research-article

Open Access

Message Authentication and Provenance Verification for Industrial Control Systems

Authors:
Ertem Esiner

Advanced Digital Sciences Center, Singapore

Advanced Digital Sciences Center, Singapore

0000-0002-3290-2514
View Profile

,
Utku Tefek

Advanced Digital Sciences Center, Singapore

Advanced Digital Sciences Center, Singapore

0000-0002-4436-9200
View Profile

,
Daisuke Mashima

Advanced Digital Sciences Center, Singapore

Advanced Digital Sciences Center, Singapore

0000-0003-1946-1790
View Profile

,
Binbin Chen

Singapore University of Technology and Design, Singapore

Singapore University of Technology and Design, Singapore

0000-0002-9584-0082
View Profile

,
Zbigniew Kalbarczyk

University of Illinois Urbana Champaign, USA

University of Illinois Urbana Champaign, USA

0009-0002-6040-6865
View Profile

,
David M. Nicol

University of Illinois Urbana Champaign, USA

University of Illinois Urbana Champaign, USA

0000-0002-3512-6979
View Profile

Authors Info & Claims

ACM Transactions on Cyber-Physical Systems Volume 7 Issue 4Article No.: 24pp 1–28https://doi.org/10.1145/3607194

Published:14 October 2023Publication History

ACM Transactions on Cyber-Physical Systems

Abstract

Successful attacks against industrial control systems (ICSs) often exploit insufficient checking mechanisms. While firewalls, intrusion detection systems, and similar appliances introduce essential checks, their efficacy depends on the attackers’ ability to bypass such middleboxes. We propose a provenance solution to enable the verification of an end-to-end message delivery path and the actions performed on a message. Fast and flexible provenance verification (F2-Pro) provides cryptographically verifiable evidence that a message has originated from a legitimate source and gone through the necessary checks before reaching its destination. F2-Prorelies on lightweight cryptographic primitives and flexibly supports various communication settings and protocols encountered in ICS thanks to its transparent, bump-in-the-wire design. We provide formal definitions and cryptographically prove F2-Pro’s security. For human interaction with ICS via a field service device, F2-Profeatures a multi-factor authentication mechanism that starts the provenance chain from a human user issuing commands. We compatibility tested F2-Proon a smart power grid testbed and reported a sub-millisecond latency overhead per communication hop using a modest ARM Cortex-A15 processor.

1 INTRODUCTION

Increasing levels of automated control in industrial control systems (ICSs) call for stringent security checks and controls. An essential security measure is the verification of message source and integrity. Message authentication solutions provide such protection through the implementation of message authentication codes or digital signatures. However, message authentication alone is insufficient if a legitimate device in the system is compromised and controlled by an adversary for malicious command injection. Adversaries can exploit vulnerabilities through a virtual private network (VPN) [2] or user interfaces [3] or employ malware to gain access to less protected devices, through which they can publish malicious control commands. These malicious commands circumvent message authentication checks because their source is supposedly a legitimate device in the system. Against such threats, the state-of-the-art ICSs are equipped with security appliances or virtual network functions such as firewalls and intrusion detection systems on the message delivery paths. Examples of multi-hop communication in ICSs are shown in Table 1. For the security middle-boxes to be effective, the destinations must ensure that the messages are indeed transmitted via the right network path and hence undergo all the necessary checks and mediations. Such information is provided by message provenance, which summarizes the delivery path of a message and the actions performed on it.

Table 1.

	SCADA		High-volt.	Substation	Substation	Substation				Acceptable
Use Case	Master	FSD	Substation	VPN	Gateway	HMI	RTU	PLC	IED	Delay
SCADA Control/Monitoring	S		M	M	M, S		M, S	D	D	\(\lt\) 100 ms
Operation on Substation HMI						S	M	D	D	\(\gt\)100 ms
Reporting by Field Device	D				M, S	D	M, S	S	S	\(\gt\)100 ms
Automated Control in Substation								S	D	10–100 ms
Status Update in Substation								D	S, D	2–10 ms
Protection to Switchgear								D	S, D	\(\lt\) 2 ms
Remote Maintenance		S		M	D, M			D	D	–
Local Maintenance		S				D		D	D	–

S: Source, D: Destination, M: Intermediary.

View Table

Table 1. Key Communication Models in Substation Automation and Remote Control

S: Source, D: Destination, M: Intermediary.

The provenance of electronic data is, in general, defined as “the derivation from a particular source to a specific state of an item” in [4]. In this article, we propose a provenance verification solution called F2-Proto enable the verification of the message delivery path and actions performed on the message en route. F2-Proprovides the devices along a message delivery path with a mechanism to generate and attach to the message a piece of cryptographically verifiable evidence, which can then be verified at the destination. We provide formal definitions and the cryptographic security proof for F2-Pro.

The cost of generating, communicating, and processing verifiable provenance information must always be weighed against the security threats that can be prevented by using provenance as a security measure. F2-Profeatures a lightweight design, enabling real-time processing and flexible deployment options to facilitate adoption. Certain packets in time-critical ICSs, such as those in IEC 61850 for electric substations, need to be delivered within 2 milliseconds, rendering public-key cryptography infeasible [5]. F2-Prois based on symmetric key cryptography and lightweight aggregate message authentication codes [6] for real-time performance.

A number of communication models need to be supported for various ICSs, their protocols, and devices. Certain communication modes involve hops (e.g., firewall, substation gateway, etc.) between the control center and intelligent electronic devices (IEDs) of a substation automation system, whereas others require remote access by a field service engineer via a field service device, or an ICS operator devicein general. Thus, it is desirable to have security schemes flexible enough to fit into various systems and communication settings. F2-Profeatures a bump-in-the-wire (BITW) deployment option to maintain flexibility and compatibility with legacy devices.

ICSs may require configuration and control by field service engineers and technicians by means of physically connecting an ICS operator device(such as a laptop computer) to the system. F2-Proaccommodates a multi-factor user authentication mechanism whereby the provenance chain is started from the human user operating an ICS operator devicefor issuing commands, and verified at the destination device for user credentials, device fingerprints, and delivery path. The multi-factor authentication extension of F2-Promitigates the risks introduced by the human factor and commercial-off-the-shelf ICS operator devices.

This article’s contributions are summarized as follows:

Our provenance verification solution features a lightweight design based on symmetric key cryptography and aggregate message authentication codes.
The communication overhead of F2-Prois constant, and the complexity of the verification algorithm scales linearly with the number of nodes on the message path.
Our solution accommodates a multi-factor user authentication mechanism for the human user, such as the field service engineer, where the provenance chain starts from the field service device.
We present formal definitions, the correctness proof, and the cryptographic security proof for F2-Pro.
Our prototype implementation on a low-cost embedded device meets the requirements of time-stringent ICS communication settings.

The rest of this article is organized as follows. Section 2 presents the threats against substation automation and remote control systems and the design goals against such threats. Section 3 introduces the provenance verification model, algorithms, and construction, followed by the algorithm definitions, formal correctness, and security proofs in Section 4. Section 5 describes the multi-factor authentication solution to start the F2-Proprovenance chain from a human user. Section 6 discusses practical security implications and implementation considerations for F2-Pro followed by the evaluation of F2-Proon a power grid testbed. Section 7 presents relevant literature before the conclusion in Section 8.

2 BACKGROUND, THREATS, AND GOALS

2.1 Overview of Industrial Control Systems

In this section, we begin with a general description of ICSs and discuss security challenges. We then provide the details of a smart grid system, as a representative ICS.

Based on the Purdue Model [7], recent ICSs, in general, are organized as shown in Figure 1. Level 3 and below are the operation technology (OT) systems. Level 0 includes a number of sensors and actuators physically connected to the plant equipment, and intelligent devices at Level 1 with computation and communication capabilities collect data from sensors and operate on actuators. Intelligent devices communicate with the local human-machine interface (HMI) on each outstation and/or systems in the control center (Level 3) using ICS protocols. The specific protocols utilized differ depending on the types of systems and plants. In the recent OT systems, typically VPN interfaces are set up for the sake of remote access by employees as well as system/device vendors for remote maintenance.

Fig. 1. Overview of industrial control systems.

2.2 Cybersecurity Threats and Attack Model against Industrial Control Systems

In this section, we discuss cyber attacks that could risk the operation of ICSs by referring to the system model discussed in the previous section and high-profile attack incidents.

Malicious Command Injection: Attackers can mount man-in-the-middle (MITM) attacks on the wide-area network (WAN), which connects a control center (Level 3) to outstations in the field (Level 2), or within the control center local area network (LAN) [8, 9], to replay, forge, or tamper with ICS messages.

Malicious Firmware or Configuration: This can be seen as a special case of malicious command injection. An engineering workstation at Level 3 would be sending updated firmware, ICS device configuration, and automated control logic to intelligent devices at Level 1. Once these are tampered with or any unauthorized update of these is made, it would cause significant damage to the physical plant as well as the stability of the plant operation.

False Data Injection: Similarly to false command injection, attackers could inject fake data into the supervisory control and data acquisition (SCADA) monitoring communication (from Level 1 to Level 2 and 3 as well as within Level 1) to confuse and reduce the situational awareness of the control center system [10] or into programmable logic controllers (PLCs) whose logic depends on power grid measurements. False data can also be injected via compromised field devices, e.g., by using a malware [11].

Compromised or Rogue Field Device: Attackers or malware may first target devices at Level 1 that are often less protected owing to the lack of strong cybersecurity protections. As demonstrated by CrashOverride [12], advanced malware could be used for publishing malicious control commands, executing features beyond its scope, and mounting MITM attacks.

Remote Attack via VPN: Attackers may remotely access the system via the VPN interface at Level 3 or Level 2. For instance, by exploiting vulnerabilities like Shellshock [2], an attacker can virtually become a part of the control center or outstation local area network and execute arbitrary shell commands on the VPN server to inject malicious commands through it. A malicious insider with knowledge of the VPN credential can mount an attack in a similar way.

Attacks via User Interface: Insider attacks against the SCADA master or HMI are also a serious concern [11]. As seen in the Ukraine incident [13], the SCADA master system can be remotely manipulated by an external attacker. Compromised field service (maintenance) devices or abuse of such devices would also cause similar outcomes [11].

2.3 Substation Automation and Remote Control in Smart Grid

The smart grid, an electrical power grid system empowered by information and communication technologies, is one of the most critical infrastructures for our lives as well as one of the most latency stringent examples of industrial control systems. In this section, we elaborate on the detail of it to provide a context for the rest of this article.

A typical smart grid system includes a control center and multiple (possibly thousands of) substations in the field. Figure 2 shows one substation connected to a control center via a WAN. The WAN can be a wired, private network or a private channel over a public network (e.g., the Internet) or through a wireless (e.g., cellular) network. Modern substations use standardized technologies like IEC 60870-5-104 or DNP3.0 for tele-control and IEC 61850 for substation automation [14].

Fig. 2. Substation automation and remote control: a conceptual architecture, key components, and protocols and protection with F2-Prodevices.

Within the substation, as discussed in the reference model published by IEC TC57 [14], IEDs serve as the communication endpoints on the cyber side. They are responsible for operating on physical power system devices, e.g., circuit breakers and transformers. Real-time communication among IEDs is crucial for the automated protection of components. For example, a device or system fault event detected by one IED needs to trigger other IEDs to take immediate actions [15]. PLCs are also common devices in charge of automated control based on various power grid measurements. In addition, according to the reference model in [14], typically there is a substation gateway at the entrance of a substation [14]. The substation gateway often performs protocol translation (an example of message transformation en route), e.g., between IEC 60870-5-104 and IEC 61850 [14]. Remote control and monitoring of substations may involve remote terminal units (RTUs), which receive commands from the control center and then interact with IEDs accordingly. The HMI for local control and monitoring by human operators is often found in large substations, and the HMI may be connected to RTUs for exercising control and monitoring. Lastly, in order to enable remote maintenance by grid operators or device vendors, VPN devices connected to the public network are increasingly deployed. The VPN may also be used as a backup SCADA.

Table 1 summarizes the typical communication patterns observed in the smart grid system. As shown in the table, some communication settings involve only a source and a destination. In IEC 61850-compliant substations, Status Update in Substation, Automated Control in Substation, and Protection to Switchgear are done using Generic Object Oriented Substation Events (GOOSE), which is a publisher-subscriber-type multicast communication protocol.

In other communication settings, multiple intermediaries (hops) are involved. For instance, in SCADA Control/Monitoring, commands from a control center to a field device in a low-voltage substation may be mediated by devices in a high-voltage substation. Note that, for such communication, when protocol translation is involved, the substation gateway may work as a source of the translated messages. Besides, commands from a control center are often sent to a gateway device or RTU of a substation. The substation gateway may perform translation of the protocol (e.g., from IEC 60870-5-104 to IEC 61850). Likewise, an RTU may have the autonomy to modify command semantics (e.g., a single incoming control command from the control center may be subdivided into multiple commands and sent to multiple IEDs and/or PLCs). In such a case, the substation gateway or RTU may also work as a source of communication. Another complicated communication model is the Reporting by Field Devices, where measurements from PLCs or IEDs are first sent to the substation gateway or RTU, which may perform protocol translation and/or message aggregation before forwarding them. In this case, again, the substation gateway behaves as a secondary source.

The Remote Maintenance use case corresponds to a situation where a grid operator or device vendor performs firmware or configuration updates remotely. In such a situation the VPN interface may be involved in the communication path. The same may apply to the SCADA Control/Monitoring case when the SCADA master connects to substations via VPN. Operation on Substation HMI may be direct or involve single or multiple hops such as an RTU, which either operates on physical power system devices or interacts with IEDs according to the operation performed on the HMI.

The last column of Table 1 shows the message delivery latency requirements found in the public guidelines [16, 17]. Two use cases corresponding to maintenance are not sensitive to latency and therefore are left blank. As seen in the table, the latency requirements vary depending on use cases, and communication within substations has very stringent delivery latency requirements. In particular, Protection to Switchgear requires very short latency (below 2 ms [16]). An example is the control of circuit breakers for system protection, as any delay of such communication would result in damage to transmission lines and, in the worst situation, a power blackout. The latency requirement with entities outside a substation is less stringent (i.e., around 100 ms or more). However, operations related to distribution automation still require a sub-100-millisecond delay, even over a WAN [17].

2.4 Design Goals

To counter injection by malicious parties, it is crucial to verify the source and integrity of messages. Protection of this type can be typically achieved by message authentication, using message authentication codes or digital signatures. Against injection by compromised field devices, the verification of the message source (and integrity) is insufficient because the message source is already a legitimate device or possesses the credentials of a legitimate device in the system.

To counter injection via compromised or rogue field devices, verification of the message delivery path is imperative. If an attacker steals an authorized source’s credentials and inserts a message using an alternative entry point or path (e.g., from the malware on a field device), the path verification enables the destination to check whether the message has been witnessed by the expected set of nodes. For example, downstream nodes can regard the messages as trusted if a message has gone through a well-protected high-voltage substation system. As discussed in Section 2.3, the substation gateway performs protocol translation. In such a case, verifying the identity of the protocol translator allows the destination to check if the conversion is performed by a legitimate protocol translator, i.e., the substation gateway.

Based on these observations, we introduce the concept of provenance for addressing security concerns. Specifically, we focus on checking the authenticity of the message source and verifying the end-to-end message delivery path (i.e., which nodes are involved and in what order) as well as message transformation en route.

Systematically verifiable provenance information based on cryptographic proofs can be utilized for a variety of policy checks and decision-making regarding the legitimacy of a message.

In summary, our design goals are:

(1) providing ICSs with verifiable provenance information for message authentication, including the source of messages, message delivery path, and message transformation; (2) developing a low-latency cryptographic mechanism for generating and verifying provenance information within the stringent latency requirements for conveying verifiable provenance information; (3) developing a flexible solution for supporting various ICS settings and communication models (e.g., those listed in Table 1 in the smart grid context); and (4) enabling seamless multi-factor authentication for field service devices to issue commands to the protected systems and introduce command scope for authentication. Therefore, the generated codes cannot be used to execute features beyond their original scope as in CrashOverride.

3 PROVENANCE VERIFICATION

This section presents the system model and the core construction to achieve the above design goals. The notation used in the rest of this article is described in Table 2.

Table 2.

Notation	Description
SK\(_i\)	A secret key that belongs to a node i.
\(\mathcal {K}\)	The security parameter.
AT	The verification key. It is subscripted to denote its “from” and “to” (s.a., AT\(_{SD}\) to denote it is the verification key that serves between source S destination D).
ev	The cryptographic evidence every node prepares when they initiate, witness, or extend a message. ev\(_i\) is the cryptographic evidence generated by the \(i^{th}\) node on the path of the message. To denote a cryptographic evidence “from” and “to,” we use the same notation with AT.
S, W, D, U	The source, witness, destination, and human user node IDs, respectively.
\({\mathcal {S}},{\mathcal {D}}\)	The number of source and destination nodes, respectively.
MSG	A set of messages. When a message is initiated by a source, if it is extended by any downstream node, the new message is added to this set.
\(\mathcal {A}\)	The blackbox PPT adversary.
\(\mathcal {C}\)	The challenger in the game that plays the role of the destination node and the honest nodes.
\(\mathcal {MC}\)	The challenger in the Existential Unforgeability under Chosen Message Attack (EUF-CMA) security game.
\(\mathcal {B}\)	\(\mathcal {B}\) plays the role of \(\mathcal {C}\) against \(\mathcal {A}\) and acts as the adversary to \(\mathcal {MC}\).
\(\mathcal {HN}\), \(\mathcal {MN}\)	The sets of honest nodes and the malicious nodes.

View Table

Table 2. Notations

3.1 Model and Algorithms

In our message provenance verification model, there is a message source, a message destination, and intermediaries on the message delivery path. The source wants to prove its identity and the integrity of its messages to the destination. The intermediaries witness the message and may or may not extend it. The intermediaries that witness or extend want to prove to the destination that they have witnessed or extended the message. The destination wants to verify the provenance of the message. We provide below the definitions of the Initiate algorithm for the source, Witness and Extend algorithms for intermediaries, and Verify algorithm for the destination.

Setup: The Setup is reserved for key generation and distribution.
Initiate: The Initiate algorithm is run at the source to generate evidence to prove source identity and message integrity to the destination. The output evidence can be used as an input for the Witness and Extend algorithms.
Extend: An intermediary runs the Extend algorithm with the received message(s), their evidence, and a new (or transformed) message as inputs to prove that the message passed through the intermediary and that the new message is added by this intermediary.
Witness: An intermediary runs the Witness algorithm to perform Extend without adding a new message.
Verify: The destination runs the Verify algorithm to verify the message provenance.

The correctness requirement is that, if the Initiate, Extend, Witness, and Verify algorithms are implemented correctly and the message is correctly sent from a source node to a destination node through a set of nodes as intermediaries, then given the correct inputs, the Verify algorithm should always accept the provenance of the message. The formal correctness definition is in Section 4.2.

3.2 Construction Overview

A practical way to introduce additional security into existing ICSs is to deploy transparent, BITWdevices [18, 19, 20, 21]. Namely, the host ICS devices send and receive messages in an as-is manner, while the added BITWdevices intercept messages and provide protection through additional checks without affecting the endpoints. For legacy compliance, F2-Prois intended for such BITWdevices. F2-Prois also implemented as a software library that can be called by the products if altering the source code is an option, e.g., pre-production or via a software update.

As illustrated in Figure 2, to provide comprehensive coverage, an F2-Pro-enabled BITWdevice (or F2-Prodevice for short) can be introduced to each key communication node (e.g., a SCADA master, IEDs, PLCs, substation gateways). Alternatively, a smaller number of F2-Prodevices could be strategically installed only for critical components.

At a high level, an F2-Prodevice at the source end of the communication intercepts and “wraps” a message for additional security. Another F2-Proat the destination end performs verification and security policy enforcement based on the contained provenance information before it “unwraps” and passes the original message to the target device. If the message passes through intermediary nodes to which F2-Prodevices are installed, intermediary BITWdevices can further “wrap” the message to attest that the message has indeed passed through the intermediary. If an intermediary device performs protocol translation, the translator’s identity and both the original and translated messages can be verified at the destination F2-Prodevice.

Interception and policy enforcement by F2-Procan be performed selectively based on, for example, the types of messages, protocols, target devices, and so forth. This way, F2-Prohas minimal impact on system throughput.

At its core, F2-Prois based on aggregate message authentication codes [6]. We use hash-based message authentication code (HMAC\(_K\)) employing SHA256 in the construction with the key K denoted with a subscript. In the rest of the article, we use the function “Agg” defined as follows:

Let “\(\Vert\),” “\(\oplus\),” “ev,” and “pID” denote the concatenation operation, XOR operation, previous node’s evidence, and previous node’s ID in the chain, respectively:

\(\begin{equation*}\text{Agg}\;\left( {\text{ev},\;\text{K},\;\text{ts},\;\text{msg},\;\text{pID}} \right)\; = \;\text{ev}\; \oplus \;\text{HMAC}_K \;\left( {\text{ts}\;||\;\text{msg}\;||\;\text{pID}} \right)\;.\end{equation*}\)

Here, the timestamp is to prevent replay attacks, while the pID serves to establish the order in the chain. Each source and intermediary node computes the Agg function with the evit obtains from the previous node (if any) and passes the resulting evidence to the next node in the chain.

All source BITWdevices store a unique secret key SK, and all destination BITWdevices store a unique verification key for each source, hereby called authentication token or AT, derived by hashing the secret key of each source with a salt value unique to the destination, such that AT\(_{SD}\) = hash(SK\(_S\) \(\Vert\) salt\(_D\)) for source S and destination D. Similarly, a hash function with sufficient bit security, such as SHA256, can be employed. An authentication token (AT) is used as the key to the Agg function.

To witness the messages passing through the intermediary nodes, intermediary BITWdevices store both a secret key and the authentication tokens corresponding to the source devices. When a message passes through an intermediary node, its BITWdevice computes an evidence and attaches the result to the encapsulated packet to attest to witnessing the message. When a message is transformed (e.g., via protocol translation) by an intermediate node, the corresponding F2-Prodevice needs to act both as a source for the transformed message and as a witness to the original message; we call this operation extend.

In the following, we present the construction of F2-Pro. Concretely, the F2-Proprotocol creates a chain of keyed cryptographic digests derived from the messages and device identifiers, hence offering a time-stringent provenance scheme. The core F2-Proprotocol supports a wide range of functionalities required in a smart grid, such as verification by intermediate nodes (e.g., firewall/gateway), combining extend and intermediate verify (e.g., message aggregation by a data concentrator when reporting measurements from IEDs).

3.3 F2-ProConstruction

F2-Prois a tuple of algorithms (Setup, Initiate, Witness, Extend, Verify). Setup creates the keys and authentication tokens and distributes them. Initiate generates cryptographic evidence for a message that has been sent by the host device that the F2-Prodevice is attached to. Witness alters the already attached cryptographic evidence as the message passes through the host device to which an F2-Prodevice is attached. Extend is similar to witness except that the message is also altered.

Finally, Verify checks the authenticity of the cryptographic evidence and either accepts or rejects it.

Initiate-verify: Figure 3 illustrates the protocol in a communication setting with one source and one destination node. The aim is to allow the user to prove its identity and message integrity to the destination with minimal overhead in terms of time added to the original protocol.

Fig. 3. Message provenance with a single source and destination.

