Resilient end-to-end message protection for large-scale cyber-physical system communications

Essential features of cyber-physical systems such as Smart Grid are real-time analysis of high-resolution data, which a massive number of embedded devices periodically generate, and the effective and timely response to specific analytic results obtained from the data. Therefore, mission-critical data and control messages exchanged among machines in the cyber-physical systems must be strongly protected to prevent the infrastructures from becoming vulnerable. Specifically, the protection mechanism used must be scalable, secured from an end-to-end perspective, and key exposure resilient. Moreover, there may be privacy protection required among devices that generate data, e.g., smart metering. In this paper, we show that, for large-scale cyber-physical system communications, most well-known point-to-point security schemes such as IPsec [1], TLS [2], or SRTP [3] cannot meet the scalability, extensibility, and thinness requirements. By contrast conventional group security schemes which address the limitations of the point-to-point schemes have other limitations on aspects of privacy, key exposure resiliency, and key refreshment. To address the security requirements for cyber-physical systems, we design a resilient end-to-end message protection framework, REMP, exploiting the notion of the long-term key that is given on per node basis. This long term key is assigned during the node authentication phase and is subsequently used to derive encryption keys from a random number per-message sent. Compared with conventional schemes, REMP improves privacy, message authentication, and key exposure, and without compromising scalability and end-to-end security. The tradeoff is a slight increase in computation time for message decryption and message authentication.