Secure web access to mini distributed control system

• Autorzy: Rzońca D. , Stec A. , Trybus B.

Warianty tytułu

PL

Niewielkie rozproszone systemy sterowania ze zdalnym dostępem przez sieć

• Języki publikacji: EN

Abstrakty

EN

Small distributed control systems with remote web access are becoming fairly common. Sooner or later, security of such systems will become a precondition for some critical applications. However, limited computational power will reąuire some non-standard solutions. The paper describes secure web access to a prototype of small distributed control system programmed according to IEC 61131-3 standard. Security is provided by challenge-response authentication of web client and symmetric cryptographic primitives. Communication latency is analysed by means of a Timed Petri Net model.

PL

Niewielkie rozproszone systemy sterowania ze zdalnym dostępem przez stronę www stają się coraz bardziej powszechne. Wcześniej bądź później w istotnych zastosowaniach będą wymagane zabezpieczenia takich systemów. Ograniczona moc obliczeniowa wymusza jednakże opracowanie niestandardowych rozwiązań. Artykuł opisuje bezpieczny dostęp internetowy do prototypowego niewielkiego rozproszonego systemu sterowania, programowalnego zgodnie z normą IEC 61131-3. Bezpieczeństwo oparte jest na uwierzytelnianiu challenge-response klienta webowego i kryptografii symetrycznej. Opóźnienie komunikacji zostało przeanalizowane bazując na modelu w czasowych sieciach Petriego.

Słowa kluczowe

EN

networked control systems; communication security; Petri nets; distributed control system

PL

sieciowe systemy sterowania; bezpieczeństwo komunikacji; sieci Petriego; rozproszone systemy sterowania

• Wydawca: Wydawnictwa AGH
• Czasopismo: Automatyka / Automatics
• Rocznik: 2012
• Tom: Vol. 16, no. 2
• Strony: 155--164
• Opis fizyczny: Bibliogr. 31 poz., rys., wykr.

Twórcy

autor

Rzońca D.

• Technical University Poznań, Faculty of Electrical Engineering, Piotrowo 3A, 60-965 Poznań, Poland

autor

Stec A.

• Technical University Poznań, Faculty of Electrical Engineering, Piotrowo 3A, 60-965 Poznań, Poland

autor

Trybus B.

• Technical University Poznań, Faculty of Electrical Engineering, Piotrowo 3A, 60-965 Poznań, Poland