The source F2-Propossesses a secret key (SK\(_S\)) and the destination F2-Prostores an authentication token (AT\(_{SD}\) = hash (SK\(_S\) \(\Vert\) salt\(_{SD}\))). The authentication request, which proves identity to the destination F2-Pro, is a cryptographic evidence (ev\(_{SD}\) = Agg (“”, hash (SK\(_S\) \(\Vert\) salt\(_{SD}\)), ts, “”, “”)) of a message with no content and no previous node ID and evidence. Since there may be more than one destination, there is a unique salt value associated with each destination node. This salt value can be the destination message authentication protocol (MAC)/IP address, randomly generated from a seed, or can be stored. To prevent replay attacks, the evidence should be time-bound. Hence, to send the authentication request, the source F2-Proadds a timestamp (ts) to the evidence. To authenticate a message along with its identity, the source F2-Proadds the message content (msg) to the computation, resulting in \(\begin{equation*} \text{ev}_{SD} = \;\text{Agg}\;\left( { “” ,\;\text{hash}\;\left( {\text{SK}_S ||\;\text{salt}_{SD} } \right),\;\text{ts},\;\text{msg},\; “” } \right),\end{equation*}\) where the previous evand the previous node ID fields are empty. For verification, the destination F2-Prouses the timestamp, the message, and its stored authentication token (ev’ = Agg (“”, AT\(_{SD}\), ts, msg, “”) and checks two things: if the timestamp is fresh and if ev’ equals the received ev\(_{SD}\).

This basic case covers some of the communication models discussed in Section 2.3, namely Automated Control in Substation, Status Update in Substation, Protection to Switchgear, and Local Maintenance. In the following, we demonstrate the flexibility of this design to support various smart grid communication models before we move to more time-stringent segments.

Adding Witnesses En Route (Witness): As discussed in Section 2.3, many smart grid communication models involve multi-hop communication. In some cases, a message is received by an intermediate node and then simply forwarded to the destination. For example, in the Remote Maintenance scenario, a VPN interface may operate in this way. In the SCADA Control/Monitoring case, the high-voltage substation may also forward information.

In Figure 4, note that the destination F2-Prohas two ATs, one for the source node and the other for the witness node (AT\(_{WD}\) = hash (SK\(_W\) \(\Vert\) salt\(_{WD}\))). The source F2-Pronode initiates the chain by sending ev\(_{SD}\) to the witness node. The witness F2-Prothen derives its own cryptographic evidence, using SK\(_W\) and the cryptographic evidence from the source F2-Pro(or from the last witness F2-Proif any):

Fig. 4. Message provenance with single witness.

\(\begin{equation*} \text{ev}_{WD} = \;\text{Agg}\;\left( {\text{ev}_{SD} \;\text{hash}\;\left( {\text{SK}_W ||\;\text{salt}_{WD} } \right),\;\text{ts},\;\text{msg},\;S} \right).\end{equation*}\)

Aggregating the chain of cryptographic evidence in this manner limits the size of evidence to a single HMAC output, regardless of the number of witnesses on the path.

Verification at the destination side entails calculating the cryptographic evidences from the first to the last. Then, the destination checks if the last ev’ is equal to the received cryptographic evidence. In our example, with one source and one witness, the destination performs \(\begin{equation*}\begin{array}{*{20}c} {\text{ev}'_0 \; = \;\text{Agg}\;\left( {{“”}\;\text{AT}_{SD} ,\;\text{ts},\;\text{msg},\;{“”}} \right)} \\ {\text{ev}'_1 \; = \;\text{Agg}\;\left( {\text{ev'}_\text{0} \text{,}\;\text{AT}_{WD} ,\;\text{ts},\;\text{msg},\;\text{S}} \right)} \\ \end{array} \end{equation*}\) and then checks if ev’\(_{1}\) equals ev\(_{WD}\), the evidence received from the witness.

While the Initiate and Witness algorithms’ complexities are both constant, i.e., (O(1)), the complexity of the verification algorithm is linear on the number of intermediaries, i.e., (O(N)), where N is the number of intermediaries).

Message Transformation (Extend): In the setting with two sequential sources (as in Figure 5), the extending (second) source F2-Proalso acts as a witness while concatenating a new (transformed) message and calculating the next value in the chain. For instance, upon receiving the inputs, “ev\(_{S1D}\), ts, msg,” a witness would calculate its cryptographic evidence: Agg (ev\(_{S1D}\), hash(SK\(_W\) \(\Vert\) salt\(_{WD}\)), ts, msg, S1). Instead, an extending source F2-Prorenders it as follows: ev\(_{S2D}\) = Agg (ev\(_{S1D}\), hash (SK\(_{S2}\) \(\Vert\) salt\(_{S2D}\)), ts, msg \(\Vert\) msg2, S1), where msg2 is the new (transformed) message. Then, it sends ev\(_{S2D}\), ts, msg, msg2 to the next node. Note that the cryptographic evidence does not prove the correctness of translation from msg to msg2 but enables the verification of the extending node’s identity and the integrity of msg and msg2.

Fig. 5. Example: the second source modifies the message.

We present the verification pseudocode in Algorithm 1 for an arbitrary number of nodes on the path. Lines 5 to 6 decide the indices of messages to be processed on Line 7, where the evidences are computed.

4 DEFINITIONS, CORRECTNESS, AND SECURITY

In this section, we present the definitions and the formal proof for the core protocol. Based on our threat model, an attacker cannot physically access the verifier BITWdevice implemented at the protected zone of outstations. In addition, because the verifier device is implemented as a transparent, bump-in-the-wire device, it is not addressable by network-based attackers. Therefore, as long as the software running on it and the operating system are secure against attacks such as buffer overflow, the secret information (e.g., keys) on the destination BITWdevices is secure.

4.1 Algorithm Definitions

We use subscripts to denote an element of a set and superscript to denote a state of the set. For instance, if MSG\(_1\) extends MSG\(_0\), the extended message of {MSG\(_0\), MSG\(_1\)} is denoted as MSG\(^1\). The cryptographic evidence (ev) is to be sent along with the plaintext timestamp (ts) and message. The setup is performed at every F2-Prodevice, where each device calculates the authentication tokens from its secret key and distributes them to the corresponding destinations. At the destination F2-Prodevice, the algorithm “Verify” derives the information about which authentication tokens to use and which step of the chain involves message transformation (to add the corresponding MSG\(_i\) as an input to the chain). In our construction, the “Witness” algorithm is identical to the “Extend” algorithm with an empty message field.

Setup: SK\(_S\) \(\leftarrow\) KeyGen(1\(^\mathcal {K}\)) – Given the security parameter \(\mathcal {K}\), a secret key (SK\(_S\)) is generated for every source S in the system.
AT\(_{SD}\) \(\leftarrow\) AuthTokenGen(SK\(_S\), D) – Each source S, given the secret key and a salt value, generates an authentication token AT\(_{SD}\) per destination D. We assume secure distribution of these tokens to the corresponding destinations.
ev\(_0\), MSG \(\leftarrow\) Initiate(SK\(_0\), ts, message, D) – Given the secret key, the timestamp, a message, and the destination, outputs the first cryptographic evidence (ev\(_0\)) of the chain and the set of messages with one message in—the later nodes in the path may add messages to the set (see “Extend” below).
ev\(_{c}\) \(\leftarrow\) Witness(ev\(_{c-1}\), D, SK\(_c\), ts, MSG) – Given the previous node’s cryptographic evidence, the destination, the secret key, the timestamp, and the set of messages, outputs a witness cryptographic evidence.
ev\(_{c}\), MSG’ \(\leftarrow\) Extend(ev\(_{c-1}\), D, SK\(_c\), ts, message, MSG) – Given the previous node’s cryptographic evidence, the destination, the secret key, the timestamp, a message, and the set of previous messages, outputs an extension cryptographic evidence and the extended message set.
accept/reject \(\leftarrow\) Verify(ev\(_{c}\), ts, AT\(_{SD}\), AT\(_{1D},\ldots , AT_{cD}\), MSG) – Given the last node’s cryptographic evidence (ev\(_{c}\)), the timestamp, the set of authentication tokens (that consists of the verification keys of the source node AT\(_{SD}\) and other nodes on the path AT\(_{1D},\ldots , AT_{cD}\)), and the set of messages, outputs “1” for accept, “0” for reject.

After successful verification, the verified provenance information is handed over to policy checking, which is outside of the core protocol algorithms.

4.2 Protocol Correctness

Below, we denote the number of nodes and sources on the path by \({\mathcal {X}}\) and \({\mathcal {Y}}\), respectively. By the correctness requirements in Section 3.1, F2-Pro’s correctness is as follows.

\(\forall\) MSG\(_i\in\) {0,1}*, if [SK\(_S\) \(\leftarrow\) KeyGen(1\(^\mathcal {K}\)), AT\(_{SD}\) \(\leftarrow\) AuthTokenGen (SK\(_{S}\), D) for S \(\in\) [\(0,\ldots , {\mathcal {S}}-1\)] and D \(\in\) [\(0,\ldots ,{\mathcal {D}}-1\)]]; (ev\(_0\), MSG\(^0\)) \(\leftarrow\) Initiate(SK\(_{S}\), ts, MSG\(_0\), D); [ ev\(_x\) \(\leftarrow\) Witness(ev\(_{x-1}\), D, SK\(_{x}\), ts, MSG\(^{y}\)) OR (ev\(_x\), MSG\(^{y}\)) \(\leftarrow\) Extend(ev\(_{x-1}\), D, SK\(_{x}\), ts, MSG\(_y\), MSG\(^{y-1}\)) ] \(\forall\) x \(\in\) [\(1,\ldots ,{\mathcal {X}}\)] and \(\forall\) y \(\in\) [\(1,\ldots ,{\mathcal {Y}}\)]; then Verify(ev\(_{\mathcal {X}}\), AT\(_{0D}\), ..., AT\(_{({\mathcal {S}}-1)D}\), MSG\(^{\mathcal {Y}}\)) = 1 with probability 1.

4.3 Correctness Proof

To prove the correctness of the protocol, we need to show that if a message is correctly sent from a source S to a destination D through a set of nodes as witnesses/extenders, then the Verify algorithm will return 1 with probability 1.

Proof.

Assuming that the Initiate algorithm and the Extend/Witness algorithms are implemented correctly, the correctness of the protocol hinges on the properties of the cryptographic evidence produced by these algorithms. In particular, we need to show that if a witness cryptographic evidence ev\(_{x}\) is generated correctly by node x based on the previous node’s cryptographic evidence ev\(_{x-1}\) and the set of messages, then the Verify algorithm will correctly verify ev\(_{x}\) with the corresponding authentication tokens and messages.

We prove the correctness of the protocol by induction on the length of the chain. For the base case, we consider a chain with only one node (i.e., source). In this case, the Initiate algorithm produces the cryptographic evidence ev\(_0\) for the message MSG\(_0\). Then, the Verify algorithm checks if ev\(_0\) is valid by verifying it against the destination’s authentication token AT\(_{0D}\), which is generated by the source node 0 using its secret key SK\(_0\) and the salt value D. Since the token is distributed securely to the destination, the Verify algorithm will accept the message if ev\(_0\) is valid.

For the inductive step, we assume that the protocol is correct for chains of length up to \(x-1\) and prove that it is also correct for a chain of length x. In this case, we assume that the cryptographic evidence ev\(_{x-1}\) produced by node \(x-1\) is valid and that the Verify algorithm will correctly accept it. Then, we need to show that if node x produces a valid witness/extend cryptographic evidence ev\(_x\) based on ev\(_{x-1}\) and the set of messages, then the Verify algorithm will correctly accept it.

To prove this, we note that the Extend algorithm generates the extended message set MSG’ by appending the new message to the set of previous messages MSG. Then, the algorithm generates a witness/extend cryptographic evidence ev\(_x\) based on ev\(_{x-1}\) and the extended message set MSG’. Since ev\(_{x-1}\) is valid, it implies that the previous message set MSG is valid and was correctly sent from the source node to node \(x-1\). Therefore, by appending the new message to the valid message set, the extended message set MSG’ is also valid. Furthermore, the witness cryptographic evidence ev\(_x\) is generated using the salt value D and the secret key SK\(_x\), which is only known to node x. Therefore, node x generated the valid evidence ev\(_x\) with the knowledge of SK\(_x\). Thus, ev\(_x\) is valid, and node x generated ev\(_x\) correctly.

