Proposal strategies of key management for data encryption in SCADA network of electric power systems

Electrical Power and Energy Systems 33 (2011) 1521–1526

Contents lists available at ScienceDirect

Electrical Power and Energy Systems journal homepage: www.elsevier.com/locate/ijepes

Proposal strategies of key management for data encryption in SCADA network of electric power systems D.J. Kang a,1, J.J. Lee a,1, B.H. Kim b,2, D. Hur c,* a

Korea Electrotechnology Research Institute, Fusion Technology Research Lab., 665 Naeson2-dong, Uiwang-city, Gyeonggi-province 437-808, Republic of Korea Hong-Ik University, School of Electronic and Electrical Engineering, 72-1 Sangsu-dong, Mapo-gu, Seoul 121-791, Republic of Korea c Kwangwoon University, Dept. of Electrical Engineering, Kwangwoon Rd. 26, Nowon-gu, Seoul 139-701, Republic of Korea b

a r t i c l e

i n f o

Article history: Received 6 November 2007 Received in revised form 10 October 2008 Accepted 13 March 2009 Available online 11 April 2009 Keywords: Cyber security Optimal key distribution period Quality of service function SCADA Encryption

a b s t r a c t SCADA (Supervisory Control and Data Acquisition) systems have been used for remote measurement and control over both critical infrastructures and modern industrial facilities. The electric power system is thought of as a typical model using the SCADA network for its remote control and monitoring. Integration between many networks is one of today’s global trends. In fact, the integration of the SCADA network into Information Technology (IT) networks is favorably under way in terms of automation and economics of power systems, which makes the SCADA network vulnerable to increased cyber assaults. In so far as cyber security is concerned, there exist several methods to secure the system such as encryption, firewall, authentication, and so on. In this paper, we primarily address the unique security environment and inherent problems in the radial SCADA network of electric power systems. Our approach here is informed by the symmetric encryption method. For the most part this paper will be limited to the key management for encryption and provide a solution to the optimal key distribution period as well. Ó 2009 Elsevier Ltd. All rights reserved.

1. Introduction As the power industry relies increasingly on information to operate power systems, not only the power system infrastructure but also the information infrastructure cannot be effectively managed alone. First of all, the reliability of power system infrastructure is significantly affected by any problems that the information infrastructure might face [1], as automation continuously replaces manual operations, market forces necessitate more accurate and timely information, and at the same time the power system equipment becomes obsolete. Generally, the SCADA (Supervisory Control and Data Acquisition) system is an operational twin composition of a large and strong software package and a networking infrastructure into a global supervision system. The former uses the latter to acquire data, analyze and send control actions. In recent years, IED (Intelligent Electronic Device), a control unit performing communication function with the master station, is taking the place of RTU. So far the SCADA systems have been used for remote measurement and control of the critical infrastructures such as electric power, gas and oil as well as manufacturing facilities [2]. The

* Corresponding author. Tel.: +82 2 940 5473; fax: +82 2 940 5141. E-mail addresses: [email protected] (D.J. Kang), [email protected] (J.J. Lee), [email protected] (B.H. Kim), [email protected] (D. Hur). 1 Tel.: +82 31 420 6138; fax: +82 31 420 6029. 2 Tel.: +82 2 320 1462; fax: +82 2 320 1110. 0142-0615/$ - see front matter Ó 2009 Elsevier Ltd. All rights reserved. doi:10.1016/j.ijepes.2009.03.004

general configuration of the SCADA network is sketched in Fig. 1. It is largely composed of three parts: master station, communication links, and slave stations which would be RTUs and IEDs. The communication links for connecting the SCADA server with IEDs may have different kinds of media according to the system size and circumstances. In the beginning stage when the SCADA systems were built, they used their own private network separated from external network, but they have gradually been connected to external network, even to the Internet, for the purpose of saving the costs of building networks and installing new functions of power systems, i.e., automation and intelligent control [3]. In this sense, the SCADA network has been exposed to cyber security problems with IT advancement and network growth. Especially, the SCADA systems of energy industry are vulnerable to targeted cyber assaults and terrorism in that the attacks to these infrastructures can cause tremendous losses in the overall social systems [4]. The external attacks have increased twofold compared with internal attacks [5]. Though research efforts to overcome this problem have been spread throughout the world, the security problem in the SCADA network of Korean electric power systems has apparently been ignored. The main reason is that the SCADA system is a closed system separated from other networks such as the Internet. Thus it is probable that the private network is still being utilized in the power system communication since the control area is limited to Korea’s territory and the infrastructure has been constructed by a

1522

D.J. Kang et al. / Electrical Power and Energy Systems 33 (2011) 1521–1526

development of encryption and decryption algorithms in the SCADA network. In this paper, we solely focus on the cyber security of the radial SCADA network of electric power systems which is not connected to the Internet, although it is, sooner or later, expected to be integrated into other networks or the Internet for executing advanced control and automation and improving efficiency on economics [8]. 2. Background 2.1. Installation of security devices in SCADA network

Fig. 1. Configuration of SCADA network.

