Message Authentication and Provenance Verification for Industrial Control Systems-Reference-Cited by-同舟云学术

Message Authentication and Provenance Verification for Industrial Control Systems

Published:2023-10-14 Issue:4 Volume:7 Page:1-28
ISSN:2378-962X
Container-title:ACM Transactions on Cyber-Physical Systems
language:en
Short-container-title:ACM Trans. Cyber-Phys. Syst.

Author:

Esiner Ertem¹^ORCID,Tefek Utku¹^ORCID,Mashima Daisuke¹^ORCID,Chen Binbin²^ORCID,Kalbarczyk Zbigniew³^ORCID,Nicol David M.³^ORCID

Affiliation:

1. Advanced Digital Sciences Center, Singapore

2. Singapore University of Technology and Design, Singapore

3. University of Illinois Urbana Champaign, USA

Abstract

Successful attacks against industrial control systems (ICSs) often exploit insufficient checking mechanisms. While firewalls, intrusion detection systems, and similar appliances introduce essential checks, their efficacy depends on the attackers’ ability to bypass such middleboxes. We propose a provenance solution to enable the verification of an end-to-end message delivery path and the actions performed on a message. Fast and flexible provenance verification (F2-Pro) provides cryptographically verifiable evidence that a message has originated from a legitimate source and gone through the necessary checks before reaching its destination. F2-Prorelies on lightweight cryptographic primitives and flexibly supports various communication settings and protocols encountered in ICS thanks to its transparent, bump-in-the-wire design. We provide formal definitions and cryptographically prove F2-Pro’s security. For human interaction with ICS via a field service device, F2-Profeatures a multi-factor authentication mechanism that starts the provenance chain from a human user issuing commands. We compatibility tested F2-Proon a smart power grid testbed and reported a sub-millisecond latency overhead per communication hop using a modest ARM Cortex-A15 processor.

Publisher

Association for Computing Machinery (ACM)

Subject

Artificial Intelligence,Control and Optimization,Computer Networks and Communications,Hardware and Architecture,Human-Computer Interaction

Link

https://dl.acm.org/doi/pdf/10.1145/3607194

Reference65 articles.

1. Ertem Esiner, Daisuke Mashima, Binbin Chen, Zbigniew Kalbarczyk, and David Nicol. 2019. F-Pro: A fast and flexible provenance-aware message authentication scheme for smart grid. In 2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm’19). IEEE, 1–7.

2. Symantec Security Response. 2014. ShellShock: All you need to know about the Bash Bug vulnerability. Retrieved June 8 2018 from https://www.symantec.com/connect/blogs/shellshock-all-you-need-know-about-bash-bug-vulnerability

3. Kim Zetter. 2016. Inside the Cunning Unprecedented Hack of Ukraineâ€™s Power Grid. http://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/

4. The provenance of electronic data

5. Utku Tefek, Ertem Esiner, Daisuke Mashima, and Yih-Chun Hu. 2022. Analysis of message authentication solutions for IEC 61850 in substation automation systems. (Accepted for publication). In IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm’22). 1–7.