Visible to the public A Novel Edge Security Gateway for End-to-End Protection in Industrial Internet of Things

TitleA Novel Edge Security Gateway for End-to-End Protection in Industrial Internet of Things
Publication TypeConference Paper
Year of Publication2021
AuthorsKhan, Rafiullah, McLaughlin, Kieran, Kang, BooJoong, Laverty, David, Sezer, Sakir
Conference Name2021 IEEE Power & Energy Society General Meeting (PESGM)
Keywordscommand injection attacks, composability, Image edge detection, industrial control, integrated circuits, Logic gates, Market research, Metrics, Protocols, pubcrawl, Reconnaissance, Resiliency
AbstractMany critical industrial control systems integrate a mixture of state-of-the-art and legacy equipment. Legacy installations lack advanced, and often even basic security features, risking entire system security. Existing research primarily focuses on the development of secure protocols for emerging devices or protocol translation proxies for legacy equipment. However, a robust security framework not only needs encryption but also mechanisms to prevent reconnaissance and unauthorized access to industrial devices. This paper proposes a novel Edge Security Gateway (ESG) that provides both, communication and endpoint security. The ESG is based on double ratchet algorithm and encrypts every message with a different key. It manages the ongoing renewal of short-lived session keys and provides localized firewall protection to individual devices. The ESG is easily customizable for a wide range of industrial application. As a use case, this paper presents the design and validation for synchrophasor technology in smart grid. The ESG effectiveness is practically validated in detecting reconnaissance, manipulation, replay, and command injection attacks due to its perfect forward and backward secrecy properties.
DOI10.1109/PESGM46819.2021.9638002
Citation Keykhan_novel_2021