16]  Sandia Report,et al.  Sandia SCADA Program High-Security SCADA LDRD Final Report , 2002 .

[17]  Ahmed Serhrouchni,et al.  Analysis of cyber security for industrial control systems , 2015, 2015 International Conference on Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC).

[18]  Bruce Schneier,et al.  Practical cryptography , 2003 .

[19]  Toshiya Itoh,et al.  An ID-based cryptosystem based on the discrete logarithm problem , 1989, IEEE J. Sel. Areas Commun..

[20]  Seungjoo Kim,et al.  An Efficient Key Management Scheme for Secure SCADA Communication , 2008 .

[21]  Dongho Won,et al.  Advanced Key-Management Architecture for Secure SCADA Communications , 2009, IEEE Transactions on Power Delivery.

[22]  Shahrulniza Musa,et al.  Cryptography and Authentication Placement to Provide Secure Channel for SCADA Communication , 2013 .

[23]  Atul Negi,et al.  Authentication and dynamic key management protocol based on certified tokens for manets , 2009, 2009 Global Mobile Congress.

[24]  Cristina Alcaraz,et al.  Security Aspects of SCADA and DCS Environments , 2012, Critical Infrastructure Protection.

[25]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[26]  Yvo Desmedt,et al.  Public-Key Systems Based on the Difficulty of Tampering (Is There a Difference Between DES and RSA?) , 1986, CRYPTO.

[27]  L. Pietre-Cambacedes,et al.  Cryptographic Key Management for SCADA Systems-Issues and Perspectives , 2008, 2008 International Conference on Information Security and Assurance (isa 2008).

[28]  E.J. Byres,et al.  Industrial cybersecurity for power system and SCADA networks , 2005, Record of Conference Papers Industry Applications Society 52nd Annual Petroleum and Chemical Industry Conference.

[29]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[30]  Igor Nai Fovino,et al.  Design and Implementation of a Secure Modbus Protocol , 2009, Critical Infrastructure Protection.

[31]  Hatsukazu Tanaka A Realization Scheme for the Identity-Based Cryptosystem , 1987, CRYPTO.

[32]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 2000, TNET.

[33]  A. Bose,et al.  A failure to communicate: next generation communication requirements, technologies, and architecture for the electric power grid , 2005, IEEE Power and Energy Magazine.

[34]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[35]  Sujeet Shenoi,et al.  Attack taxonomies for the Modbus protocols , 2008, Int. J. Crit. Infrastructure Prot..

[36]  Suvo Mittra,et al.  Iolus: a framework for scalable secure multicasting , 1997, SIGCOMM '97.

[37]  Ueli Maurer,et al.  Non-interactive Public-Key Cryptography , 1991, EUROCRYPT.

[38]  José M. Fernandez,et al.  Not all SCADA is Equal: Impact of Control Models on ICS Threat Landscape , 2014, ICS-CSR.

[39]  F. Cleveland,et al.  IEC TC57 Security Standards for the Power System's Information Infrastructure - Beyond Simple Encryption , 2006, 2005/2006 IEEE/PES Transmission and Distribution Conference and Exhibition.

[40]  Rolf E. Carlson Sandia SCADA Program -- High Surety SCADA LDRD Final Report , 2002 .

[41]  Vinay M. Igure,et al.  Security issues in SCADA networks , 2006, Comput. Secur..

[42]  Andrew K. Wright,et al.  Low-Latency Cryptographic Protection for SCADA Communications , 2004, ACNS.

[43]  G. Gilchrist Secure authentication for DNP3 , 2008, 2008 IEEE Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century.

[44]  Sherali Zeadally,et al.  Critical infrastructure protection: Requirements and challenges for the 21st century , 2015, Int. J. Crit. Infrastructure Prot..