Towards Secure Fieldbus Communication

In this paper, we present an approach to secure fieldbus communication of automation systems used in security-critical applications. We propose a protocol that applies a scheme combining a stream cipher and a Message Authentication Code (MAC) to ensure integrity, confidentiality, authenticity, and freshness of transmitted telegrams over a fieldbus while maintaining real-time constraints. The security discussion shows that the protocol is secure against an adversary attacking the fieldbus communication. A first proof-of-concept implementation for the EtherCAT fieldbus protocol is implemented to perform some initial runtime analyses.

[1]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[2]  Wolfgang Mahnke,et al.  OPC Unified Architecture , 2009, Autom..

[3]  Martin Hell,et al.  Grain: a stream cipher for constrained environments , 2007, Int. J. Wirel. Mob. Comput..

[4]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[5]  Morris J. Dworkin SP 800-38C. Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality , 2004 .

[6]  Bartosz Zoltak VMPC-MAC: A Stream Cipher Based Authenticated Encryption Scheme , 2004, IACR Cryptol. ePrint Arch..

[7]  Martin Hell,et al.  A New Version of Grain-128 with Authentication , 2011 .

[8]  Martin Hell,et al.  Grain-128a: a new version of Grain-128 with optional authentication , 2011, Int. J. Wirel. Mob. Comput..

[9]  Mihir Bellare,et al.  The EAX Mode of Operation , 2004, FSE.

[10]  Wolfgang Granzer,et al.  Future challenges for building automation: Wireless and security , 2010, 2010 IEEE International Symposium on Industrial Electronics.

[11]  Martin Hell,et al.  On Hardware-Oriented Message Authentication with Applications towards RFID , 2011, 2011 Workshop on Lightweight Security & Privacy: Devices, Protocols, and Applications.

[12]  Christian Schwaiger,et al.  Smart card based security for fieldbus systems , 2003, EFTA 2003. 2003 IEEE Conference on Emerging Technologies and Factory Automation. Proceedings (Cat. No.03TH8696).

[13]  A. Treytl,et al.  Security measures for industrial fieldbus systems - state of the art and solutions for IP-based approaches , 2004, IEEE International Workshop on Factory Communication Systems, 2004. Proceedings..

[14]  A. Treytl,et al.  Security measures in automation systems-a practice-oriented approach , 2005, 2005 IEEE Conference on Emerging Technologies and Factory Automation.

[15]  Philip Koopman,et al.  Flexible multicast authentication for time-triggered embedded control network applications , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[16]  Christof Paar,et al.  Security in Automotive Bus Systems , 2004 .

[17]  Bart Preneel,et al.  Differential-Linear Attacks Against the Stream Cipher Phelix , 2007, FSE.

[18]  Kai-Thorsten Wirt ASC – A Stream Cipher with Built – In MAC Functionality , 2007 .

[19]  Bruce Schneier,et al.  Helix: Fast Encryption and Authentication in a Single Cryptographic Primitive , 2003, FSE.

[20]  André Weimerskirch,et al.  State of the Art: Embedding Security in Vehicles , 2007, EURASIP J. Embed. Syst..