Skip to main content
SpringerLink
Log in

On Lightweight Security Enforcement in Cyber-Physical Systems

  • Conference paper
Lightweight Cryptography for Security and Privacy (LightSec 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9542))

Included in the following conference series:

Abstract

Cyber-physical systems (CPS) are a key component in industrial control systems (ICS), which are widely used in the critical infrastructure sectors. The increasing reliance on CPS, however, affords exploitative opportunities for malicious actors targeting our critical infrastructure. The real-time requirement of control systems, coupled with the deployment of resource-constrained field devices, complicate efforts to secure our critical infrastructure. A key technical limitation for security solutions is that they should be lightweight. While lightweight cryptography is useful to some extent, enforcement of asymmetric key cryptographic primitives in control systems is known to be problematic. In this paper, we suggest investigating the enforcement of lightweight security solutions in ICS from a different perspective. Rather than focusing on designing lightweight (individual) cryptographic primitives, we propose taking a whole-of-system approach to (1) achieve system/collective lightweightness, (2) outsource expensive computations from resource-constrained field devices to neighboring devices and equipments that have more computational capacity, and (3) selectively protect critical data (partial/selective protection of Data of Interest).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 34.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 44.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    If a bit of the input challenge c is 0, then the multiplicand s is shifted to the left by one position. Otherwise (i.e. the bit of the input challenge c is 1), the multiplicand s is shifted to the left and the result is added (with carry) to the multiplicand s.

  2. 2.

    This infamous incident highlighted the reality of the inadequate security and vulnerability of SCADA systems and ICS. The accused person, a disgruntled employee, allegedly issued radio commands to the sewage equipment, which resulted in 800,000 L of raw sewage to spill out into local parks and rivers, killing marine life. The accused person was sentenced to two years’ imprisonment. Subsequent appeal to the Australian High Court was unsuccessful - see R v Boden [2002] QCA 164.

References

  1. AGA Report No. 12 (2004): Cryptographic Protection of SCADA Communications:General Recommendations, Draft 2, 2004. The Draft 3 is available for purchage at http://www.aga.org/

  2. Aumasson, J., Henzen, L., Meier, W., Naya-Plasencia, M.: Quark: a lightweight hash. J. Cryptology 26(2), 313–339 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  3. Baek, J., Vu, Q.H., Liu, J.K., Huang, X., Xiang, Y.: A secure cloud computing based framework for big data information management of smart grid. IEEE Trans. Cloud Comput. 3(2), 233–244 (2015)

    Article  Google Scholar 

  4. Borghoff, J., et al.: PRINCE – a low-latency block cipher for pervasive computing applications. In: Wang, X., Sako, K. (eds.) ASIACRYPT 2012. LNCS, vol. 7658, pp. 208–225. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  5. Bichsel, P., Camenisch, J., Gro, T., Shoup, V.: Anonymous credentials on a standard java card. In: Proceedings of ACM Conference on Computer and Communication Security, CCS 2009, pp. 600–610 (2009)

    Google Scholar 

  6. Bellare, M., Ristenpart, T., Rogaway, P., Stegers, T.: Format-Preserving Encryption. https://eprint.iacr.org/2009/251.pdf

  7. Beaulieu, R., Shors, D., Smith, J., Treatman-Clark, S., Weeks, B., Wingers, L.: The SIMON and SPECK Families of Lightweight Block Ciphers. https://eprint.iacr.org/2013/404.pdf

  8. Cardenas, A., Amin, S., Sinopoli, B., Giani, A., Perrig, A., Sastry, S.: Challenges for securing cyber physical systems. In: Proceedings of Workshop on Future Directions in Cyber-Physical Systems Security, DHS (2009)

    Google Scholar 

  9. De Cannière, C., Dunkelman, O., Knežević, M.: KATAN and KTANTAN — a family of small and efficient hardware-oriented block ciphers. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 272–288. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  10. Carlson, R., Dagle, J., Shamsuddin, S., Evans, R.: A Summary of Control System Security Standards Activities in the Energy Sector, Office of Electricity Delivery and Energy Reliability U.S. Department of Energy (2005)

    Google Scholar 

  11. Camenisch, J., Herreweghen, E.V.: Design and implementation of the idemix anonymous credential system. In: Proceedings of ACM Conference on Computer and Communication Security, CCS 2002 (2002)

    Google Scholar 

  12. Chen, X., Li, J., Ma, J., Tang, Q., Lou, W.: New algorithms for secure outsourcing of modular exponentiations. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 541–556. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  13. Choo, K.-K.R.: Secure Key Establishment. Springer, Heidelberg (2009)

    Book  MATH  Google Scholar 

  14. Choo, K.-K.R.: The cyber threat landscape: challenges and future research directions. Comput. Secur. 30(8), 719–731 (2011)

    Article  Google Scholar 

  15. Choo, K.-K.R.: A conceptual interdisciplinary plug-and-play cyber security framework. ICTs and the Millennium Development Goals: A United Nations Perspective, pp. 81–99. Springer, New York (2014)

