论文信息 - Advanced Key-Management Architecture for Secure SCADA Communications

Advanced Key-Management Architecture for Secure SCADA Communications

Supervisory control and data-acquisition (SCADA) systems are control systems for many national infrastructures. In the past, SCADA systems were designed without security functionality because of the closed operating environment. However, the security of SCADA systems has become an issue with connection to open networks becoming more common. Any damage to the SCADA system can have a widespread negative effect to society. In this paper, we review constraints and security requirements for SCADA systems and then investigate whether the existing key-management protocols for the SCADA systems satisfy these requirements. Afterward, we propose an advanced key-management architecture fitted for secure SCADA communications. The contributions of our work are two-fold. First, our scheme supports both message broadcasting and secure communication. Second, by evenly spreading much of the total amount of computation across high power nodes (MTU or SUB-MTU), our protocol avoids any potential performance bottleneck of the system while keeping the burden on low power nodes (RTU) at minimal.

[1] Cheryl L. Beaver,et al. Key Management for SCADA , 2002 .

[2] Suvo Mittra,et al. Iolus: a framework for scalable secure multicasting , 1997, SIGCOMM '97.

[3] Vinay M. Igure,et al. Security issues in SCADA networks , 2006, Comput. Secur..

[4] Timothy Grance,et al. Guide to Supervisory Control and Data Acquisition (SCADA) and Other Industrial Control System Security , 2006 .

[5] Sushil Jajodia,et al. Efficient and secure keys management for wireless mobile communications , 2002, POMC '02.

[6] Ed Dawson,et al. SKMA - A Key Management Architecture for SCADA Systems , 2006 .

[7] Mohamed G. Gouda,et al. Secure group communications using key graphs , 2000, TNET.

[8] Nathalie Weiler,et al. The VersaKey framework: versatile group key management , 1999, IEEE J. Sel. Areas Commun..

[9] Dawn Xiaodong Song,et al. ELK, a new protocol for efficient large-group key distribution , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[10] Shueng-Han Gary Chan,et al. Key management approaches to offer data confidentiality for secure multicast , 2003 .

[11] Thomas Hardjono,et al. A Framework for Group Key Management for Multicast Security , 2000 .