Abstract
Cyber-physical systems (CPS) are a key component in industrial control systems (ICS), which are widely used in the critical infrastructure sectors. The increasing reliance on CPS, however, affords exploitative opportunities for malicious actors targeting our critical infrastructure. The real-time requirement of control systems, coupled with the deployment of resource-constrained field devices, complicate efforts to secure our critical infrastructure. A key technical limitation for security solutions is that they should be lightweight. While lightweight cryptography is useful to some extent, enforcement of asymmetric key cryptographic primitives in control systems is known to be problematic. In this paper, we suggest investigating the enforcement of lightweight security solutions in ICS from a different perspective. Rather than focusing on designing lightweight (individual) cryptographic primitives, we propose taking a whole-of-system approach to (1) achieve system/collective lightweightness, (2) outsource expensive computations from resource-constrained field devices to neighboring devices and equipments that have more computational capacity, and (3) selectively protect critical data (partial/selective protection of Data of Interest).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
If a bit of the input challenge c is 0, then the multiplicand s is shifted to the left by one position. Otherwise (i.e. the bit of the input challenge c is 1), the multiplicand s is shifted to the left and the result is added (with carry) to the multiplicand s.
- 2.
This infamous incident highlighted the reality of the inadequate security and vulnerability of SCADA systems and ICS. The accused person, a disgruntled employee, allegedly issued radio commands to the sewage equipment, which resulted in 800,000 L of raw sewage to spill out into local parks and rivers, killing marine life. The accused person was sentenced to two years’ imprisonment. Subsequent appeal to the Australian High Court was unsuccessful - see R v Boden [2002] QCA 164.
References
AGA Report No. 12 (2004): Cryptographic Protection of SCADA Communications:General Recommendations, Draft 2, 2004. The Draft 3 is available for purchage at http://www.aga.org/
Aumasson, J., Henzen, L., Meier, W., Naya-Plasencia, M.: Quark: a lightweight hash. J. Cryptology 26(2), 313–339 (2013)
Baek, J., Vu, Q.H., Liu, J.K., Huang, X., Xiang, Y.: A secure cloud computing based framework for big data information management of smart grid. IEEE Trans. Cloud Comput. 3(2), 233–244 (2015)
Borghoff, J., et al.: PRINCE – a low-latency block cipher for pervasive computing applications. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208–225. Springer, Heidelberg (2012)
Bichsel, P., Camenisch, J., Gro, T., Shoup, V.: Anonymous credentials on a standard java card. In: Proceedings of ACM Conference on Computer and Communication Security, CCS 2009, pp. 600–610 (2009)
Bellare, M., Ristenpart, T., Rogaway, P., Stegers, T.: Format-Preserving Encryption. https://eprint.iacr.org/2009/251.pdf
Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK Families of Lightweight Block Ciphers. https://eprint.iacr.org/2013/404.pdf
Cardenas, A., Amin, S., Sinopoli, B., Giani, A., Perrig, A., Sastry, S.: Challenges for securing cyber physical systems. In: Proceedings of Workshop on Future Directions in Cyber-Physical Systems Security, DHS (2009)
De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN — a family of small and efficient hardware-oriented block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009)
Carlson, R., Dagle, J., Shamsuddin, S., Evans, R.: A Summary of Control System Security Standards Activities in the Energy Sector, Office of Electricity Delivery and Energy Reliability U.S. Department of Energy (2005)
Camenisch, J., Herreweghen, E.V.: Design and implementation of the idemix anonymous credential system. In: Proceedings of ACM Conference on Computer and Communication Security, CCS 2002 (2002)
