Hashing Based Authentication for Ultra-Low Cost Low Power SCADA Application Using MSP430 Microcontroller

(1)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 3, Issue 12, December 2013)

500

Hashing Based Authentication for Ultra-Low Cost Low Power

SCADA Application Using MSP430 Microcontroller

Nabil Litayem

1

, Manjur Kolhar

2

, Imene Mhadhbi

3

, Saied M. Abd El-atty

4

, Slim Ben Saoud

5

1,2,4

Computer Science and Information, Salman Bin Abdulaziz University, Wadi College of Arts and Science, Kingdom of Saudi Arabia

3,5_{LSA Laboratory, INSAT-EPT, University of Carthage, TUNISIA}

Abstract— Nowadays SCADA (Supervisory Control and Data Acquisition) systems became widely used technology. This fact is directly related to the ubiquity of smart systems using a wide range of technologies in control and supervision applications. MCU technology are a very promising technology in this field especially, with the emergence of safety critical MCU, cost/power reduction and wireless connectivity. Due to the ubiquitous use of such technologies, security considerations must be considered. In this paper, we propose a RTU (Remote Terminal Unit) authentication solution that is based on a lightweight hashing algorithm. Proposed solution is suitable for SCADA systems using MSP430 ultra low power low cost MCU. This work is seen as a proof of concept of using such technology with freely available tools to add reliable authentication functionality of our previously designed SCADA systems.

Keywords— SCADA, MSP430, RTU, Security, hash-based authentication.

I. INTRODUCTION

Earlier SCADA system were based on an event-driven operating system and basic serial communications. This kind of solution does not have any security threats because complete physical isolation SCADA devices from any external intrusion. Thanks to Moor Law, SCADA ―Supervisory Control and Data Acquisition‖ [1] applications become cost effective and ubiquitous. Such solution are based on standard hardware, open source software and open protocols.

SCADA applications are nowadays used in power distribution monitoring, nuclear simulators, military data acquisition, health care applications and many thousands of various applications [2], [3] furthermore, they are considered as a part of Internet of Things ecosystem.

The ubiquity requires many careful security

considerations to ensure confidentiality, integrity and availability of such systems. Any compromise in SCADA system security can have serious consequences [4]. During this last decade, many research works have studied the security of such system and proposed innovative solutions, [5], [6], and [7]. In this study, we introduce an authentication solution using a hashing algorithm for

MSP430 microcontroller for SCADA

RTU. The proposed solution has the authentication system or algorithm using various profiles of Quark [8] hashing algorithm, which are chosen after qualitative and

quantitative surveys that are presented in this paper. The

remainder of this work is organized as follows: Section 2, gives a presentation of MSP430 development platform, followed by a survey about SCADA applications and their availability solutions and applications. In section 4, we present the choice and execution of the hashing algorithm. Finally, section 5 concludes this contribution.

II. HARDWARE PLATFORM

A. Introduction to MSP430 Microcontroller

(2)

International Journal of Emerging Technology and Advanced Engineering

501

TABLE 1.

MAIN CHARACTERISTICS OF THE MSP430MCU

Feature Description

Instruction sets 27 RISC instructions Registers 12 general purpose registers Memory 16 Bit Word or Bytes Addressing Addressing

modes

Register direct, register indexed, register indirect and register indirect

Peripherals USART, SPI, I²C, 10/12/14/16-bit ADCs, internal oscillator, timer, PWM, watch dog, brownout reset circuitry, comparators, on-chip op-amps, 12-bit DAC, LCD driver, hardware multiplier, USB, and DMA

Frequency 1Mhz- 25Mhz Electric Power <1µA in IDLE mode On-Chip Memory 256KB Flash, 16 KB RAM

B. MSP430 family and development tools

Texas instrument has a wide range of MSP430 flavours designed for diverse applications, such as smart metering, wireless communication, motor control, personal health care, etc. For each applications of MSP430 flavour Texas Instrument has a development or evaluation board.

The most successful development boards are

MSP-EXP430F5529, eZ430 Chronos [9] and MSP430

Launchpad [10]. MSP430 has the advantage of complete software ecosystem ranging from powerful development environment such as IAR, Code Composer Studio and Energia to very appropriate software stack such as SimpliciTI [11] or Capacitive Touch sense library.

In the other hand, TI MCU solutions are also very cost effective and scalable. The wide variety of available TI MCU offers the possibility to easily change from one TI MCU to another.

C. Launchpad Board

[image:2.612.325.571.128.497.2]

Since 2010, Texas Instrument has expanded MSP430 portfolio by introducing MSP430 Value Line shown in Figure 1. This new low cost family starting at 0.25$, is essentially intended to replace the old 8-bits MCU.