Fig. 2. Communication protocols used in Korean SCADA systems.

vertically integrated utility. Consequently, it was possible to cover the whole system with the private communication lines which were solely used for the SCADA communication. In part, the network started to be connected with the Internet for monitoring and maintaining substations. Fig. 2 represents communication protocols used in the SCADA network of electric power systems. The central SCADA communicates with RCC (Regional Control Center) SCADA using TCP (Transmission Control Protocol)/IP (Internet Protocol) which is also utilized in the communication between RCC SCADA and SCC (Sub Control Center) SCADA. EMS (Energy Management System) uses ICCP (Inter-control Center Communication Protocol) to communicate with RCC SCADA, where ICCP is one of the global standard communication protocols for wide area communication between centers of the electric power transmission network such as power plants, network control centers, and substations [6,7]. ICCP is useful for the communication between control centers which periodically transmit and receive a large amount of data such as real-time measurement and control data. It is possible for different systems provided by various vendors to communicate with each other and to be integrated into one entire system. RCC and SCC communicate with RTUs or IEDs using DNP (Distributed Network Protocol) or Harris protocol. DNP is another telecommunication standard, which was developed to achieve interoperability among systems, specifically for SCADA systems in the electric utility, oil and gas, water and waste, and security industries. Most obviously, the SCADA network in power systems has its own unique characteristics linked to data format and size, communication period, network topology, and suchlike. These individual qualities in power systems should be taken into account for the

The security problem in this paper is fairly associated with the radial SCADA network which has been a private network closed to other external networks so far. Plus, we consider the encryption among various methods for the security of the SCADA network. There is no established security policy for Korean SCADA network since it has been recognized as a safe facility against external attacks until now. As stated above, the infrastructure is becoming the main destination of terrorism since the impacts incurred by such attacks are so huge. Cyber assaults are sure to cause the same system fault as physical attacks. The coordinated attacks on major power plants or substations may trigger a cascading blackout, resulting in severe social and economic damages [9]. For example, a computer hacker could destroy a transformer in substation by transmitting the signal of transformer overload, thereby causing it to rapidly overheat and explode as if a bomb were dropped or a fire broke out [10]. Measurement data and control signal are exchanged through the communication lines between RTUs and the master station as shown in Fig. 3. Assuming that there are no internal approaches from the inner parts of RTUs or the master station, one of possible methods to crack this system is to tap a communication line directly since this network is completely closed to other networks, allowing no detour to get access to the SCADA systems. To protect the system from this intrusion, we should encrypt the information by cryptography. We simply attempt to encrypt the whole data itself and pay relatively little attention to the protocol modification since security software or hardware devices are prevented from being installed in the embedded form. Accordingly it is only one choice to install security devices on inlet or outlet of RTUs and the master station located at two end points of the line in Fig. 4.

Fig. 3. Intrusion into the communication line.

Fig. 4. Encryption and decryption processes.

D.J. Kang et al. / Electrical Power and Energy Systems 33 (2011) 1521–1526

1523

The installation of security devices in the overall system is illustrated in Figs. 5 and 6. When intruders get accessed and snap the information, this information is actually regarded as a distorted one. Even though cryptography is just one of methods for enhancing the security, it is a critical issue in case of the security problem since the SCADA systems are now closed to external networks. The actual system can be constructed with concepts in this section as in Fig. 7 which illustrates a test-bed of the SCADA network to test the performance of security devices. 2.2. Symmetric and asymmetric encryption methods Fig. 5. Schematic diagram of installed security devices.

Fig. 6. Location of installed security devices.

