Integration of Integrity Enforcing Technologies Into Embedded Control Devices: Experiences and Evaluation

Tobias Rauter; Andrea Holler; Johannes Iber; Michael Krisper; Christian Kreiner

doi:10.1109/PRDC.2017.29

Integration of Integrity Enforcing Technologies Into Embedded Control Devices: Experiences and Evaluation

Tobias Rauter, Andrea Holler, Johannes Iber, Michael Krisper, Christian Kreiner

Institute of Technical Informatics (4480)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

Security is a vital property of SCADA systems, especially in critical infrastructure. An important aspect is maintaining (sub-)system integrity in networks of embedded control devices. One technology that is used to achieve this is remote attestation. It is used to prove the integrity of one system (prover) to another (challenger). However, due to the complexity of the maintenance of reference measurement, it is seen as impractical in such constrained distributed systems. In this work, we show how recent advances such as privilege-based attestation enable an architecture that is more feasible to use. Based on real control systems used for hydro-electric power plants, we evaluate the impact of the proposed infrastructure on the device performance and discuss our experiences with the consequences of using such technologies for the production and development processes of such systems.

Original language	English
Title of host publication	Proceedings - 2017 IEEE 22nd Pacific Rim International Symposium on Dependable Computing, PRDC 2017
Publisher	IEEE Computer Society
Pages	155-164
Number of pages	10
ISBN (Electronic)	9781509056514
ISBN (Print)	978-1-5090-5653-8
DOIs	https://doi.org/10.1109/PRDC.2017.29
Publication status	Published - 8 May 2017
Event	22nd IEEE Pacific Rim International Symposium on Dependable Computing: PRDC 2017 - Christchurch, New Zealand Duration: 22 Jan 2017 → 25 Jan 2017 Conference number: 22 http://prdc.dependability.org/PRDC2017/

Conference

Conference	22nd IEEE Pacific Rim International Symposium on Dependable Computing
Abbreviated title	PRDC 2017
Country/Territory	New Zealand
City	Christchurch
Period	22/01/17 → 25/01/17
Internet address	http://prdc.dependability.org/PRDC2017/

Keywords

Security
Remote Attestation
Embedded Control Systems
Trusted Computing Architecture
Overhead Evaluation

ASJC Scopus subject areas

Computational Theory and Mathematics
Computer Science Applications
Hardware and Architecture
Software

Fields of Expertise

Information, Communication & Computing

Access to Document

10.1109/PRDC.2017.29

Cite this

Rauter, T., Holler, A., Iber, J., Krisper, M., & Kreiner, C. (2017). Integration of Integrity Enforcing Technologies Into Embedded Control Devices: Experiences and Evaluation. In Proceedings - 2017 IEEE 22nd Pacific Rim International Symposium on Dependable Computing, PRDC 2017 (pp. 155-164). [10.1109/PRDC.2017.29] IEEE Computer Society. https://doi.org/10.1109/PRDC.2017.29

Integration of Integrity Enforcing Technologies Into Embedded Control Devices: Experiences and Evaluation. / Rauter, Tobias; Holler, Andrea; Iber, Johannes et al.

Proceedings - 2017 IEEE 22nd Pacific Rim International Symposium on Dependable Computing, PRDC 2017. IEEE Computer Society, 2017. p. 155-164 10.1109/PRDC.2017.29.

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Rauter, T, Holler, A, Iber, J, Krisper, M & Kreiner, C 2017, Integration of Integrity Enforcing Technologies Into Embedded Control Devices: Experiences and Evaluation. in Proceedings - 2017 IEEE 22nd Pacific Rim International Symposium on Dependable Computing, PRDC 2017., 10.1109/PRDC.2017.29, IEEE Computer Society, pp. 155-164, 22nd IEEE Pacific Rim International Symposium on Dependable Computing, Christchurch, New Zealand, 22/01/17. https://doi.org/10.1109/PRDC.2017.29

