Securing critical infrastructures and manufacturing plants in the Industrial-Internet-Of-Things and Industry 4.0 is a challenge today due to the increased number of attacks against automation and SCADA systems. These systems were built without any security considerations in mind, so the evolution towards interconnection and interoperability makes them vulnerable in the context of exposing data to the outside network. Even though new protocols are considering built-in security, the widely spread legacy standard protocols need to be protected. Hence, this paper attempts to offer a solution for securing the legacy insecure communication protocols based on elliptic curve cryptography while fulfilling the time constraints of a real SCADA network. Elliptic curve cryptography is chosen to respond to the low memory resources available for the low level devices of a SCADA network (e.g., PLCs), and also because it can achieve the same level of security as other cryptographic algorithms using smaller sizes for the secure keys. Furthermore, the proposed security methods have the purpose of assuring that the data transmitted between entities of a SCADA and automation system are authentic and confidential. The experimental results showed good timing performance for the cryptographic operations executed on Industruino and MDUINO PLCs, demonstrating that our proposed concept is deployable for Modbus TCP communication in a real automation/SCADA network on existing devices from the industry.
Keywords: ECC; ECDSA; ECIES; OPTIGA TrustX; SCADA security; automation systems.