{"title":"SCADA中的可扩展身份验证和密钥管理","authors":"Liangliang Xiao, I. Yen, F. Bastani","doi":"10.1109/ICPADS.2010.66","DOIUrl":null,"url":null,"abstract":"In this paper we develop a SCADA key management system to provide better security, performance, and scalability. Conventional symmetric key based approaches have several problems. We adopt public key based approaches due to its flexibility in authentication and access control and efficiency in rekeying. However, existing public key based approaches are not scalable. Simple replication of CAs (certificate authorities) raises security concerns. We consider several novel designs to bridge the gaps in existing approaches. First, a master key based semi-autonomous key refreshing scheme has been developed to shift the rekeying burdens from CAs to individual SCADA node. Then, we design a CA-grid approach, which combines the threshold scheme and replication of CAs to achieve better protection of the master keys, improved availability, and enhanced performance by load sharing. Analyses show that our scheme has many advantages than the existing SCADA key management systems.","PeriodicalId":365914,"journal":{"name":"2010 IEEE 16th International Conference on Parallel and Distributed Systems","volume":"32 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Scalable Authentication and Key Management in SCADA\",\"authors\":\"Liangliang Xiao, I. Yen, F. Bastani\",\"doi\":\"10.1109/ICPADS.2010.66\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper we develop a SCADA key management system to provide better security, performance, and scalability. Conventional symmetric key based approaches have several problems. We adopt public key based approaches due to its flexibility in authentication and access control and efficiency in rekeying. However, existing public key based approaches are not scalable. Simple replication of CAs (certificate authorities) raises security concerns. We consider several novel designs to bridge the gaps in existing approaches. First, a master key based semi-autonomous key refreshing scheme has been developed to shift the rekeying burdens from CAs to individual SCADA node. Then, we design a CA-grid approach, which combines the threshold scheme and replication of CAs to achieve better protection of the master keys, improved availability, and enhanced performance by load sharing. Analyses show that our scheme has many advantages than the existing SCADA key management systems.\",\"PeriodicalId\":365914,\"journal\":{\"name\":\"2010 IEEE 16th International Conference on Parallel and Distributed Systems\",\"volume\":\"32 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-12-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 IEEE 16th International Conference on Parallel and Distributed Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICPADS.2010.66\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE 16th International Conference on Parallel and Distributed Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICPADS.2010.66","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Scalable Authentication and Key Management in SCADA
In this paper we develop a SCADA key management system to provide better security, performance, and scalability. Conventional symmetric key based approaches have several problems. We adopt public key based approaches due to its flexibility in authentication and access control and efficiency in rekeying. However, existing public key based approaches are not scalable. Simple replication of CAs (certificate authorities) raises security concerns. We consider several novel designs to bridge the gaps in existing approaches. First, a master key based semi-autonomous key refreshing scheme has been developed to shift the rekeying burdens from CAs to individual SCADA node. Then, we design a CA-grid approach, which combines the threshold scheme and replication of CAs to achieve better protection of the master keys, improved availability, and enhanced performance by load sharing. Analyses show that our scheme has many advantages than the existing SCADA key management systems.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
