Abstract
Current trends of digitalization are becoming significantly prevalent within the field of industrial control systems. While in recent history a typical industrial control system would have been isolated with rudimentary ways of extracting data, nowadays it is becoming expected that the control system could not only provide large amounts of data over the network but also receive firmware updates and patches. To this end it is important to secure the communication between the components of the system, as well as ensure that only approved components can communicate together. Secure communication and device authentication could be achieved by use of cryptographic keys and certificates. The system however must be able to securely manage the keys and certificates in order to ensure their authenticity and validity. In this paper we present a prototype of a pluggable key management device for industrial control systems with a key management protocol and integrated formal analysis of the running system – a model in-the-loop. This allows the system to continuously analyse the network traffic according to the protocol using VDM and hence assure compliance with several security properties. We use off-the-shelf hardware, custom key and device management protocol and VDM to ensure that the device satisfies requirements posed by our industrial partner.
This work is supported by the Manufacturing Academy of Denmark (MADE), for more information see https://www.made.dk.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Our industrial partner wishes to remain anonymous.
References
Bartocci, E., Falcone, Y., Francalanza, A., Reger, G.: Introduction to runtime verification. In: Bartocci, E., Falcone, Y. (eds.) Lectures on Runtime Verification. LNCS, vol. 10457, pp. 1–33. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-75632-5_1
Dojen, R., Zhang, F., Coffey, T.: On the formal verification of a cluster based key management protocol for wireless sensor networks. In: 2008 IEEE International Performance, Computing and Communications Conference, pp. 499–506
Elrad, T., Filman, R.E., Bader, A.: Aspect-oriented programming: introduction. Commun. ACM 44(10), 29–32 (2001)
Fitzgerald, J.S., Larsen, P.G., Verhoef, M.: Vienna development method. In: Wah, B. (ed.) Wiley Encyclopedia of Computer Science and Engineering. Wiley, Hoboken (2008)
Fitzgerald, J., Larsen, P.G., Mukherjee, P., Plat, N., Verhoef, M.: Validated Designs for Object-Oriented Systems. Springer, New York (2005). https://doi.org/10.1007/b138800,http://overturetool.org/publications/books/vdoos/
Fitzgerald, J.S., Larsen, P.G., Verhoef, M.: Vienna Development Method, pp. 1–11. Wiley, Hoboken (2008). https://doi.org/10.1002/9780470050118.ecse447
Gao, S., Deng, Y., Yu, H., He, X., Beznosov, K., Cooper, K.: Applying aspect-orientation in designing security systems: a case study, August 2004
Gargantini, A., Heitmeyer, C.: Using model checking to generate tests from requirements specifications, pp. 146–162, January 1999
Hansen, Y.: Python Scapy Dot11: Python Programming for Wi-Fi Pentesters, 2nd edn. CreateSpace Independent Publishing Platform, North Charleston, SC, USA (2018)
Hilsdale, E., Hugunin, J.: Advice weaving in AspectJ. In: Proceedings of the 3rd International Conference on Aspect-Oriented Software Development, AOSD 2004, pp. 26–35. ACM, New York (2004). https://doi.org/10.1145/976270.976276
Kahya, N., Ghoualmi, N., Lafourcade, P.: Key management protocol in WIMAX revisited. In: Wyld, D., Zizka, J., Nagamalai, D. (eds.) Advances in Computer Science, Engineering & Applications. AISC, vol. 167, pp. 853–862. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30111-7_82
Kinney, S.L.: Trusted Platform Module Basics: Using TPM in Embedded Systems. Elsevier, Amsterdam (2006)
Knowles, W., Prince, D., Hutchison, D., Disso, J.F.P., Jones, K.: A survey of cyber security management in industrial control systems. Int. J. Crit. Infrastruct. Prot. 9, 52–80 (2015). https://doi.org/10.1016/j.ijcip.2015.02.002
Kulik, T., Boudjadar, J., Aranha, D.: Towards formally verified key management for industrial control systems. In: 8th International Conference on Formal Methods in Software Engineering, pp. 119–129, October 2020. https://doi.org/10.1145/3372020.3391555
