L. Zhou, H. Guo, D. Li, J. Zhou and J. Wong, "A scheme for lightweight SCADA packet authentication," 2017 23rd Asia-Pacific Conference on Communications (APCC), Perth, Australia, 2017, pp. 1-6. doi: 10.23919/APCC.2017.8304051
Development and deployment of cyber security measures for legacy SCADA systems usually encounter
challenges of limited computation resources in the field devices for supporting the designed cryptography processing. This paper presents a scheme with which the field device performs message authentication and integrity check only on selected critical packets such that it protects the system operation while avoiding high computation workload, and applies the scheme to a transportation SCADA system. The proposed scheme
takes into account of the SCADA computation power limitation and real time requirements, and the extreme
difficulty of making any changes to hardware or software in the legacy system. AES-CCM and symmetric key methods are applied for providing message authentication and integrity, and a bump-in-the-wire (BITW) implementation approach is adopted to avoid the changes to the legacy system. This lightweight packet authentication scheme is implemented and demonstrated over a testbed of a metro transportation SCADA
system. Experiments show the effects of the scheme in blocking malicious packet attack and the comparison with a firewall approach.
This work was supported by the National Research Foundation (NRF), Prime Minister’s Office, Singapore,
under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-31) and administered by the National Cybersecurity R&D Directorate.