A model of distributed key generation for industrial control systems

The cyber-security of industrial control systems (ICS) is gaining high relevance due to the impact of industrial system failures on the citizen life. There is an urgent need for the consideration of security in their design, and for the analysis of the related vulnerabilities and potential threats. The high exposure of industrial critical infrastructure to such threats is mainly due to the intrinsic weakness of the communication protocols used to control the process network. The peculiarities of the industrial protocols (low computational power, large geographical distribution, near to real-time constraints) make hard the effective use of traditional cryptographic schemes and in particular the implementation of an effective key management infrastructure supporting a cryptographic layer. In this paper, we describe a "model of distributed key generation for industrial control systems" we have recently implemented. The model is based on a known Distributed Public Key Generator protocol we have adapted to an industrial control system environment and to the related communication protocol (MODBUS). To validate formally selected security properties of the model, we introduced a Petri Nets representation. This representation allows for modeling attacks agains the protocol and understanding some potential weaknesses of its implementation in the industrial control system environment.

KILINC Gorkem;  NAI FOVINO Igor;  FERIGATO Carlo;  KOLTUKSUZ Ahmet; 

2015-04-13

International Federation of Automatic Control (IFAC)

JRC72118

978-3-902823-28-1,   

1474-6670,   

http://www.ifac-papersonline.net/Detailed/58247.html,    https://publications.jrc.ec.europa.eu/repository/handle/JRC72118,   

10.3182/20121003-3-MX-4033.00057,