Integration of Integrity Enforcing Technologies Into Embedded Control Devices: Experiences and Evaluation

Tobias Rauter, Andrea Holler, Johannes Iber, Michael Krisper, Christian Kreiner

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

Security is a vital property of SCADA systems, especially in critical infrastructure. An important aspect is maintaining (sub-)system integrity in networks of embedded control devices. One technology that is used to achieve this is remote attestation. It is used to prove the integrity of one system (prover) to another (challenger). However, due to the complexity of the maintenance of reference measurement, it is seen as impractical in such constrained distributed systems. In this work, we show how recent advances such as privilege-based attestation enable an architecture that is more feasible to use. Based on real control systems used for hydro-electric power plants, we evaluate the impact of the proposed infrastructure on the device performance and discuss our experiences with the consequences of using such technologies for the production and development processes of such systems.
Original languageEnglish
Title of host publicationProceedings - 2017 IEEE 22nd Pacific Rim International Symposium on Dependable Computing, PRDC 2017
PublisherIEEE Computer Society
Pages155-164
Number of pages10
ISBN (Electronic)9781509056514
ISBN (Print)978-1-5090-5653-8
DOIs
Publication statusPublished - 8 May 2017
Event22nd IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2017 - Christchurch, New Zealand
Duration: 22 Jan 201725 Jan 2017

Conference

Conference22nd IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2017
CountryNew Zealand
CityChristchurch
Period22/01/1725/01/17

Fingerprint

Hydroelectric power plants
Critical infrastructures
SCADA systems
Control systems

Keywords

  • Security
  • Remote Attestation
  • Embedded Control Systems
  • Trusted Computing Architecture
  • Overhead Evaluation

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Computer Science Applications
  • Hardware and Architecture
  • Software

Fields of Expertise

  • Information, Communication & Computing

Cite this

Rauter, T., Holler, A., Iber, J., Krisper, M., & Kreiner, C. (2017). Integration of Integrity Enforcing Technologies Into Embedded Control Devices: Experiences and Evaluation. In Proceedings - 2017 IEEE 22nd Pacific Rim International Symposium on Dependable Computing, PRDC 2017 (pp. 155-164). [10.1109/PRDC.2017.29] IEEE Computer Society. https://doi.org/10.1109/PRDC.2017.29

Integration of Integrity Enforcing Technologies Into Embedded Control Devices: Experiences and Evaluation. / Rauter, Tobias; Holler, Andrea; Iber, Johannes; Krisper, Michael; Kreiner, Christian.

