Protecting Modbus/TCP-Based Industrial Automation and Control Systems Using Message Authentication Codes
نویسندگان
چکیده
Critical infrastructure (CI), such as energy and water distribution systems, is essential for the stability well-being of modern society. Industrial automation control systems (IACSs) form backbone CIs enable operation in a safe reliable manner. However, with increasing use industrial Ethernet communication protocols, Modbus-over-TCP (Modbus/TCP), once air-gapped IACSs are becoming vulnerable to potential cybersecurity threats. This paper presents novel method enhancing Modbus/TCP-based by implementing an authentication based on message codes (MACs). To provide partial protection even when communicating legacy Modbus/TCP peers, we propose supervising device that analyzes exchanged messages verifies authenticity protected messages. experimentally verify method, water-treatment cyber-physical system (CPS) was implemented digital twin programmable logic controller (PLC). The underlying MAC Chaskey-12, lightweight defined IEC 29192-6. It PLC program using programming languages 61131-3. As additional contribution, presented implementation allows between PLCs other peers installed existing without hardware or firmware modifications. results show provides against network attacks significantly affecting performance, also demonstrating feasibility IACSs.
منابع مشابه
Aggregate Message Authentication Codes
We propose and investigate the notion of aggregate message authentication codes (MACs) which have the property that multiple MAC tags, computed by (possibly) different senders on multiple (possibly different) messages, can be aggregated into a shorter tag that can still be verified by a recipient who shares a distinct key with each sender. We suggest aggregate MACs as an appropriate tool for au...
متن کاملQuantum message authentication codes
I describe protocols which assure the recipient of a quantum state that it has come from a sender with whom he has previously shared secret key. Their security is information-theoretic (“unconditional”) rather than based on computational assumptions. A particular class of such protocols is constructed, for which the different keys correspond to different, secret, quantum error detecting codes. ...
متن کاملAlgebraic Message Authentication Codes
This paper suggests a message authentication scheme, which can be efficiently used for secure digital signature creation. The algorithm used here is an adjusted union of the concepts which underlie projective geometry and group structure on circles. The authentication is done through a key, which iterates over the complete message string to produce the signature. The iteration is not only based...
متن کاملSecurity for Industrial Automation and Control Systems
The security of industrial automation and control systems becomes increasingly critical as different networks are connected and systems are integrated in a collaborative manufacturing environment. For industrial automation and control systems the potential impact of an attack may be more serious than for computer systems in general. Users of industrial automation and control systems need to pay...
متن کاملPrivacy Protecting Biometric Authentication Systems Privacy Protecting Biometric Authentication Systems
Privacy Protecting Biometric Authentication Systems As biometrics gains popularity and proliferates into the daily life, there is an increased concern over the loss of privacy and potential misuse of biometric data held in central repositories. The major concerns are about i) the use of biometrics to track people, ii) non-revocability of biometrics (eg. if a fingerprint is compromised it can no...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Access
سال: 2023
ISSN: ['2169-3536']
DOI: https://doi.org/10.1109/access.2023.3275443