Bibliografia

• [1] Advanced Encryption Standard (AES). Federal Information Processing Standards Publications 197, National Institute of Standards and Technology, Nov. 2001. http://csrc.nist.gov/publications/ fips/fips 197/fips-197 .pdf
• [2] Baillieul J., Antsaklis P.J., Control and Communication Challenges in Networked Real-Time Systems. Proceedings of the IEEE, vol. 95, No. 1, Jan. 2007, 9-28.
• [3] Barry R., Using the FreeRTOS Real Time Kernel - A Practical Guide. 2010.
• [4] Carcano A., Coletta A., Guglielmi M., Masera M., Nai Fovino I., Trombetta A., A Multidimensional Critical State Analysis for Detecting Intrusions in SCADA Systems. IEEE Transactions on Industrial Informatics, vol. 7, No. 2, May 2011, 179-186.
• [5] Cheminod M., Pironti A., Sisto R., Formal Yulnerability Analysis of a Security System for Remote Fieldbus Access. IEEE Transactions on Industrial Informatics, vol. 7, No. 1, Feb. 2011, 30-40.
• [6] Chien-Liang Lai Pau-Lo Hsu, Design the Remote Control System With the Time-Delay Estimator and the Adaptive Smith Predictor. IEEE Transactions on Industrial Informatics, vol. 6, No. 1, Feb. 2010, 73-80.
• [7] Feng-Li Lian, Moyne J., Tilbury D., Network Design Consideration for Distributed Control Systems. IEEE Transactions on Control Systems Technology, vol. 10, No. 2, Mar. 2002, 297-307.
• [8] Hajduk Z., Sadolewski J., Trybus B., FPGA-based Execution Platform for IEC 61131-3 Control Software. Przegląd Elektrotechniczny (Electrical Review), R. 87, No. 8/2011, 187-191.
• [9] Hespanha J.P., Naghshtabrizi P., Yonggang Xu, A Survey of Recent Results in Networked Control Systems. Proceedings of the IEEE, vol. 95, No. 1, Jan. 2007, 138-162.
• [10] IEC 61131-3 Standard: Programmable Controllers. Part 3. Programming Languages, 2003.
• [11] Jensen K., Kristensen L.M., Wells L., Coloured Petri Nets and CPN Tools for Modelling and Validation of Concurrent Systems. International Journal on Software Tools for Technology Transfer (STTT), vol. 9, No. 3^ł, Jun. 2007, 213-254.
• [12] Jensen K. Kristensen L.M., Coloured Petri Nets. Modelling and Validation of Concurrent Systems. Springer-Verlag, Berlin, Heidelberg, 2009.
• [13] Mini-GuardShip Control & Positioning System. Praxis Automation Technology B.V., 2011. http:/ /www.praxis-automation.com
• [14] Nai Fovino I., Carcano A., Masera M., Trombetta A., An experimental investigation of malware attacks on SCADA systems. International Journal of Critical Infrastructure Protection, vol. 2, No. 4, 2009, 139-145.
• [15] Olejnik R., Computer network design based on AHP method. In: Jałowiecki P., Łukasiewicz P., Orłowski A. (Eds), Information systems in management, vol. 11, Warsaw University of Life Sciences Press, Warsaw, 2011, 80-89.
• [16] Ralston P.A.S., Graham J.H., Hieb J.L., Cyber security riskassessment for SCADA and DCS networks. ISA Transactions, vol. 46, No. 4, Oct. 2007, 583-594.
• [17] Rzońca D., Sadolewski J., Stec A., Świder Z., Trybus B., Trybus L.: Programming controllers in Structured Text language of lEC 61131-3 standard. Journal of Applied Computer Science, vol. 16, No. 1, 2008, 49-67.
• [18] Rzońca D., Sadolewski J., Stec A., Świder Z., Trybus B., Trybus L., Mini-DCS System Programming in IEC 61131-3 Structured Text. Journal of Automation, Mobile Robotics & Intelligent Systems, vol. 2, No. 3, 2008, 48-54.
• [19] Rzońca D. Trybus B., Hierarchical Petri Net for the CPDev Virtual Machine with Communication. In: Kwiecień A., Gaj P., Stera P. (Eds.) Computer Networks 2009, Communications in Computer and Information Science 39, Springer-Verlag, Berlin, Heidelberg, 2009, 264-271.
• [20] Rzońca D., Sadolewski J., Stec A., Świder Z., Trybus B., Trybus L., Open environment for programming small controllers according to IEC 61131-3 standard. Scalable Computing: Practice and Experience, vol. 10, No. 3, Sep. 2009, 325-336.
• [21] Rzońca D., Sadolewski J., Trybus B., ColouredPetri-nets models of' CPDev sofi controller with 1/ O boards. Przegląd Elektrotechniczny (Electrical Review), R. 86, No. 9/2010, 170-173.
• [22] Rzońca D., Stec A., Trybus B., Data Acąuisition Server fór Mini Distributed Control System. In: Kwiecień A., Gaj P., Stera P. (Eds.), Computer Networks 2011, Communications in Computer and Information Science 160, Springer-Verlag Berlin Heidelberg, 2011, 398-406.
• [23] Rzońca D. Stec A., Small Prototype Acąuisition System with Secure Remote Data Access. Annales UMCS Informatica AI, vol. XI, No. 3, 2011, 87-100.
• [24] Secure Hash Standard (SHS). Federal Information Processing Standards Publications 180-3, National Institute of Standards and Technology, Oct. 2008. http://csrc.nist.gov/publications/fips/ fipsl80-3/fipsl80-3 fmal.pdf
• [25] SMC programmable controller. Lumel S.A., 2010. http://www.lumel.com.pl/en
• [26] Stinson D.R., Cryptography: Theory and Practice. Chapman and Hall/CRC, Nov. 2005.
• [27] The Keyed-Hash Message Authentication Code (HMAC). Federal Information Processing Standards Publications 198-1, National Institute of Standards and Technology, Jul. 2008. http:// csrc.nist.gov/publications/fips/fipsl98-l/FIPS-198-l fmal.pdf
• [28] Turan M.S., Barker E., Burr W., Chen L., Recommendation for Password-Based Key Derivation Part 1: Storage Applications. National Institute of Standards and Technology Special Publication 800-132, Dec. 2010. http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
• [29] Yodyium Tipsuwan Mo-Yuen Chów, Control methodologies in networked control systems. Control Engineering Practice, vol. 11, 2003, 1099-1111.
• [30] Yuen P.K., Practical Cryptology and Web Security. Pearson Education, 2005.
• [31] Zatwarnicki K., Identification of the Web Server. In: Kwiecień A., Gaj P., Stera P. (Eds.), Computer Networks 2011, Communications in Computer and Information Science 160, Springer-Verlag, Berlin, Heidelberg, 2011, 45-54.