Encryption is the most common and powerful approach to securing the system. There are two fundamental alternatives for the location of encryption gear or device: link encryption and end-to-end encryption [11]. Evidently, end-to-end encryption is sufficient for the radial SCADA network, taking into consideration its network topology in Fig. 2. There are so many cryptographic methods already developed for encryption and decryption of information. Those cryptographic algorithms can briefly be categorized into two different groups: symmetric and asymmetric encryption approaches. Symmetric encryption algorithm is characterized by the fact that the decryption key is identical to the encryption key. Symmetric encryption, also referred to as conventional encryption or single-key encryption, was the only type in use prior to the development of public key encryption in the 1970s [11]. The key should be exchanged in advance between sender and receiver in a secure manner and kept secret [6], which is seen in Fig. 8. On the contrary, the concept of public key cryptography evolved from an attempt to solve two of the difficult problems for the symmetric encryption to handle [11]. In Fig. 9, asymmetric encryption algorithms have different encryption and decryption keys and the latter cannot be derived from the former by any efficient algorithm at all [6].

Fig. 7. Components of security system.

Fig. 8. Symmetric encryption.

1524

D.J. Kang et al. / Electrical Power and Energy Systems 33 (2011) 1521–1526

Fig. 9. Asymmetric encryption.

2.3. Symmetric encryption method for SCADA systems In this paper, the symmetric encryption is applied to SCADA systems due to two following postulates. One is that the number of communication combinations in the SCADA network is fully different from that in the ordinary networks. Under N hosts, there are N(N  1)/2 cases for the pairs of communication in the usual networks, that is Ethernet or Internet, where each host can communicate with any other hosts in the network. However, in the SCADA network, one additional RTU can add only one combination to previous combinations. Hence the number of communication combinations increases linearly in step with the number of RTUs since all RTUs communicate with only one master station as displayed in Fig. 10. Indexing the number of RTUs or IEDs as N  1 which is the number of hosts except the master station, the number of communication combinations becomes N  1. In this perspective, it seems reasonable to apply the symmetric encryption to SCADA communication when considering the number of keys to be shared. The other is that the process required in SCADA systems has to be fast and accurate. SCADA systems deal with massive amount of data in a very short period. When there is a system failure, there is a possibility of traffic jam on network which should get worse by the encryption process. Therefore it is recommended to reduce the time taken in the encryption process. In the light of the time needed for the encryption process, the symmetric encryption may be preferable to traditional approaches. Unfortunately, the symmetric encryption is more influenced by attacks than the asymmetric encryption. In this context, complementary measures should be taken when making use of the symmetric encryption and the related suggestion will be described in the later section. 2.4. Key distribution problem for symmetric and asymmetric encryption

from the accesses by others [11]. There are several ways for this key distribution. Here two kinds of key distribution are presented. The first one is that the communication initiator makes the key and sends it to the responder. This method is called a decentralized key distribution, which is portrayed in Fig. 11. There is no key distribution center in this method. Initiator A requests B to send the session key by r and B responds to A with the key encrypted with the master key already shared with A by s. And then A confirms the key distribution process by t. The second one is that the third party makes the key and distributes it to the initiator or both of them, which is called a centralized key distribution in Fig. 12. Here the flow notated with solid lines and Arabic numbers indicate the first method in which the key is distributed only to the communication initiator A, while the one with dotted line and alphabets stands for the second method in which the key is distributed to both parties related to communication. r, s, and t are the key distribution process of the first method which corresponds to and in a centralized key distribution. u and v in Fig. 10 are the authentication process for the session key shared by two parties. In this case, we call for the KDC (Key Distribution Center) to carry out the key management. In the Internet environment, it is better to enable the KDC to manage the key distribution process since there are lots of hosts in the network and thereby more communication combinations. 2.5. Decentralized key distribution in SCADA systems Unlike the Internet, the communication in SCADA systems is made only between the master station and each slave station which is either RTU or IED. As a result, the master station takes the role of KDC and just one communication counterpart of RTU, implying that we do not have to install additional KDC to cope with

In the symmetric encryption, two parties involved in communication should share the same key and that key should be protected

Fig. 11. Decentralized key distribution.

Fig. 10. Relationship between number of end points and number of keys.

Fig. 12. Centralized key distribution.

D.J. Kang et al. / Electrical Power and Energy Systems 33 (2011) 1521–1526

1525

the key distribution process. In this paper, the outstanding feature which underpins a good deal of our subsequent argument in the key distribution of SCADA network is the decentralized model. Fig. 13 summarizes the key sharing process between the master station and RTU while taking advantage of the decentralized method in SCADA communication. The master station is an initiator in communication and so the security devices on the RTU side have to generate the session key by r in Fig. 14. Next, the security devices on the RTU side encrypt the key with the master key and then send it to the security device on the master station side by s. Ultimately, the master station makes sure that it received and shared the session key with the RTU by t. On sharing the key, two parties begin to communicate with each other. 3. Basic theory Fig. 15. Key policy for security maximization.