    Chapter  Google Scholar 

  16. Chow, S.M., Liu, J.K., Zhou, J.: Identity-based online/offline key encapsulation and encryption. In: Proceedings of ACM Symposium on Information, Computer and Communications Security, ASIACCS 2011, pp. 52–60 (2011)

    Google Scholar 

  17. Chu, C., Liu, J.K., Wong, J.W., Zhao, Y., Zhou, J.: Privacy-preserving smart metering with regional statistics and personal enquiry services. In: Proceedings of ACM Symposium on Information, Computer and Communications Security, ASIACCS 2013, pp. 369–380 (2013)

    Google Scholar 

  18. Chu, C., Liu, J.K., Zhou, J., Bao, F., Deng, R.H.: Practical ID-based encryption for wireless sensor network. In: Proceedings of ACM Symposium on Information, Computer and Communications Security, ASIACCS 2010, pp. 337–340 (2010)

    Google Scholar 

  19. Eisenbarth, T., et al.: Compact implementation and performance evaluation of block ciphers in ATtiny devices. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 172–187. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  20. Gong, Z., Nikova, S., Law, Y.W.: KLEIN: a new family of lightweight block ciphers. In: Juels, A., Paar, C. (eds.) RFIDSec 2011. LNCS, vol. 7055, pp. 1–18. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  21. Guo, J., Peyrin, T., Poschmann, A.: The PHOTON family of lightweight hashfunctions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 222–239. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  22. Guo, J., Peyrin, T., Poschmann, A., Robshaw, M.: The LED block cipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 326–341. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  23. Girault, M., Poupard, G., Stern, J.: On the fly authentication and signature schemes based on groups of unknown order. J. Cryptology 19(4), 463–487 (2006)

    Article  MathSciNet  MATH  Google Scholar 

  24. Hohenberger, S., Lysyanskaya, A.: How to securely outsource cryptographic computations. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 264–282. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  25. Igure, V., Laughter, S., Williams, R.: Security issues in SCADA networks. Comput. Secur. 25, 498–506 (2006)

    Article  Google Scholar 

  26. Lian, S., Sun, J., Wang, Z.: Quality analysis of several typical MPEG video encryption algorithms. J. Image Graph. 9(4), 483–490 (2004)

    Google Scholar 

  27. ISO/IEC 18033-3: Information technology – Security techniques – Encryption algorithms – Part 3: Block ciphers

    Google Scholar 

  28. ISO/IEC 29192-2: Information technology – Security techniques – Lightweightcryptography – Part 2: Block ciphers

    Google Scholar 

  29. ISO/IEC 29192-4: Information technology – Security techniques – Lightweightcryptography – Part 4: Mechanisms using asymmetric techniques

    Google Scholar 

  30. Kravets, K.: Feds: Hacker Disabled Offshore Oil Plaforms’ Leak-Detection System, 18 March 2009. http://www.wired.com/threatlevel//03/feds-hacker-dis/

  31. Kiraz, M., Uzunkol, O.: Efficient and Verifiable Algorithms for Secure Outsourcing of Cryptogrpahic Computations. https://eprint.iacr.org/2014/748.pdf

  32. Kavun, E.B., Yalcin, T.: A lightweight implementation of keccak hash function for radio-frequency identification applications. In: Ors Yalcin, S.B. (ed.) RFIDSec 2010. LNCS, vol. 6370, pp. 258–269. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  33. Laplante, P., Michael, B., Voas, J.: Cyberpandemics: history, inevitability, response. IEEE Secur. Priv. 7(1), 63–67 (2009)

    Article  Google Scholar 

  34. Liu, J.K., Baek, J., Zhou, J.: Online/offline identity-based signcryption revisited. In: Lai, X., Yung, M., Lin, D. (eds.) Inscrypt 2010. LNCS, vol. 6584, pp. 36–51. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  35. Liu, J.K., Baek, J., Zhou, J., Yang, Y., Wong, J.W.: Efficient online/offline identity-based signature for wireless sensor network. Int. J. Inf. Sec. 9(4), 287–296 (2010)

    Article  Google Scholar 

  36. Liu, J.K., Au, M.H., Susilo, W., Zhou, J.: Online/offline ring signature scheme. In: Qing, S., Mitchell, C.J., Wang, G. (eds.) ICICS 2009. LNCS, vol. 5927, pp. 80–90. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  37. Liu, J.K., Chu, C.K., Zhou, J.: Identity-based server-aided decryption. In: Parampalli, U., Hawkes, P. (eds.) ACISP 2011. LNCS, vol. 6812, pp. 337–352. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  38. Liu, J.K., Zhou, J.: An efficient identity-based online/offline encryption scheme. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 156–167. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  39. Molina-Markham, A., Danezis, G., Fu, K., Shenoy, P., Irwin, D.: Designing privacy-preserving smart meters with low-cost microcontrollers. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 239–253. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  40. NERC-CIP. Critical Infrastructure Protection, North American Electric Reliability Corporation (2008). http://www.nerc.com/cip.html

