Security Architecture for Point-to-Point Splitting Protocols

The security of industrial supervisory control and data acquisition systems (SCADA) has become a major concern since the Stuxnet worm in 2010. As these systems are connected to the physical world, this makes them possibly hazardous if a malicious attacker is able to take over their control. SCADA can live up to 40 years, are particularly hard to patch, and quite often have no security feature at all. Thus, rather than securing them, network segregation is often used to prevent attackers from entering the industrial system. In this paper, we propose a generic solution: embed a point-to-point splitting protocol within a physical device, thus able to physically isolate networks, perform deep packet inspection and also provide encryption if necessary. We obtain a kind of next generation firewall, encompassing at least both diode and firewall features, for which conformity to security policies can be ensured. Then we define a set of associated security properties for such devices and the requirements for such a device's security architecture and filtering rules. Finally, we propose a secure hardware implementation.

[1]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[2]  Steven Thomason,et al.  Improving Network Security: Next Generation Firewalls and Advanced Packet Inspection Devices , 2012 .

[3]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[4]  Marie-Angela Cornelie,et al.  Implantations et protections de mécanismes cryptographiques logiciels et matériels. (Implementations and protections of software and hardware cryptographic mechanisms) , 2016 .

[5]  Stephen M. Trimberger,et al.  FPGA Security: Motivations, Features, and Applications , 2014, Proceedings of the IEEE.

[6]  Kevin Jones,et al.  A review of cyber security risk assessment methods for SCADA systems , 2016, Comput. Secur..

[7]  Natalia G. Miloslavskaya,et al.  Modeling of next-generation firewalls as queueing services , 2015, SIN.

[8]  Pascal Benoit,et al.  SecBoot — lightweight secure boot mechanism for Linux-based embedded systems on FPGAs , 2017, 2017 12th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC).

[9]  Carlisle M. Adams,et al.  X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP , 1999, RFC.

[10]  Zhuo Lu,et al.  Cyber security in the Smart Grid: Survey and challenges , 2013, Comput. Networks.

[11]  Nabil Sahli,et al.  SECURITY FOR INDUSTRIAL AUTOMATION AND CONTROL SYSTEMS , 2013 .

[12]  Michael J. Assante,et al.  The Industrial Control System Cyber Kill Chain , 2016 .

[13]  Jean-Louis Roch,et al.  Domain Specific Stateful Filtering with Worst-Case Bandwidth , 2016, CRITIS.

[14]  Eric James Byres,et al.  NISCC good practice guide on ?rewall de-ployment for SCADA and process control networks , 2005 .

[15]  Ludovic Jacquin,et al.  Compromis performance/sécurité des passerelles très haut débit pour Internet. (Performance/security trade-off for high-bandwidth Internet VPN gateways.) , 2013 .

[16]  S. C. Kleene,et al.  Introduction to Metamathematics , 1952 .

[17]  Sami Zhioua,et al.  SCADA-SST: a SCADA security testbed , 2016, 2016 World Congress on Industrial Control Systems Security (WCICSS).

[18]  Damien Sauveron,et al.  Secure and Trusted Execution: Past, Present, and Future - A Critical Review in the Context of the Internet of Things and Cyber-Physical Systems , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[19]  Fernando Cores,et al.  Agent-based PKI for Distributed Control System , 2015, 2015 World Congress on Industrial Control Systems Security (WCICSS).