Abstract
Security is a vital property of SCADA systems, especially in the context of critical infrastructure. In this work, we focus on distributed control devices for hydro-electric power plants. Much work has been done for specific lifecylce phases of distributed control devices such as development or operational phase. Our aim here is to consider the entire product lifecycle and the consequences of security feature implementations for a single lifecycle stage on other stages. In particular, we discuss the security concept used to secure our control devices in the operational stage and show how these concepts result in additional requirements for the development and production stages. We show how we meet these requirements and focus on a production process that enables the commissioning of secrets such as private keys during the manufacturing phase. We show that this can be done both, securely and with acceptable overhead even when the manufacturing process is handled by a contract manufacturer that is not under full control of the OEM.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
An adverse manufacturer might otherwise create a ‘fake’ device that generates a key-pair and trick the OEM into signing it. Then, he could use this key for an unlimited number of pirated devices.
References
Electricity Information Sharing and Analysis Center: Analysis of the Cyber Attack on the Ukrainian Power Grid (2016)
Fischer, K., Gesner, J.: Security architecture elements for IoT enabled automation networks. In: IEEE International Conference on Emerging Technologies and Factory Automation, ETFA (2012)
Fischer, K., Geßner, J., Fries, S.: Secure identifiers and initial credential bootstrapping for IoT@Work. In: Proceedings - 6th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2012, pp. 781–786 (2012)
International Organization for Standardization (ISO): ISO/IEC 27005: 2008 - Information technology - Security techniques - Information Security Risk Management (2008)
Jørgensen, K., Petersen, T.: Product family modelling for manufacturing planning. In: International Conference on Production Research (2011)
Liserre, M., Sauter, T., Hung, J.: Future energy systems: integrating renewable energy sources into the smart power grid through industrial electronics. IEEE Ind. Electron. Mag. 4(1), 18–37 (2010)
Miller, B., Rowe, D.: A survey SCADA of and critical infrastructure incidents. In: Annual Conference on Research in Information Technology, p. 51 (2012)
Rauter, T., Höller, A., Iber, J., Kreiner, C.: Thingtegrity: a scalable trusted computing architecture for resource constrained devices. In: EWSN (2016)
Rauter, T., Höller, A., Iber, J., Kreiner, C.: Using model-based testing for manufacturing and integration-testing of embedded control systems. In: 19th Euromicro Conference on Digital System Design (2016)
Rauter, T., Kajtazovic, N., Kreiner, C.: Asset-centric security risk assessment of software components. In: 2nd International Workshop on MILS: Architecture and Assurance for Secure Systems (2016)
Ray, A., Akerberg, J., Bjorkman, M., Gidlund, M.: Employee trust based industrial device deployment and initial key establishment. Int. J. Netw. Secur. Appl. 8(1), 21–44 (2016)
Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: USENIX Security (2004)
Stajano, F., Anderson, R.J.: The resurrecting duckling: security issues for ad-hoc wireless networks. In: International Workshop on Security Protocols (2000)
Swiderski, F., Snyder, W.: Threat Modeling. Microsoft Press, Redmond (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Rauter, T., Höller, A., Iber, J., Kreiner, C. (2016). Development and Production Processes for Secure Embedded Control Devices. In: Kreiner, C., O'Connor, R., Poth, A., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2016. Communications in Computer and Information Science, vol 633. Springer, Cham. https://doi.org/10.1007/978-3-319-44817-6_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-44817-6_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-44816-9
Online ISBN: 978-3-319-44817-6
eBook Packages: Computer ScienceComputer Science (R0)