  41. Poschmann, A.: Lightweight Cryptography: Cryptographic Engineering for A Pervasive World, Ph.D. Thesis (2009)

    Google Scholar 

  42. Ralston, A., Graham, H., Patel, C.: Literature Review of Security, Risk Assessment of SCADA, DCS Systems, Technical report. http://www.cs.dlouisville.edu/facilities/ISLab/tech/ISRL-TR-06-01.pdf

  43. Stouffer, K., Falco, J., Kent, K.: Guide to Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems Security. NIST SP 800–82 (2006)

    Google Scholar 

  44. Sanger, D.: Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power. Crown, NY (2012)

    Google Scholar 

  45. Shahid, Z., Chaumont, M., Puech, W.: Fast protection of H.264/AVC by selective encryption of CAVLC and CABAC for I and P frames. IEEE Trans. Circ. Syst. Video Technol. 21(5), 565–576 (2011)

    Article  Google Scholar 

  46. Sommestad, T., Ericsson, N., Nordlander, J.: SCADA system cyber security: a comparison of standards. In: Proceedings of IEEE Power and Energy Society General, pp. 1–8 (2010)

    Google Scholar 

  47. Shibutani, K., Isobe, T., Hiwatari, H., Mitsuda, A., Akishita, T., Shirai, T.: Piccolo: an ultra-lightweight blockcipher. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 342–357. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  48. Wang, Y.: sSCADA: securing SCADA infrastrcture communications. Int. J. Commun. Netw. Distrib. Syst. 6(11), 59–78 (2011)

    Article  Google Scholar 

  49. Wang, Y., O’Neill, M., Kurugollu, F.: A tunable encryption scheme and analysis of fast selective encryption for CAVLC and CABAC in H.264/AVC. IEEE Trans. Circ. Syst. Video Technol. 23(9), 1476–1490 (2013)

    Article  Google Scholar 

  50. Wang, Y., Wu, Q., Wong, D.S., Qin, B., Chow, S.S.M., Liu, Z., Tan, X.: Securely outsourcing exponentiations with single untrusted program for cloud storage. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014, Part I. LNCS, vol. 8712, pp. 326–343. Springer, Heidelberg (2014)

    Google Scholar 

  51. Wright, A.K., Kinast, J.A., McCarty, J.: Low-latency cryptographic protection for SCADA communications. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 263–277. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  52. Wan, Z., Wang, G., Yang, Y., Shi, S.: SKM: scalable key management for advanced metering infrastructure in smart grids. IEEE Trans. Industr. Electron. 61(12), 7055–7066 (2014)

    Article  Google Scholar 

  53. Wu, W., Wu, S., Zhang, L., Zou, J., Dong, L.: LHash: a lightweight hash function. In: Lin, D., Xu, S., Yung, M. (eds.) Inscrypt 2013. LNCS, vol. 8567, pp. 291–308. Springer, Heidelberg (2014)

    Google Scholar 

  54. Yuen, T.H., Zhang, Y., Yiu, S.M., Liu, J.K.: Identity-based encryption with post-challenge auxiliary inputs for secure cloud applications and sensor networks. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014, Part I. LNCS, vol. 8712, pp. 130–147. Springer, Heidelberg (2014)

    Google Scholar 

Download references

Acknowledgment

This work was supported by the National Research Foundation (NRF), Prime Minister’s Office, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-31) and administered by the National Cybersecurity R&D Directorate.

Author information

Authors and Affiliations

  1. Institute for Infocomm Research, Singapore, Singapore

    Yanjiang Yang & Jiqiang Lu

  2. School of Information Technology and Mathematical Sciences, University of South Australia, Adelaide, Australia

    Kim-Kwang Raymond Choo

  3. Faculty of Information Technology, Monash University, Melbourne, Australia

    Joseph K. Liu

Authors
  1. Yanjiang Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jiqiang Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kim-Kwang Raymond Choo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Joseph K. Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yanjiang Yang .

Editor information

Editors and Affiliations

  1. University of Bremen and DFKI, Bremen, Germany

    Tim Güneysu

  2. Ruhr-Universität Bochum, Bochum, Germany

    Gregor Leander

  3. Ruhr-Universität Bochum, Bochum, Germany

    Amir Moradi

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Yang, Y., Lu, J., Choo, KK.R., Liu, J.K. (2016). On Lightweight Security Enforcement in Cyber-Physical Systems. In: Güneysu, T., Leander, G., Moradi, A. (eds) Lightweight Cryptography for Security and Privacy. LightSec 2015. Lecture Notes in Computer Science(), vol 9542. Springer, Cham. https://doi.org/10.1007/978-3-319-29078-2_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-29078-2_6

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-29077-5

  • Online ISBN: 978-3-319-29078-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation