Abstract
The SCADA system, which is widely used in the continuous monitoring and control of the physical process of modern critical infrastructure, relies on the feedback control loop. The remote state estimation system triggers the control algorithm or control condition of the controller according to the monitoring data returned by the sensor. The controller sends the control command to the actuator, and the actuator executes the command to control the physical process. Since SCADA system monitoring and control data are usually transmitted through unprotected wireless communication networks, attackers can use false sensor data to trigger control algorithms to make wrong decisions, disrupt the physical processing of the SCADA system, and cause huge economic losses, even casualties. We found an attack strategy based on the sequential logic of sensor data. This kind of attack changes the time logic or sequence logic of the response data, so that the false data detector can be successfully deceived. This would cause the remote state estimation system to trigger wrong control algorithms or control conditions, and eventually disrupt or destroy the physical process. This paper proposes a sequential signature scheme based on the one-time signature to secure the sequential logic and transmission of sensor data. The security analysis proves that the proposed scheme can effectively resist counterfeiting, forgery, denial, replay attacks, and selective forwarding attacks.
Highlights
Supervisory Control And Data Acquisition (SCADA) is a distributed cyber-physical system that seamlessly integrates sensing, communication, computing, and control technologies [1] and provides fine-grained monitoring and control in many key infrastructure fields of the state, such as smart grids, smart transportation, environmental monitoring, and healthcare
The remote state estimation system triggers the control algorithm or control condition of the controller according to the monitoring data returned by the sensor, and sends the control command to the actuator; the actuator executes the command to control the physical process, and forms a closed-loop feedback control system; the operational security of its cyber-physical system highly depends on the network control system [2,3]
Due to the deep interconnection of modern SCADA system equipment and the wide application of information infrastructure, the SCADA system itself is exposed to attackers [4,5]; the standard communication protocols used in general control systems lack identity verification, which enables the vulnerability mining and attack methods of the traditional information security domain to be used in the SCADA system [6]
Summary
Supervisory Control And Data Acquisition (SCADA) is a distributed cyber-physical system that seamlessly integrates sensing, communication, computing, and control technologies [1] and provides fine-grained monitoring and control in many key infrastructure fields of the state, such as smart grids, smart transportation, environmental monitoring, and healthcare. The false data detector can be successfully deceived by changing the time order or sequence order of sensor data, which leads3toof t1h3e remote state estimation system triggering the wrong control algorithm or control conditions to achieve the effect of a sequential logic attack on a control command. Attackers can modify the message in transit, forge any message, or replay the message to trigger control algorithms or control conditions or even catastrophic operations Due to their unique requirements, industrial control systems have strict time requirements and the resources of field devices are usually limited. Public key-based signatures such as the RSA, the digital signature algorithm (DSA), the elliptic curve digital signature algorithm (ECDSA), and message authentication codes (MAC), which are widely used for data integrity verification and some hybrid improvement schemes, fail to meet the industrial control network requirements with limited resources and time sensitivity due to large computation. Sci. 2022, 12, 2259 smart grids [33,34], broadcasting authentication [35,36] in wireless sensor networks, and other aspects
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
