Abstract
In this paper, we present an approach to secure fieldbus communication of automation systems used in security-critical applications. We propose a protocol that applies a scheme combining a stream cipher and a Message Authentication Code (MAC) to ensure integrity, confidentiality, authenticity, and freshness of transmitted telegrams over a fieldbus while maintaining real-time constraints. The security discussion shows that the protocol is secure against an adversary attacking the fieldbus communication. A first proof-of-concept implementation for the EtherCAT fieldbus protocol is implemented to perform some initial runtime analyses.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Beckhoff Automation GmbH: FC1100 | PCI EtherCAT slave card (2011)
Bellare, M., Rogaway, P., Wagner, D.: The EAX Mode of Operation. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 389–407. Springer, Heidelberg (2004)
Brühne, M.: IEEE 802.1n und WLAN-Controller – Lohnt der Einsatz auch in der Industrie. In: SPS/IPC/DRIVES: Elektrische Automatisierung, Systeme und Komponenten (2011)
Damm, M., Leitner, S.H., Mahnke, W., Leitner, S.H.: Security. In: OPC Unified Architecture, pp. 1–51. Springer (2009)
Dworkin, M.: Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality. NIST Special Publication 800-38C, NIST - Computer Security Resource Center (2007)
Ferguson, N., Whiting, D., Schneier, B., Kelsey, J., Lucks, S., Kohno, T.: Helix: Fast Encryption and Authentication in a Single Cryptographic Primitive. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 330–346. Springer, Heidelberg (2003)
Granzer, W., Reinisch, C., Kastner, W.: Future Challenges for Building Automation: Wireless and Security. In: Proc. IEEE Int Industrial Electronics (ISIE) Symp., pp. 4415–4467 (2010)
Hell, M., Johansson, T., Meier, W.: Grain – A Stream Cipher for Constrained Environments. International Journal of Wireless and Mobile Computing, Special Issue on Security of Computer Network and Mobile Systems 2(1), 86–93 (2006)
IEC: IEC 61131-3, Programmable controllers — Part 3: Programming languages, 2 edn. (2003)
IEC: IEC 61158, Industrial communication networks — Fieldbus specifications, 2 edn. (2010)
IEEE: IEEE 802.15.4, Wireless Medium Access Control (MAC) and Physical Layer (PHY) Specifications for Low-Rate Wireless Personal Area Networks (WPANs) (2006)
ISA: ISA100.11a Wireless systems for industrial automation: Process control and related applications (2011)
Menezes, A.J., Vanstone, S.A., Oorschot, P.C.V.: Handbook of Applied Cryptography. Discrete Mathematics and Its Applications, 5th printing edn. CRC Press, Inc. (1996)
Microsoft Corporation: Microsoft Visual Studio, Ultimate, version 10.0.4.0129.1 SP1Rel (2010)
Rogaway, P., Bellare, M., Black, J.: OCB: A block-cipher mode of operation for efficient authenticated encryption. ACM Trans. Inf. Syst. Secur. 6, 365–403 (2003)
Schwaiger, C., Treytl, A.: Smart Card Based Security for Fieldbus Systems. In: Proc. IEEE Conf. Emerging Technologies and Factory Automation ETFA 2003, vol. 1, pp. 398–406 (2003)
Szilagyi, C., Koopman, P.: Flexible Multicast Authentication for Time-Triggered Embedded Control Network Applications. In: DSN, pp. 165–174. IEEE (2009)
Treytl, A., Sauter, T., Schwaiger, C.: Security Measures for Industrial Fieldbus Systems – State of the Art and Solutions for IP-based Approaches. In: Proc. IEEE Int Factory Communication Systems Workshop, pp. 201–209 (2004)
Treytl, A., Sauter, T., Schwaiger, C.: Security Measures in Automation Systems – a Practice-Oriented Approach. In: Proc. 10th IEEE Conf. Emerging Technologies and Factory Automation ETFA., vol. 2, pp. 847–855 (2005)
Whiting, D., Schneier, B., Lucks, S., Muller, F.: Phelix Fast Encryption and Authentication in a Single Cryptographic Primitive. Tech. rep., ECRYPT Stream Cipher Project Report 2005/027 (2005)
Wirt, K.T.: ASC – A Stream Cipher with Built–In MAC Functionality. World Academy of Science, Engineering and Technology 29 (2007)
Wolf, M., Weimerskirch, A., Paar, C.: Security in Automotive Bus Systems. In: Proceedings of the Workshop on Embedded Security in Cars, ESCAR 2004 (2004)
Wolf, M., Weimerskirch, A., Wollinger, T.: State of the Art: Embedding Security in Vehicles. EURASIP Journal on Embedded Systems (2007)
Wu, H., Preneel, B.: Differential-Linear Attacks against the Stream Cipher Phelix. eSTREAM, ECRYPT Stream Cipher Project, Report 2006/056
Zoltak, B.: VMPC-MAC: A Stream Cipher Based Authenticated Encryption Scheme. In: Fast Software Encryption, Springer, Heidelberg (2004)
Ågren, M., Hell, M., Johansson, T.: On Hardware-Oriented Message Authentication with Applications towards RFID. In: Lightweight Security Privacy: Devices, Protocols and Applications (LightSec), pp. 26–33. IEEE Computer Society (2011)
Ågren, M., Hell, M., Johansson, T., Meier, W.: A New Version of Grain-128 with Authentication. In: Symmetric Key Encryption Workshop. European Network of Excellence in Cryptology II (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wieczorek, F., Krauß, C., Schiller, F., Eckert, C. (2012). Towards Secure Fieldbus Communication. In: Ortmeier, F., Daniel, P. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2012. Lecture Notes in Computer Science, vol 7612. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33678-2_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-33678-2_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33677-5
Online ISBN: 978-3-642-33678-2
eBook Packages: Computer ScienceComputer Science (R0)