[go: up one dir, main page]

WO2008084271A3 - Method and system for message integrity architecture for use in industrial control systems - Google Patents

Method and system for message integrity architecture for use in industrial control systems Download PDF

Info

Publication number
WO2008084271A3
WO2008084271A3 PCT/IB2006/003794 IB2006003794W WO2008084271A3 WO 2008084271 A3 WO2008084271 A3 WO 2008084271A3 IB 2006003794 W IB2006003794 W IB 2006003794W WO 2008084271 A3 WO2008084271 A3 WO 2008084271A3
Authority
WO
WIPO (PCT)
Prior art keywords
architecture
industrial control
control systems
message integrity
messages
Prior art date
Application number
PCT/IB2006/003794
Other languages
French (fr)
Other versions
WO2008084271A2 (en
Inventor
Chandra Yadab Das
Kapaleeswaran Viswanathan
Original Assignee
Abb Research Ltd
Chandra Yadab Das
Kapaleeswaran Viswanathan
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Abb Research Ltd, Chandra Yadab Das, Kapaleeswaran Viswanathan filed Critical Abb Research Ltd
Priority to PCT/IB2006/003794 priority Critical patent/WO2008084271A2/en
Publication of WO2008084271A2 publication Critical patent/WO2008084271A2/en
Publication of WO2008084271A3 publication Critical patent/WO2008084271A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/30Compression, e.g. Merkle-Damgard construction

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

This invention discloses a method for authenticating messages in an industrial control system environment where several resource-constrained industrial controllers interact with various entities. Messages are authenticated by concatenating the original message with a tag, generated with the use of a shared secret key between the sender and receiver. This architecture achieves the goals of integrity and availability by using Message Authentication Codes, which are chosen keeping the metrics of speed and security in focus. Further, Replay attacks and Denial of Service attacks are circumvented by using the method and architecture of the present invention
PCT/IB2006/003794 2006-12-29 2006-12-29 Method and system for message integrity architecture for use in industrial control systems WO2008084271A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IB2006/003794 WO2008084271A2 (en) 2006-12-29 2006-12-29 Method and system for message integrity architecture for use in industrial control systems

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2006/003794 WO2008084271A2 (en) 2006-12-29 2006-12-29 Method and system for message integrity architecture for use in industrial control systems

Publications (2)

Publication Number Publication Date
WO2008084271A2 WO2008084271A2 (en) 2008-07-17
WO2008084271A3 true WO2008084271A3 (en) 2009-05-07

Family

ID=39609093

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2006/003794 WO2008084271A2 (en) 2006-12-29 2006-12-29 Method and system for message integrity architecture for use in industrial control systems

Country Status (1)

Country Link
WO (1) WO2008084271A2 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104243416B (en) * 2013-06-17 2018-04-27 华为技术有限公司 Encryption communication method, system and relevant device
US9894084B2 (en) 2013-07-18 2018-02-13 Nxp Usa, Inc. Illegal message destroyer

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020051537A1 (en) * 2000-09-13 2002-05-02 Rogaway Phillip W. Method and apparatus for realizing a parallelizable variable-input-length pseudorandom function
EP1255372A1 (en) * 2001-05-03 2002-11-06 Telefonaktiebolaget L M Ericsson (Publ) Method and system for data integrity protection
EP1420316A1 (en) * 2002-11-18 2004-05-19 Rockwell Automation Technologies, Inc. Instant messaging for event notification and exchanging data in an industrial controller environment
US6976168B1 (en) * 1999-07-23 2005-12-13 Mcafee, Inc. System and method for adaptive cryptographically synchronized authentication

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6976168B1 (en) * 1999-07-23 2005-12-13 Mcafee, Inc. System and method for adaptive cryptographically synchronized authentication
US20020051537A1 (en) * 2000-09-13 2002-05-02 Rogaway Phillip W. Method and apparatus for realizing a parallelizable variable-input-length pseudorandom function
EP1255372A1 (en) * 2001-05-03 2002-11-06 Telefonaktiebolaget L M Ericsson (Publ) Method and system for data integrity protection
EP1420316A1 (en) * 2002-11-18 2004-05-19 Rockwell Automation Technologies, Inc. Instant messaging for event notification and exchanging data in an industrial controller environment

Also Published As

Publication number Publication date
WO2008084271A2 (en) 2008-07-17

Similar Documents

Publication Publication Date Title
Chuang et al. TEAM: Trust-extended authentication mechanism for vehicular ad hoc networks
WO2010024874A3 (en) Message authentication code pre-computation with applications to secure memory
TW200746773A (en) Security considerations for the LTE of UMTS
WO2009127930A3 (en) Mobility related control signalling authentication in mobile communications system
Wang sSCADA: securing SCADA infrastructure communications
WO2008026060A3 (en) Method, system and device for synchronizing between server and mobile device
WO2008045773A3 (en) Method and apparatus for mutual authentication
WO2008054375A3 (en) Constrained cryptographic keys
WO2007149775A3 (en) Consumer authentication system and method
WO2007081588A3 (en) Token-based distributed generation of security keying material
WO2005029216A3 (en) The method of safe certification service
US20150052361A1 (en) Method for setting up an encrypted connection between two communication appliances following prior key interchange via a shorthaul connection
WO2007137987A3 (en) Method and system for providing a mobile ip key
WO2009066302A3 (en) Secure messaging
WO2007139706A3 (en) Authenticating a tamper-resistant module in a base station router
Oyler et al. Security in automotive telematics: a survey of threats and risk mitigation strategies to counter the existing and emerging attack vectors
Chaudhry An encryption-based secure framework for data transmission in IoT
WO2009154580A1 (en) Secure short message service
WO2007078927A3 (en) Method for cipher key conversion in wireless communication
WO2005024553A3 (en) A device, system, method and computer readable medium for indentifying and authenticating a cellular device using a short-range radio address
WO2008084271A3 (en) Method and system for message integrity architecture for use in industrial control systems
WO2009142834A3 (en) Protocol for verifying integrity of remote data
WO2008024944A3 (en) Authentication process
WO2009158214A3 (en) Communication authentication
JP7141723B2 (en) Apparatus, system and method for controlling actuators via wireless communication system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 06842298

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06842298

Country of ref document: EP

Kind code of ref document: A2