@inproceedings{f4a555d71b6c47ad8f02babe662730bf,

title = "Integration of Integrity Enforcing Technologies Into Embedded Control Devices: Experiences and Evaluation",

abstract = "Security is a vital property of SCADA systems, especially in critical infrastructure. An important aspect is maintaining (sub-)system integrity in networks of embedded control devices. One technology that is used to achieve this is remote attestation. It is used to prove the integrity of one system (prover) to another (challenger). However, due to the complexity of the maintenance of reference measurement, it is seen as impractical in such constrained distributed systems. In this work, we show how recent advances such as privilege-based attestation enable an architecture that is more feasible to use. Based on real control systems used for hydro-electric power plants, we evaluate the impact of the proposed infrastructure on the device performance and discuss our experiences with the consequences of using such technologies for the production and development processes of such systems.",

keywords = "Security, Remote Attestation, Embedded Control Systems, Trusted Computing Architecture, Overhead Evaluation",

author = "Tobias Rauter and Andrea Holler and Johannes Iber and Michael Krisper and Christian Kreiner",

year = "2017",

month = may,

day = "8",

doi = "10.1109/PRDC.2017.29",

language = "English",

isbn = "978-1-5090-5653-8",

pages = "155--164",

booktitle = "Proceedings - 2017 IEEE 22nd Pacific Rim International Symposium on Dependable Computing, PRDC 2017",

publisher = "IEEE Computer Society",

address = "United States",

note = "22nd IEEE Pacific Rim International Symposium on Dependable Computing : PRDC 2017, PRDC 2017 ; Conference date: 22-01-2017 Through 25-01-2017",

url = "http://prdc.dependability.org/PRDC2017/",

}

TY - GEN

T1 - Integration of Integrity Enforcing Technologies Into Embedded Control Devices: Experiences and Evaluation

AU - Rauter, Tobias

AU - Holler, Andrea

AU - Iber, Johannes

AU - Krisper, Michael

AU - Kreiner, Christian

N1 - Conference code: 22

PY - 2017/5/8

Y1 - 2017/5/8

N2 - Security is a vital property of SCADA systems, especially in critical infrastructure. An important aspect is maintaining (sub-)system integrity in networks of embedded control devices. One technology that is used to achieve this is remote attestation. It is used to prove the integrity of one system (prover) to another (challenger). However, due to the complexity of the maintenance of reference measurement, it is seen as impractical in such constrained distributed systems. In this work, we show how recent advances such as privilege-based attestation enable an architecture that is more feasible to use. Based on real control systems used for hydro-electric power plants, we evaluate the impact of the proposed infrastructure on the device performance and discuss our experiences with the consequences of using such technologies for the production and development processes of such systems.

AB - Security is a vital property of SCADA systems, especially in critical infrastructure. An important aspect is maintaining (sub-)system integrity in networks of embedded control devices. One technology that is used to achieve this is remote attestation. It is used to prove the integrity of one system (prover) to another (challenger). However, due to the complexity of the maintenance of reference measurement, it is seen as impractical in such constrained distributed systems. In this work, we show how recent advances such as privilege-based attestation enable an architecture that is more feasible to use. Based on real control systems used for hydro-electric power plants, we evaluate the impact of the proposed infrastructure on the device performance and discuss our experiences with the consequences of using such technologies for the production and development processes of such systems.

KW - Security

KW - Remote Attestation

KW - Embedded Control Systems

KW - Trusted Computing Architecture

KW - Overhead Evaluation

UR - http://www.scopus.com/inward/record.url?scp=85019567914&partnerID=8YFLogxK

U2 - 10.1109/PRDC.2017.29

DO - 10.1109/PRDC.2017.29

M3 - Conference paper

AN - SCOPUS:85019567914

SN - 978-1-5090-5653-8

SP - 155

EP - 164

BT - Proceedings - 2017 IEEE 22nd Pacific Rim International Symposium on Dependable Computing, PRDC 2017

PB - IEEE Computer Society

T2 - 22nd IEEE Pacific Rim International Symposium on Dependable Computing

Y2 - 22 January 2017 through 25 January 2017

ER -

Integration of Integrity Enforcing Technologies Into Embedded Control Devices: Experiences and Evaluation

Abstract

Conference

Keywords

ASJC Scopus subject areas

Fields of Expertise

Access to Document

Other files and links

Fingerprint

Industrial Informatics

AH-HyUnify - control platform for hydro-electric power generation