Secure Group Key Agreement on Cyber-Physical System Buses

TL;DR

This paper presents a new distributed group key agreement protocol tailored for secure communication in cyber-physical system buses, addressing constraints like resource limits, dynamic membership, and adversarial threats.

Contribution

It introduces a novel GKA protocol based on TreeKEM, specifically designed for constrained CPS bus environments with dynamic and secure group communication.

Findings

Protocol is secure against strong adversaries

Efficient for resource-constrained devices

Supports dynamic membership changes

Abstract

Cyber-Physical Systems (CPSs) rely on distributed embedded devices that often must communicate securely over buses. Ensuring message integrity and authenticity on these buses typically requires group-shared keys for Message Authentication Codes (MACs). To avoid insecure fixed pre-shared keys and trust-on-first-use concepts, a Group Key Agreement (GKA) protocol is needed to dynamically agree on a key amongst the devices. Yet existing GKA protocols lack adaptability to constrained CPS buses. This paper targets authenticated, fully distributed GKA suitable for bus topologies under constraints of industrial and cyber-physical systems, including broadcast-only links, half-duplex operation, resource limits, dynamic membership (including unannounced leaves), a long device lifetime, and a strong Dolev-Yao adversary capable of partitioning the bus. We first systematise existing protocols, then derive the requirements necessary for an authenticated and fully distributed GKA on bus systems. Finally, we design, implement, and evaluate a custom GKA protocol based on TreeKEM.