On Design-time Security in IEC 61499 Systems: Conceptualisation, Implementation, and Feasibility

TL;DR

This paper introduces a design-time security approach for IEC 61499-based industrial automation systems, enabling secure inter-PLC communication through annotations that are transformed into encryption layers, demonstrated with real-time feasibility in smart-grid applications.

Contribution

It presents a novel method to incorporate security annotations into IEC 61499 designs, automatically generating encryption layers for secure PLC communication.

Findings

The confidentiality layer supports various encryption methods.

Secure communication can meet real-time constraints.

The approach is validated in a smart-grid case study.

Abstract

Cyber-attacks on Industrial Automation and Control Systems (IACS) are rising in numbers and sophistication. Embedded controller devices such as Programmable Logic Controllers (PLCs), which are central to controlling physical processes, must be secured against attacks on confidentiality, integrity and availability. The focus of this paper is to add design-level support for security in IACS applications, especially around inter-PLC communications. We propose an end-to-end solution to develop IACS applications with inherent, and parametric support for security. Built using the IEC 61499 Function Blocks standard, this solution allows us to annotate certain communications as 'secure' during design time. When the application is compiled, these annotations are transformed into a security layer that implements encrypted communication between PLCs. In this paper, we implement a part of this security layer focussed on confidentiality, called Confidentiality Layer for Function Blocks (CL4FB), which provides a range of encryption/decryption and secure key exchange functionalities. We study the impact of using CL4FB in IACS applications with real-time constraints. Through a case study focussing on protection functions in smart-grids, we show that varying levels of confidentiality can be achieved while also meeting hard real-time deadlines.