Chen, X., Li, J., Ma, J., Tang, Q., Lou, W.: New algorithms for secure outsourcing of modular exponentiations. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 541–556. Springer, Heidelberg (2012)
Choo, K.-K.R.: Secure Key Establishment. Springer, Heidelberg (2009)
Choo, K.-K.R.: The cyber threat landscape: challenges and future research directions. Comput. Secur. 30(8), 719–731 (2011)
Choo, K.-K.R.: A conceptual interdisciplinary plug-and-play cyber security framework. ICTs and the Millennium Development Goals: A United Nations Perspective, pp. 81–99. Springer, New York (2014)
Chow, S.M., Liu, J.K., Zhou, J.: Identity-based online/offline key encapsulation and encryption. In: Proceedings of ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, pp. 52–60 (2011)
Chu, C., Liu, J.K., Wong, J.W., Zhao, Y., Zhou, J.: Privacy-preserving smart metering with regional statistics and personal enquiry services. In: Proceedings of ACM Symposium on Information, Computer and Communications Security, ASIACCS 2013, pp. 369–380 (2013)
Chu, C., Liu, J.K., Zhou, J., Bao, F., Deng, R.H.: Practical ID-based encryption for wireless sensor network. In: Proceedings of ACM Symposium on Information, Computer and Communications Security, ASIACCS 2010, pp. 337–340 (2010)
Eisenbarth, T., et al.: Compact implementation and performance evaluation of block ciphers in ATtiny devices. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 172–187. Springer, Heidelberg (2012)
Gong, Z., Nikova, S., Law, Y.W.: KLEIN: a new family of lightweight block ciphers. In: Juels, A., Paar, C. (eds.) RFIDSec 2011. LNCS, vol. 7055, pp. 1–18. Springer, Heidelberg (2012)
Guo, J., Peyrin, T., Poschmann, A.: The PHOTON family of lightweight hashfunctions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 222–239. Springer, Heidelberg (2011)
Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED block cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011)
Girault, M., Poupard, G., Stern, J.: On the fly authentication and signature schemes based on groups of unknown order. J. Cryptology 19(4), 463–487 (2006)
Hohenberger, S., Lysyanskaya, A.: How to securely outsource cryptographic computations. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 264–282. Springer, Heidelberg (2005)
Igure, V., Laughter, S., Williams, R.: Security issues in SCADA networks. Comput. Secur. 25, 498–506 (2006)
Lian, S., Sun, J., Wang, Z.: Quality analysis of several typical MPEG video encryption algorithms. J. Image Graph. 9(4), 483–490 (2004)
ISO/IEC 18033-3: Information technology – Security techniques – Encryption algorithms – Part 3: Block ciphers
ISO/IEC 29192-2: Information technology – Security techniques – Lightweightcryptography – Part 2: Block ciphers
ISO/IEC 29192-4: Information technology – Security techniques – Lightweightcryptography – Part 4: Mechanisms using asymmetric techniques
Kravets, K.: Feds: Hacker Disabled Offshore Oil Plaforms’ Leak-Detection System, 18 March 2009. http://www.wired.com/threatlevel//03/feds-hacker-dis/
Kiraz, M., Uzunkol, O.: Efficient and Verifiable Algorithms for Secure Outsourcing of Cryptogrpahic Computations. https://eprint.iacr.org/2014/748.pdf
Kavun, E.B., Yalcin, T.: A lightweight implementation of keccak hash function for radio-frequency identification applications. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 258–269. Springer, Heidelberg (2010)
Laplante, P., Michael, B., Voas, J.: Cyberpandemics: history, inevitability, response. IEEE Secur. Priv. 7(1), 63–67 (2009)
Liu, J.K., Baek, J., Zhou, J.: Online/offline identity-based signcryption revisited. In: Lai, X., Yung, M., Lin, D. (eds.) Inscrypt 2010. LNCS, vol. 6584, pp. 36–51. Springer, Heidelberg (2011)
Liu, J.K., Baek, J., Zhou, J., Yang, Y., Wong, J.W.: Efficient online/offline identity-based signature for wireless sensor network. Int. J. Inf. Sec. 9(4), 287–296 (2010)
Liu, J.K., Au, M.H., Susilo, W., Zhou, J.: Online/offline ring signature scheme. In: Qing, S., Mitchell, C.J., Wang, G. (eds.) ICICS 2009. LNCS, vol. 5927, pp. 80–90. Springer, Heidelberg (2009)
