Engineering security-aware control applications for data authentication in smart industrial cyber–physical systems

The massive proliferation of sophisticated technologies into the heart of traditional Industrial Control Systems has given birth to “smart Industrial Cyber–Physical Systems” (ICPS). While this industrial revolution has brought upon a wide range of advantages, it also raised new design challenges and exposed ICPS to a new breed of cyber–physicalattacks. This paper aims to integrate security primitives (e.g., enforcing/verifying data authenticity) in control applications by formulating an innovative architectural paradigm shift. More specifically, our proposal is twofold. We elaborate a novel security-aware control application, which: (i) defines a new control application architecture embracing two security primitives that are called at the beginning and at the end of each program to verify and to enforce the required security properties; and (ii) runs the key management code as a separate program in order to isolate its implementation and to ensure its minimal interference with the rest of the programs. Then, we design a lightweight key distribution protocol exploiting the characteristics and computational advantages of symmetric key cryptography and hash functions. Extensive experimental results on a testbed replicating the precise hardware and software of a node from a Romanian gas transportation network, demonstrate the effectiveness of the proposed scheme and its applicability to resource-constrained ICPS.