ACRIC: Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check

TL;DR

ACRIC is a cryptographic authentication method that enhances security of legacy industrial networks by utilizing existing CRC fields, enabling seamless, cost-effective security upgrades without hardware changes.

Contribution

ACRIC introduces a novel CRC-based message authentication scheme that ensures security in legacy industrial systems without hardware modifications or protocol changes.

Findings

Provides robust message integrity and authentication

Minimal computational overhead (~4 microseconds)

Enables gradual security upgrades in industrial networks

Abstract

The increasing integration of modern IT technologies into OT technologies and industrial systems is expanding the vulnerability surface of legacy infrastructures, which often rely on outdated protocols and resource-constrained devices. Recent security incidents in safety-critical industries exposed how the lack of proper message authentication enables attackers to inject malicious commands or alter system behavior, revealing fundamental security weaknesses in existing architectures. These shortcomings have thus prompted new regulations that emphasize the pressing need to strengthen cybersecurity, particularly in legacy systems. Authentication is widely recognized as a fundamental security measure that enhances system resilience. However, its adoption in legacy industrial environments is limited due to practical challenges like backward compatibility, message format changes, and hardware replacement or upgrades costs. In this paper, we introduce ACRIC, a message authentication solution to secure legacy industrial communications explicitly tailored to overcome those challenges all at once. ACRIC uniquely leverages cryptographic computations applied to the CRC field - already present in most industrial communication protocols - ensuring robust message integrity protection and authentication without requiring additional hardware or modifications to existing message formats. ACRIC's backward compatibility and protocol-agnostic nature enable coexistence with non-secured devices, thus facilitating gradual security upgrades in legacy infrastructures. Formal security assessment and experimental evaluation on an industrial-grade testbed demonstrate that ACRIC provides robust security guarantees with minimal computational overhead (~ 4 us). These results underscore ACRIC's practicality, cost-effectiveness, and suitability for effective adoption in resource-constrained industrial environments.