Proceedings - 2017 IEEE 22nd Pacific Rim International Symposium on Dependable Computing, PRDC 2017. IEEE Computer Society, 2017. p. 155-164 10.1109/PRDC.2017.29.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Rauter, T, Holler, A, Iber, J, Krisper, M & Kreiner, C 2017, Integration of Integrity Enforcing Technologies Into Embedded Control Devices: Experiences and Evaluation. in Proceedings - 2017 IEEE 22nd Pacific Rim International Symposium on Dependable Computing, PRDC 2017., 10.1109/PRDC.2017.29, IEEE Computer Society, pp. 155-164, 22nd IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2017, Christchurch, New Zealand, 22/01/17. https://doi.org/10.1109/PRDC.2017.29
Rauter T, Holler A, Iber J, Krisper M, Kreiner C. Integration of Integrity Enforcing Technologies Into Embedded Control Devices: Experiences and Evaluation. In Proceedings - 2017 IEEE 22nd Pacific Rim International Symposium on Dependable Computing, PRDC 2017. IEEE Computer Society. 2017. p. 155-164. 10.1109/PRDC.2017.29 https://doi.org/10.1109/PRDC.2017.29
Rauter, Tobias ; Holler, Andrea ; Iber, Johannes ; Krisper, Michael ; Kreiner, Christian. / Integration of Integrity Enforcing Technologies Into Embedded Control Devices: Experiences and Evaluation. Proceedings - 2017 IEEE 22nd Pacific Rim International Symposium on Dependable Computing, PRDC 2017. IEEE Computer Society, 2017. pp. 155-164
@inproceedings{f4a555d71b6c47ad8f02babe662730bf,
title = "Integration of Integrity Enforcing Technologies Into Embedded Control Devices: Experiences and Evaluation",
abstract = "Security is a vital property of SCADA systems, especially in critical infrastructure. An important aspect is maintaining (sub-)system integrity in networks of embedded control devices. One technology that is used to achieve this is remote attestation. It is used to prove the integrity of one system (prover) to another (challenger). However, due to the complexity of the maintenance of reference measurement, it is seen as impractical in such constrained distributed systems. In this work, we show how recent advances such as privilege-based attestation enable an architecture that is more feasible to use. Based on real control systems used for hydro-electric power plants, we evaluate the impact of the proposed infrastructure on the device performance and discuss our experiences with the consequences of using such technologies for the production and development processes of such systems.",
keywords = "Security, Remote Attestation, Embedded Control Systems, Trusted Computing Architecture, Overhead Evaluation",
author = "Tobias Rauter and Andrea Holler and Johannes Iber and Michael Krisper and Christian Kreiner",
year = "2017",
month = "5",
day = "8",
doi = "10.1109/PRDC.2017.29",
language = "English",
isbn = "978-1-5090-5653-8",
pages = "155--164",
booktitle = "Proceedings - 2017 IEEE 22nd Pacific Rim International Symposium on Dependable Computing, PRDC 2017",
publisher = "IEEE Computer Society",
address = "United States",

}

TY - GEN

T1 - Integration of Integrity Enforcing Technologies Into Embedded Control Devices: Experiences and Evaluation

AU - Rauter, Tobias

AU - Holler, Andrea

AU - Iber, Johannes

AU - Krisper, Michael

AU - Kreiner, Christian

PY - 2017/5/8

Y1 - 2017/5/8

N2 - Security is a vital property of SCADA systems, especially in critical infrastructure. An important aspect is maintaining (sub-)system integrity in networks of embedded control devices. One technology that is used to achieve this is remote attestation. It is used to prove the integrity of one system (prover) to another (challenger). However, due to the complexity of the maintenance of reference measurement, it is seen as impractical in such constrained distributed systems. In this work, we show how recent advances such as privilege-based attestation enable an architecture that is more feasible to use. Based on real control systems used for hydro-electric power plants, we evaluate the impact of the proposed infrastructure on the device performance and discuss our experiences with the consequences of using such technologies for the production and development processes of such systems.

AB - Security is a vital property of SCADA systems, especially in critical infrastructure. An important aspect is maintaining (sub-)system integrity in networks of embedded control devices. One technology that is used to achieve this is remote attestation. It is used to prove the integrity of one system (prover) to another (challenger). However, due to the complexity of the maintenance of reference measurement, it is seen as impractical in such constrained distributed systems. In this work, we show how recent advances such as privilege-based attestation enable an architecture that is more feasible to use. Based on real control systems used for hydro-electric power plants, we evaluate the impact of the proposed infrastructure on the device performance and discuss our experiences with the consequences of using such technologies for the production and development processes of such systems.

KW - Security

KW - Remote Attestation

KW - Embedded Control Systems

KW - Trusted Computing Architecture

KW - Overhead Evaluation

UR - http://www.scopus.com/inward/record.url?scp=85019567914&partnerID=8YFLogxK

U2 - 10.1109/PRDC.2017.29

DO - 10.1109/PRDC.2017.29

M3 - Conference contribution

SN - 978-1-5090-5653-8

SP - 155

EP - 164

BT - Proceedings - 2017 IEEE 22nd Pacific Rim International Symposium on Dependable Computing, PRDC 2017

PB - IEEE Computer Society

ER -