A security-hardened appliance for implementing authentication and access control in SCADA infrastructures with legacy field devices

Considerable progress has been made with regard to securing industrial control systems. However, security challenges remain for field devices, and these challenges are compounded by the presence of legacy field devices. This paper describes the design, implementation and performance of a security-hardened, bolt-on, security appliance for legacy field devices. The approach uses a microkernel-based architecture and employs Bloom filters to implement challenge-response authentication and role-based access control for in an in-line field device security pre-processor. The microkernel-based architecture isolates network-interacting software from security-enforcing components, reducing the size of the trusted computing base of the device. Bloom filters provide a fast and constant access time solution for authentication and authorization checks. An analysis of the impact of Bloom filter false positive rates is provided, and it is shown that the false positive rates can be made arbitrarily low. Experimental results are also presented for a prototype device. Security-related computations on the pre-processor take less than one millisecond to perform, indicating that the prototype and the underlying approach are well-suited to a variety of industrial control system environments. Penetration tests demonstrate that the device is robust to attack, except for certain denial-of-service attacks.