TICS: Trusted Industry Control System Based on Hardware Security Module

The new attack technologies have caused great security threats to industry control system, especially APT attacks such as Stuxnet, BlackEnergy, WannaCrypt. Traditional protection methods fail to defend the hackers attacks on the cyber and physical components of ICS. This paper propose an ICS terminal defense solution in establishing the trustworthiness of with trusted execution environment. The check attestation method is employed to optimize ICS software attestation, and the whitelist mechanism is used to enforce the process execution in terminal. We design and implement a trusted terminal defense system in industry control network. The test results shows that the performance of hardware security module and process enforcement meets the real-time requirements. abstract environment.

[1]  Karim Eldefrawy SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust , 2012, NDSS 2012.

[2]  L. V. Doorn,et al.  SCUBA: Secure Code Update By Attestation in sensor networks , 2006, WiSe '06.

[3]  Ahmad-Reza Sadeghi,et al.  Security and privacy challenges in industrial Internet of Things , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[4]  Zhiwei Li,et al.  Secure software attestation for military telesurgical robot systems , 2010, 2010 - MILCOM 2010 MILITARY COMMUNICATIONS CONFERENCE.

[5]  Frederik Armknecht,et al.  A security framework for the analysis and design of software attestation , 2013, CCS.

[6]  Vijay Varadharajan,et al.  TrustLite: a security architecture for tiny embedded devices , 2014, EuroSys '14.

[7]  Pradeep K. Khosla,et al.  Using FIRE & ICE for Detecting and Recovering Compromised Nodes in Sensor Networks , 2004 .

[8]  Adrian Perrig,et al.  SBAP: Software-Based Attestation for Peripherals , 2010, TRUST.

[9]  Adrian Perrig,et al.  VIPER: verifying the integrity of PERipherals' firmware , 2011, CCS '11.

[10]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[11]  Hannes Tschofenig,et al.  Securing the Internet of Things: A Standardization Perspective , 2014, IEEE Internet of Things Journal.

[12]  Ahmad-Reza Sadeghi,et al.  TyTAN: Tiny trust anchor for tiny devices , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[13]  Peng Ning,et al.  Remote attestation to dynamic system properties: Towards providing complete system integrity evidence , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[14]  Wu He,et al.  Internet of Things in Industries: A Survey , 2014, IEEE Transactions on Industrial Informatics.

[15]  Adrian Perrig,et al.  SAKE: Software attestation for key establishment in sensor networks , 2011, Ad Hoc Networks.