Examining the Suitability of Stream Ciphers for Modbus-TCP Encryption on Resource Constrained Devices
Authors: 
Xianghao Niu, Marco M. Cook, and Dimitrios PezarosAuthors Info & Claims
Xianghao Niu, Marco M. Cook, and Dimitrios PezarosAuthors Info & ClaimsApril 2024
Pages 51 - 57
Abstract
The advent of inter-connectivity between Industrial Control Systems (ICS) and Information Technology (IT) has greatly enhanced operational efficiency within many Critical National Infrastructure (CNI) sectors, such as energy generation and water treatment. However, prominent industrial network protocols such as Modbus, were designed and implemented without cyber-security considerations, promoting low overheads and real-time communications over digital resilience. Since insecure industrial protocols continue to prevail, considering future protocol implementations and retrofitting security controls to existing exposed environments is critical to mitigate the growing cyber threats that target ICS. In this paper, we aim to address security limitations that are inherent within industrial protocol plain-text transmission, specifically Modbus-TCP. We use Raspberry Pis to represent real resource constrained Modbus devices and evaluate two encryption solutions: 1) Direct on-device encryption and 2) an encrypted SOCKS5 proxy server to facilitate secure communications between Modbus devices. Both methods employ symmetric encryption using stream ciphers and are evaluated for throughput, latency, and Queries Per Second (QPS). Experimental results demonstrate that while on-device encryption provides superior performance compared to the proxy-based solution, it comes at the cost of greater complexity and potential hardware upgrades. Hence, the trade-off between performance and adaptability requires careful consideration.
References
[1]
Otis Alexander, Misha Belisle, and Jacob Steele. 2020. MITRE ATT&CK®® for industrial control systems: Design and philosophy. The MITRE Corporation: Bedford, MA, USA (2020).
[2]
Daniel J Bernstein. 2008. The Salsa20 family of stream ciphers. In New stream cipher designs: the eSTREAM finalists. Springer, 84--97.
[3]
Daniel J Bernstein et al. 2008. ChaCha, a variant of Salsa20. In Workshop record of SASC, Vol. 8. Citeseer, 3--5.
[4]
Christina Boura, Anne Canteaut, and Daniel Coggia. 2019. A general proof framework for recent AES distinguishers. IACR Transactions on Symmetric Cryptology 2019, 1 (2019), 170--191.
[5]
Karel Burda. 2007. Modification of OCFB mode for fast data links. International Journal of Computer Science and Network Security 7, 12 (2007), 228--232.
[6]
Marco Cook, Angelos Marnerides, Chris Johnson, and Dimitrios Pezaros. 2023. A survey on industrial control system digital forensics: challenges, advances and future directions. IEEE Communications Surveys & Tutorials (2023).
[7]
Richard Cziva and Dimitrios P Pezaros. 2017. On the latency benefits of edge nfv. In 2017 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS). IEEE, 105--106.
[8]
Dragos. 2022. CHERNOVITE's PIPEDREAM Malware Targeting Industrial Control Systems (ICS). https://www.dragos.com/blog/industry-news/chernovite-pipedream-malware-targeting-industrial-control-systems/
[9]
Dragos. 2022. ICS/OT Cybersecurity: Year in Review 2022. https://www.dragos.com/year-in-review/
[10]
Matheus K Ferst, Hugo FM de Figueiredo, Gustavo Denardin, and Juliano Lopes. 2018. Implementation of secure communication with modbus and transport layer security protocols. In 2018 13th IEEE International Conference on Industry Applications (INDUSCON). IEEE, 155--162.
[11]
Igor Nai Fovino, Andrea Carcano, Marcelo Masera, and Alberto Trombetta. 2009. Design and implementation of a secure modbus protocol. In Critical Infrastructure Protection III: Third Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection, New Hampshire, USA, March 23-25, 2009. Springer, 83--96.