Finally, the Verify algorithm checks if ev\(_x\) is valid given that ev\(_{x-1}\) is valid, by verifying it against the authentication token of x, i.e., AT\(_{xD}\) derived from SK\(_x\). The Verify algorithm checks if ev\(_x\) is valid by verifying it against the destination’s authentication token AT\(_{xD}\), which is generated by the node x using its secret key SK\(_x\) and the salt value D. Given that the token is distributed securely to the destination, the Verify algorithm will accept the message if ev\(_x\) is valid.

Therefore, by induction, if the Initiate, Extend/Witness, and Verify algorithms are implemented correctly and the message is correctly sent from a source node to a destination node through a set of nodes as witnesses/extenders, then the Verify algorithm will return 1 with probability 1. Hence, the protocol is correct.□

4.4 Security Proof

We state the security for a verifiable provenance scheme using a game.

Definition 1.

A verifiable message provenance scheme is secure if, for all probabilistic polynomial-time (PPT) adversaries \(\mathcal {A}\), the probability that \(\mathcal {A}\) wins in the below game is negligible in \(\mathcal {K}\) (the security parameter).

Forgery Game: If any node on the path of the message from a source to a destination deviates from the honest behavior or a message does not pass through all the honest nodes on the claimed path, then the destination will detect it with a high probability. We define a forgery game to be played between the adversary \(\mathcal {A}\), who acts as the malicious parties, and the challenger \(\mathcal {C}\), who plays the role of the destination and honest nodes.

\(\circ\) Setup:

\(\mathcal {A}\) chooses two sets of node IDs for malicious nodes \(\mathcal {MN}\) and for honest nodes \(\mathcal {HN}\) of size h. \(\mathcal {A}\) picks unique secret keys for the nodes in \(\mathcal {MN}\) in the format defined in Setup in Section 4.1. \(\mathcal {A}\) sends \(\mathcal {MN}\), the secret keys they share with the destination SK\(_{l_i}\),¹ \(\forall \ {l_i \in \mathcal {MN}}\), and \(\mathcal {HN}\) to \(\mathcal {C}\).
\(\mathcal {C}\) generates the secret keys for the nodes in \(\mathcal {HN}\), i.e., SK\(_{l_i}\), \(\forall \ {l_i \in \mathcal {HN}}\).

\(\circ\) Query:

\(\mathcal {A}\) sends to \(\mathcal {C}\) a polynomial number of queries, each of which includes a timestamp ts, messages MSG = {\(m_1,\ldots , m_j\)} (\(m_1\) is for Initiate, \(m_i = m_{i-1}\) implies Witness, otherwise Extend), and the sequence of node IDs for a selected path L = {\(l_1, \ldots , l_j\)} excluding the destination.
\(\mathcal {C}\) calculates and returns {ev\(_1, \ldots ,\)ev\(_j\)} after each query.

\(\circ\) Challenge: \(\mathcal {A}\) sends MSG* = \(\lbrace m^*_1,\ldots , m^*_k\rbrace\), \(L^* = \lbrace l^*_1, \ldots , l^*_k\rbrace\), ts*, ev* to \(\mathcal {C}\).

\(\circ\) Winning Condition: \(\mathcal {A}\) wins if Algorithm 1 returns accept with ev*, ts*, MSG*, \(L^*\) as inputs and there exists at least one honest node \(l^*_i \in L^*\), such that \(l^*_i \in \mathcal {HN}\) and {\(m^*_1\), ..., \(m^*_i\)}, {\(l^*_1\), ..., \(l^*_i\)} is not queried as a prefix of MSG, L with ts = ts* during the query phase.

Theorem 1.

The proposed F2-Pro scheme provides verifiable message provenance according to Definition 1, against any static active PPT adversary who controls the network and the malicious clients, assuming the underlying MAC scheme, specifically HMAC, is deterministic, collision resistant (Definition 4.10 in [22]), and existentially unforgeable under adaptive chosen message attacks (EUF-CMA) (Definition 4.2 in [22]).

Proof.

We reduce the security of our scheme to that of the underlying HMAC function. If a PPT adversary \(\mathcal {A}\) wins the security game of our scheme with non-negligible probabilitym we use it to construct another PPT algorithm \(\mathcal {B}\) that breaks the HMAC function’s existential unforgeability under adaptive chosen message attack with non-negligible probability. \(\mathcal {B}\) acts as the adversary in the security game with h EUF-CMA challengers \(\mathcal {MC}_{l_i}, \forall \ {l_i \in \mathcal {HN}}\) picked by the Adversary in the Setup phase. In parallel, \(\mathcal {B}\) plays the role of the challenger in our game with \(\mathcal {A}\).

\(\circ\) Setup:

\(\mathcal {A}\) chooses two sets of node IDs for malicious nodes \(\mathcal {MN}\) and for honest nodes \(\mathcal {HN}\) of size h. \(\mathcal {A}\) picks the secret keys for the nodes in \(\mathcal {MN}\) in the format defined in Setup in Section 4.1. \(\mathcal {A}\) sends \(\mathcal {MN}\), the secret keys they share with the destination SK\(_{l_i}\), \(\forall \ {l_i \in \mathcal {MN}}\), and \(\mathcal {HN}\) to \(\mathcal {B}\).
Each \(\mathcal {MC}_{l_i}\) generates the secret key SK\(_{l_i}\), \(\forall \ {l_i \in \mathcal {HN}}\).

\(\circ\) Query:

\(\mathcal {A}\) sends to \(\mathcal {B}\) a polynomial number of queries, each of which includes a timestamp ts, messages MSG = {\(m_1,\ldots , m_j\)}, the sequence of node IDs for a selected path L = {\(l_1, \ldots , l_j\)} excluding the destination.
To calculate {ev\(_1, \ldots ,\)ev\(_j\)}, \(\mathcal {B}\) calculates the HMAC for \({l_i \in \mathcal {MN}}\) and queries \(\mathcal {MC}_{l_i}\) for \(\ {l_i \in \mathcal {HN}}\); i.e., \(\mathcal {B}\) calculates for each \(i \in \lbrace 1,\ldots , j\rbrace\) with ev\(_0,m_0\) = “”:
\(m^{\prime }_i = \text {ts} \Vert \ m_i \ \Vert \ l_{i-1}\)
\(\begin{align*} \text{ev}_i = {\left\lbrace \begin{array}{ll} \text{ev}_{i-1} \oplus \text {HMAC}_{SK_{l_i}}(m^{\prime }_i) & \text{if } {l_i \in \mathcal {MN}}\\ \mathcal {MC}_{l_i}(m^{\prime }_i) & \text{if } {l_i \in \mathcal {HN.}} \end{array}\right.} \end{align*}\)
\(\mathcal {B}\) then sends {ev\(_1, \ldots ,\)ev\(_j\)} to \(\mathcal {A}\) after each query and stores all queried {ev\(_i\)}s and \(\lbrace \text {ev}_{i-1}\rbrace\)s in database D (i.e., D[ev\(_i\)] = \(\lbrace \text {ev}_{i-1}\rbrace\)).

\(\circ\) Challenge:

\(\mathcal {A}\) sends MSG* = \(\lbrace m^*_1,\ldots , m^*_k\rbrace\), \(L^* = \lbrace l^*_1, \ldots , l^*_k\rbrace\), ts*, ev* to \(\mathcal {B}\), where k is such that ev\(_k =\) ev*.
\(\mathcal {B}\) iterates over \(i = \lbrace k,\ldots , 1\rbrace\). For each i:
- If \(l_i^* \in \mathcal {HN}\) and ev\(_i\) is queried before (i.e., D[ev\(_i] \ne\) null), then \(\mathcal {B}\) decrements a pointer p by 1 starting from k, and \(\mathcal {B}\) fetches the previous evqueried with ev\(_i\) in database D.
- If \(l_i^* \in \mathcal {MN}\), \(\mathcal {B}\) calculates the previous evby \(ev_i\ \oplus\) HMAC\(_{SK_{l_i}}(m_i^*, \text {ts*}, l_{i-1}^*)\).
- If \(l_i^* \in \mathcal {HN}\) and ev\(_i\) is not queried before (i.e., D[ev\(_i] =\) null), then p is set to i and \(\mathcal {B}\) breaks this loop.
At this point, \(\mathcal {B}\) has found an evidence ev\(_p\) that has not been an output to any query before. Knowing the new winning output at p leading \(\mathcal {A}\) to win the game, \(\mathcal {B}\) now needs to compute the previous evidence such that when XOR’ed with ev\(_p\), it gives the output to HMAC\(_{SK_{l_i}}(m_i^{*^{\prime }})\) for \(\mathcal {B}\) to use against \(\mathcal {MC}_{l_p}\).
\(\mathcal {B}\) calculates ev\(_{p-1}\) by calculating ev\(_i\) from the beginning of the chain until \(i = p-1\); i.e., for each \(i = \lbrace 1,\ldots , p-1\rbrace\) with ev\(_0,m^*_0\) = “”:
\(m^{*^{\prime }}_i = \text {ts*} \Vert \ m_i^* \ \Vert \ l^*_{i-1}\) \(\begin{align*} \text{ev}_i = {\left\lbrace \begin{array}{ll} \text{ev}_{i-1} \oplus \text {HMAC}_{SK_{l_i^*}}(m_i^{*^{\prime }}) & \text{if } {l^*_i \in \mathcal {MN}}\\ \mathcal {MC}_{l^*_i}(m_i^{*^{\prime }}) & \text{if } {l^*_i \in \mathcal {HN.}} \end{array}\right.} \end{align*}\)
Then \(\mathcal {B}\) challenges \(\mathcal {MC}_{l^*_p}\) with \(m_i^{*^{\prime }}\) and ev\(_{p-1} \oplus\) ev\(_{p}\).

\(\mathcal {A}\) cannot win: In the scenario where \(\mathcal {A}\) wins with a probability of \(\epsilon\), the probability of \(\mathcal {B}\) winning is \(\epsilon /h -\delta\). The division by h results from the breaking of \(1/h\) EUF-CMA challengers. \(\delta\) is the probability of \(\mathcal {A}\) finding a collision in the HMAC function and is negligible. Since h is a constant, any non-negligible value of \(\epsilon\) will also result in a non-negligible value of \(\epsilon /h - \delta\).□

5 MULTI-FACTOR AUTHENTICATION WITH F2-PRO

In this section, we describe the use of F2-Proto start the provenance chain from the human user. For control and configuration management by field service engineers/technicians (field person), we propose a multi-factor authentication solution that enables the verification of user identity, seamlessly integrated with the provenance verification provided by F2-Pro. As illustrated in Figure 6, the field person configuring the IEDs through the control center is authenticated via multiple factors: a memorized password (knowledge factor), a field service device, and an authenticator such as a smartphone, both associated with the field person (possession factors).

Fig. 6. ICS operator device(a field service device/laptop (FSD) in this example) interaction with an industrial control system (a modernized substation system in smart grid system in this example).

Without the multi-factor authentication, F2-Prowould operate as follows. The devices marked as d\(_1\) to d\(_4\) in Figure 6 represent our BITWdevices installed in the network to provide security. In the running example, the control center is sending a command to an IED. All the nodes on the path generate verifiable evidence. In this case, the device d\(_1\) of the control center initiates the message, d\(_2\) of the substation gateway extends it with the protocol-translated message, and d\(_3\) of the PLC witnesses the message. Lastly, d\(_4\) at the destination device verifies the source identity, message integrity, and message delivery path before enforcing security policies based on the verified provenance information. Next, we describe the multi-factor authentication for access via ICS user interfaces.

5.1 Provenance Chain Starting from the Human User

When the field person uses an ICS operator device, e.g., a field service device to manage control and configuration, the destination verifies two additional pieces of information: user identity and ICS operator deviceidentity. The proof of ICS operator deviceidentity is identical to that of other nodes in the system. To harden the system against the weaknesses introduced by the human factor, the proof of user identity is provided by multiple authentication factors. Here, the possession factor comes into the picture, to be used along with the password that the user memorized to generate the user fingerprint. In the multi-factor authentication Setup, the list of authentication tokens is generated as below for each user-destination pair and stored at the destinations.

