Security-Enhanced Serial Communications

Abstract

Industrial Control Systems (ICS) are widely used by critical infrastructure and are ubiquitous in numerous industries including telecommunications, petrochemical, and manufacturing. ICS are at a high risk of cyber attack given their internet accessibility, inherent lack of security, deployment timelines, and criticality. A unique challenge in ICS security is the prevalence of serial communication buses and other non-TCP/IP communications protocols. The communication protocols used within serial buses often lack authentication and integrity protections, leaving them vulnerable to spoofing and replay attacks. The bandwidth constraints and prevalence of legacy hardware in these systems prevent the use of modern message authentication and integrity techniques, such as those provided by Transport Layer Security (TLS). Our approach seeks to address the challenges of providing authentication to serial communications while keeping the existing serial communications bus in place and adding minimal hardware. Here we demonstrate the integration of field-programmable gate arrays (FPGAs) on the bus to inject message authentication codes into an out-of-band (OOB) communications channel, leveraging Power Line Communication (PLC) techniques. Our results show that simple solutions can be integrated into existing serial communications to provide necessary security features in critically important systems. The presented solution is inexpensive, scales well, is modular and extensible, and has low temporal overhead. Providing authenticated serial communications for critical infrastructure systems will improve their ability to resist cyber attacks.