Advanced Key-Management Architecture for Secure SCADA Communications

• Published in: IEEE transactions on power delivery Vol. 24; no. 3; pp. 1154 - 1163
• Main Authors: CHOI, Donghyun, KIM, Hakman, WON, Dongho, KIM, Seungjoo
• Format: Journal Article
• Language: English
• Published: New York, NY IEEE 01.07.2009; Institute of Electrical and Electronics Engineers; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Applied sciences; Architecture; Broadcasting; Communication system control; Communication system security; Computer architecture; Control systems; Data security; Disturbances. Regulation. Protection; Electrical engineering. Electrical power engineering; Electrical machines; Electrical power engineering; Exact sciences and technology; High performance computing; Joints; Key management; Messages; National security; Operation. Load control. Reliability; Power networks and lines; power system security; Protocols; Regulation and control; SCADA; SCADA systems; Security; Spreading; Supervisory control and data acquisition; supervisory control and data-acquisition (SCADA) systems; Users connections and in door installation; Performance evaluation; Power system control; Control system; Connection; System design; Low power; Key management; Power system security; High power; Electrical network; supervisory control and data-acquisition (SCADA) systems; SCADA systems; Safety; Energy management; Damaging
• ISSN: 0885-8977; 1937-4208
• DOI: 10.1109/TPWRD.2008.2005683

Supervisory control and data-acquisition (SCADA) systems are control systems for many national infrastructures. In the past, SCADA systems were designed without security functionality because of the closed operating environment. However, the security of SCADA systems has become an issue with connection to open networks becoming more common. Any damage to the SCADA system can have a widespread negative effect to society. In this paper, we review constraints and security requirements for SCADA systems and then investigate whether the existing key-management protocols for the SCADA systems satisfy these requirements. Afterward, we propose an advanced key-management architecture fitted for secure SCADA communications. The contributions of our work are two-fold. First, our scheme supports both message broadcasting and secure communication. Second, by evenly spreading much of the total amount of computation across high power nodes (MTU or SUB-MTU), our protocol avoids any potential performance bottleneck of the system while keeping the burden on low power nodes (RTU) at minimal.