Liu, J.K., Chu, C.K., Zhou, J.: Identity-based server-aided decryption. In: Parampalli, U., Hawkes, P. (eds.) ACISP 2011. LNCS, vol. 6812, pp. 337–352. Springer, Heidelberg (2011)
Liu, J.K., Zhou, J.: An efficient identity-based online/offline encryption scheme. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 156–167. Springer, Heidelberg (2009)
Molina-Markham, A., Danezis, G., Fu, K., Shenoy, P., Irwin, D.: Designing privacy-preserving smart meters with low-cost microcontrollers. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 239–253. Springer, Heidelberg (2012)
NERC-CIP. Critical Infrastructure Protection, North American Electric Reliability Corporation (2008). http://www.nerc.com/cip.html
Poschmann, A.: Lightweight Cryptography: Cryptographic Engineering for A Pervasive World, Ph.D. Thesis (2009)
Ralston, A., Graham, H., Patel, C.: Literature Review of Security, Risk Assessment of SCADA, DCS Systems, Technical report. http://www.cs.dlouisville.edu/facilities/ISLab/tech/ISRL-TR-06-01.pdf
Stouffer, K., Falco, J., Kent, K.: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security. NIST SP 800–82 (2006)
Sanger, D.: Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power. Crown, NY (2012)
Shahid, Z., Chaumont, M., Puech, W.: Fast protection of H.264/AVC by selective encryption of CAVLC and CABAC for I and P frames. IEEE Trans. Circ. Syst. Video Technol. 21(5), 565–576 (2011)
Sommestad, T., Ericsson, N., Nordlander, J.: SCADA system cyber security: a comparison of standards. In: Proceedings of IEEE Power and Energy Society General, pp. 1–8 (2010)
Shibutani, K., Isobe, T., Hiwatari, H., Mitsuda, A., Akishita, T., Shirai, T.: Piccolo: an ultra-lightweight blockcipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 342–357. Springer, Heidelberg (2011)
Wang, Y.: sSCADA: securing SCADA infrastrcture communications. Int. J. Commun. Netw. Distrib. Syst. 6(11), 59–78 (2011)
Wang, Y., O’Neill, M., Kurugollu, F.: A tunable encryption scheme and analysis of fast selective encryption for CAVLC and CABAC in H.264/AVC. IEEE Trans. Circ. Syst. Video Technol. 23(9), 1476–1490 (2013)
Wang, Y., Wu, Q., Wong, D.S., Qin, B., Chow, S.S.M., Liu, Z., Tan, X.: Securely outsourcing exponentiations with single untrusted program for cloud storage. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014, Part I. LNCS, vol. 8712, pp. 326–343. Springer, Heidelberg (2014)
Wright, A.K., Kinast, J.A., McCarty, J.: Low-latency cryptographic protection for SCADA communications. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 263–277. Springer, Heidelberg (2004)
Wan, Z., Wang, G., Yang, Y., Shi, S.: SKM: scalable key management for advanced metering infrastructure in smart grids. IEEE Trans. Industr. Electron. 61(12), 7055–7066 (2014)
Wu, W., Wu, S., Zhang, L., Zou, J., Dong, L.: LHash: a lightweight hash function. In: Lin, D., Xu, S., Yung, M. (eds.) Inscrypt 2013. LNCS, vol. 8567, pp. 291–308. Springer, Heidelberg (2014)
Yuen, T.H., Zhang, Y., Yiu, S.M., Liu, J.K.: Identity-based encryption with post-challenge auxiliary inputs for secure cloud applications and sensor networks. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014, Part I. LNCS, vol. 8712, pp. 130–147. Springer, Heidelberg (2014)
Acknowledgment
This work was supported by the National Research Foundation (NRF), Prime Minister’s Office, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-31) and administered by the National Cybersecurity R&D Directorate.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Yang, Y., Lu, J., Choo, KK.R., Liu, J.K. (2016). On Lightweight Security Enforcement in Cyber-Physical Systems. In: Güneysu, T., Leander, G., Moradi, A. (eds) Lightweight Cryptography for Security and Privacy. LightSec 2015. Lecture Notes in Computer Science(), vol 9542. Springer, Cham. https://doi.org/10.1007/978-3-319-29078-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-29078-2_6
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-29077-5
Online ISBN: 978-3-319-29078-2
eBook Packages: Computer ScienceComputer Science (R0)