Agent-based PKI for Distributed Control System

Security in Industrial Control Systems is a rapidly growing subject as awareness of the threat of exposure is being taken ever more seriously. From the SCADA schemas to the Distributed Control Systems (DCS) the threats have evolved from the physical to the computational. Industrial “Command&control” flow, especially in Critical Infrastructure that requires hard protection and the basis to have a strong background is being developed. This is a proposal to incorporate Public Key Infrastructure (PKI) functionalities, focussing on distributed features, into Industrial Control Systems (ICS). Taking advantage of the use of well-known tools and security solutions, adjusting them to the constraints and limitations of the deployment scenario, the industrial computation must do “security by default”. We show how a PKI can be built with distributed features to be used within a DCS. We propose an agent-based distributed system that can take advantage of an object-oriented paradigm to integrate PKI and cryptography in the most natural way. The main security threats and requirements have been analysed, leading to a new [D]PKI architecture and the specification of its main protocols (join, search and leave).

[1]  Suvo Mittra,et al.  Iolus: a framework for scalable secure multicasting , 1997, SIGCOMM '97.

[2]  Edmond Rogers,et al.  Vulnerability Assessment for Critical Infrastructure Control Systems , 2008, IEEE Security & Privacy.

[3]  Andrew S. Tanenbaum,et al.  Distributed systems: Principles and Paradigms , 2001 .

[4]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[5]  Dongho Won,et al.  Efficient Secure Group Communications for SCADA , 2010, IEEE Transactions on Power Delivery.

[6]  H.A.M. Luiijf,et al.  Cyber Security of Industrial Control Systems , 2015 .

[7]  Seungjoo Kim,et al.  An Efficient Key Management Scheme for Secure SCADA Communication , 2008 .

[8]  Valérie Viet Triem Tong,et al.  An efficient distributed PKI for structured P2P networks , 2009, 2009 IEEE Ninth International Conference on Peer-to-Peer Computing.

[9]  Hoon Jae Lee,et al.  An efficient and secured data storage scheme in cloud computing using ECC-based PKI , 2014, 16th International Conference on Advanced Communication Technology.

[10]  Dongho Won,et al.  Advanced Key-Management Architecture for Secure SCADA Communications , 2009, IEEE Transactions on Power Delivery.

[11]  Tomàs Cuñat,et al.  Volcans d'isogènies de corbes el·líptique : aplicacions criptogràfiques en targetes intel·ligents , 2011 .

[12]  Martin Naedele,et al.  Security for Process Control Systems: An Overview , 2008, IEEE Security & Privacy Magazine.

[13]  Adriano Valenzano,et al.  Review of Security Issues in Industrial Networks , 2013, IEEE Transactions on Industrial Informatics.

[14]  Thomas P. von Hoff,et al.  Security for Industrial Communication Systems , 2005, Proceedings of the IEEE.

[15]  David Mazières,et al.  Kademlia: A Peer-to-Peer Information System Based on the XOR Metric , 2002, IPTPS.

[16]  David M. Nicol,et al.  Application of trusted network technology to industrial control networks , 2009, Int. J. Crit. Infrastructure Prot..

[17]  Ueli Maurer,et al.  Modelling a Public-Key Infrastructure , 1996, ESORICS.

[18]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[19]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.