\(\begin{equation*}\text{AT}_{UD} \; = \;\text{hash}\left( {\text{SK}_U ||\;\text{password}\;||\;\text{salt}_D } \right),\end{equation*}\) where SK\(_{U}\) is the secret key associated with user U, and AT\(_{UD}\) is the authentication token stored at destination D to verify messages from user U. Later, when the user uses the field service device to send a message, the user keys in the password in the authenticator device. The authenticator runs Initiate to calculate the user one-time password (OTP):

\(\begin{equation*}\text{OTP}_{UD} \; = \;\text{hash}\left( {\text{AT}_{UD} \;||\;\text{ts}} \right).\end{equation*}\)

The user is required to select the destination for its message since the salt value and hence the OTP is associated with the destination ID. The user is expected to key in the OTP to the field service device. To provide easy and error-free use, a QR code generator/reader, NFC reader, or any one-way communication between the authenticator and field service device is beneficial. We used both NFC and QR codes in our product. Figure 7 visualizes the steps of the multi-factor authentication process detailed below. Initiate: The value that has been generated by the authenticator is treated as an initiation without message content. Naturally, the length of a user session should span multiple messages. The user identity (e.g., username, ID) can be sent in plaintext for cases where there is more than one user so that the destination can choose the right verification key for each user.

Fig. 7. Steps of multi-factor authentication.

Extend: After the authenticator’s initiation, the generated OTP is transferred to the ICS operator device. Then, the ICS operator deviceextends the initiated chain with the message (e.g., configuration command) and passes it to the control center, where the message goes through the pipeline described in Section 3.

5.2 Starting the Chain with a Public-key-based Scheme

An option to implement multi-factor authentication is employing an RSA-like public-key-based scheme (SETUP, SIGN, VERIFY) and integrating it into the provenance checking mechanism as follows. At the authenticator:

\(\begin{equation*}\text{OTP}\; = \;\text{SIGN}_{pri\upsilon k} \left( {\text{username,}\;\text{ts}} \right).\end{equation*}\)

The authenticator needs to send the username and the timestamp in plaintext to the ICS operator devicetogether with the OTP. At the ICS operator device:

\(\begin{equation*}\text{ev}\; = \;\text{Agg}\left( {\text{OTP},\;\text{hash}\left( {\text{SK}_{FSD} \;||\;\text{salt}} \right),\;\text{ts},\;\text{msg},\;\text{pID}} \right).\end{equation*}\)

The ICS operator devicethen needs to send the username and timestamp in plaintext to the control center, and these values should propagate until the destination together with the ev. To verify, the destination XORs all the evidence on the path and verifies the resulting value with the public key of the user.

The verification overhead at the destination is heavy, and this method is only possible if the destination device supports PKI. For instance, in our selected embedded device (BeagleBoard-X15 [23]), extra verification for the multi-factor authentication takes 40 usec, whereas the same verification step takes around 300 usec with a public key signature scheme. This affects the throughput of the destination device where multiple sources may have been messaging, and it also weakens the system against denial-of-service attacks.

5.3 Limiting the Scope of Authentication

The extension of F2-Prowith multi-factor authentication hardens the security for authenticating human users who connect to ICS via ICS operator devices. These commercial-of-the-shelf devices, such as laptops and tablets, are vulnerable to malware. In the case where a field service device is infected, the malicious party can use the user’s time-bound code (OTP) to issue other commands in the background for the duration of the session. Therefore, as another layer of security, we limit the scope of the OTP generated at the authenticator. Simply put, we enable the authentication scope selection for the user commands prior to OTP generation. The destination node understands the packet scope and starts the verification chain accordingly without requiring any additional communication overhead. The OTP at the authenticator is then calculated as follows:

\(\begin{equation*}\text{OTP}_{UD} \; = \;\text{hash}\left( {\text{hash}\left( {\text{SK}_U \;||\;\text{password}\;||\text{salt}_D } \right)||\;\text{ts}||\;\text{scope}} \right).\end{equation*}\)

Authentication scope restriction introduces minimal computation overhead yet prevents malicious software from issuing irrelevant and potentially more harmful commands.

A screenshot from the proof-of-concept multi-factor authentication Android application is shown in Figure 8. The user selects a destination device and session scope from a drop-down menu and scans the resulting QR code (containing the OTP) with the field service device.

5.4 Policy Enforcement at Verifier

With the use of an authenticator, upon the successful verification of the cryptographic evidence attached to ICS messages or configuration, the verifier can derive the following information from the multi-factor user authentication added to the end-to-end provenance information through F2-Pro: (1) identity of the user, (2) identity of the authenticator, (3) identity of the ICS operator device, (4) timestamp, and (5) authentication scope.

Based on this information, the verifier device can enforce policies in terms of the combination of these. For instance, if we enforce \(user_1\) to use a specific authenticator \(authenticator_1\) and ICS operator device (e.g., mobile field service device) \(iod_1\), we can define a policy to allow \({user_1, authenticator_1,iod_1}\). If \(user_1\) is allowed to use another ICS operator device (e.g., SCADA HMI), say \(iod_2\), we can define another policy that allows \({user_1, authenticator_1,iod_2}\). The timestamp and the scope can be further defined for each combination. This way, we can flexibly define security policies to support various use cases commonly seen in the ICS context.

6 SECURITY DISCUSSION, IMPLEMENTATION, AND EVALUATION

The demonstration videos of F2-Proagainst attack scenarios discussed in this section are publicly available in [24] (on a controlled environment) and [25] (on a realistic testbed).

6.1 Attacks Countered by F2-Pro

To validate the security features of F2-Pro, we implemented three attacks that succeeded on an unprotected IEC 61850-based smart grid testbed. The first attack abuses a compromised entity within the system. This attack is a generalized rendition of CrashOverride (Industroyer) malware, which can issue IEC 61850 and IEC 104 commands either autonomously or orchestrated by a remote attacker. Once a device is compromised, the adversary can issue any command to any destination. Therefore, by compromising an entity in the system (e.g., a substation gateway from another substation), the compromised device can issue commands (e.g., a command to a circuit breaker) to several IEDs. Such commands are successfully executed, potentially damaging the system. The second attack abuses Shellshock vulnerability [2] to compromise the VPN service and escalates privileges to execute arbitrary shell commands. Consecutively, we can issue commands to IEDs and PLCs. All such commands are also executed in an unprotected system. The third attack connects a rogue laptop to the substation switch. The point of access is different, but the attack is still successful. When we activate F2-Prodevices on the wires, the first attack is countered; even though cryptographic evidence for the message is generated by the compromised device’s F2-Prodevice (i.e., a genuine secret key) and sent along with it, the destination F2-Prodevice knows from which source and from which path to expect a particular command. As the actual network path is different from the path expected by the destination F2-Prodevice, the F2-Prodevice of the destination will not run the verification algorithm (Algorithm 1), stating, “The followed path cannot be found in the policy.” For the second and third attacks, we assume a smart attacker would somehow spoof IPs and manipulate the system to claim that the correct path is followed. However, the corresponding verification cannot be deceived, as discussed with the security proof at Section 4.4, and the F2-Prodevice returns “Cryptographic evidence mismatch.”

6.2 Dependability; Failure of an F2-ProDevice or Its Network Connectivity

A failure of the F2-Prodevice can be handled by redundancy. A critical smart grid device often has hot standby redundancy and/or it may have multiple network interfaces. Redundant F2-Prodevices can be connected to the hot standby devices and to each of the standby interfaces of a critical device. Hence, the failure of a single F-Pro device can be tolerated. The degree of redundancy should be decided based on the criticality of the host system and devices. Such an architecture would also include a watchdog mechanism that monitors the availability of the F2-Prodevices, e.g., based on timeout, to enable automated fail-over.

6.3 Verification Key Security

The security of the verification keys depends on the preimage resistance of the employed hash function family. Simply put, if a probabilistic polynomial time adversary can find the secret key SK, given a verification key (= hash(SK\(\Vert\) salt)), then we can break the preimage resistance of the chosen hash function. Therefore, if the hash function employed is preimage resistant, then the verification keys are secure.

6.4 Key Management

Key management is the fundamental basis of every cryptographic application. Key management for SCADA systems has been extensively studied. The main constraints have been presented in [26]. The key management concept consists of key generation, distribution, storage, and revocation, all of which are required in our proposed solution. There are two types of key management schemes. The first and the more studied type is automated key management. The second is the manual key distribution, which is more suitable for static setups. Key management software is often a small part of the program; however, designing a key management system is a task on its own. For instance, in [27] one of the first key management protocols was proposed. Soon after, a flaw was pointed out in [28], and a fix was proposed, which then was cracked in [29]. [30] revealed a new flaw in the original protocol. All these flaws are obvious when pointed out; however, they remained hidden for a long while from inexperienced eyes. This well-known example shows us that key management should not be taken lightly, and the most advanced scheme in the literature at the time of implementation shall be employed. In this work, we assume secure key distribution. F2-Proremains neutral to the underlying method of key distribution. F2-Proimplements a manual key distribution approach, as detailed in Section 6.6, and similarly applies a basic authentication token derivation scheme that is independent of the proposed protocol and its extensions. The key derivation component is a modular aspect of the protocol that can be substituted with alternative techniques.

There are minor advantages of using authentication tokens over pairwise symmetric keys in cyberphysical systems. The first advantage is that authentication tokens provide flexibility to the source entity to generate tokens on the fly, using their single master key, without needing pairwise symmetric keys for bidirectional communication with every entity in the system. This approach saves the source from having to store a linearly growing number of keys for every destination node. Another minor advantage is that calculating the symmetric key on the fly using the master key is faster than calling a particular key for a destination from storage.

6.5 Attacks Countered by Multi-factor Authentication

Added to the attacks in Section 6.1, we have experimented with other hypothetical but realistic attacks from three different entry points in the smart grid context, as shown in Figure 6 for the authenticator device security. All these attacks were successful on the vanilla system. For these experiments, for the sake of flexibility and manageability, we utilized an open-source, software-based smart substation testbed [31] based on the IEC’s reference model of a modernized substation [14].

First, we consider an attacker compromising a VPN interface, which is typically prepared for remote maintenance by vendors or as a backup channel for SCADA communication. In particular, we set up a VPN service with shellshock vulnerability [2], which allows a remote attacker to elevate privileges to execute the shell commands. Using the compromised VPN server as a stepping stone, the attacker’s device, impersonating the ICS operator device, is able to inject malicious control commands to IEDs in the substation.

Second, we simulated a remote attacker via WAN connecting to the control center and substations. In other words, an attacker impersonates a control center to inject malicious commands. We have attached a bogus SCADA master, which does not have a legitimate key on it, to the gateway/RTU and issued ICS commands to IEDs.

The third attack simulates an attacker physically in the substation. Recall that, based on our threat models, an attacker can have access to the station level of the substation and may be able to plug his or her computer into the network or manipulate the HMI deployed there. All of these attacks are successful in executing the malicious control commands on IEDs without the proposed multi-factor authentication system in place.

We set up multiple ICS operator devices and authenticators assigned to different users. For the setup, we have given the passwords to be memorized by the users. Alternatively, the users could decide on a password and then upload their verification keys to the destination devices in a secure environment. All three attacks mentioned above are not possible after the implementation of our solution owing to the lack of valid cryptographic evidence.

Namely, in the first scenario, even if the attacker is successful in compromising the VPN server without the possession of a valid authenticator and field service device, the attack attempt is blocked. A similar argument can be made for the second case. In the third case, even if the stolen device still stores the cryptographic evidence generated in the past for some reason, a replay attack against the same or different target IED can be prevented by enforcing the scope and lifetime at the verifier. Even if the attacker learns the password of a user, steals his or her authenticator, and compromises an ICS operator device, as long as he or she cannot lay hands on the specific ICS operator devicethat is associated with the said user, he or she still cannot issue valid commands. In addition to compromising a user password, valid authenticator, and field service device, an attacker is required to place the device at the right network location in the expected ICS message delivery path.

6.6 Implementation

Figure 9 shows the deployment of the BITWdevice on the testbed. We have selected BeagleBoard-X15 (called BeagleBoard for short) [23]. It has been selected for its low cost and support for two Ethernet interfaces that enable bumping it in the wire. Hardware details can be found in [23].