Fig 1. Functional Block Diagram, MSP430G2x53

Fig 2. Launchpad Board

To promote this new family, TI has introduced the

MSP-EXP430G2 LaunchPad showed in Figure 2.

[image:2.612.46.294.158.321.2]

(3)

International Journal of Emerging Technology and Advanced Engineering

502

III. SCADA SYSTEMS

A. Introduction SCADA Systems

Nowadays, SCADA systems (Supervisory Control and Data Acquisition) are almost available in a wide range of electronic devices and applications such as steel making, electric grid, healthcare devices and chemistry. On the other hand, SCADA has become vital to drive critical experiments such as nuclear fusion.

[image:3.612.59.285.360.496.2]

SCADA is not specific to a precise technology, but a type of application. Any application that gets data about a system in order to control that system is a SCADA application. Furthermore, SCADA are computer-based systems that introduce various advanced and innovative supervisory functionalities. This leads to automate traditional complex industrial processes where human control is impractical. Critical infrastructures and industries are nowadays requiring excessive use of this kind of technologies.

Fig 3. SCADA System Architecture [12]

As shown in Figure 3, typical SCADA application control systems, collect field and sensor data, processes and displays the collected data, and send commands to the controlled systems.

In industrial control system, geographic location is the main classification criteria between SCADA and DCS (Distributed Control Systems), since DCSs are used within a single processing or generating plant or over a small geographic area [12] and SCADA systems are used for large geographically dispersed distribution operations. If we consider nuclear power plant, DCS can be used in power production and SCADA in power distribution. Nowadays, with the emergence of Smart Grid and Internet of Things Concepts, SCADA systems more considered. Our work is based on SCADA systems, but it may be extended to DCS.

B. SCADA system Architecture

A SCADA system has three main basic components [13]:

 Remote Terminal Unit (RTU) is an intelligent part

connected to the controlled process. RTU is responsible for reading inputs, make a smart decision, provide outputs signal, take new orders and provide real time feedback to the HMI.

 Human Machine Interface (HMI) is the interface

between user and SCADA system. HMI must provide intelligible data about the physical controlled process.

 Communication infrastructure is used to connect

various components to the SCADA system. Communication infrastructure is responsible to handle various communication protocols and provide some bridging capabilities between RTU network and corporate network.

C. Security of SCADA systems

Earlier SCADA systems were not designed for public access considerations. The only possible security threat was the physical destruction. Due to the interconnection of modern SCADA systems to public networks, several security considerations must be seriously considered. Many researchers proved the existences of the threats to the SCADA system by simulations and real systems [14].

Because of the security flaws present in the SCADA system many academicians and various organizations are putting efforts to make SCADA safe from the threats [15].Sandia National Laboratories (USA), National Infrastructure Security Co-ordination Centre (UK) and British Columbia Institute of Technology (Canada) are the most influential organizations working in this field.

TABLE 2

COMMON ATTACKS FOR SCADA SYSTEMS

Attack Impact on the system

Denial of service

Delaying or blocking the stream of data through control networks

Unauthorized changes

Modification of programs instructions in RTUs at remote sites, resulting in damage to equipment, precipitate closure of processes, or even disabling control equipment

Wrong information sends

Used to control system operators to disguise unauthorized changes or to initiate inappropriate actions by system operators

Control system software modification

Producing unpredictable results

Interference Interfere with the operation of safety systems.

Client Client _Dedicated

Server

Network

Data Server

Controller _Controller

[image:3.612.328.585.547.689.2]

(4)

International Journal of Emerging Technology and Advanced Engineering

503

D. Studied SCADA RTU

[image:4.612.327.573.116.276.2]

Our designed system has the ability to supervise and control various greenhouse signals such as temperature, humidity and pressure. This system can also be remotely controlled to initiate or receive critical alarms. Our studied SCADA RTU is a PID thermal process controller with supervision capability using USCI interface. This intelligent part of this RTU is based on MSP430G2553 MCU.

[image:4.612.47.290.244.549.2]

Fig 4. Supervision interface

Fig 5. Configuration Interface

Fig 6. Designed SCADA RTU

The system illustrated by Figure 6 is designed to emulate greenhouse temperature regulation with some local supervision features such as LCD and LED interface. In the other hand the supervision interface is designed using Visual Basic language. Through this interface we can tune the PID regulator, fix the temperature consign and supervise the evolution of the temperature. Figure 4, and Figure 5 show some views of this interface.

IV. CHOICE AND ADAPTATION OF LIGHTWEIGHT HASHING

ALGORITHM

The goal of this section is to review the available hashing algorithm in order to adopt an appropriate one as an authentication solution for our SCADA system. The choice of the hashing algorithm will be made according to security level, computational complexity and memory footprint. The two last criteria are primordial since our hardware MSP430G2553 microcontroller uses16Kbyte of Flash memory, 512 Byte of RAM memory, and can‘t go over 16MHz in frequency.

