A Trusted-ID Referenced Key Scheme for Securing SCADA Communication in Iron and Steel Plants

Abstract

Supervisory control and data acquisition (SCADA) is a widely implemented structure to achieve remote measurement and control in many iron and steel plants. In traditional consideration, more attention on physical network separation methods is paid to isolate the SCADA system from management network to keep SCADA in a considered ”safe” state. In addition, lots of security solution providers are focusing on the network side security assurance without involving the SCADA communication level protection. This paper investigates a new trusted-ID referenced key scheme for securing SCADA communications efficiently. The advanced encryption standard algorithm is used in the data transmission for its fast calculating speed, and the elliptic curve cryptography digital signature algorithm is used to confirm the data package that is from the right ID which can avoid the measured values and the control instructions to be maliciously modified by attacker. This solution for securing SCADA communication provides an efficient way to protect the data and protocol between the controllers and the remote terminal units (RTUs), and offers an authentication for the communication, which can avoid Man-In-The-Middle attack. Random numbers are used as a session key that can avoid the replay attack. cipher-block chaining mode message authentication code calculation is used to meet the data integrity requirement. Gong Needham Yahalom logic is used to prove the security of this solution, and an example is given to verify its validity.