Fig. 9. F2-Prointegration into EPIC testbed [32]. On the right side, we highlighted one of the F2-Prodevices connected to a switch in the generation segment (GSW2) with the two highlighted cables in a bump-in-the-wire manner.

6.6.1 The Bump-in-the-wire Device for F2-Pro.

The BITWdevice is deployed for each smart grid device to be protected and is responsible for transparently intercepting incoming or outgoing packets of the protected device. F2-Proimplementation utilizes either iptables (in case F2-Proonly handles IP-based protocols such as IEC 60870-5-104 and IEC 61850 MMS) or ebtables (in case of IEC 61850 GOOSE), along with NFQUEUE to intercept packets of interest and pass them to the F2-Prodeployed in the user space. The F2-Promodule is responsible for parsing an incoming packet to extract the accompanying cryptographic evidence, if any; verifying and/or generating cryptographic evidence according to the algorithm discussed in Section 3; and compiling an outgoing packet. If the cryptographic evidence is not valid or any other issue is found, the packet is dropped. In future work, it is possible to implement F2-Proalso in kernel space for better performance.

6.6.2 The Authenticator Device.

We have implemented the authenticator discussed in Section 5 on the Android platform and performed our tests and measurements using a Samsung Galaxy Note 8 (processor: Exynos 9 Octa 8895). For QR code generation, we have employed the Zxing Library [33]; for the NFC tag generation, we have employed the CardEmulation Library [34]; and to read the generated tag at the ICS operator devicewe have employed ACR122U USB NFC Reader [35]. The application can be seen in Figure 8. With the setup button, the application randomly generates and stores a key offline. Then, given the memorized password as input by the user, the application generates a setup code. This code is salted per destination to be stored as the corresponding verification keys (AT) at the destination nodes. We can do the salting at the authenticator device producing many codes if there are multiple destinations since our solution supports data transfer employing both NFC and QR code methods. Note that these methods of communication, even though they may be less accessible, are one-way communication channels. If a two-way communication channel between the authenticator and the client is established (e.g., Bluetooth connection, a wired connection), it makes it possible for an adversary to compromise the authenticator remotely and/or reach the secret key stored. Once the setup is established, a user can start using the authenticator immediately to generate the codes by entering the password, choosing the scope of the command (we chose read/write requests, configurations commands, and update files as examples) that will be issued by the ICS operator deviceto acquire the one-time password. As in Section 5.1, the said one-time password is to be used as Initiate output, to be extended with the command issued at the ICS operator device.

6.7 Compatibility Testing

We tested our devices on the Electric Power and Intelligent Control (EPIC) testbed [32]. EPIC is a smart power grid testbed (open to external access), which includes generation, transmission, microgrid, and smart home components. Each of the four segments of EPIC has its PLCs, IEDs, and communication systems in a fiber-optic ring network. The EPIC testbed utilizes IEC 61850 MMS and GOOSE protocols as summarized in [36]. The demo of both the F2-Proand its authenticator working on EPIC is shown in [25].

For the compatibility testing, we connected our F2-Prodevices into the generation segment (as seen in Figure 9) of the testbed for adding and verifying the cryptographic evidence as defined in Section 3. We demonstrated compatibility with the smart grid devices and network in the testbed for IEC 61850 MMS and GOOSE communication.

As with most ICSs, the EPIC testbed has a fixed topology and expected routing paths for messages. In systems with dynamically updated routing paths, certain path verification checks can still be performed with F2-Pro. If the nodes securely share their dynamically updated routing tables with each other, the destination device can verify if the message followed the right path for the given routing setting.

6.8 Evaluation

We first evaluate the core F2-Profunctions and then the two-factor authentication. Our evaluation focuses on F2-Pro’s time overhead, including the time spent on cryptographic calculations, other packet-processing operations, and the end-to-end delay when deploying our implementation in a smart-grid-like network environment. We vary the hash functions and key sizes used by F2-Proand compare it with the overhead of the public-key encryption scheme of RSA. We also report the message size overhead of F2-Proand the throughput of our implementation. All results are the average of 1,000 runs. Time Spent on Cryptographic Hash Calculations and Other Packet-processing Operations: Figure 10(a) and Figure 10(b) show the breakdown of the time spent for each operation during Initiate and Witness, respectively. The performance overhead for Extend is similar to Witness and thus omitted to save space. As can be seen, the time spent on the cryptographic hash operation is very short (i.e., less than 40 microseconds even for HMAC construction with SHA512), even when implemented on a low-cost embedded device [23]. In fact, it only constitutes a small fraction of the overall packet processing latency. Other necessary operations (such as preparing, creating, and sending the data packets) take significantly longer time than the cryptographic operations. Note that Initiate takes less time than Witness. This is because Initiate only processes a packet once, while Witness needs to receive/process/send a packet twice—first for the incoming packet to its associated smart grid device, and again for the processed packet leaving the associated device. In comparison, Figure 10(c) shows the overheads for signing a packet using RSA signatures. We have employed the OpenSSL library [37] to sign the same amount of data that we require in our setting. With the key size of 2,048 bits—which is the minimum of the ones considered secure—and with SHA256 as the digest function, the signing operation alone takes 8 ms and dominates the other packet processing operations. Thus, it is obvious that they are not suitable for use in time-stringent operations (e.g., those requiring an end-to-end delay of a few milliseconds). Figure 10(d) shows the time spent for all the four core operations by F2-Proon BeagleBoard [23]. As the figure shows, the time overheads of F2-Prooperations remain low regardless of the hash function employed. Figure 10(e) shows the time spent by F2-Profor the hashing operations for the cryptographic evidence or the verification using different key sizes. In our implementation, the AT is stored by the destination F2-Prodevice, so the time spent for verification does not change with the key size. The other three operations compute ATs on the fly using the secret keys, and hence the time consumed increases with the key size. Figure 10(f) shows the overall time spent by F2-Proto perform each operation for different key sizes. Again, there is little increase in the overall time overhead with the increase of the secret keys utilized. Overall, F2-Pro’s latency is low enough when paired with practically secure key size and hash function.

Communication Overhead: The communication overhead is very minimal at 320 bits (h: 256 bits in the case of SHA256 and ts: 64 bits) per packet, and most importantly, its size remains the same regardless of the hop count.

Throughput Measurements: Figure 10(g) shows throughput measurements of F2-Proalso on a BeagleBoard, using iperf over TCP with message size 1,514 Bytes and with different computational latency added. The Initiate operation takes 140 to 160 usec as shown in Figure 10(a). Therefore, as seen in Figure 10(g), the F2-Proon BeagleBoard can support 39.5 MBits/s at a source F2-Pro. And the Witness operation takes 280 to 300 usec, shown in Figure 10(b); therefore, the BeagleBoard can support 27 MBits/s at an intermediate device. This translates to 3,420 packets per second for the Initiate operation and 2,337 packets per second for the Witness operation. The computation time needed for the Verify operation and to support multicast can be longer, but F2-Procan still sustain about 866 packets per second throughput when each packet incurs an extra 1 ms of computation time. In addition, our packet throughput measurement is a conservative lower bound since the packet sizes in both MMS and GOOSE are usually smaller than 1,514 Bytes. Therefore, the throughput of F2-Proon BeagleBoard is sufficient for typical traffic intensity.

End-to-end Latency Overhead: To measure the end-to-end latency overhead introduced by F2-Pro, we set up a controlled environment using virtual machines for multiple hops. The total time overhead introduced by F2-Prois shown in Table 3. The overhead is measured as the difference between the original end-to-end latency of the system without F2-Prodevices and that of a system where an F2-Prodevice is attached to each device along the path. While the no-hop case only involves F2-Prodevices initiating and verifying, in the other cases the intermediate nodes are witnessing. The overall latency for no hop, which corresponds to the most latency-stringent scenarios, is low enough to meet the 2 ms message delivery time requirement. The cases with more than two hops are for SCADA communication and the time stringency is not as strict as those with one or no hops (see Table 1), and the added latency is not significant.

Table 3.

no hop	1 hop	2 hops	3 hops	4 hops
\(\lt\)0.7ms	\(\lt\)1.7ms	\(\lt\)2.6ms	\(\lt\)3.5ms	\(\lt\)4.5ms

View Table

Table 3. Extra End-to-end Latency Introduced by F2-Pro

6.8.1 Multi-factor Authentication.

Generating an OTP: For a single destination generating an OTP takes between 300 and 800 usec depending on the processor activity of the phone at the time of computation. When OTPs for multiple destinations are computed, each computation will be done at faster speeds. For instance, it takes around 10 ms to calculate OTPs for 20 destinations. While the computation takes negligible amounts of time, considering that the authenticator will be used by a human, if the QR code transfer method is chosen, then it takes the application 1.7 sec to generate a QR code. On the other hand, generating the NFC tag takes 10 ms.

Regarding the readability of the QR code, we tested OTP up to 10 destinations, where the authenticator transfers 256 bits per destination. Even with the camera implemented on a commodity laptop, the corresponding QR code displayed on a full-HD smartphone screen was readable without any issue. While there are other similar implementations, a conventional QR code can carry 2,953 Bytes of data. If more data are to be transferred, then multiple QR codes may be generated; however, this would be troublesome for the user. On the other hand, our other option that employs NFC does not have such limitation since as long as the device touches the NFC reader, we can transfer multiple rounds of data seamlessly.

We tested the setup, including the authenticator running on an Android phone, ICS operator device(a field service device) with the OTP reader module implemented on a commodity laptop, and a verifier module (on BeagleBoard) on the EPIC testbed [32]. The EPIC testbed includes IEDs and PLCs that are compliant with IEC 61850 standards. We ran the IEC 61850 client module on a laptop, which is used as a field service device, and evaluated a case where the field service device with the authenticator can send a control command to a target PLC. The bump-in-the-wire verifier module was placed in front of the PLC to perform authentication before the command reaches the destination PLC (see Figure 9).

Verification at the Destination and Bandwidth: Table 4 shows the verification times at the BITWdevice before the destination under different user authentication settings. No hop is the case where the ICS operator device(e.g., a field service device) is directly connected to the switch to which the destination devices are connected through the BITWdevices. This example represents the shortest provenance chain. The three-hop case, on the other hand, represents the blue dashed line example in Figure 6. There are two main inferences regarding Table 4. First, both a simple username/password authentication and our multi-factor authentication increase the provenance chain length by one, causing almost the same verification overhead at the destination. Second, if the verification time is higher (e.g., a public key scheme), it affects the throughput of the BITWdevice before the destination drastically. For instance, even though the verification overhead of the RSA signature scheme is considerably lower than signing, it still constitutes most of the verification process, even when verifying a provenance chain.

Table 4.

	No Hop		Three Hops
Method Used	Verification Time (\(\mu\)s)	Bandwidth (Mbps)	Verification Time (\(\mu\)s)	Bandwidth (Mbps)
No user authentication	40	67	160	40
Username/password authentication	80	56	200	36
Our multi-factor authentication	80	56	200	36
RSA-2048 based multi-factor authentication	340	26	450	19

View Table

Table 4. Verification Time and Its Effect on the BITWDevice Bandwidth

7 RELATED WORK

We present the related work under three subsections. First, we explore the techniques to facilitate provenance verification, and then, we probe the bump-in-the-wire approach and conclude the section with the related work and concepts for multi-factor authentication.

7.1 Provenance Verification

Several schemes employ public key infrastructure and ameliorate it for path authentication with aggregate signatures [38, 39]. Aggregate signature enables multiple senders to sign different messages without increasing the signature size. To reduce computation and communication complexity, techniques such as signature amortization [40] and the space-efficient techniques of aggregate signatures [41, 42] have been proposed. However, under stringent latency constraints in ICSs, they are no longer options. Due to latency constraints, the IEC 62351-6 standard [43] recommends MAC-based solutions [44, 45] for message authentication, but these schemes do not focus on message provenance. Therefore, we use the aggregate MACs formally introduced by Katz and Lindell [6] as a primitive in our construction. [46, 47] provide certain public key guarantees with tradeoffs; however, they also lack efficient extension for provenance verification. Path verification in the smart grid context was explored in [48], but it focused on demand response services, which are less latency stringent. Certain schemes use blockchain to provide data provenance [49, 50] in energy systems but lack a fast message provenance scheme.

