Agent-based PKI for Distributed Control System

• Published in: 2015 World Congress on Industrial Control Systems Security (WCICSS) pp. 28 - 35
• Main Authors: Blanch-Torne, Sergi, Cores, Fernando, Moreno Chiral, Ramiro
• Format: Conference Proceeding
• Language: English
• Published: Infonomics Society 01.12.2015
• Subjects: Computer architecture; Critical Information Infrastructure Protection (CIIP); Cryptography Engineering; Distributed Control Systems; Distributed Security; Elliptic curve cryptography; Industrial control; Industrial Internet of Things (IIoT); Key management; Proposals; Protocols
• DOI: 10.1109/WCICSS.2015.7420319

Security in Industrial Control Systems is a rapidly growing subject as awareness of the threat of exposure is being taken ever more seriously. From the SCADA schemas to the Distributed Control Systems (DCS) the threats have evolved from the physical to the computational. Industrial "Command&control" flow, especially in Critical Infrastructure that requires hard protection and the basis to have a strong background is being developed. This is a proposal to incorporate Public Key Infrastructure (PKI) functionalities, focussing on distributed features, into Industrial Control Systems (ICS). Taking advantage of the use of well-known tools and security solutions, adjusting them to the constraints and limitations of the deployment scenario, the industrial computation must do "security by default". We show how a PKI can be built with distributed features to be used within a DCS. We propose an agent-based distributed system that can take advantage of an object-oriented paradigm to integrate PKI and cryptography in the most natural way. The main security threats and requirements have been analysed, leading to a new [D]PKI architecture and the specification of its main protocols (join, search and leave).