Research on trusted DNP3-BAE protocol based on hash chain
Abstract To solve the security problem of industrial Ethernet DNP3 protocol broadcast authentication, the attack vector and security requirements of trusted DNP3 protocol are analysed. First, the paper adopts a trusted platform into the control network and authenticates the identity and security sta...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
SpringerOpen
2018-05-01
|
| Series: | EURASIP Journal on Wireless Communications and Networking |
| Subjects: | |
| Online Access: | http://link.springer.com/article/10.1186/s13638-018-1129-y |
| _version_ | 1818849968988880896 |
|---|---|
| author | Ye Lu Tao Feng |
| author_facet | Ye Lu Tao Feng |
| author_sort | Ye Lu |
| collection | DOAJ |
| description | Abstract To solve the security problem of industrial Ethernet DNP3 protocol broadcast authentication, the attack vector and security requirements of trusted DNP3 protocol are analysed. First, the paper adopts a trusted platform into the control network and authenticates the identity and security status of the DNP3 client and server to prevent node sensitive information from being compromised. Second, a trusted DNP3-BAE broadcast authentication encryption protocol is proposed based on the hash chain method to solve the problem of missing message security authentication mechanism in broadcast mode, which only needs a key to complete the broadcast message authentication for multiple slaves. The new scheme can use the DNP3-SA encryption primitive, without a major upgrade to the existing platform. The protocol is verified by the SPAN tool; the results show that there is no intrusion path, which ensures the integrity, authenticity, freshness, and confidentiality of the communication nodes. At present, there is no public document to introduce a trusted platform into the DNP3 protocol to solve security problems. Performance analysis shows that our solution reduces the overhead of large-scale broadcast authentication at the expense of increased less processing and storage overhead. |
| first_indexed | 2024-12-19T06:41:40Z |
| format | Article |
| id | doaj.art-922fe231a34e41d880b33377bf2311e7 |
| institution | Directory Open Access Journal |
| issn | 1687-1499 |
| language | English |
| last_indexed | 2024-12-19T06:41:40Z |
| publishDate | 2018-05-01 |
| publisher | SpringerOpen |
| record_format | Article |
| series | EURASIP Journal on Wireless Communications and Networking |
| spelling | doaj.art-922fe231a34e41d880b33377bf2311e72022-12-21T20:32:02ZengSpringerOpenEURASIP Journal on Wireless Communications and Networking1687-14992018-05-012018111010.1186/s13638-018-1129-yResearch on trusted DNP3-BAE protocol based on hash chainYe Lu0Tao Feng1College of Electrical and Information Engineering, Lanzhou University of TechnologyCollege of Electrical and Information Engineering, Lanzhou University of TechnologyAbstract To solve the security problem of industrial Ethernet DNP3 protocol broadcast authentication, the attack vector and security requirements of trusted DNP3 protocol are analysed. First, the paper adopts a trusted platform into the control network and authenticates the identity and security status of the DNP3 client and server to prevent node sensitive information from being compromised. Second, a trusted DNP3-BAE broadcast authentication encryption protocol is proposed based on the hash chain method to solve the problem of missing message security authentication mechanism in broadcast mode, which only needs a key to complete the broadcast message authentication for multiple slaves. The new scheme can use the DNP3-SA encryption primitive, without a major upgrade to the existing platform. The protocol is verified by the SPAN tool; the results show that there is no intrusion path, which ensures the integrity, authenticity, freshness, and confidentiality of the communication nodes. At present, there is no public document to introduce a trusted platform into the DNP3 protocol to solve security problems. Performance analysis shows that our solution reduces the overhead of large-scale broadcast authentication at the expense of increased less processing and storage overhead.http://link.springer.com/article/10.1186/s13638-018-1129-yIndustrial control systemDNP3 protocolTrusted ComputingSpan |
| spellingShingle | Ye Lu Tao Feng Research on trusted DNP3-BAE protocol based on hash chain EURASIP Journal on Wireless Communications and Networking Industrial control system DNP3 protocol Trusted Computing Span |
| title | Research on trusted DNP3-BAE protocol based on hash chain |
| title_full | Research on trusted DNP3-BAE protocol based on hash chain |
| title_fullStr | Research on trusted DNP3-BAE protocol based on hash chain |
| title_full_unstemmed | Research on trusted DNP3-BAE protocol based on hash chain |
| title_short | Research on trusted DNP3-BAE protocol based on hash chain |
| title_sort | research on trusted dnp3 bae protocol based on hash chain |
| topic | Industrial control system DNP3 protocol Trusted Computing Span |
| url | http://link.springer.com/article/10.1186/s13638-018-1129-y |
| work_keys_str_mv | AT yelu researchontrusteddnp3baeprotocolbasedonhashchain AT taofeng researchontrusteddnp3baeprotocolbasedonhashchain |