A. Introduction hashing Algorithm

(5)

International Journal of Emerging Technology and Advanced Engineering

504

 Authentication algorithms

 Password storage mechanisms

 Digital Signature Standard (DSS)

 Transport Layer Security (TLS)

 Internet Protocol Security (IPSec)

 Random number generation algorithms

In our application, hashing algorithm will be used to protect the authenticity of transmitting information and to offer reliable authentication mechanism.

B. Review of lightweight hashing algorithm

Hashing algorithms are widely used for a broad type of applications. Nowadays, many hashing algorithms are available. Each algorithm can be more adapted for specific fields such as a powerful video platform, FPGA platforms, low performance platforms etc. Table 3, review these algorithms to deliver a big view about these algorithms. Based on this review, we will take the right algorithm to be suitable for our application.

TABLE 3

CANDIDATE HASHING FUNCTIONS

Algorithm Presentation

SHA family Secure Hash Algorithms are a family of Hash Algorithms published by NIST since 1993. SHA has many derivative standards such as SHA-0, SHA-1, SHA-3

MD4 MD5 MD6

Message-Digest Algorithm is a family of broadly used cryptographic hash function developed by Ronald Rivest that produces a 128-bit for MD4 and MD5, 256-bit for MD6

Quark Family of cryptographic functions designed for resource-constrained hardware

environments.

CubeHash A very simple cryptographic hash function designed in University of Illinois at Chicago, Department of Computer Science Grøstl Hashing algorithm designed by a team of

cryptographers from Technical University of Denmark (DTU) and TU Graz Lane Cryptographic hash function suggested in

the NIST SHA-3 competition by the COSIC research group

Shabal Cryptographic hash function submitted by the France funded research project Saphir to NIST‘s

Spectral Hash Cryptographic hash function family based on the discrete Fourier submitted to the NIST hash function competition Keccak-f Cryptographic hash function submitted to

the NIST SHA-3 hash function competition

Whirlpool Whirlpool is a cryptographic hash function recommended by the NESSIE project, adopted by the ISO and IEC as part of the ISO/IEC 10118-3 standard.

UHASH UHASH is a keyed hash function, specified in RFC4418. The primary application of this algorithm is in UMAC message authentication code.

SPONGENT Lightweight hash-function family, known for their small footprint for hardware implementation

Photon A lightweight hash - function designed for very constrained devices

dm-present Ultra-lightweight block cipher designed for RFID applications

SQUASH Not collision resistant, suitable for RFID applications

C. Quark Hashing Algorithm

As noted in [21], designers of lightweight cryptographic algorithms or protocols have trade-off between two opposite design philosophies. The first one consists in creating new schemes from scratch, whereas the second consists in reusing available schemes and adapting them to system constraints. The main features of Quark are separating digest length, security level and working with shift registers.

D. Adoption of Quark hashing algorithm to the MSP430G2553 microcontroller

In our SCADA system the execution of the hashing algorithm is just used during new supervision node connection, then this algorithm can have a middle complexity level since during the authentication the system does not have any notable load.

V. PERFORMANCE EVALUATION OF VARIOUS QUARK

PROFILES RUNNING UNDER MSP430G2553

E. Obtained results

(6)

International Journal of Emerging Technology and Advanced Engineering

505

TABLE 4.

EXECUTION TIME OF VARIOUS PROFILES OF UQUARK ALGORITHM

TABLE 5.

FOOTPRINT OF VARIOUS PROFILES OF UQUARK ALGORITHM

F. Results analysis

The obtained result reflects the good performance of Quark algorithm, the lighter version can be very appropriate for wireless sensor network applications. On the other hand, the overhead of complete profile is acceptable and we think that this interpretation can be more adapted for modern SCADA applications. We would like to emphasize that this outcome is obtained with 1 MHz MCU frequency, which can be easily improved by increasing the frequency of the MCU since the adopted MCU can run up to 16 MHz or by switching to higher MCU family.

VI. CONCLUSION AND PERSPECTIVES

This study focused on SCADA system security but since the boundaries between SCADA systems, DCS, WSN, WSAN and IoT become bluer, this work can be extended to encompass such areas. In the other hand, Texas Instruments introduced a large brand of Launchpad board for various MCU platforms. These platforms offer various types of features. Investigating these platforms can be an interesting extension to this work.

Actually, we plan to expand this work by adding an appropriate lightweight cryptography algorithm [22] to our platform. Such solution can be very interesting in distributed SCADA applications.

Acknowledgment

I would like to thank the Salman Bin Abdulaziz University for the continued and positive support for scientific researches, and thank the anonymous reviewers for their valuable comments.