3.1. Introduction of QoS (Quality of Service) function Here we are ready to raise two questions of whether the master station uses the common secret key with all RTUs and how often the master station changes the secret key for security. If the secret key is used over a longer time span, it would increase the possibility of being disclosed. Besides, it is not easy even to change the key too often in that the frequent key changing causes the increase of the network traffic and communication failures. This issue is more significant in SCADA systems because of its unique characteristics of data size and communication frequency. More specifically, the security strength is quite proportional to how many keys to generate for RTUs and how often to change the key. However, the reinforcement of security may increase the traffic load of network, which further exacerbates the security in the other aspect. Subsequently, we need to find an optimal point as regards the number of keys and the period of key distribution. Fig. 15 shows the relationship between these variables. According to the security policy, the decision variable can be one of them. For instance, if we fix the number of secret keys as one for the overall system, we have only to concentrate on the period of key distribution. In trying to secure the system by encryption and its related key policy, it seems that there would be the maximum level of service quality consisting of performance and security. At some point the service quality may be deteriorated by so many increased keys

Fig. 13. Key sharing process in decentralized key distribution.

and/or too frequent key changing. This concept is formulated in a mathematical way:

Maxnkey ;tdist

QoSðnkey ; t dist Þ

subject to nkey 6 nRTU ; tdist 6 t req

ð2Þ

where nkey and tdist mean the number of keys at the same time and frequency of key changing, respectively. nRTU is the number of RTUs in SCADA systems and treq is the communication frequency for the master station to poll data from RTUs, which is the required limit of key changing or distribution period. Assuming a fixed level of service quality, there may be possibly a tradeoff between the number of keys and key distribution period to maintain a constant level of service quality. To assess the service quality, we introduce the QoS (Quality of Service) function and consider only one variable, or key distribution period, for simplicity of formulation. 3.2. Determination of key distribution period There has been unresolved conflict between system performance and security strength. In this paper, system performance is expressed as a function of time delay in communication when the encryption process is added to the communication between the master station and RTUs. Also, the reinforcement of security enhances the network performance by reducing the risk of potential attacks. Viewed in this light, we should find the balance or equilibrium in relations with two factors though there is the difficulty of adjusting two factors on account of different dimension. Above all, we aim to unify the units of two values which are required to be commensurable. Moreover, we need to define the QoS function composed of network traffic part and security part, which represents the overall quality of service in communication.

QoS ¼ PI þ SI

Fig. 14. Creation of key and sharing process.

ð1Þ

ð3Þ

where PI and SI designate performance index and security index, respectively. PI is computed based on the time delay caused by the encryption process and the value of PI is distributed between 0 and 1. There may be a couple of reasons for communication error or failure, but we simply owe them to the time delay by encryption and decryption processes. Suppose that there is a functional relationship between the communication delay and the key distribution period. As the key distribution period gets shorter, the communication delay will accordingly be longer since the frequent key changing increases the network traffic therein. Consequently, the time delay in communication, d, is ascribed to the encryption process, which can be given as a function of the key distribution period, td. In Fig. 16, d is inversely proportional to td, or T/td, where T is the period of communication in SCADA systems.

1526

D.J. Kang et al. / Electrical Power and Energy Systems 33 (2011) 1521–1526

4. Concluding remarks

Fig. 16. Time delay by encryption process.

To normalize the value, we modify the formula into (T  d)/T. When d reaches T, the performance value converges to 0, which means the communication failure. When it is assumed that the functional relationship between d and td is provided in a form of d = k/td where k is a constant, the performance index related to the time delay incurred by the encryption process is implemented in the following:

PI ¼

T  k=t d T

ð4Þ

In (3), SI is calculated by the probability of potentially being attacked. The Poisson process is employed for modeling the intrusion onto the SCADA network. The number of cyber intrusions is governed by the Poisson process and the time duration between two accidents obeys the exponential probability distribution function. Each cyber intrusion is made by each person, which is naturally recognized as an independent event. Let us assume the Poisson process {N(t), t P 0} with a rate k (>0). The Poisson process is applied to the model of real-life problems while satisfying the following premises [12]:  N(0) = 0.  The Poisson process has independent increments.  The number of events in the length of time, t, follows the Poisson distribution with a mean occurrence rate of intrusion.

