Abstract
The new attack technologies have caused great security threats to industry control system, especially APT attacks such as Stuxnet, BlackEnergy, WannaCrypt. Traditional protection methods fail to defend the hackers attacks on the cyber and physical components of ICS. This paper propose an ICS terminal defense solution in establishing the trustworthiness of with trusted execution environment. The check attestation method is employed to optimize ICS software attestation, and the whitelist mechanism is used to enforce the process execution in terminal. We design and implement a trusted terminal defense system in industry control network. The test results shows that the performance of hardware security module and process enforcement meets the real-time requirements. abstract environment.
Y. Qin—The research presented in this paper is supported by National Natural Science Foundation of China (No. 61402455, No. 61602455).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
National Institute of Standards and Technology: NIST Spp. 800-82 Guide to Industrial Control System (ICS) Security (2011)
International Electrotechnical Commission: IEC Industrial Control Network and System Security Standardization (2013)
National Technical Committee 124 on Standardization Administration of China (SAC/TC124): Evaluation Specification for Security in Industrial Control Network (2010)
Defrawy, K.E., Francillon, A., Perito, D., Tsudik, G.: SMART: secure and minimal architecture for (establishing a dynamic) root of trust. In: Network and Distributed System Security Symposium (NDSS). Internet Society (2012)
Koeberl, P., Schulz, S., Sadeghi, A.-R., et al.: Trustlite: a security architecture for tiny embedded devices. In: Proceedings of the Ninth European Conference on Computer Systems (EuroSys 2014) (2014)
Brasser, F., El Mahjoub, B., Sadeghi, A.-R., et al.: TyTAN: tiny trust anchor for tiny devices. In: Proceedings of the 52nd Annual Design Automation Conference (DAC 2015) (2015)
Sadeghi, A.R., Wachsmann, C, Waidner, M.: Security and privacy challenges in industrial internet of things. In: Proceedings of the 52nd Annual Design Automation Conference, vol. 54. ACM (2015)
Da Xu, L., He, W., Li, S.: Internet of things in industries: a survey. IEEE Trans. Ind. Inform. 10(4), 2233–2243 (2014)
Keoh, S.L., Kumar, S.S., Tschofenig, H.: Securing the internet of things: a standardization perspective. Internet Things J. IEEE 1(3), 265–275 (2014)
Kil, C., Sezer, E.C., Azab, A.M., Ning, P., Zhang, X.: Remote attestation to dynamic system properties: towards providing complete system integrity evidence. In: IEEE/IFIP DSN (2009)
Seshadri, A., Perrig, A., Van Doorn, L., Khosla, P.: SWATT: software-based attestation for embedded devices. In: IEEE S&P (2004)
Li, Y., McCune, J.M., Perrig, A.: VIPER: verifying the integrity of PERipherals firmware. In: ACM CCS (2011)
Seshadri, A., Luk, M., Perrig, A.: SAKE: software attestation for key establishment in sensor networks. Ad Hoc Netw. 9(6) (2008)
Seshadri, A., Luk, M., Perrig, A., Doorn, L.V., Khosla, P.: SCUBA: secure code update by attestation in sensor networks. In: ACM WiSec (2006)
Seshadri, A., Luk, M., Perrig, A., van Doorn, L., Khosla, P.: Using FIRE & ICE for detecting and recovering compromised nodes in sensor networks. Technical report, DTIC Document, December 2004
Li, Y., McCune, J.M., Perrig, A.: SBAP: software-based attestation for peripherals. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) Trust 2010. LNCS, vol. 6101, pp. 16–29. Springer, Heidelberg (2010). doi:10.1007/978-3-642-13869-0_2
Armknecht, F., Sadeghi, A.R., Schulz, S., et al.: A security framework for the analysis and design of software attestation. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 1–12. ACM (2013)
Coble, K., Wang, W., Chu, B., et al.: Secure software attestation for military telesurgical robot systems. In: Proceedings of Military Communications Conference (MILCOM 2010), pp. 965–970. IEEE (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Qin, Y., Zhang, Y., Feng, W. (2017). TICS: Trusted Industry Control System Based on Hardware Security Module. In: Wen, S., Wu, W., Castiglione, A. (eds) Cyberspace Safety and Security. CSS 2017. Lecture Notes in Computer Science(), vol 10581. Springer, Cham. https://doi.org/10.1007/978-3-319-69471-9_37
Download citation
DOI: https://doi.org/10.1007/978-3-319-69471-9_37
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69470-2
Online ISBN: 978-3-319-69471-9
eBook Packages: Computer ScienceComputer Science (R0)