Scalable Authentication and Key Management in SCADA

Abstract

In this paper we develop a SCADA key management system to provide better security, performance, and scalability. Conventional symmetric key based approaches have several problems. We adopt public key based approaches due to its flexibility in authentication and access control and efficiency in rekeying. However, existing public key based approaches are not scalable. Simple replication of CAs (certificate authorities) raises security concerns. We consider several novel designs to bridge the gaps in existing approaches. First, a master key based semi-autonomous key refreshing scheme has been developed to shift the rekeying burdens from CAs to individual SCADA node. Then, we design a CA-grid approach, which combines the threshold scheme and replication of CAs to achieve better protection of the master keys, improved availability, and enhanced performance by load sharing. Analyses show that our scheme has many advantages than the existing SCADA key management systems.