A layered encryption mechanism for networked critical infrastructures

Abstract

Networked critical infrastructures improve our lives, but they are attractive targets for adversaries. In such infrastructures, to secure sensitive data is vital, as the information system is a foundation of today?s critical infrastructures, and data security is a main concern in such systems. Cryptography is an approach for data security, but this method should be altered according to various features of infrastructure networks. Since complex and distributed critical infrastructures usually spread over large geographic areas, different parts of those infrastructures have different levels of perimeter defense. Devices in weakly protected zones are more likely to be captured than those in well protected zones. If an adversary captures devices, s/he can bypass cyber security measures and obtain secret information directly. Such a threat requires a layered security mechanism that can prevent adversaries from invading the whole infrastructure network from these weak zones. In this article, we propose a layered encryption mechanism based on hash chain technology for protecting sensitive data. Besides showing the layered defense, the mechanism is also lightweight and has convenient key management. It can be used independently or as a supplement to existing security measures. We evaluate performance of the proposed mechanism over different kinds of devices.