Role based access control and authentication for SCADA field devices using a dual Bloom filter and challenge-response.
Date on Master's Thesis/Doctoral Dissertation
Computer Engineering and Computer Science
Desoky, Ahmed H.
Bloom filter; SCADA security; Role based access control; ICS security; Authentication; Modbus
Digital control systems; Computer security; Process control--Computer programs; Supervisory control systems--Security measures
Supervisory control and data acquisition (SCADA) systems are networked control systems used in many critical infrastructure areas such as power water and transportation. Many of these systems continue to use legacy field devices that lack cyber security features. The field device security preprocessor is a bump-in-the-wire security solution of legacy field devices. This thesis describes the design and analysis of a dual Bloom filter structure for use in a field device security preprocessor. A dual Bloom filter is a variant of the traditional Bloom filter, that performs role based access checks in O(1) time. It is shown this structure, which can produce false authentications is shown to be acceptable for this security use thought analysis and penetration testing. Analysis and testing shows that in spite of false positives this structure can provide the required level of security, while maintaining the required level of performance on low cost hardware.
Schreiver, Jacob, "Role based access control and authentication for SCADA field devices using a dual Bloom filter and challenge-response." (2012). Electronic Theses and Dissertations. Paper 1281.