[12]
Howard M. Heys and Liang Zhang. 2011. Pipelined Statistical Cipher Feedback: A New Mode for High-Speed Self-Synchronizing Stream Encryption. IEEE Trans. Comput. 60, 11 (2011), 1581--1595. https://doi.org/10.1109/TC.2010.167
[13]
Daniel Hunter, Jack Parry, Kenneth Radke, and Colin Fidge. 2017. Authenticated encryption for time-sensitive critical infrastructure. In Proceedings of the Australasian Computer Science Week Multiconference (Geelong, Australia) (ACSW '17). Association for Computing Machinery, New York, NY, USA, Article 19, 10 pages. https://doi.org/10.1145/3014812.3014832
[14]
Wang Jingran, Liu Mingzhe, Xu Aidong, Hu Bo, Han Xiaojia, and Zhou Xiufang. 2020. Research and implementation of secure industrial communication protocols. In 2020 IEEE International Conference on Artificial Intelligence and Information Systems (ICAIIS). IEEE, 314--317.
[15]
Filip Katulić, Damir Sumina, Stjepan Groš, and Igor Erceg. 2023. Protecting Modbus/TCP-Based Industrial Automation and Control Systems Using Message Authentication Codes. IEEE Access 11 (2023), 47007--47023. https://doi.org/10.1109/ACCESS.2023.3275443
[16]
Jagpreet Kaur, Shweta Lamba, and Preeti Saini. 2021. Advanced encryption standard: attacks and current research trends. In 2021 international conference on advance computing and innovative technologies in engineering (ICACITE). IEEE, 112--116.
[17]
Andreas Klein et al. 2013. Stream ciphers. Vol. 12. Springer.
[18]
Yih-Chuan Lin, Ci-Fong Lin, and Ke-Hong Chen. 2021. Security Enhancement of Industrial Modbus Message Transmission with Proxy Approach. In 2021 IEEE 3rd Eurasia Conference on IOT, Communication and Engineering (ECICE). IEEE, 90--95.
[19]
Thomas Miller, Alexander Staves, Sam Maesschalck, Miriam Sturdee, and Benjamin Green. 2021. Looking back to look forward: Lessons learnt from cyber-attacks on industrial control systems. International Journal of Critical Infrastructure Protection 35 (2021), 100464.
[20]
Andrew K Wright, John A Kinast, and Joe McCarty. 2004. Low-latency cryptographic protection for SCADA communications. In Applied Cryptography and Network Security: Second International Conference, ACNS 2004, Yellow Mountain, China, June 8-11, 2004. Proceedings 2. Springer, 263--277.
Index Terms
- Examining the Suitability of Stream Ciphers for Modbus-TCP Encryption on Resource Constrained Devices
Recommendations
Integrity analysis of authenticated encryption based on stream ciphers
We study the security of authenticated encryption based on a stream cipher and a universal hash function. We consider ChaCha20-Poly1305 and generic constructions proposed by Sarkar, where the generic constructions include 14 AEAD (authenticated ...
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm
An authenticated encryption scheme is a symmetric encryption scheme whose goal is to provide both privacy and integrity. We consider two possible notions of authenticity for such schemes, namely integrity of plaintexts and integrity of ciphertexts, and ...
Order-preserving encryption revisited: improved security analysis and alternative solutions
CRYPTO'11: Proceedings of the 31st annual conference on Advances in cryptologyWe further the study of order-preserving symmetric encryption (OPE), a primitive for allowing efficient range queries on encrypted data, recently initiated (from a cryptographic perspective) by Boldyreva et al. (Eurocrypt'09). First, we address the open ...
Comments
Information & Contributors
Information
Published In
April 2024
60 pages
ISBN:9798400705427
DOI:10.1145/3642974
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 22 April 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
EuroSys '24
Sponsor:
Acceptance Rates
Overall Acceptance Rate 47 of 113 submissions, 42%
Upcoming Conference
EuroSys '25
- Sponsor:
- sigops
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 72Total Downloads
- Downloads (Last 12 months)72
- Downloads (Last 6 weeks)29
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in