University of Illinois Urbana-Champaign

Caching-based Multicast Message Authentication in Time-critical Industrial Control Systems

Tefek, Utku; Esiner, Ertem; Mashima, Daisuke; Chen, Binbin; Hu, Yih-Chun

Permalink

https://hdl.handle.net/2142/114347

Description

Title
Caching-based Multicast Message Authentication in Time-critical Industrial Control Systems
Author(s)
  • Tefek, Utku
  • Esiner, Ertem
  • Mashima, Daisuke
  • Chen, Binbin
  • Hu, Yih-Chun
Keyword(s)
  • industrial control system
  • IEC 61850
  • message authentication
  • multicast
Abstract
Attacks against industrial control systems (ICSs) often exploit the insufficiency of authentication mechanisms. Verifying whether the received messages are intact and issued by legitimate sources can prevent malicious data/command injection by illegitimate or compromised devices. However, the key challenge is to introduce message authentication for various ICS communication models, including multicast or broadcast, with a messaging rate that can be as high as thousands of messages per second, within very stringent latency constraints. For example, certain commands for protection in smart grids must be delivered within 2 milliseconds, ruling out public-key cryptography. This paper proposes two lightweight message authentication schemes, named CMA and its multicast variant CMMA , that perform precomputation and caching to authenticate future messages. With minimal precomputation and communication overhead, C(M)MA eliminates all cryptographic operations for the source after the message is given, and all expensive cryptographic operations for the destinations after the message is received. C(M)MA considers the urgency profile (or likelihood) of a set of future messages for even faster verification of the most time-critical (or likely) messages. C(M)MA is suitable for ICS protocols such as IEC 61850, an increasingly adopted communication protocol for smart power grid systems, where the messages consist of system states and parameters which are largely predetermined or predictable. We demonstrate the feasibility of C(M)MA in an ICS setting based on a substation automation system in smart grids.
Publisher
IEEE
Series/Report Name or Number
10.1109/INFOCOM48880.2022.9796767
Type of Resource
text
Language
en
Handle URL
https://hdl.handle.net/2142/114347
Permalink
https://hdl.handle.net/2142/114347

Owning Collections

Working Papers - Coordinated Science Laboratory PRIMARY
Working papers by Coordinated Science Laboratory researchers.