REFERENCES

[1] WHAT IS SCADA?, A. Daneels, CERN, Geneva, Switzerland W.Salter, CERN, Geneva, Switzerland, International Conference on Accelerator and Large Experimental Physics Control Systems, 1999, Trieste, Italy

[2] Efficient SCADA Module for Improving Medical Information Monitoring and Reliable Medical Service in Hospital Networks Randy S. Tolentino1), Sungwon Park2), Journal of Security Engineering 2010

[3] Study of Wireless Sensor Network in SCADA System for Power Plant, U. S. Patil, International Journal of Smart Sensors and Ad Hoc Networks (IJSSAN) ISSN No. 2248-9738 (Print) Volume-1, Issue-2, 2011

[4] Vulnerability Assessment of Cybersecurity for SCADA Systems, Chee-Wooi Ten, Student Member, IEEE, Chen-Ching Liu, Fellow, IEEE, and Govindarasu Manimaran, Member, IEEE, IEEE TRANSACTIONS ON POWER SYSTEMS, VOL. 23, NO. 4, NOVEMBER 2008

[5] Wang, Yongge. "sSCADA: Securing SCADA infrastructure communications."arXiv preprint arXiv:1207.5434 (2012).

‏

[6] A Testbed for Secure and Robust SCADA Systems, Annarita Giani, Gabor Karsai, Tanya Roosta, Aakash Shah, Bruno Sinopoli, Jon Wiley

[7] Secure SCADA framework for the protection of energy control systems, Cristina Alcaraz1, Javier Lopez1, Jianying Zhou2 and Rodrigo Roman1, Concurrency Computat.: Pract. Exper. 2011; 23:1431–1442

[8] Aumasson, Jean-Philippe, et al. "Quark: A lightweight hash." Cryptographic Hardware and Embedded Systems, CHES 2010. Springer Berlin Heidelberg, 2010. 1-15.

[9] Yoo, Seong-eun. "A Wireless Sensor Network-Based Portable Vehicle Detector Evaluation System." Sensors 13, no. 1 (2013): 1160-1182.

[10] Chernbumroong, Saisakul, Anthony S. Atkins, and Hongnian Yu. "Activity classification using a single wrist-worn accelerometer." Software, Knowledge Information, Industrial Management and Applications (SKIMA), 2011 5th International Conference on. IEEE, 2011.

[11] Nikitin, Pavel V., Shashi Ramamurthy, and Rene Martinez. "Simple Low Cost UHF RFID Reader."

[12] Friedman, Larry. "SimpliciTI: simple modular RF network specification." Update (2007): 1-03.

[13] Daneels, Axel, and Wayne Salter. "What is SCADA." International Conference on Accelerator and Large Experimental Physics Control Systems. 1999.

[14] Daneels, A., & Salter, W. (1999, October). What is SCADA. In International Conference on Accelerator and Large Experimental Physics Control Systems (pp. 339-343).

[15] Davis, C. M., Tate, J. E., Okhravi, H., Grier, C., Overbye, T. J., & Nicol, D. (2006, September). SCADA cyber security testbed development. In Power Symposium, 2006. NAPS 2006. 38th North American (pp. 483-488). IEEE.

[16] Igure, V. M., Laughter, S. A., & Williams, R. D. (2006). Security issues in SCADA networks. Computers & Security, 25(7), 498-506.

Alghorithm Execution time (ms)

UQUARK 1.414027149

DQUARK 1.486546752

SQUARK 1.652073352

CQUARK 1.902949572

Alghorithm Footprint (Byte)

UQUARK 4057

DQUARK 4188

SQUARK 4230

(7)

International Journal of Emerging Technology and Advanced Engineering

506 [17] Jianwei, L., & Huijie, C. (2013). A Dynamic Hashing Algorithm

Suitable for Embedded System. TELKOMNIKA Indonesian Journal of Electrical Engineering, 11(6).

[18] Balasch, J., Ege, B., Eisenbarth, T., Gérard, B., Gong, Z., Güneysu, T& Von Maurich, I. (2013). Compact implementation and performance evaluation of hash functions in attiny devices. In Smart Card Research and Advanced Applications (pp. 158-172). Springer Berlin Heidelberg.

[19] Aumasson, J. P., Henzen, L., Meier, W., & Naya-Plasencia, M. (2013). Quark: A lightweight hash. Journal of cryptology, 26(2), 313-339.

[20] Guo, J., Peyrin, T., & Poschmann, A. (2011). The PHOTON family of lightweight hash functions. In Advances in Cryptology–CRYPTO 2011 (pp. 222-239). Springer Berlin Heidelberg.

[21] Bogdanov, A., Knežević, M., Leander, G., Toz, D., Varıcı, K., & Verbauwhede, I. (2011). SPONGENT: A lightweight hash function. In Cryptographic Hardware and Embedded Systems–CHES 2011 (pp. 312-325). Springer Berlin Heidelberg.