Advance hybrid key management architecture for SCADA network security

This paper presents and evaluates an advance hybrid key management architecture for supervisory control and data acquisition SCADA networks HSKMA, which supports all three types of communications: unicast, multicast, and broadcast. The HSKMA is based on the elliptic curve cryptography and symmetric cryptography. While the elliptic curve cryptography is used for communication between master station unit MSU and sub-MSUs, the symmetric cryptographic algorithm is used for communication between sub-MSUs and slave stations that have limited computational resources. Our analysis shows that the HSKMA has the following distinctive advantages: 1 it supports the security requirement such as availability, forward security, and backward security, 2 it supports the required speed in the MODBUS implementation, and 3 it is suitable for the environments that have limited computational resources. Copyright © 2016 John Wiley & Sons, Ltd.

[1]  Zahra Moravej,et al.  Secure SCADA communication by using a modified key management scheme. , 2013, ISA transactions.

[2]  Parviz Keshavarzi,et al.  High-performance implementation approach of elliptic curve cryptosystem for wireless network applications , 2011, 2011 International Conference on Consumer Electronics, Communications and Networks (CECNet).

[3]  Ed Dawson,et al.  SKMA - A Key Management Architecture for SCADA Systems , 2006 .

[4]  Parviz Keshavarzi,et al.  CCS Representation: A New Non-Adjacent Form and its Application in ECC , 2012 .

[5]  Cheryl L. Beaver,et al.  Key Management for SCADA , 2002 .

[6]  Vinay M. Igure,et al.  Security issues in SCADA networks , 2006, Comput. Secur..

[7]  Dongho Won,et al.  Advanced Key-Management Architecture for Secure SCADA Communications , 2009, IEEE Transactions on Power Delivery.

[8]  Liu Quan,et al.  A Design of Certificate Authority Based on Elliptic Curve Cryptography , 2010, 2010 Ninth International Symposium on Distributed Computing and Applications to Business, Engineering and Science.

[9]  Dongho Won,et al.  Efficient Secure Group Communications for SCADA , 2010, IEEE Transactions on Power Delivery.

[10]  Dongho Won,et al.  Hybrid Key Management Architecture for Robust SCADA Systems , 2013, J. Inf. Sci. Eng..

[11]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[12]  Kazuhiro Yokoyama,et al.  Elliptic curve cryptosystem , 2000 .

[13]  Jeffrey L. Hieb,et al.  Cyber security risk assessment for SCADA and DCS networks. , 2007, ISA transactions.

[14]  G.M. Coates,et al.  A Trust System Architecture for SCADA Network Security , 2010, IEEE Transactions on Power Delivery.

[15]  Yacine Challal,et al.  An efficient key management scheme for content access control for linear hierarchies , 2012, Comput. Networks.

[16]  James H. Graham,et al.  A security-hardened appliance for implementing authentication and access control in SCADA infrastructures with legacy field devices , 2013, Int. J. Crit. Infrastructure Prot..

[17]  Bo Fu,et al.  SCADA communication and security issues , 2014, Secur. Commun. Networks.

[18]  Çetin Kaya Koç,et al.  High-speed implementation of an ECC-based wireless authentication protocol on an ARM microprocessor , 2001 .

[19]  Suvo Mittra,et al.  Iolus: a framework for scalable secure multicasting , 1997, SIGCOMM '97.

[20]  Igor Nai Fovino,et al.  Critical State-Based Filtering System for Securing SCADA Network Protocols , 2012, IEEE Transactions on Industrial Electronics.

[21]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 2000, TNET.

[22]  Lin Zhu,et al.  A Key Management Scheme for Secure Communications of Advanced Metering Infrastructure in Smart Grid , 2013, IEEE Trans. Ind. Electron..

[23]  Hyoung-Kee Choi,et al.  An efficient and versatile key management protocol for secure smart grid communications , 2012, 2012 IEEE Wireless Communications and Networking Conference (WCNC).

[24]  Elaine B. Barker,et al.  Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography | NIST , 2006 .

[25]  Ieee Staff 2014 13th International Symposium on Distributed Computing and Applications to Business, Engineering and Science (DCABES) , 2014 .

[26]  Dong-Joo Kang,et al.  Proposal strategies of key management for data encryption in SCADA network of electric power systems , 2009 .