Abstract
Programmable Logic Controllers (PLCs) are control devices widely used in industrial automation. They can be found in critical infrastructures like power grids, water systems, nuclear plants, manufacturing systems, etc. This paper introduces PLCrypto, a software cryptographic library that implements lightweight symmetric cryptographic algorithms for PLCs using a standard PLC programming language called structured text (ST). To the best of our knowledge, PLCrypto is the first ST-based cryptographic library that is executable on commercial off-the-shelf PLCs. PLCrypto includes a wide range of commonly used algorithms, totaling ten algorithms, including one-way functions, message authentication codes, hash functions, block ciphers, and pseudo-random functions/generators. PLCrypto can be used to protect the confidentiality and integrity of data on PLCs without additional hardware or firmware modification. This paper also presents general optimization methodologies and techniques used in PLCrypto for implementing primitive operations like bit-shifting/rotation, substitution, and permutation. The optimization tricks we distilled from our practice can also guide future implementation of other computationheavy programs on PLCs. To demonstrate a use case of PLCrypto in practice, we further realize a cryptographic protocol called proof of aliveness as a case study. We benchmarked the algorithms and protocols in PLCrypto on a commercial PLC, Allen Bradley ControlLogix 5571, which is widely used in the real world. Also, we make our source codes publicly available, so plant operators can freely deploy our library in practice.
Highlights
It is indisputable that the Industrial Internet of Things (IIoT) adoption in industrial control systems or critical infrastructures has excellent potential in the future
Given the above security analysis against tag manipulation attacks, we summarize the minimal software and hardware features required for securely running PLCrypto as follows: 1. The Programmable logic controllers (PLCs) supports standard structured text (ST) defined by IEC-61131-3; 2
We implemented an efficient and secure cryptographic library PLCrypto for PLC based on ST
Summary
It is indisputable that the Industrial Internet of Things (IIoT) adoption in industrial control systems or critical infrastructures has excellent potential in the future. Suppose attackers are somehow connected to the operational technology network In that case, they can intercept and manipulate the communication (e.g., over Common Industrial Protocol (CIP)) between PLCs and supervisory control and data acquisition (SCADA) servers. To support legacy PLCs in the real world with no extra cost, we propose to secure PLC communications by developing a comprehensive symmetric cryptographic library, PLCrypto, on the control logic layer. To the best of our knowledge, PLCrypto is the first cryptographic library implemented for PLCs using the languages defined in IEC-61131-3 This allows cryptography to be integrated into industrial systems to protect communications without the need for additional hardware or firmware modification. The source codes and user manual of PLCrypto can be freely downloaded at https://github.com/PLCrypto/PLCrypto
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have