Robust Group Key Management with Revocation and Collusion Resistance for SCADA in Smart Grid

Rong Jiang2013.07.31

Agenda Introduction The proposed group key management Security analysis and performance

evaluation Conclusion

2/19

SCADA Supervisory Control And Data Acquisition (SCADA)

systems are used to monitor and manage the electric distribution, transmission and generation environments.

the group communication is an essential part a status scan request measured value scan request an emergent shutdown message or a set-the-clock-time

message Requirement: availability

3/19

SCADA system architecture

HMI: Human-Machine Interface MTU: Master Terminal Unit

RTU: Remote Terminal Unit

4/19

Security Model and Design Goal Security Model

Group confidentiality Backward secrecy Forward secrecy t-collusion-resistant

Design Goal Availability Efficiency

5/19

preliminary knowledge Session key DDHC(dual directional hash chain)

bivariate polynomial

6/19

Description of LiSH Initialization Re-keying Self-healing mechanism Adding new member nodes re-initialization mechanism

7/19

Initialization

1( ) ( )

j jj j

j m jj

SK fk c bk

H FK c H BK

1( ) , ( )j j j m jfk H FK bk H BK

8/19

Initialization

1 2: { ‖ ‖ ‖ ‖ ‖ }s si refresh i iKDC u l T fk bk D H

l is the length of key buffer; Trefresh is the rekeying period

1 2{ , , } i s sD d d : random numbers

9/19

For 1 ≤ j ≤ m, each user whose lifetime is from s1 to s2 (1 ≤ s1 < s2 ≤ m) is assigned the set Hi, set Di, two key seeds, buffer length, rekeying period

Re-keying

: { ‖ ‖ }j j j j jB all R L T b1 2{ , , , }

jjR r r r :the set of users all revoked in and before sj

1{ , , } jj tL r r :a set of irrelevant users

1 2{ , , , }j j j j tT t t t :self-healing set

( , )j j jb v c h x x :broadcast polynomial

1 2 1( )( ) ( )( ) ( ) j jj tv x r x r x r x r x r

1 1 1

1

1

( )( )( )

k k k

k k k

k k j

k k k

F H d c

F H F d

F H F c

t c F

The secret in is concealed in this way:

10/19

the KDC periodically discloses the next secret number C and constructs a self-healing set T and a revocation set R to expel some illegal nodes.

When a non-revoked node receives the jth session broadcast message , it checks whether the revoked set is changed. If not, it switches the session key from the front of the key queue calculates and resets the time of refresh key. Otherwise it will calculate the new session key and update the key buffer.It evaluates revocation polynomial, computes the forward key and backward key, obtains and then recovers

Re-keying

11/19

1 1 1 1

1 1 1

1 1 1 1 1

1 1 1 1 1

( )( ( ) )( ( ( ) ) )

j j j j

j j j

j j j j

j j j j j

c c t F

t H F c

t H H F d c

t H H H d c d c

2 2 2

2 1 2

2 1 1 2 2

2 1 1 1 1 1 2

( )( ( ) )( ( ( ) ) )

j j j

j j j

j j j j

j j j j j

c t F

t H F c

t H H F d c

t H H H d c d c

1 1 1 1 1( ( ( ) ) )k k k k k jc t H H H d c d c

After that, can iteratively obtain all before in its legal lifetime by self-healing set

12/19

Self-healing mechanism When a sub-MTU breaks down because of attacks or

natural disasters, the RTUs can keep on working for at most sessions.

When the timer of refresh key is triggered and the node does not received the re-keying message, it will switch the session key automatically from the front of the key queue and reset the timer of refresh key.

After the broken sub-MTU is repaired or replaced, a legal node with lifetime from to can update all of its session keys in the buffer.

13/19

Adding new member nodes When a node (lifetime from to ) tries to join

the existing group, it firstly requests the KDC's authentication. After verifying its identification, KDC encrypts the following items via private channel between KDC and the new node and then sends them back to :

14/19

1 2: { ‖ ‖ ‖ ‖ ‖ }s si refresh i iKDC u l T fk bk D H

Determination of self-healing period We define a utility function f to find the period

where SI and RI stand for security index and robustness index.

we can find the optimal self-healing period to maximize the utility function.

15/19

Security Analysis Theorem 1: LiSH is a session key distribution

with privacy and achieves self-healing with time-limited t-revocation capability.

Theorem 2: LiSH achieves t-wise forward and backward secrecy.

Theorem 4: LiSH is resistant to attacks to Dutta [13] and Du [17]’s schemes mentioned in section II.

16/19

Performance Evaluation

17/19

Conclusion In this paper, we have proposed a robust and efficient

group key management, named LiSH, to secure SCADA system in smart grid.

The proposed LiSH scheme is characterized by adopting self-healing key to tolerant failures of the sub-MTUs. Security analysis has shown that the proposed LiSH is a collusion-free and self-healing key distribution scheme with t-wise forward and backward security.

In addition, performance evaluation has also demonstrated its efficiency.

18/19

Thank you!

19/19