PfNðt d þ sÞ  NðsÞ ¼ ng ¼ ekt

ðkt d Þn ; n!

n ¼ 0; 1; . . .

where P{T > td} means the probability when no intrusion happens in the [0, td] interval in case the time interval T from the occurrence of previous intrusion to that of next one is by far longer than the key distribution period in interest, td. We adopt the term ektd in the Poisson process for the security index since it carries implications that the probability of no intrusion in the [0, td] interval should be lower as the key distribution period is longer. Therefore, the QoS function can cover the substantial impacts of network traffic and security reinforcement on the service quality:

ð7Þ

ktd

where 1  k/(T  td) and e are dubbed as the performance index and the security index on a short-term basis in which there is no additional investment on security devices or facilities. Certainly, considerable studies on the formulation of the QoS function on a long-term basis need to be made to capture the effects of investment. The necessary condition of maximizing the QoS function is that the derivative of the QoS function at a certain value of key distribution period should be 0. In (8), we can find the optimal key distribution period to maximize the quality of service.

dQoSðt d Þ k ¼  k  ektd ¼ 0 dt d T  t2d

This work was funded by Ministry of Education and Human Resources Development as for BK21 (2nd phase) Project (Research on New Energy Resource and Power System Interface). The present research has been conducted by the Research Grant of Kwangwoon University in 2010. This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education, Science and Technology (2010-0029425). References

ð6Þ

QoSðt d Þ ¼ 1  k=ðT  td Þ þ ektd

Acknowledgements

ð5Þ

where the number of intrusions or intrusion trials within a specified time duration, td, is N(td + s)  N(s). In particular, (6) is derived when n is zero in (5).

PfT > td g ¼ ektd

Recent years have witnessed cyber security problems of the SCADA network in electric power systems as the integration of network is in full swing. Though research on the methodology of securing SCADA systems is still in its early stage, we have reported findings from the Korean SCADA network which is using its own private network closed to other networks and the Internet for communication. Coupled with the simplicity of network topology and communication combinations, we ferreted out the symmetric encryption method for the cryptography of information and proposed not merely the secret key policy for the SCADA network but the conceptual formulation for decision making. In concluding it is worth reiterating the proposition presented earlier in this paper that a hot issue in the symmetric encryption is to share the common key for doing both encryption and decryption secretly and periodically. Given that this key is used for a long time, it increases the risk to be cracked and takes it for granted to change the key frequently enough. Nevertheless, frequent key changing lays additional traffic burden on the network, leading to a falling-off in the quality of service. Most prominent from our point of view is the decision on the optimal key distribution period based on the QoS function for maximizing the network performance and security within a permissible level.

ð8Þ

[1] Cleveland F. IEC TC57 security standards for the power system’s information infrastructure: beyond simple encryption. Xanthus Consulting International; 2007. . [2] Kokai Y, Masuda F, Horiike S, Sekine Y. Recent development in open systems for EMS/SCADA. Int J Electric Power Energy Syst 1998;20(2):111–23. [3] LeMay M. SCADA protocols: overview of DNP3. . [4] Eisenhauer J, Donnelly P, Ellis M, O’Brien M. Roadmap to secure control systems in the energy sector. Energetics incorporated, January 2006. . [5] Byres E, Lowe J. The myths and facts behind cyber security risks for industrial control systems. . [6] Dzung D, Naedele M, Von Hoff TP, Crevatin M. Security for industrial communication systems. Proc IEEE – Special Issue Indust Commun Syst 2005;93(6):1152–77. [7] Tawalbeh NI, Al-Fahed Nuseirat AM. Peak and daily profile estimation for substations in rural networks. Int J Electric Power Energy Syst 2008;30(3):202–6. [8] El-Fouly THM, Zeineldin HH, El-Saadany EF, Salama MMA. A new optimization model for distribution substation siting, sizing, and timing. Int J Electric Power Energy Syst 2008;30(5):308–15. [9] Schainker R, Douglas J, Kropp T. Electric utility responses to grid security issues. IEEE Power Energy Mag 2006;4(2):30–7. [10] Douglas J. Grid security in the 21st century. EPRI J 2005; (Summer): 29. . [11] Stallings W. Cryptography and network security: principles and practices. 4th ed. New Jersey: Prentice Hall; 2006. [12] Ross SM. Introduction to probability models. 9th ed. Burlington: Academic Press; 2007.