Securing Industrial Control System: An End-to-End Integrity Verification Approach

Keoh, S. L. , Au, K. W. K. and Tang, Z. (2015) Securing Industrial Control System: An End-to-End Integrity Verification Approach. In: Industrial Control System Security (ICSS) Workshop in conjunction with 31st Annual Computer Security Applications Conference (ACSAC), Los Angeles, CA, USA, 8 Dec 2015,

[img] Text
112203.pdf - Accepted Version
Restricted to Repository staff only


Publisher's URL:


The integrity and authenticity of sensor data in an Industrial Control Systems (ICS) is crucial to ensure the correctness of the processes in industrial facilities. Measurements collected from remotely connected field sensors must have their integrity and authenticity guaranteed, and any malicious tampering to the data must be detected. This paper introduces secure end-to-end data integrity verification for ICS, a security protocol that allows the field controllers to securely aggregate data collected from field devices, while enabling the central controller in the back-end to verify the integrity and data originality from its sources. Thus, compromise of field controllers can be detected swiftly. The aggregated data is protected using Chameleon Hashing and Signatures. It is then forwarded to the central controller for verification, analysis and to facilitate the control of industrial processes. Using the Trapdoor Chameleon Hash Function, the field devices can periodically send an evidence to the central controller, by computing an alternative message and a random value (m′, r′) such that m′ consists of all previous sensor data measurements of the field device in a specified period of time. By verifying that the Chameleon Hash Value of (m′, r′) and the sensor data matches those aggregated by the field controller, the central controller can verify the integrity and authenticity of the data from the field devices. Any data anomaly between field devices and field controllers can be detected, thus indicating potential compromise of field controllers.

Item Type:Conference Proceedings
Glasgow Author(s) Enlighten ID:Keoh, Dr Sye Loong
Authors: Keoh, S. L., Au, K. W. K., and Tang, Z.
College/School:College of Science and Engineering > School of Computing Science

University Staff: Request a correction | Enlighten Editors: Update this record