Advanced key-management architecture for secure SCADA communications

Donghyun Choi, Hakman Kim, Dongho Won, Seung-Joo Kim

Research output: Contribution to journalArticle

60 Citations (Scopus)

Abstract

Supervisory control and data-acquisition (SCADA) systems are control systems for many national infrastructures. In the past, SCADA systems were designed without security functionality because of the closed operating environment. However, the security of SCADA systems has become an issue with connection to open networks becoming more common. Any damage to the SCADA system can have a widespread negative effect to society. In this paper, we review constraints and security requirements for SCADA systems and then investigate whether the existing key-management protocols for the SCADA systems satisfy these requirements. Afterward, we propose an advanced key-management architecture fitted for secure SCADA communications. The contributions of our work are two-fold. First, our scheme supports both message broadcasting and secure communication. Second, by evenly spreading much of the total amount of computation across high power nodes (MTU or SUB-MTU), our protocol avoids any potential performance bottleneck of the system while keeping the burden on low power nodes (RTU) at minimal.

Original languageEnglish
Pages (from-to)1154-1163
Number of pages10
JournalIEEE Transactions on Power Delivery
Volume24
Issue number3
DOIs
Publication statusPublished - 2009 May 7
Externally publishedYes

Fingerprint

SCADA systems
Data acquisition
Communication
Broadcasting
Control systems

Keywords

  • Key management
  • Power system security
  • Supervisory control and data-acquisition (SCADA) systems

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Energy Engineering and Power Technology

Cite this

Advanced key-management architecture for secure SCADA communications. / Choi, Donghyun; Kim, Hakman; Won, Dongho; Kim, Seung-Joo.

In: IEEE Transactions on Power Delivery, Vol. 24, No. 3, 07.05.2009, p. 1154-1163.

Research output: Contribution to journalArticle

Choi, Donghyun ; Kim, Hakman ; Won, Dongho ; Kim, Seung-Joo. / Advanced key-management architecture for secure SCADA communications. In: IEEE Transactions on Power Delivery. 2009 ; Vol. 24, No. 3. pp. 1154-1163.
@article{18f15cab1f6b41cc8af3f38b9101b801,
title = "Advanced key-management architecture for secure SCADA communications",
abstract = "Supervisory control and data-acquisition (SCADA) systems are control systems for many national infrastructures. In the past, SCADA systems were designed without security functionality because of the closed operating environment. However, the security of SCADA systems has become an issue with connection to open networks becoming more common. Any damage to the SCADA system can have a widespread negative effect to society. In this paper, we review constraints and security requirements for SCADA systems and then investigate whether the existing key-management protocols for the SCADA systems satisfy these requirements. Afterward, we propose an advanced key-management architecture fitted for secure SCADA communications. The contributions of our work are two-fold. First, our scheme supports both message broadcasting and secure communication. Second, by evenly spreading much of the total amount of computation across high power nodes (MTU or SUB-MTU), our protocol avoids any potential performance bottleneck of the system while keeping the burden on low power nodes (RTU) at minimal.",
keywords = "Key management, Power system security, Supervisory control and data-acquisition (SCADA) systems",
author = "Donghyun Choi and Hakman Kim and Dongho Won and Seung-Joo Kim",
year = "2009",
month = "5",
day = "7",
doi = "10.1109/TPWRD.2008.2005683",
language = "English",
volume = "24",
pages = "1154--1163",
journal = "IEEE Transactions on Power Delivery",
issn = "0885-8977",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "3",

}

TY - JOUR

T1 - Advanced key-management architecture for secure SCADA communications

AU - Choi, Donghyun

AU - Kim, Hakman

AU - Won, Dongho

AU - Kim, Seung-Joo

PY - 2009/5/7

Y1 - 2009/5/7

N2 - Supervisory control and data-acquisition (SCADA) systems are control systems for many national infrastructures. In the past, SCADA systems were designed without security functionality because of the closed operating environment. However, the security of SCADA systems has become an issue with connection to open networks becoming more common. Any damage to the SCADA system can have a widespread negative effect to society. In this paper, we review constraints and security requirements for SCADA systems and then investigate whether the existing key-management protocols for the SCADA systems satisfy these requirements. Afterward, we propose an advanced key-management architecture fitted for secure SCADA communications. The contributions of our work are two-fold. First, our scheme supports both message broadcasting and secure communication. Second, by evenly spreading much of the total amount of computation across high power nodes (MTU or SUB-MTU), our protocol avoids any potential performance bottleneck of the system while keeping the burden on low power nodes (RTU) at minimal.

AB - Supervisory control and data-acquisition (SCADA) systems are control systems for many national infrastructures. In the past, SCADA systems were designed without security functionality because of the closed operating environment. However, the security of SCADA systems has become an issue with connection to open networks becoming more common. Any damage to the SCADA system can have a widespread negative effect to society. In this paper, we review constraints and security requirements for SCADA systems and then investigate whether the existing key-management protocols for the SCADA systems satisfy these requirements. Afterward, we propose an advanced key-management architecture fitted for secure SCADA communications. The contributions of our work are two-fold. First, our scheme supports both message broadcasting and secure communication. Second, by evenly spreading much of the total amount of computation across high power nodes (MTU or SUB-MTU), our protocol avoids any potential performance bottleneck of the system while keeping the burden on low power nodes (RTU) at minimal.

KW - Key management

KW - Power system security

KW - Supervisory control and data-acquisition (SCADA) systems

UR - http://www.scopus.com/inward/record.url?scp=67650661171&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=67650661171&partnerID=8YFLogxK

U2 - 10.1109/TPWRD.2008.2005683

DO - 10.1109/TPWRD.2008.2005683

M3 - Article

AN - SCOPUS:67650661171

VL - 24

SP - 1154

EP - 1163

JO - IEEE Transactions on Power Delivery

JF - IEEE Transactions on Power Delivery

SN - 0885-8977

IS - 3

ER -