Kulik, T., Boudjadar, J., Tran-Jørgensen, P.W.V.: Security verification of industrial control systems using partial model checking. In: FormaliSE 2020, pp. 98–108. ACM, New York (2020). https://doi.org/10.1145/3372020.3391558
Kulik, T., et al.: A survey of practical formal methods for security. Form. Asp. Comput. (2022). https://doi.org/10.1145/3522582
Kulik, T., Tran-Jørgensen, P.W.V., Boudjadar, J.: Formal security analysis of cloud-connected industrial control systems. In: Lanet, J.-L., Toma, C. (eds.) SECITC 2018. LNCS, vol. 11359, pp. 71–84. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12942-2_7
Larsen, P.G., Battle, N., Ferreira, M., Fitzgerald, J., Lausdahl, K., Verhoef, M.: The overture initiative - integrating tools for VDM. SIGSOFT Softw. Eng. Notes 35(1), 1–6 (2010). https://doi.org/10.1145/1668862.1668864
Leucker, M., Schallhart, C.: A brief account of runtime verification. J. Log. Algebraic Program. 78(5), 293–303 (2009). The 1st Workshop on Formal Languages and Analysis of Contract-Oriented Software (FLACOS’07)
Li, W., Li, X., Gao, J., Wang, H.: Design of secure authenticated key management protocol for cloud computing environments. IEEE Trans. Dependable Secur. Comput. 18(3), 1276–1290 (2021). https://doi.org/10.1109/TDSC.2019.2909890
Lucas, P.: On the formalization of programming languages: early history and main approaches. In: Bjørner, D., Jones, C.B. (eds.) The Vienna Development Method: The Meta-Language. LNCS, vol. 61, pp. 1–23. Springer, Heidelberg (1978). https://doi.org/10.1007/3-540-08766-4_8
Mammar, A., Nguyen, T.M., Laleau, R.: A formal approach to derive an aspect oriented programming-based implementation of a secure access control filter. Inf. Softw. Technol. 92, 158–178 (2017). https://doi.org/10.1016/j.infsof.2017.08.001
Myers, M., Adams, C., Solo, D., Kemp, D.: Internet x. 509 certificate request message format. Request for Comments 2511 (1999)
Naoui, S., Elhdhili, M.E., Saidane, L.A.: Security analysis of existing IoT key management protocols. In: 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications (AICCSA), pp. 1–7 (2016)
Pointcheval, D.: Asymmetric cryptography and practical security. J. Telecommun. Inf. Technol., 41–56 (2002)
Rahli, V., Guaspari, D., Bickford, M., Constable, R.L.: Formal specification, verification, and implementation of fault-tolerant systems using EventML. Electron. Commun. Eur. Assoc. Softw. Sci. Technol. 72 (2015)
Rocchetto, M., Tippenhauer, N.O.: Towards formal security analysis of industrial control systems. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, ASIA CCS 2017, pp. 114–126. ACM, New York (2017)
Tahir, H.M., Shouket, A., Hussain, S., Nadeem, M., Raza, Z., Zafar, N.A.: Formalization of security properties using VDM-SL. In: 2015 International Conference on Information and Communication Technologies (ICICT), pp. 1–6 (2015)
Tomas Kulik, Hugo Daniel Macedo, P.T., Larsen, P.G.: Modelling the HUBCAP sandbox architecture in VDM: a study in security. In: The 18th OVERTURE Workshop, pp. 1–15 (2020)
Vancea, V., Ubys, L.: Java implementation (2021). https://github.com/valeriuvancea/Key-Managemnt-Protocol-Java-VDM
Vancea, V., Ubys, L.: VDM Trace translator (2021). https://github.com/valeriuvancea/Network-Trace-to-VDM-Trace-Translator
Weyns, D., Iftikhar, M.U., de la Iglesia, D.G., Ahmad, T.: A survey of formal methods in self-adaptive systems. In: Proceedings of the Fifth International C* Conference on Computer Science and Software Engineering, C3S2E 2012, pp. 67–79. ACM, New York (2012). https://doi.org/10.1145/2347583.2347592
Wing, J.M.: A specifier’s introduction to formal methods. Computer 23(9), 8–22 (1990)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Ubys, L., Nicolas Vancea, V., Kulik, T., Gorm Larsen, P., Boudjadar, J., Aranha, D.F. (2022). Formal Model In-The-Loop for Secure Industrial Control Networks. In: Tapia Tarifa, S.L., Proença, J. (eds) Formal Aspects of Component Software. FACS 2022. Lecture Notes in Computer Science, vol 13712. Springer, Cham. https://doi.org/10.1007/978-3-031-20872-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-20872-0_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-20871-3
Online ISBN: 978-3-031-20872-0
eBook Packages: Computer ScienceComputer Science (R0)