Protecting Modbus/TCP-Based Industrial Automation and Control Systems Using Message Authentication Codes

نویسندگان

چکیده

Critical infrastructure (CI), such as energy and water distribution systems, is essential for the stability well-being of modern society. Industrial automation control systems (IACSs) form backbone CIs enable operation in a safe reliable manner. However, with increasing use industrial Ethernet communication protocols, Modbus-over-TCP (Modbus/TCP), once air-gapped IACSs are becoming vulnerable to potential cybersecurity threats. This paper presents novel method enhancing Modbus/TCP-based by implementing an authentication based on message codes (MACs). To provide partial protection even when communicating legacy Modbus/TCP peers, we propose supervising device that analyzes exchanged messages verifies authenticity protected messages. experimentally verify method, water-treatment cyber-physical system (CPS) was implemented digital twin programmable logic controller (PLC). The underlying MAC Chaskey-12, lightweight defined IEC 29192-6. It PLC program using programming languages 61131-3. As additional contribution, presented implementation allows between PLCs other peers installed existing without hardware or firmware modifications. results show provides against network attacks significantly affecting performance, also demonstrating feasibility IACSs.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Aggregate Message Authentication Codes

We propose and investigate the notion of aggregate message authentication codes (MACs) which have the property that multiple MAC tags, computed by (possibly) different senders on multiple (possibly different) messages, can be aggregated into a shorter tag that can still be verified by a recipient who shares a distinct key with each sender. We suggest aggregate MACs as an appropriate tool for au...

متن کامل

Quantum message authentication codes

I describe protocols which assure the recipient of a quantum state that it has come from a sender with whom he has previously shared secret key. Their security is information-theoretic (“unconditional”) rather than based on computational assumptions. A particular class of such protocols is constructed, for which the different keys correspond to different, secret, quantum error detecting codes. ...

متن کامل

Algebraic Message Authentication Codes

This paper suggests a message authentication scheme, which can be efficiently used for secure digital signature creation. The algorithm used here is an adjusted union of the concepts which underlie projective geometry and group structure on circles. The authentication is done through a key, which iterates over the complete message string to produce the signature. The iteration is not only based...

متن کامل

Security for Industrial Automation and Control Systems

The security of industrial automation and control systems becomes increasingly critical as different networks are connected and systems are integrated in a collaborative manufacturing environment. For industrial automation and control systems the potential impact of an attack may be more serious than for computer systems in general. Users of industrial automation and control systems need to pay...

متن کامل

Privacy Protecting Biometric Authentication Systems Privacy Protecting Biometric Authentication Systems

Privacy Protecting Biometric Authentication Systems As biometrics gains popularity and proliferates into the daily life, there is an increased concern over the loss of privacy and potential misuse of biometric data held in central repositories. The major concerns are about i) the use of biometrics to track people, ii) non-revocability of biometrics (eg. if a fingerprint is compromised it can no...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

ژورنال

عنوان ژورنال: IEEE Access

سال: 2023

ISSN: ['2169-3536']

DOI: https://doi.org/10.1109/access.2023.3275443