Use of Secure Device Identifiers inVirtualised Industrial Applications

Abstract: Industrial Control Systems (ICS) running in a virtualised environment are be-coming a common practice, however, there is not any standard or specification detailing authentication methods for industrial environments.Considering the current standards and specifications designed to provide au-thentication, we present the design and implementation of several approaches that enable trusted computing in virtualised environments. Most of the ap-proaches are based on a hardware-based root of trust, assuring the user’s soft-ware is always running on the same workstation.After comparing the approaches, we test an efficient approach by using the SecDevID stored in the virtual TPM to establish TLS sessions. Given the TLS features, this approach provides both hardware and VM authentication as well as confidentiality. Finally, the performance of the tested approach is evaluated.