[go: up one dir, main page]

WO2008084271A3 - Method and system for message integrity architecture for use in industrial control systems - Google Patents

Method and system for message integrity architecture for use in industrial control systems Download PDF

Info

Publication number
WO2008084271A3
WO2008084271A3 PCT/IB2006/003794 IB2006003794W WO2008084271A3 WO 2008084271 A3 WO2008084271 A3 WO 2008084271A3 IB 2006003794 W IB2006003794 W IB 2006003794W WO 2008084271 A3 WO2008084271 A3 WO 2008084271A3
Authority
WO
WIPO (PCT)
Prior art keywords
architecture
industrial control
control systems
message integrity
messages
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IB2006/003794
Other languages
French (fr)
Other versions
WO2008084271A2 (en
Inventor
Chandra Yadab Das
Kapaleeswaran Viswanathan
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ABB Research Ltd Switzerland
Original Assignee
ABB Research Ltd Switzerland
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ABB Research Ltd Switzerland filed Critical ABB Research Ltd Switzerland
Priority to PCT/IB2006/003794 priority Critical patent/WO2008084271A2/en
Publication of WO2008084271A2 publication Critical patent/WO2008084271A2/en
Publication of WO2008084271A3 publication Critical patent/WO2008084271A3/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/30Compression, e.g. Merkle-Damgard construction

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

This invention discloses a method for authenticating messages in an industrial control system environment where several resource-constrained industrial controllers interact with various entities. Messages are authenticated by concatenating the original message with a tag, generated with the use of a shared secret key between the sender and receiver. This architecture achieves the goals of integrity and availability by using Message Authentication Codes, which are chosen keeping the metrics of speed and security in focus. Further, Replay attacks and Denial of Service attacks are circumvented by using the method and architecture of the present invention
PCT/IB2006/003794 2006-12-29 2006-12-29 Method and system for message integrity architecture for use in industrial control systems Ceased WO2008084271A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IB2006/003794 WO2008084271A2 (en) 2006-12-29 2006-12-29 Method and system for message integrity architecture for use in industrial control systems

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2006/003794 WO2008084271A2 (en) 2006-12-29 2006-12-29 Method and system for message integrity architecture for use in industrial control systems

Publications (2)

Publication Number Publication Date
WO2008084271A2 WO2008084271A2 (en) 2008-07-17
WO2008084271A3 true WO2008084271A3 (en) 2009-05-07

Family

ID=39609093

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2006/003794 Ceased WO2008084271A2 (en) 2006-12-29 2006-12-29 Method and system for message integrity architecture for use in industrial control systems

Country Status (1)

Country Link
WO (1) WO2008084271A2 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104243416B (en) * 2013-06-17 2018-04-27 华为技术有限公司 Encryption communication method, system and relevant device
WO2015008114A1 (en) 2013-07-18 2015-01-22 Freescale Semiconductor, Inc. Illegal message destroyer

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020051537A1 (en) * 2000-09-13 2002-05-02 Rogaway Phillip W. Method and apparatus for realizing a parallelizable variable-input-length pseudorandom function
EP1255372A1 (en) * 2001-05-03 2002-11-06 Telefonaktiebolaget L M Ericsson (Publ) Method and system for data integrity protection
EP1420316A1 (en) * 2002-11-18 2004-05-19 Rockwell Automation Technologies, Inc. Instant messaging for event notification and exchanging data in an industrial controller environment
US6976168B1 (en) * 1999-07-23 2005-12-13 Mcafee, Inc. System and method for adaptive cryptographically synchronized authentication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6976168B1 (en) * 1999-07-23 2005-12-13 Mcafee, Inc. System and method for adaptive cryptographically synchronized authentication
US20020051537A1 (en) * 2000-09-13 2002-05-02 Rogaway Phillip W. Method and apparatus for realizing a parallelizable variable-input-length pseudorandom function
EP1255372A1 (en) * 2001-05-03 2002-11-06 Telefonaktiebolaget L M Ericsson (Publ) Method and system for data integrity protection
EP1420316A1 (en) * 2002-11-18 2004-05-19 Rockwell Automation Technologies, Inc. Instant messaging for event notification and exchanging data in an industrial controller environment

Also Published As

Publication number Publication date
WO2008084271A2 (en) 2008-07-17

Similar Documents

Publication Publication Date Title
Choi et al. Secure firmware validation and update for consumer devices in home networking
TW200746773A (en) Security considerations for the LTE of UMTS
WO2008026060A3 (en) Method, system and device for synchronizing between server and mobile device
WO2008119672A3 (en) Method and system for resilient packet traceback in wireless mesh and sensor networks
WO2007149775A3 (en) Consumer authentication system and method
WO2005029216A3 (en) The method of safe certification service
WO2008039582A3 (en) System and method for securing software applications
GB2523444A (en) Device authentication
WO2005036852A8 (en) Apparatuses and method for authentication in heterogeneuous ip networks
JP2009500913A5 (en)
WO2007081588A3 (en) Token-based distributed generation of security keying material
WO2007137987A3 (en) Method and system for providing a mobile ip key
WO2007139706A3 (en) Authenticating a tamper-resistant module in a base station router
WO2004100445A3 (en) Transmission/reception system using message authentication code
Oyler et al. Security in automotive telematics: a survey of threats and risk mitigation strategies to counter the existing and emerging attack vectors
Chaudhry An encryption-based secure framework for data transmission in IoT
Biham et al. How to steal cars–A practical attack on keeLoq
KR101482938B1 (en) Method of preventing authorization message, server performing the same and user terminal performing the same
WO2008024944A3 (en) Authentication process
WO2008084271A3 (en) Method and system for message integrity architecture for use in industrial control systems
JP7141723B2 (en) Apparatus, system and method for controlling actuators via wireless communication system
Dolev et al. Certificating vehicle public key with vehicle attributes a (periodical) licensing routine, against man-in-the-middle attacks and beyond
US10263976B2 (en) Method for excluding a participant from a group having authorized communication
Azees Reply to comments on “Dual authentication and key management techniques for secure data transmission in vehicular ad hoc networks”
WO2007000714A3 (en) Device and method for key block based authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 06842298

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06842298

Country of ref document: EP

Kind code of ref document: A2