A model of distributed key generation for industrial control systems

Abstract

The cyber-security of industrial control systems (ICS) is gaining high relevance due to the impact of industrial system failures on the citizen life. There is an urgent need for the consideration of security in their design, and for the analysis of the related vulnerabilities and potential threats. The high exposure of industrial critical infrastructure to cyber-threats is mainly due to the intrinsic weakness of the communication protocols used to control the process network. The peculiarities of the industrial protocols (low computational power, large geographical distribution, near to real-time constraints) make hard the effective use of traditional cryptographic schemes and in particular the implementation of an effective key management infrastructure supporting a cryptographic layer. In this paper, we describe a "model of distributed key generation for industrial control systems" we have recently implemented. The model is based on a known Distributed Key Generator protocol we have adapted to an industrial control system environment and to the related communication protocol (Modbus). To validate in a formal way selected security properties of the model, we introduced a Petri Nets representation. This representation allows for modeling attacks against the protocol and understanding some potential weaknesses of its implementation in the industrial control system environment.