TY - GEN
T1 - Ultra-Low Latency Security Hardening of Modbus/TCP Protocol Based on ZUC Cryptographic Algorithm
AU - Zhang, Dinghua
AU - Gao, Yuan
AU - Pan, Quan
AU - Yang, Chen
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - Modbus/TCP is a common industrial control protocol, but security was not considered at the beginning of the design. Many researchers have proposed cryptography-based Modbus/TCP security hardening schemes. However, most of the existing solutions rely on public key algorithm and certificate mechanism, which enforce a large performance loss on resource-constrained industrial control equipment. It results in a great impact on the industrial control environments which usually have strict communication delay jitter requirements. This paper proposes a Modbus/TCP security reinforcement mechanism based on cryptographic algorithms including SM3 and ZUC etc., which can provide ultra-low-latency security protection on the resource-constrained industrial control devices, including the device identity authentication, communication data confidentiality and integrity protection, and anti-replay attack, etc. Taking advantage of the features that the devices deployed in the industrial control environment are relatively fixed and the Modbus/TCP protocol is usually used in the scenarios with low-to-medium-throughput data rate, a protection mechanism based on pre-shared keys and key pre-computation is designed, with which the real-time communication could be protected through a small amount of lightweight XOR operations. The prototype system is implemented on the Cortex-M7 industrial control microcontroller. The performance evaluation results show that for a Modbus/TCP communication, the average communication delay introduced by the real-time protection is 31.2.
AB - Modbus/TCP is a common industrial control protocol, but security was not considered at the beginning of the design. Many researchers have proposed cryptography-based Modbus/TCP security hardening schemes. However, most of the existing solutions rely on public key algorithm and certificate mechanism, which enforce a large performance loss on resource-constrained industrial control equipment. It results in a great impact on the industrial control environments which usually have strict communication delay jitter requirements. This paper proposes a Modbus/TCP security reinforcement mechanism based on cryptographic algorithms including SM3 and ZUC etc., which can provide ultra-low-latency security protection on the resource-constrained industrial control devices, including the device identity authentication, communication data confidentiality and integrity protection, and anti-replay attack, etc. Taking advantage of the features that the devices deployed in the industrial control environment are relatively fixed and the Modbus/TCP protocol is usually used in the scenarios with low-to-medium-throughput data rate, a protection mechanism based on pre-shared keys and key pre-computation is designed, with which the real-time communication could be protected through a small amount of lightweight XOR operations. The prototype system is implemented on the Cortex-M7 industrial control microcontroller. The performance evaluation results show that for a Modbus/TCP communication, the average communication delay introduced by the real-time protection is 31.2.
KW - industrial control protocol
KW - low latency
KW - Modbus/TCP
KW - resource-constrained
KW - ZUC cryptographic algorithm
UR - http://www.scopus.com/inward/record.url?scp=85214513395&partnerID=8YFLogxK
U2 - 10.1109/ICICN62625.2024.10761885
DO - 10.1109/ICICN62625.2024.10761885
M3 - 会议稿件
AN - SCOPUS:85214513395
T3 - 2024 IEEE 12th International Conference on Information and Communication Networks, ICICN 2024
SP - 25
EP - 30
BT - 2024 IEEE 12th International Conference on Information and Communication Networks, ICICN 2024
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 12th IEEE International Conference on Information and Communication Networks, ICICN 2024
Y2 - 21 August 2024 through 24 August 2024
ER -