K7: A Protected Protocol for Industrial Control Systems that Fits Large Organizations

One of the main obstacles of securing industrial control systems is the lack of an appropriate security model that is both implementable by vendors and addresses the inherent security and usability issues needed by organizations. Current solutions such as device passwords and IPSec lack scalable key management infrastructure and fine granularity access control mechanisms. In this paper we propose a novel security model for industrial control systems that supports organizational level authorizations and authentication requirements, while hiding the low-level details (e.g., keys and passwords) from the users. It also allows to easily add and remove PLCs, engineering stations, HMI devices and users, and assign permissions to them. The core of the model is a new ICS secure protocol that we call K7. Without loss of generality, we base our protocol on the Siemens S7 protocol, and enhance it with new cryptographic features to support the extra functionality. We use a ticket-based system (e.g., Kerberos with LDAP server) to support the exchange of permissions and keys, and incorporate it into our protocol. To prove our solution, we implemented K7 as a protocol converter add-on to standard Siemens clients and PLCs that transform them into augmented devices that use K7. A major advantage is its support for ICS systems, that contain legacy devices, and the simple ability to upgrade their security using device augmentation. We hope that Siemens and other vendors will add direct support for K7 on their ICS systems.