Distributed Identity Based Private Key Generation for SCADA Systems

  • Görkem Kılınç
  • Igor Nai Fovino
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7722)


The security of the ICT (Information Communications Technology) components of industrial systems is gaining great importance in the context of their criticality for society at large. There is an urgent need for the consideration of security in their design, and for the analysis of the related vulnerabilities and potential threats. The high exposure of industrial critical infrastructure to such threats is mainly due to the intrinsic weakness of the communication protocols used to control the process network. The peculiarities of the industrial protocols (low computational power, large geographical distribution, near to real-time constraints) make hard the effective use of traditional cryptographic schemes and in particular the implementation of a effective key management infrastructure supporting a cryptographic layer. In this paper we present the first working prototype of a distributed key generation infrastructure for SCADA systems based on the well known identity based crypto-paradigm.


SCADA protocols SCADA security Key Management Identity Based Cryptography Distributed Private Key Generation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Fovino, I.N., Marcelo Masera, R.L.: Ict security assessment of a power plant, a case study. In: Second Annual IFIP Working Group 11.10 International Conference on Critical Infrastructure Protection, Arlington, USA (2008)Google Scholar
  2. 2.
    Majdalawieh, M., Parisi-Presicce, F., Wijesekera, D.: Distributed network protocol security (dnpsec) security framework. In: 21st Annual Computer Security Applications Conference (2005)Google Scholar
  3. 3.
    Igor Nai Fovino, A.C., Masera, M.: Secure modbus protocol, a proof of concept. In: Proceedings of the 3rd IFIP Int. Conf. on Critical Infrastructure Protection (2009)Google Scholar
  4. 4.
    Beaver, C., Donald Gallup, W.N., Torgerson, M.: Key management for scada. Technical report, Cryptography and Information Systems Surety Department Sandia National Laboratories (2002)Google Scholar
  5. 5.
    Robert, D., Colin, B., Dawson, E., Juan, M.: Skma a key management architecture for scada systems. In: Proceedings of the Proceedings of the 4th Australasian Information Security Workshop, vol. 54 (2006)Google Scholar
  6. 6.
    Lambert, R.J.: Ecc and scada key management. In: Proceedings of S4 (SCADA Security Scientific Symposium) Conference (2007)Google Scholar
  7. 7.
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  8. 8.
    Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Kate, A., Goldberg, I.: Asynchronous distributed private-key generators for identity-based cryptography. IACR Cryptology ePrint Archive 2009, 355 (2009)Google Scholar
  11. 11.
    Feldman, P.: A practical scheme for non-interactive verifiable secret sharing. In: Proceedings of the 28th Annual Symposium on Foundations of Computer Science, SFCS 1987, pp. 427–438. IEEE Computer Society, Washington, DC (1987)Google Scholar
  12. 12.
    Kilinc, G., Igor Nai Fovino, C.F., Koltuksuz, A.: A model of distributed key generation for industrial control systems. Technical report, E.C. Joint Research Centre, Institute for the Protection and Security of the Citizen (2012)Google Scholar
  13. 13.
    pairing-based cryptography,
  14. 14.
    Gnu multiple precision library,
  15. 15.
    Genge, B., Igor Nai Fovino, C.S., Masera, M.: Analyzing cyber-physical attacks on networked industrial control systems. In: Butts, J., Shenoi, S. (eds.) Critical Infrastructure Protection V. IFIP AICT, vol. 367, pp. 167–183. Springer, Boston (2011), doi:10.1007/978-3-642-24864-1_12CrossRefGoogle Scholar
  16. 16.
    Chor, B., Shaft Goldwasser, S.M., Awerbuch, B.: Verifiable secret sharing and achieving simultaneity in the presence of faults. In: Proceedings of 6th IEEE Symposium on Foundations of Computer Science, pp. 383–395 (1985)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Görkem Kılınç
    • 1
  • Igor Nai Fovino
    • 2
  1. 1.Computer Eng. Dept.Izmir Institute of TechnologyUrlaTurkey
  2. 2.Global Cyber Security CenterRomeItaly

Personalised recommendations