K7: A Protected Protocol for Industrial Control Systems that Fits Large Organizations

Eli Biham, Sara Bitan, Alon Dankner

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

One of the main obstacles of securing industrial control systems is the lack of an appropriatesecurity model that is both implementable by vendors and addresses the inherent security and usability issues needed by organizations. Current solutions such as device passwords and IPSec lack scalable key management infrastructure and fine granularity access control mechanisms. In this paper we propose a novel security model for industrial control systems that supports organizational level authorizations and authentication requirements, while hiding the low-level details (e.g., keys and passwords) from the users. It also allows to easily add and remove PLCs, engineering stations, HMI devices and users, and assign permissions to them. The core of the model is a new ICS secure protocolthat we call K7. Without loss of generality, we base our protocol on the Siemens S7 protocol, and enhance it with new cryptographic features to support the extra functionality. We use a ticket-basedsystem (e.g., Kerberos with LDAP server) to support the exchange of permissions and keys, and incorporate it into our protocol. To prove our solution, we implemented K7 as a protocol converter add-on to standard Siemens clients and PLCs that transform them into augmented devices that use K7. A major advantage is its support for ICS systems, that contain legacy devices, and the simple ability to upgrade their security using device augmentation. We hope that Siemens and other vendors will adddirect support for K7 on their ICS systems.

Original languageEnglish
Title of host publicationProceedings - 6th Annual Industrial Control System Security Workshop, ICSS 2020
PublisherAssociation for Computing Machinery
Pages1-12
Number of pages12
ISBN (Electronic)9781450390026
DOIs
StatePublished - 8 Dec 2020
Externally publishedYes
Event6th Annual Industrial Control System Security Workshop, ICSS 2020 - Virtual, Online, United States
Duration: 8 Dec 20208 Dec 2020

Publication series

NameACM International Conference Proceeding Series
VolumePartF168343

Conference

Conference6th Annual Industrial Control System Security Workshop, ICSS 2020
Country/TerritoryUnited States
CityVirtual, Online
Period8/12/208/12/20

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'K7: A Protected Protocol for Industrial Control Systems that Fits Large Organizations'. Together they form a unique fingerprint.

Cite this