Operator authentication and accountability for SCADA servers when requests are forwarded by a middle layer

Loading...
Thumbnail Image
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu | Master's thesis
Date
2018-08-20
Department
Major/Subject
Security and Mobile Computing
Mcode
T3011
Degree programme
Master's Degree Programme in Security and Mobile Computing (NordSecMob)
Language
en
Pages
77 + 16
Series
Abstract
Due to their critical nature, the actions performed by operators on Industrial Control Systems (ICS) are subject to source authentication and accountability. When commands are not send directly by the user, but forwarded by middle servers, the compromise of those severs threatens the security of the whole architecture. This Master thesis provides a solution for that problem, guaranteeing authentication end-to-end while fulfilling cost and performance requirements. Based on an analysis of several potential solutions, digital signatures were assessed to be the most flexible and secure option. Moreover, the proposed solution relies on Microsoft's Active Directory, which manages credentials on the target architecture, for securely linking public keys with user identities. A prototype implementation of the proposed design is included, together with a limited performance evaluation. They have proven the validity of the design, that guarantees end-to-end authentication and accountability of command requests, while maintaining low implementation and maintenance costs and a negligible impact in latency per message.
Description
Supervisor
Aura, Tuomas
Thesis advisor
Johnson, Pontus
Keywords
SCADA, authentication, non-repudiation, digital signatures, active directory, asymmetric cryptography
Other note
Citation