Caching-based Multicast Message Authentication in Time-critical Industrial Control Systems

TL;DR

This paper introduces lightweight, caching-based multicast message authentication schemes, CMA and CMMA, designed for high-speed, low-latency industrial control systems to prevent malicious data injection efficiently.

Contribution

The paper presents novel precomputation and caching schemes that eliminate cryptographic overhead during message verification in time-critical ICS environments.

Findings

C(M)MA achieves minimal runtime verification overhead.

The schemes support message rates of thousands per second.

Feasibility demonstrated in smart grid substation automation.

Abstract

Attacks against industrial control systems (ICSs) often exploit the insufficiency of authentication mechanisms. Verifying whether the received messages are intact and issued by legitimate sources can prevent malicious data/command injection by illegitimate or compromised devices. However, the key challenge is to introduce message authentication for various ICS communication models, including multicast or broadcast, with a messaging rate that can be as high as thousands of messages per second, within very stringent latency constraints. For example, certain commands for protection in smart grids must be delivered within 2 milliseconds, ruling out public-key cryptography. This paper proposes two lightweight message authentication schemes, named CMA and its multicast variant CMMA, that perform precomputation and caching to authenticate future messages. With minimal precomputation and communication overhead, C(M)MA eliminates all cryptographic operations for the source after the message is given, and all expensive cryptographic operations for the destinations after the message is received. C(M)MA considers the urgency profile (or likelihood) of a set of future messages for even faster verification of the most time-critical (or likely) messages. We demonstrate the feasibility of C(M)MA in an ICS setting based on a substation automation system in smart grids.