Security architecture for control networks using IPsec and KINK

There are many kinds of control networks which have been used in various nonIP network areas, such as BA (building automation), FA (factory automation) and PA (process automation). These do not incorporate reasonable security mechanisms as they have been mainly used for closed networks. Recently the security of control networks is becoming important because of the popularization of the Internet, the deployment of wireless technologies and the security requirements of such infrastructures. Control networks require security mechanisms which 1) enable end-to-end security that do not depend upon specific network topology, 2) work with multiple control network technologies, and 3) are suited to small embedded devices commonly used in control networks. This paper shows security mechanisms which can meet the above requirements, assuming that IP is applied to the control networks.

[1]  Radia J. Perlman,et al.  Network security - private communication in a public world , 2002, Prentice Hall series in computer networking and distributed systems.

[2]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[3]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[4]  Vincent Rijmen,et al.  The Block Cipher Rijndael , 1998, CARDIS.

[5]  Burton S. Kaliski,et al.  PKCS #1: RSA Encryption Version 1.5 , 1998, RFC.

[6]  Steven T. Bushby,et al.  GSA Guide to Specifying Interoperable Building Automation and Control Systems Using ANSI/ASHRAE Standard 135-1995, BACnet , 1999 .

[7]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[8]  Jeff Hodges,et al.  Lightweight Directory Access Protocol (v3): Technical Specification , 2002, RFC.

[9]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[10]  Michael Thomas,et al.  Kerberized Internet Negotiation of Keys (KINK) , 2006, RFC.

[11]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[12]  Tim Howes,et al.  Lightweight Directory Access Protocol (v3) , 1997, RFC.

[13]  Hans Eberle,et al.  Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs , 2004, CHES.

[14]  Frank Mueller,et al.  Analyzing and modeling encryption overhead for sensor network nodes , 2003, WSNA '03.

[15]  Jan Gerston Water and Wastewater Utilities Enhance System Security Malicious attacks now to be addressed along with natural disasters in new plans , 2002 .