Visible to the public Design, Verification and Implementation of a Lightweight Remote Attestation Protocol for Process Control Systems

TitleDesign, Verification and Implementation of a Lightweight Remote Attestation Protocol for Process Control Systems
Publication TypeConference Paper
Year of Publication2017
AuthorsGenge, B., Duka, A. V., Haller, P., Crainicu, B., Sándor, H., Graur, F.
Conference Name2017 IEEE 15th International Conference on Industrial Informatics (INDIN)
ISBN Number978-1-5386-0837-1
Keywordsclosed process control applications, commodity-off-the-shelf hardware, commodity-off-the-shelf software, compositionality, COTS, cryptographic protocols, data integrity, formal verification, gas transportation network automation, Hardware, industrial applications, industrial communications, industrial control, isolated components, lightweight remote attestation protocol, Nickel, PCS, Phoenix-Contact industrial controller, physically secured locations, policy, policy-based collaboration, privacy, process control, process control systems, program verification, protocol implementation, protocol verification, Protocols, pubcrawl, remote attestation, remote network infrastructures, Romania, Scyther model checking tool, secure software integrity verification scheme, security, Software, software integrity, specialized components

Until recently, IT security received limited attention within the scope of Process Control Systems (PCS). In the past, PCS consisted of isolated, specialized components running closed process control applications, where hardware was placed in physically secured locations and connections to remote network infrastructures were forbidden. Nowadays, industrial communications are fully exploiting the plethora of features and novel capabilities deriving from the adoption of commodity off the shelf (COTS) hardware and software. Nonetheless, the reliance on COTS for remote monitoring, configuration and maintenance also exposed PCS to significant cyber threats. In light of these issues, this paper presents the steps for the design, verification and implementation of a lightweight remote attestation protocol. The protocol is aimed at providing a secure software integrity verification scheme that can be readily integrated into existing industrial applications. The main novelty of the designed protocol is that it encapsulates key elements for the protection of both participating parties (i.e., verifier and prover) against cyber attacks. The protocol is formally verified for correctness with the help of the Scyther model checking tool. The protocol implementation and experimental results are provided for a Phoenix-Contact industrial controller, which is widely used in the automation of gas transportation networks in Romania.

Citation Keygenge_design_2017