7.2 Bump-in-the-wire Approach

BITWsecurity solutions have been proposed for ICS systems, as they enable easy deployment and updating of security mechanisms without requiring major upgrades or replacements on existing ICS devices [18]. Closely related to our work are BITWsolutions for implementing confidentiality and integrity protection, such as [18, 19, 20]. [18, 19] deploys BITWdevices at each end of the communication, which are responsible for adding security metadata (e.g., MAC) at the sender side and verifying and stripping it at the other end. While our focus is on the provenance of ICS messages, ours also adopts a similar deployment model to maintain compatibility with legacy ICS devices. Unfortunately, all of these do not consider end-to-end path verification in a multi-hop network. In ICSs, multi-hop communication is common and often involves protocol translation or checking middleboxes. Thus, we aim to provide provenance checking, including path verification.

7.3 Multi-factor Authentication

The main factors of user authentication used today are what a user has (e.g., a hardware token, a sim card to send an SMS) and what a user is (e.g., fingerprint, iris) as an addition to the memorized username and password [51]. Asking the user for a shared secret is another common practice (e.g., a pre-decided photo from a list of photos), but it is not comparable to other methods regarding the added security provided. While many of the above applications increase the bar for an attacker, they have generally been implemented by employing a trusted third party. Some examples are a server issuing a smart card [52], a server knowing all shared information between a smartphone and itself so that necessary information can be generated to be verified at the server [53], and the server generating and sending the code to the user [54].

It is a common understanding that the conventional username/password authentication alone is not considered secure [55, 56, 57]. This has led to several commercial solutions for two-factor authentication, such as RSA’s SecurID [58] that works with SMS, e-mail, hardware, and software tokens; Google Duo [59] that works via U2F [60] USB device, phone calls, and mobile applications; and Symantec VIP [61] that uses hardware tokens, smartphones, and biometrics.

Kogan et al. proposed a scheme based on Lamport’s one-time password authentication scheme [62], which has evolved in time under the name S/Key [63]. In their design, a central server is considered to verify all authentication requests. The authors, therefore, place emphasis on requiring no secrets stored on the server; however, since in an ICS setup the verifiers are fully distributed and an attack on the server that can expose all second factors for all users is not the main concern, the added overheads are not justifiable in our case. Our focus is on a quickly verifiable and thus symmetric-key-based (unlike public key-based approaches [64, 65]), and a multi-factor authentication mechanism that first does not depend on any third party or centralized online entity and second works in harmony with our provenance verification scheme tailored for an ICS environment.

8 CONCLUSION

In this work, we have proposed a practical provenance verification solution for industrial control systems. We have provided the formal definitions and cryptographic proofs. Our solution protects ICSs against commonly encountered attacks by restricting the attacker’s entry points to the system and ensuring that the messages go through in-place security mechanisms. Our solution is legacy compliant and supports multi-factor authentication for field service personnel. We demonstrated it in a controlled environment [24] and a smart power grid testbed [25], with a sub-millisecond overhead per network hop.

ACKNOWLEDGMENTS

We would like to express our gratitude to Mohammad Etemad and Alptekin Küpçü for the valuable discussions.

This research is supported by the National Research Foundation, Prime Minister’s Office, Singapore under its Campus for Research Excellence and Technological Enterprise (CREATE) programme.

Footnotes

¹ In any given path from the source to the destination, all nodes (\(l_i\)) share pairwise symmetric keys with the destination, denoted as AT\(_{iD}\). To improve readability, we will refer to the secret key shared between any node i and the destination as SK\(_{l_i}\).
Footnote

REFERENCES

[1] Esiner Ertem, Mashima Daisuke, Chen Binbin, Kalbarczyk Zbigniew, and Nicol David. 2019. F-Pro: A fast and flexible provenance-aware message authentication scheme for smart grid. In 2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm’19). IEEE, 1–7.Google ScholarCross Ref
[2] Response Symantec Security. 2014. ShellShock: All you need to know about the Bash Bug vulnerability. Retrieved June 8, 2018, from https://www.symantec.com/connect/blogs/shellshock-all-you-need-know-about-bash-bug-vulnerabilityGoogle Scholar
Navigate to
Reference 1
Reference 2
Reference 3
Reference 4
[3] Zetter Kim. 2016. Inside the Cunning, Unprecedented Hack of Ukraineâ€™s Power Grid. http://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/Google Scholar
Reference
[4] Luc Moreau, Paul Groth, Simon Miles, Javier Vazquez-Salceda, John Ibbotson, Sheng Jiang, Steve Munroe, Omer Rana, Andreas Schreiber, Victor Tan, and Laszlo Varga. 2008. The provenance of electronic data. Communications of the ACM 51, 4 (2008), 52–58.Google ScholarDigital Library
Reference
[5] Tefek Utku, Esiner Ertem, Mashima Daisuke, and Hu Yih-Chun. 2022. Analysis of message authentication solutions for IEC 61850 in substation automation systems. (Accepted for publication). In IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm’22). 1–7.Google ScholarCross Ref
Reference
[6] Katz Jonathan and Lindell Andrew Y.. 2008. Aggregate message authentication codes. In Topics in Cryptology (CT-RSA’08): The Cryptographers’ Track at the RSA Conference 2008, Proceedings. Springer, 155–169.Google ScholarDigital Library
Reference 1Reference 2Reference 3
[7] Williams Theodore J.. 1994. The Purdue enterprise reference architecture. Computers in Industry 24, 2–3 (1994), 141–158.Google ScholarDigital Library
Reference
[8] Maynard Peter, McLaughlin Kieran, and Haberler Berthold. 2014. Towards understanding man-in-the-middle attacks on IEC 60870-5-104 SCADA networks. In Proceedings of the 2nd International Symposium on ICS & SCADA Cyber Security Research 2014. BCS, 30–42.Google ScholarDigital Library
Reference
[9] Yang Yi, McLaughlin Kieran, Littler Timothy, Sezer Sakir, Im Eul Gyu, Yao Z. Q., Pranggono B, and Wang H. F.. 2012. Man-in-the-middle attack test-bed investigating cyber-security vulnerabilities in smart grid SCADA systems. In International Conference on Sustainable Power Generation and Supply (SUPERGEN’12). IET, 1–8.Google ScholarCross Ref
Reference
[10] Liu Yao, Ning Peng, and Reiter Michael K.. 2011. False data injection attacks against state estimation in electric power grids. ACM Transactions on Information and System Security (TISSEC) 14, 1 (2011), 13.Google ScholarDigital Library
Reference
[11] (NESCOR) National Electric Sector Cybersecurity Organization Resource. 2013. Electric sector failure scenarios and impact analyses.Google Scholar
Reference 1Reference 2Reference 3
[12] Joe Slowik. 2019. Crashoverride: Reassessing the 2016 ukraine electric power event as a protection-focused attack. Dragos, Inc (2019).Google Scholar
Reference
[13] Robert M. Lee, Michael J. Assante, and Tim Conway. 2016. Analysis of the cyber attack on the ukrainian power grid. USA: Electricity Information Sharing and Analysis Centre (E-ISAC). (2016).Google Scholar
Reference
[14] TC57 IEC. 2015. IEC 61850-90-2 TR: Communication networks and systems for power utility automation - part 90-2: Using IEC 61850 for the communication between substations and control centres. In International Electro Technical Commission Std.Google Scholar
Navigate to
Reference 1
Reference 2
Reference 3
Reference 4
Reference 5
Reference 6
[15] Mraz Jared and Gray Keith. 2015. Demonstrating the flexibility provided by GOOSE messaging for protection and control applications in an industrial power system. In Proceedings of the 42nd Annual Western Protective Relay Conference.Google Scholar
Reference
[16] Society IEEE Power and Energy. 2004. IEEE standard communication delivery time performance requirements for electric power substation automation.Google Scholar
Reference 1Reference 2
[17] Energy Department of. 2010. Communications Requirements of Smart Grid Technologies. Retrieved June 8, 2018, from https://www.energy.gov/gc/downloads/communications-requirements-smart-grid-technologiesGoogle Scholar
Reference 1Reference 2
[18] Tsang Patrick P. and Smith Sean W.. 2008. YASIR: A low-latency, high-integrity security retrofit for legacy SCADA systems. In IFIP International Information Security Conference. Springer, 445–459.Google ScholarCross Ref
Navigate to
Reference 1
Reference 2
Reference 3
Reference 4
[19] Wright Andrew K., Kinast John A., and McCarty Joe. 2004. Low-latency cryptographic protection for SCADA communications. In International Conference on Applied Cryptography and Network Security. Springer, 263–277.Google ScholarCross Ref
Reference 1Reference 2Reference 3
[20] Castellanos John Henry, Antonioli Daniele, Tippenhauer Nils Ole, and Ochoa Martín. 2017. Legacy-compliant data authentication for industrial control system traffic. In Proceedings of the Conference on Applied Cryptography and Network Security (ACNS’17). DOI:Google ScholarCross Ref
Reference 1Reference 2
[21] Sabraoui Mehdi, Hieb Jeffrey, Lauf Adrian, and Graham James. 2019. Modeling and machine-checking bump-in-the-wire security for industrial control systems. In International Conference on Critical Infrastructure Protection. Springer, 271–288.Google ScholarCross Ref
Reference
[22] Katz Jonathan and Lindell Yehuda. 2020. Introduction to Modern Cryptography. CRC Press.Google ScholarCross Ref
Reference 1Reference 2
[23] 2022. BeagleBoard-X15. Retrieved May 17, 2022, from https://beagleboard.org/x15Google Scholar
Navigate to
Reference 1
Reference 2
Reference 3
Reference 4
Reference 5
[24] 2022. Message Authentication and Provenance Verification for Industrial Control Systems. YouTube. Retrieved November 25, 2022, from https://youtu.be/aOLKykAe3Xg/Google Scholar
Reference 1Reference 2
[25] 2022. F-Pro and its authenticator on EPIC. YouTube Retrieved November 25, 2022, from https://youtu.be/PfHEcSXJaKQ/Google Scholar
Reference 1Reference 2Reference 3
[26] Piètre-Cambacédès Ludovic and Sitbon Pascal. 2008. Cryptographic key management for SCADA systems-issues and perspectives. In 2008 International Conference on Information Security and Assurance (ISA’08). IEEE, 156–161.Google Scholar
Reference
[27] Needham Roger M. and Schroeder Michael D.. 1978. Using encryption for authentication in large networks of computers. Communications of the ACM 21, 12 (1978), 993–999.Google ScholarDigital Library
Reference
[28] Denning Dorothy E. and Sacco Giovanni Maria. 1981. Timestamps in key distribution protocols. Communications of the ACM 24, 8 (1981), 533–536.Google ScholarDigital Library
Reference
[29] Abadi Martin and Needham Roger. 1996. Prudent engineering practice for cryptographic protocols. IEEE Transactions on Software Engineering 22, 1 (1996), 6–15.Google ScholarDigital Library
Reference
[30] Lowe Gavin. 1995. An attack on the Needham-Schroeder public- key authentication protocol. Information Processing Letters 56, 3 (1995), 131–133.Google ScholarDigital Library
Reference
[31] Gunathilaka Prageeth, Mashima Daisuke, and Chen Binbin. 2016. Softgrid: A software-based smart grid testbed for evaluating substation cybersecurity solutions. In Proceedings of the 2nd ACM Workshop on Cyber-physical Systems Security and Privacy. ACM, 113–124.Google ScholarDigital Library
Reference
[32] iTrust, Singapore University of Technology and Design (SUTD). 2018. Electric Power and Intelligent Control (EPIC) Testbed. Retrieved February 12, 2019, from https://itrust.sutd.edu.sg/testbeds/electric-power-intelligent-control-epic/Google Scholar
Reference 1Reference 2Reference 3
[33] 2019. Zxing Library. Retrieved March 4, 2019, from https://github.com/zxing/zxing/Google Scholar
Reference
[34] Google LLC, Open Handset Alliance. 2019. CardEmulation Library. Retrieved March 4, 2019, from https://developer.android.com/reference/android/nfc/cardemulation/CardEmulation/Google Scholar
Reference
[35] Advanced Card Systems Ltd. 2019. ACR122U USB NFC Reader. Retrieved March 4, 2019, from https://www.acs.com.hk/en/products/3/acr122u-usb-nfc-reader/Google Scholar
Reference
[36] Siddiqi Ahnaf, Tippenhauer Nils Ole, Mashima Daisuke, and Chen Binbin. 2018. On practical threat scenario testing in an electric power ICS testbed. In Proceedings of the Cyber-physical System Security Workshop (CPSS’18), Co-located with ASIACCS. DOI:Google ScholarDigital Library
Reference
[37] Viega John, Messier Matt, and Chandra Pravir. 2002. Network Security with OpenSSL: Cryptography for Secure Communications. O’Reilly Media, Inc.Google Scholar
Reference
[38] Boneh Dan, Gentry Craig, Lynn Ben, and Shacham Hovav. 2003. Aggregate and verifiably encrypted signatures from bilinear maps. In Advances in Cryptology (EUROCRYPT’03), Biham Eli (Ed.). Springer, Berlin,416–432.Google Scholar
Reference
[39] Lu Steve, Ostrovsky Rafail, Sahai Amit, Shacham Hovav, and Waters Brent. 2006. Sequential aggregate signatures and multisignatures without random oracles. In Advances in Cryptology (EUROCRYPT’06), Vaudenay Serge (Ed.). Springer, Berlin, 465–485.Google Scholar
Reference
[40] Zhao Meiyuan, Smith Sean W., and Nicol David M.. 2005. Aggregated path authentication for efficient BGP security. In Proceedings of the 12th ACM Conference on Computer and Communications Security. ACM, 128–138.Google ScholarDigital Library
Reference
[41] Boneh Dan, Gentry Craig, Lynn Ben, and Hovav Shacham. 2003. A survey of two signature aggregation techniques. RSA Cryptobytes 6, 2 (2003), 1–10.Google Scholar
Reference
[42] Boneh Dan, Gentry Craig, Lynn Ben, and Shacham Hovav. 2003. Aggregate and verifiably encrypted signatures from bilinear maps. In Advances in Cryptology (EUROCRYPT’03): International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 416–432.Google ScholarCross Ref
Reference
[43] International Electrotechnical Commission. 2020. Power systems management and associated information exchange-Data and communications security-Part 6: Security for IEC 61850.Google Scholar
Reference
[44] Hussain S. M. Suhail, Farooq Shaik Mullapathi, and Ustun Taha Selim. 2019. Analysis and implementation of message authentication code (MAC) algorithms for GOOSE message security. IEEE Access 7 (2019), 80980–80984.Google ScholarCross Ref
Reference
[45] Rodríguez Mikel, Astarloa Armando, Lázaro Jesús, Bidarte Unai, and Jiménez Jaime. 2018. System-on-programmable-chip AES-GCM implementation for wire-speed cryptography for SAS. In 2018 Conference on Design of Circuits and Integrated Systems (DCIS’18). IEEE, 1–6.Google ScholarCross Ref
Reference
[46] Esiner Ertem, Tefek Utku, Erol Hasan S. M., Mashima Daisuke, Chen Binbin, Hu Yih-Chun, Kalbarczyk Zbigniew, and Nicol David M.. 2022. Lomos: Less-online/more-offline signatures for extremely time-critical systems. IEEE Transactions on Smart Grid 13, 4 (2022), 3214–3226.Google ScholarCross Ref
Reference
[47] Tefek Utku, Esiner Ertem, Mashima Daisuke, Chen Binbin, and Hu Yih-Chun. 2022. Caching-based multicast message authentication in time-critical industrial control systems. In IEEE Conference on Computer Communications (IEEE INFOCOM’22). IEEE, 1039–1048.Google ScholarDigital Library
Reference
[48] Mashima Daisuke, Herberg Ulrich, and Chen Wei-Peng. 2014. Enhancing demand response signal verification in automated demand response systems. In 2014 Innovative Smart Grid Technologies Conference (ISGT’14). 1–5.Google ScholarCross Ref
Reference
[49] Gao Jianbin, Asamoah Kwame Omono, Sifah Emmanuel Boateng, Smahi Abla, Xia Qi, Xia Hu, Zhang Xiaosong, and Dong Guishan. 2018. GridMonitoring: Secured sovereign blockchain based monitoring on smart grid. IEEE Access 6 (2018), 9917–9925.Google ScholarCross Ref
Reference
[50] Alcaraz Cristina, Rubio Juan E., and Lopez Javier. 2020. Blockchain-assisted access for federated smart grid domains: Coupling and features. Journal of Parallel and Distributed Computing 144 (2020), 124–135.Google ScholarCross Ref
Reference
[51] Johansson Jesper Mikael, Canavor Darren Ernest, Hitchcock Daniel Wade, and Bhimanaik Bharath Kumar. 2018. Approaches for providing multi-factor authentication credentials. (Jan. 92018). US Patent 9,864,852.Google Scholar
Reference
[52] Yang Guomin, Wong Duncan S., Wang Huaxiong, and Deng Xiaotie. 2008. Two-factor mutual authentication based on smart cards and passwords. Journal of Computer and System Sciences 74, 7 (2008), 1160–1172. DOI:Google ScholarDigital Library
Reference
[53] Aloul F., Zahidi S., and El-Hajj W.. 2009. Two factor authentication using mobile phones. In Proceedings of the IEEE/ACS International Conference on Computer Systems and Applications (AICCSA’09). 641–644. DOI:Google ScholarCross Ref
Reference
[54] Google LLC. 2022. [Google] About 2-Step Verification. Retrieved March 7, 2022, from https://support.google.com/accounts/answer/180744?hl=en&ref_topic=1099588/Google Scholar
Reference
[55] Bonneau Joseph and Preibusch Sören. 2010. The password thicket: Technical and market failures in human authentication on the web. In WEIS.Google Scholar
Reference
[56] Lee Mathews. 2022. File with 1.4 Billion Hacked and Leaked Passwords Found on the Dark Web. Forbes. Retrieved March 7, 2022, from https://www.forbes.com/sites/leemathews/2017/12/11/billion-hacked-passwords-dark-web/#38f0abf521f2/Google Scholar
Reference
[57] Alistair Charlton. 2022. iCloud accounts at risk of brute force attack as hacker exploits “painfully obvious” password flaw. IBTimes. Retrieved March 7, 2022, from https://www.ibtimes.co.uk/icloud-accounts-risk-brute-force-attack-hacker-exploits-painfully-obvious-password-flaw-1481623/Google Scholar
Reference
[58] RSA Security LLC. 2022. RSA SecurID Suite. Retrieved March 7, 2022 from https://www.rsa.com/products/securid/Google Scholar
Reference
[59] Google LLC. 2022. GoogleDuo. Retrieved November 21, 2022, from https://duo.com/product/trusted-users/two-factor-authentication/Google Scholar
Reference
[60] Fast IDentity Online (FIDO) Alliance. 2022. U2F (open authentication standard). Retrieved March 7, 2022, from https://www.yubico.com/solutions/fido-u2f/Google Scholar
Reference
[61] Gen Digital Inc. 2022. Symantec VIP. Retrieved March 7, 2022, from https://vip.symantec.com/Google Scholar
Reference
[62] Lamport Leslie. 1981. Password authentication with insecure communication. Communications of the ACM 24, 11 (1981), 770–772.Google ScholarDigital Library
Reference
[63] Haller Neil. 1995. The S/KEY one-time password system. Request for Comments: 1760.Google Scholar
Reference
[64] Esiner Ertem and Datta Anwitaman. 2016. Layered security for storage at the edge: On decentralized multi-factor access control. In Proceedings of the 17th International Conference on Distributed Computing and Networking. ACM, 9.Google ScholarDigital Library
Reference
[65] Esiner Ertem and Datta Anwitaman. 2019. Two-factor authentication for trusted third party free dispersed storage. Future Generation Computer Systems 90 (2019), 291–306.Google ScholarCross Ref
Reference

