{"title":"Resilient end-to-end message protection for large-scale cyber-physical system communications","authors":"Young-Jin Kim, V. Kolesnikov, M. Thottan","doi":"10.1109/SmartGridComm.2012.6485982","DOIUrl":null,"url":null,"abstract":"Essential features of cyber-physical systems such as Smart Grid are real-time analysis of high-resolution data, which a massive number of embedded devices periodically generate, and the effective and timely response to specific analytic results obtained from the data. Therefore, mission-critical data and control messages exchanged among machines in the cyber-physical systems must be strongly protected to prevent the infrastructures from becoming vulnerable. Specifically, the protection mechanism used must be scalable, secured from an end-to-end perspective, and key exposure resilient. Moreover, there may be privacy protection required among devices that generate data, e.g., smart metering. In this paper, we show that, for large-scale cyber-physical system communications, most well-known point-to-point security schemes such as IPsec [1], TLS [2], or SRTP [3] cannot meet the scalability, extensibility, and thinness requirements. By contrast conventional group security schemes which address the limitations of the point-to-point schemes have other limitations on aspects of privacy, key exposure resiliency, and key refreshment. To address the security requirements for cyber-physical systems, we design a resilient end-to-end message protection framework, REMP, exploiting the notion of the long-term key that is given on per node basis. This long term key is assigned during the node authentication phase and is subsequently used to derive encryption keys from a random number per-message sent. Compared with conventional schemes, REMP improves privacy, message authentication, and key exposure, and without compromising scalability and end-to-end security. The tradeoff is a slight increase in computation time for message decryption and message authentication.","PeriodicalId":143915,"journal":{"name":"2012 IEEE Third International Conference on Smart Grid Communications (SmartGridComm)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2012-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"34","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE Third International Conference on Smart Grid Communications (SmartGridComm)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SmartGridComm.2012.6485982","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 34
Abstract
Essential features of cyber-physical systems such as Smart Grid are real-time analysis of high-resolution data, which a massive number of embedded devices periodically generate, and the effective and timely response to specific analytic results obtained from the data. Therefore, mission-critical data and control messages exchanged among machines in the cyber-physical systems must be strongly protected to prevent the infrastructures from becoming vulnerable. Specifically, the protection mechanism used must be scalable, secured from an end-to-end perspective, and key exposure resilient. Moreover, there may be privacy protection required among devices that generate data, e.g., smart metering. In this paper, we show that, for large-scale cyber-physical system communications, most well-known point-to-point security schemes such as IPsec [1], TLS [2], or SRTP [3] cannot meet the scalability, extensibility, and thinness requirements. By contrast conventional group security schemes which address the limitations of the point-to-point schemes have other limitations on aspects of privacy, key exposure resiliency, and key refreshment. To address the security requirements for cyber-physical systems, we design a resilient end-to-end message protection framework, REMP, exploiting the notion of the long-term key that is given on per node basis. This long term key is assigned during the node authentication phase and is subsequently used to derive encryption keys from a random number per-message sent. Compared with conventional schemes, REMP improves privacy, message authentication, and key exposure, and without compromising scalability and end-to-end security. The tradeoff is a slight increase in computation time for message decryption and message authentication.