Trusted neighborhood discovery in critical infrastructures

Abstract

In today's Industrial Control Systems (ICSs) interconnection and reliable communication are valuable properties that enable the controlling and monitoring of various processes-even remotely. Cyber attacks or attacks via local digital interfaces break security requirements by altering software, configurations or control sequences. In such cases, safety requirements can no longer be guaranteed. Further, forged information such as wrong load measurements in power grid scenarios can lead to faulty decisions in the control center and has the potential to cause substantial damage with potentially catastrophic results. To detect and mitigate such kinds of attacks, the Trusted Neighborhood Discovery (TND) protocol introduces a decentralized, hardware-based approach for distributed peer-to-peer security monitoring. It uses hardware-based mutual attestation of the current state of adjacent devices. TND enables efficient monitoring, detection, and location of attacks in distributed infrastructures. The TND protocol is complemented by a Zero-Touch configuration solution for efficient and economic integration of new devices and secure configuration. Both protocols are realized in a proof-of-concept implementation running on commercially available hardware components. By implementing security in hardware roots of trust, the TND solution achieves a higher level of security than software-only based solutions. Even exchanging the entire firmware will be reliably reported.