Index Terms

Message Authentication and Provenance Verification for Industrial Control Systems

Recommendations

Caching-based Multicast Message Authentication in Time-critical Industrial Control Systems
IEEE INFOCOM 2022 - IEEE Conference on Computer Communications
Attacks against industrial control systems (ICSs) often exploit the insufficiency of authentication mechanisms. Verifying whether the received messages are intact and issued by legitimate sources can prevent malicious data/command injection by ...
Read More
Group message authentication
SCN'10: Proceedings of the 7th international conference on Security and cryptography for networks

Group signatures is a powerful primitive with many practical applications, allowing a group of parties to share a signature functionality, while protecting the anonymity of the signer. However, despite intensive research in the past years, there is ...
Read More
One-Message Unilateral Entity Authentication Schemes
ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security

A one-message unilateral entity authentication scheme allows one party, called the prover, to authenticate himself, i.e., to prove his identity, to another party, called the verifier, by sending a single authentication message.

In this paper we consider ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Cyber-Physical Systems Volume 7, Issue 4
October 2023
199 pages
ISSN:2378-962X
EISSN:2378-9638
DOI:10.1145/3627765
Editor:
Chenyang Lu
Washington University in St. Louis, USA
Issue’s Table of Contents
Copyright © 2023 Copyright held by the owner/author(s).
This work is licensed under a Creative Commons Attribution-NonCommercial International 4.0 License
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States

Journal Family
ACM Journals for the Design of Smart and Connected Systems
Publication History
- Published: 14 October 2023
- Online AM: 6 July 2023
- Accepted: 25 June 2023
- Revised: 16 May 2023
- Received: 28 November 2022
Published in tcps Volume 7, Issue 4

Check for updates
Author Tags
Message authentication
verifiable
provenance
digital signature
hash chain
signature aggregation
cyberphysical system
Bump-in-the-wire
multi-factor authentication
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 971
  Total Downloads
- Downloads (Last 12 months)971
- Downloads (Last 6 weeks)232
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Message Authentication and Provenance Verification for Industrial Control Systems

ACM Transactions on Cyber-Physical Systems

Abstract

1 INTRODUCTION

2 BACKGROUND, THREATS, AND GOALS

2.1 Overview of Industrial Control Systems

2.2 Cybersecurity Threats and Attack Model against Industrial Control Systems

2.3 Substation Automation and Remote Control in Smart Grid

2.4 Design Goals

3 PROVENANCE VERIFICATION

3.1 Model and Algorithms

3.2 Construction Overview

3.3 F2-ProConstruction

4 DEFINITIONS, CORRECTNESS, AND SECURITY

4.1 Algorithm Definitions

4.2 Protocol Correctness

4.3 Correctness Proof

4.4 Security Proof

5 MULTI-FACTOR AUTHENTICATION WITH F2-PRO

5.1 Provenance Chain Starting from the Human User

5.2 Starting the Chain with a Public-key-based Scheme

5.3 Limiting the Scope of Authentication

5.4 Policy Enforcement at Verifier

6 SECURITY DISCUSSION, IMPLEMENTATION, AND EVALUATION

6.1 Attacks Countered by F2-Pro

6.2 Dependability; Failure of an F2-ProDevice or Its Network Connectivity

6.3 Verification Key Security

6.4 Key Management

6.5 Attacks Countered by Multi-factor Authentication

6.6 Implementation

6.6.1 The Bump-in-the-wire Device for F2-Pro.

6.6.2 The Authenticator Device.

6.7 Compatibility Testing

6.8 Evaluation

6.8.1 Multi-factor Authentication.

7 RELATED WORK

7.1 Provenance Verification

7.2 Bump-in-the-wire Approach

7.3 Multi-factor Authentication

8 CONCLUSION

ACKNOWLEDGMENTS

Footnotes

REFERENCES

Cited By

Index Terms

Recommendations

Caching-based Multicast Message Authentication in Time-critical Industrial Control Systems

Group message authentication

One-Message Unilateral Entity Authentication Schemes

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Journal Family

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media