Achieving Sensor Identification and Data Flow Integrity in Critical Cyber-Physical Infrastructures

Supervisory Control and Data Acquisition (SCADA) systems are commonly found at National Critical Infrastructures that provide necessary cyber-enable services (e.g., energy) for society. In state-of-art SCADA systems, the physical process is monitored by field sensors, which transmit data to a SCADA master. In general, SCADA communication protocols lack proper security mechanisms to protect the integrity and security of field sensors. Thus field sensors are commonly vulnerable to standard cyber-attacks, e.g., data and identity spoofing. Field sensors are low-end devices, and state-of-art crypto solutions are not suitable. In this paper, we discuss a novel lightweight hardware-based security mechanism, namely, Physical Unclonable Functions (PUFs). We introduce an SRAM-based PUF mechanism, which then we use to design an SRAM PUF Authentication and Integrity (SPAI) protocol. The SPAI protocol aims to ensure the integrity of data flow and protect the identity of field sensors. A prototype of the protocol has been implemented in a Raspberry Pi 3 Model B, an SRAM, and a temperature sensor. We describe how a SCADA system emulation is vulnerable to a man-in-the-middle attack using standard eavesdropping techniques. Then we show how our proposed SPAI protocol can prevent the man-in-the-middle attack through the embedded PUF mechanism.