Abstract
Supervisory Control And Data Acquisition (SCADA) systems are real-time process control systems that are widely deployed throughout critical infrastructure sectors including power, gas, oil, and water. However, SCADA networks generally have little protection from the rising danger of cyber attack. A retrofit solution to protect existing SCADA communications links must assure the integrity of commands and responses that are typically transmitted over serial lines at speeds from 300 to 19200 bits per second, while introducing minimal additional latency into the real-time SCADA traffic.
This paper describes the key aspects of a cryptographic protocol for retrofit SCADA link protection that leverages the Cyclic Redundancy Checks (CRC) transmitted by existing SCADA equipment to achieve strong integrity while introducing minimal latency. The protocol is based on a new position embedding encryption mode which, for a b-bit block cipher, ensures that any unauthentic message an adversary can construct (i) includes at least b randomly chosen bits, and therefore, by a new result proved for error detection by systematic shortened cyclic codes, (ii) contains a correct h-bit CRC with probability 2 − h. The low speed of the communications channel limits the rate at which an adversary can make trials, enabling detection of potential attacks before enough trials can be made to achieve any significant likelihood of success. The protocol avoids the need for a decrypting link protection module to buffer decrypted data until an end-of-message integrity check is verified, which would otherwise add significant latency.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Gas Technology Institute (2004), http://www.gtiservices.org/security
National Institute of Standards and Technology: Federal Information Processing Standards Publication 197 (FIPS PUB 197), Advanced Encryption Standard, AES (2001)
Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption: Analysis of the DES modes of operation. In: Proc. 38th Annual Symposium on Foundations of Computer Science (1997)
Menezes, A.J., Oorschot, P.C.V., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
National Institute of Standards and Technology: NIST SP 800-38A 2001 ED, Recommendation for Block Cipher Modes of Operation (2001)
Wicker, S.B.: Error Control Systems for Digital Communication and Storage. Prentice Hall, Englewood Cliffs (1995)
Wright, A.K.: http://scadasafe.sourceforge.net (2004)
Borisov, N., Goldberg, I., Wagner, D.: Intercepting mobile communications: The insecurity of 802.11. In: Proc. MOBICOM (2001)
Stubblebine, S.G., Gligor, V.D.: On message integrity in cryptographic protocols. In: Proc. 1992 IEEE Symposium on Research in Security and Privacy, pp. 85–104 (1992)
Dolev, O., Dwork, C., Naor, M.: Non-malleable cryptography. In: Proc. 23rd ACM Symposium on Theory of Computing (1991)
Beaver, C., Draelos, T., Schroeppel, R., Torgerson, M.: ManTiCore: Encryption with joint cipher-state authentication. IACR Preprint, 2003/154 (2003), http://www.iacr.org
Gligor, V.D., Donescu, P.: Fast encryption and authentication: XCBC encryption and XECB authentication modes. In: Presented at the 2nd NIST Workshop on AES Modes of Operation, Santa Barbara, CA (2001)
Peterson, W.W., Weldon, E.J.: Error correcting codes. MIT Press, Cambridge (1972)
Witzke, K.A., Leung, C.: A comparison of some error-detecting CRC code Standards. IEEE Trans. Commun. COM-33(9), 996 (1985)
AGA 12 Task Group: Cryptographic protection of SCADA communications: General recommendations (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wright, A.K., Kinast, J.A., McCarty, J. (2004). Low-Latency Cryptographic Protection for SCADA Communications. In: Jakobsson, M., Yung, M., Zhou, J. (eds) Applied Cryptography and Network Security. ACNS 2004. Lecture Notes in Computer Science, vol 3089. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24852-1_19
Download citation
DOI: https://doi.org/10.1007/978-3-540-24852-1_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22217-0
Online ISBN: 978-3-540-24852-1
eBook Packages: Springer Book Archive