EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

A security-hardened appliance for implementing authentication and access control in SCADA infrastructures with legacy field devices

Jeffrey L. Hieb, Jacob Schreiver and James H. Graham

International Journal of Critical Infrastructure Protection, 2013, vol. 6, issue 1, 12-24

Abstract: Considerable progress has been made with regard to securing industrial control systems. However, security challenges remain for field devices, and these challenges are compounded by the presence of legacy field devices. This paper describes the design, implementation and performance of a security-hardened, bolt-on, security appliance for legacy field devices. The approach uses a microkernel-based architecture and employs Bloom filters to implement challenge-response authentication and role-based access control for in an in-line field device security pre-processor. The microkernel-based architecture isolates network-interacting software from security-enforcing components, reducing the size of the trusted computing base of the device. Bloom filters provide a fast and constant access time solution for authentication and authorization checks. An analysis of the impact of Bloom filter false positive rates is provided, and it is shown that the false positive rates can be made arbitrarily low. Experimental results are also presented for a prototype device. Security-related computations on the pre-processor take less than one millisecond to perform, indicating that the prototype and the underlying approach are well-suited to a variety of industrial control system environments. Penetration tests demonstrate that the device is robust to attack, except for certain denial-of-service attacks.

Keywords: SCADA systems; Field devices; Authentication; Access control; Bloom filters (search for similar items in EconPapers)
Date: 2013
References: View complete reference list from CitEc
Citations:

Downloads: (external link)
http://www.sciencedirect.com/science/article/pii/S1874548213000024
Full text for ScienceDirect subscribers only

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:eee:ijocip:v:6:y:2013:i:1:p:12-24

DOI: 10.1016/j.ijcip.2013.01.001

Access Statistics for this article

International Journal of Critical Infrastructure Protection is currently edited by Leon Strous

More articles in International Journal of Critical Infrastructure Protection from Elsevier
Bibliographic data for series maintained by Catherine Liu ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:eee:ijocip:v:6:y:2013:i:1:p:12-24