Role based access control and authentication for SCADA field devices using a dual Bloom filter and challenge-response.

Author

Jacob Schreiver, University of Louisville

Date on Master's Thesis/Doctoral Dissertation

12-2012

Document Type

Master's Thesis

Degree Name

M. Eng.

Department

Computer Engineering and Computer Science

Committee Chair

Desoky, Ahmed H.

Author's Keywords

Bloom filter; SCADA security; Role based access control; ICS security; Authentication; Modbus

Subject

Digital control systems; Computer security; Process control--Computer programs; Supervisory control systems--Security measures

Abstract

Supervisory control and data acquisition (SCADA) systems are networked control systems used in many critical infrastructure areas such as power water and transportation. Many of these systems continue to use legacy field devices that lack cyber security features. The field device security preprocessor is a bump-in-the-wire security solution of legacy field devices. This thesis describes the design and analysis of a dual Bloom filter structure for use in a field device security preprocessor. A dual Bloom filter is a variant of the traditional Bloom filter, that performs role based access checks in O(1) time. It is shown this structure, which can produce false authentications is shown to be acceptable for this security use thought analysis and penetration testing. Analysis and testing shows that in spite of false positives this structure can provide the required level of security, while maintaining the required level of performance on low cost hardware.

Recommended Citation

Schreiver, Jacob, "Role based access control and authentication for SCADA field devices using a dual Bloom filter and challenge-response." (2012). Electronic Theses and Dissertations. Paper 1281.
https://doi.org/10.18297/etd/1281