Modular over-the-wire configurable security for long-lived critical infrastructure monitoring systems

Authors:
Erik Solum;Carl Hauser;Rasika Chakravarthy;Dave Bakken
Affiliations:
Washington State University, Pullman;Washington State University, Pullman;Washington State University, Pullman;Washington State University, Pullman
Venue:
Proceedings of the Third ACM International Conference on Distributed Event-Based Systems
Year:
2009

Citing 9
Cited 0

A logic of authentication

ACM Transactions on Computer Systems (TOCS)
IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks

IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks
Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish)

Fast Software Encryption, Cambridge Security Workshop
Security Issues and Requirements for Internet-Scale Publish-Subscribe Systems

HICSS '02 Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS'02)-Volume 9 - Volume 9
Java Cryptography Extensions: Practical Guide for Programmers

Java Cryptography Extensions: Practical Guide for Programmers
Scalable security and accounting services for content-based publish/subscribe systems

Proceedings of the 2005 ACM symposium on Applied computing
Secure distribution of events in content-based publish subscribe systems

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Encryption-enforced access control in dynamic multi-domain publish/subscribe networks

Proceedings of the 2007 inaugural international conference on Distributed event-based systems
Flexible qos-managed status dissemination middleware framework for the electric power grid

Flexible qos-managed status dissemination middleware framework for the electric power grid

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents a modular, software-based, over-the-wire configurable, end-to-end security architecture for critical infrastructure monitoring systems. The architecture provides mechanisms allowing it to evolve, during operation, over the long lifetimes typically encountered in these systems by allowing security modules to be securely added and replaced at runtime. Our security architecture addresses these systems' need for high-performance secure multi-cast with modules for confidentiality, integrity, authentication, and obfuscation. The variety of available modules provides tradeoffs between performance and security now and for the future. Experimental performance results for various existing modules, in the context of the architecture, are presented. To achieve long system lifetime a secure management system, using protocols based on symmetric-key cryptography, is described.