Operator authentication and accountability for SCADA servers when requests are forwarded by a middle layer

University essay from KTH/Skolan för elektroteknik och datavetenskap (EECS)

Author: Martin Gomez Gonzalez; [2018]

Keywords: ;

Abstract: Due to their critical nature, the actions performed by operators on IndustrialControl Systems (ICS) are subject to source authentication andaccountability. When commands are not send directly by the user, butforwarded by middle servers, the compromise of those severs threatensthe security of the whole architecture. This Master thesis provides asolution for that problem, guaranteeing authentication end-to-end whilefullling cost and performance requirements. Based on an analysis ofseveral potential solutions, digital signatures were assessed to be themost exible and secure option. Moreover, the proposed solution relieson Microsoft's Active Directory, which manages credentials on the targetarchitecture, for securely linking public keys with user identities. Aprototype implementation of the proposed design is included, togetherwith a limited performance evaluation. They have proven the validityof the design, that guarantees end-to-end authentication and accountabilityof command requests, while maintaining low implementation andmaintenance costs and a negligible impact in latency per message.

  AT THIS PAGE YOU CAN DOWNLOAD THE WHOLE ESSAY. (follow the link to the next page)