Engineering security-aware control applications for data authentication in smart industrial cyber-physical systems

The massive proliferation of sophisticated technologies into the heart of traditional Industrial Control Systems has given birth to “smart Industrial Cyber-Physical Systems” (ICPS). While this industrial revolution has brought upon a wide range of advantages, it also raised new design challenges and exposed ICPS to a new breed of cyber-physicalattacks. This paper aims to integrate security primitives (e.g., enforcing/verifying data authenticity) in control applications by formulating an innovative architectural paradigm shift. More specifically, our proposal is twofold. We elaborate a novel security-aware control application, which: (i) defines a new control application architecture embracing two security primitives that are called at the beginning and at the end of each program to verify and to enforce the required security properties; and (ii) runs the key management code as a separate program in order to isolate its implementation and to ensure its minimal interference with the rest of the programs. Then, we design a lightweight key distribution protocol exploiting the characteristics and computational advantages of symmetric key cryptography and hash functions. Extensive experimental results on a testbed replicating the precise hardware and software of a node from a Romanian gas transportation network, demonstrate the effectiveness of the proposed scheme and its applicability to resource-constrained ICPS.