Abstract
Security is a vital property of Industrial Control Systems (ICS), especially in the context of critical infrastructure. In this work, we focus on distributed control devices for hydro-electric power plants. Much work has been done for specific lifecylce phases of distributed control devices such as development or operational phase. Our aim here is to consider the entire product lifecycle and the consequences of security feature implementations for a single lifecycle stage on other stages. At the same time, recent trends such as the digitization of production is an enabler of production process extensions that support the integration of such security features during the operational phase of a control devices. In particular, we propose a security concept that enables assurance of the integrity of software components and product configuration of other control devices in the same network. Moreover, we show how these concepts result in additional requirements for the production stages. We show how we meet these requirements and focus on a production process by extending previously proposed methods that enable the commissioning of secrets such as private keys during the manufacturing phase. We extend this process by extracting information about the configurations of the actually produced devices during production. Based on this information, the proposed security techniques can be integrated without considerable overhead for bootstrapping.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Here, certification is achieved through using public-key cryptography. The private part of the key represent the device secret. The public part signed by the OEM and augmented with meta-information to generate the certificate.
References
Ceccato, M., Ofek, Y., Tonella, P.: A protocol for property-based attestation. Theory Pract. Comput. Sci. 7 (2008). http://portal.acm.org/citation.cfm?doid=1179474.1179479, http://link.springer.com/chapter/10.1007/978-3-540-77566-9_8
Chen, L., Löhr, H., Manulis, M., Sadeghi, A.-R.: Property-based attestation without a trusted third party. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 31–46. Springer, Heidelberg (2008). doi:10.1007/978-3-540-85886-7_3
Coker, G., Guttman, J., Loscocco, P., Herzog, A., Millen, J., O’Hanlon, B., Ramsdell, J., Segall, A., Sheehy, J., Sniffen, B.: Principles of remote attestation. Int. J. Inf. Secur. 10(2), 63–81 (2011)
Sharing, E.I., Center, A.: Analysis of the cyber attack on the ukrainian power grid. Technical report (2016)
Fischer, K., Gesner, J.: Security architecture elements for IoT enabled automation networks. In: International Conference on Emerging Technologies and Factory Automation (2012)
Kylänpää, M., Rantala, A.: Remote attestation for embedded systems. In: Security of Industrial Control Systems and Cyber Physical Systems (2015)
Liserre, M., Sauter, T., Hung, J.: Future energy systems: integrating renewable energy sources into the smart power grid through industrial electronics. IEEE Ind. Electron. Mag. 4(1), 18–37 (2010). http://ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=5439057
Miller, B., Rowe, D.: A survey SCADA of and critical infrastructure incidents. In: Annual Conference on Research in Information Technology p. 51 (2012). http://dl.acm.org/citation.cfm?doid=2380790.2380805
Mitchell, R., Chen, I.R.: A survey of intrusion detection techniques for cyber-physical systems. ACM Comput. Surv. (CSUR) 46(4), 1–29 (2014)
Rauter, T., Höller, A., Iber, J., Kreiner, C.: Development and production processes for secure embedded control devices. In: Kreiner, C., Connor, R., Poth, A., Messnarz, R. (eds.) EuroSPI 2016. Communications in Computer and Information Science, vol. 633, pp. 119–131. Springer, Cham (2016). doi:10.1007/978-3-319-44817-6_10
Rauter, T., Iber, J., Krisper, M., Kreiner, C.: Integration of integrity enforcing technologies into embedded control devices: experiences and evaluation. In: The 22nd IEEE Pacific Rim International Symposium on Dependable Computing (2017)
Sadeghi, A., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: Proceedings of the 2004 Workshop on New Security Paradigms, pp. 67–77 (2004). http://dl.acm.org/citation.cfm?id=1066038
Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: USENIX Security (2004)
Urbina, D.I., Giraldo, J., Cardenas, A.A., Tippenhauer, N.O., Valente, J., Faisal, M., Ruths, J., Candell, R., Sandberg, H.: Limiting the impact of stealthy attacks on industrial control systems. In: 23rd ACM Conference on Computer and Communications Security (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Rauter, T., Iber, J., Krisper, M., Kreiner, C. (2017). Supporting the Integration of New Security Features in Embedded Control Devices Through the Digitalization of Production. In: Stolfa, J., Stolfa, S., O'Connor, R., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2017. Communications in Computer and Information Science, vol 748. Springer, Cham. https://doi.org/10.1007/978-3-319-64218-5_30
Download citation
DOI: https://doi.org/10.1007/978-3-319-64218-5_30
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64217-8
Online ISBN: 978-3-319-64218-5
eBook Packages: Computer ScienceComputer Science (R0)