An Automated, Disruption-Tolerant Device Authentication and Key Management Framework for Critical Systems
Abstract:
Key management is critical to secure operation. Distributed control systems, such as Supervisory Control and Data Acquisition (SCADA) systems, have unique operational requirements that make conventional key management solutions less effectiveand burdensome. This paper pres-ents a novel Kerberos-based framework for automated, disruption-tolerant key management for control system environments. Experimental tests and their results are presented to quantify the expected performance overhead of this approach. Additionally, Zeek sensor analytics are presented to aid in monitoring the health and security of the key management framework operation.
AUTHORS
Pacific Northwest National Laboratory
Richland, Washington, United States
Thomas Edgar is a Senior Cyber Security Research Scientist at the Pacific Northwest National Laboratory. Throughout his career, Edgar has worked in the fields of secure communications protocols, cryptographic trust management, insider threat, security standards, and scientific approach to security and is the Co-PI for the powerNET and cyberNET testbeds. Thomas' research interests include the scientific underpinnings of cyber security and applying scientific based cyber security solutions to enterprise and critical infrastructure environments. His expertise lies in scientific process, critical infrastructure security, cyber forensics, network security, and testbed and experiment construction. Thomas' educational background consists of a B.S. and M.S. in Computer Science from the University of Tulsa with a specialization in Information Assurance.
Pacific Northwest National Laboratory Richland, Washington,
United States
Dr. Aditya Ashok is an Engineer in the Electricity Infrastructure Group in PNNL's Energy and Environment Directorate. He has been with the lab since February 2016. He received his bachelor’s degree in Electrical and Electronics Engineering from the College of Engineering, Anna University, India, in 2008. He graduated from Iowa State University (ISU) with his doctoral degree in Electrical Engineering in 2017. His research interests include cybersecurity, cyber-physical security solutions for power grid applications, and testbed-based cybersecurity experimentation and validation. During his time at ISU, he was actively involved in the design and development of the PowerCyber SCADA security testbed to conduct Hardware-in-the-Loop attack-defense experiments and training exercises. Before joining PNNL, he interned at ABB Corporate Research in Switzerland, where he worked on industrial control system device forensics. He also interned at PNNL in 2015, where he worked on multiple projects related to cyber-physical security and testbeds.
Pacific Northwest National Laboratory Richland, Washington,
United States
Garret Seppala, a Cyber Security Engineer, has been at PNNL since July 2016. He received a B.S. in Software Engineering from Oregon Institute of Technology. M. Seppala's expertise lies in software development, but he has been branching out to new cyber security related fields through multiple projects where his roles have included manipulating authentication protocols, tinkering with embedded devices, preparing experimental environments for a “red team” attempt to infiltrate, and programming automated human behaviors across a virtual network of terminals.
Pacific Northwest National Laboratory Richland, Washington,
United States
Eric Choi is a member and Team Leader of the Instrument Development Laboratory (IDL), a team of engineers developing novel, cutting-edge software and hardware tools and systems supporting EMSL and PNNL research. Eric works on both hardware and software development for IDL. His primary expertise is in electrical engineering and computer science, involving microcontrollers, Field Programmable Gate Arrays (FPGAs), user interfaces, Digital Signal Processors (DSPs), printed circuit boards, analog circuit design and digital circuit design. He focuses on multiple projects involving FPGAs, DSPs, and microcontrollers throughout PNNL and EMSL. These projects involve creating a user interface to interact with hardware, making it a simple process to use the hardware’s complete functionality.
Pacific Northwest National Laboratory Richland, WA,
United States
Kristine Arthur-Durett has been a Cyber Security Researcher at Pacific Northwest National Laboratory (PNNL) since February of 2015. Her research experience includes situational awareness, metrics and analysis of cyber data, risk and loss analysis, and experimental design. Her interests include using a variety of mathematical and statistical techniques to describe and understand cyberspace and its interactions with the physical world. Kristine’s education includes a B.S. in Mathematics and an M.S. in Information Assurance and Security from Purdue University.
Pacific Northwest National Laboratory Richland, Washington,
United States
Matt Engels is a Power Engineer in PNNL's Environment and Energy Directorate. He holds a B.S. and M.S. in Electrical Engineering from Washington State University and is currently pursuing his Ph.D. in Electrophysics/HPC. Mr. Engels' work at PNNL includes network security of SCADA energy delivery systems, secure control system communication, Hardware-in-the-Loop simulations, and microgrid analysis and control, including applied fieldwork. Prior to his work at PNNL, Mr. Engels worked as instrumentation and simulation engineer at the Hanford Waste Vitrification Plant, developed energy metering products at Schweitzer Engineering Laboratories, and served as a field engineer in the nuclear waste industry. He has also taught undergraduate electrical engineering courses as an adjunct faculty at Washington State University. Mr. Engels has co-authored numerous papers, reports, and presentations on various aspects of cyber security and microgrids.
Lawrence Berkeley National Laboratory Berkeley, California,
United States
Reinhard Gentz (B.Sc. ‘10, M.Sc., ‘14, Ph.D. ‘17) is a Computer Systems Engineer at Lawrence Berkeley National Laboratory. He received his Ph.D. in Electrical Engineering from Arizona State University (USA) and M.Sc. and B.Sc. in Electrical Engineering from Karlsruhe Institute of Technology (Germany). His research interests are in workflow automation, cyber security and algorithm development.
Lawrence Berkeley National Laboratory Berkeley, California,
United States
Sean Peisert is a Staff Scientist at Lawrence Berkeley National Laboratory, Chief Cybersecurity Strategist at the Corporation for Education Network Initiatives in California (CENIC), and an Associate Adjunct Professor at the University of California, Davis. His research focuses in computer security, particularly on privacy-preserving data analysis and security for power grid control systems. Peisert has a Ph.D. in Computer Science from the University of California, San Diego. He is a senior member of the IEEE and the ACM.
Published In
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive