Methods, systems and devices for securing supervisory control and data acquisition (SCADA) communications

US 20050005093A1
Filed: 06/15/2004
Published: 01/06/2005
Est. Priority Date: 07/01/2003
Status: Abandoned Application

First Claim

Patent Images

1. A secure supervisory control and data acquisition (SCADA) system for communicating with a plurality of remote terminal units (RTUs), the secure SCADA system comprising:

a SCADA control host configured to process SCADA information;

a transceiver configured to transfer the SCADA information between the SCADA control host and at least one of the plurality of remote terminal units; and

a host security device (HSD) operatively coupled between the SCADA control host and the transceiver, wherein the HSD is configured to transparently encrypt and decrypt the SCADA information passing through the HSD to thereby establish secure communications between the SCADA control host and the at least one of the plurality of remote terminal units.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure supervisory control and data acquisition (SCADA) system includes a SCADA control host system and any number of remote terminal unit (RTU) systems. Each RTU system includes an RTU transceiver, an RTU and a remote security device (RSD) coupling the RTU to the RTU transceiver. The SCADA control host system includes a SCADA control host configured to exchange SCADA information with each of the RTUs in a SCADA format, and a host security device (HSD) coupling the SCADA control host to a host transceiver. The host transceiver is configured to establish communications with each of the plurality of RTU transceivers. The HSD communicates with the RSDs to transparently encrypt the SCADA information using a cryptographic protocol that is independent of the SCADA protocol to thereby secure the communications between the HSD and each of the RSDs.

203 Citations

56 Claims

1. A secure supervisory control and data acquisition (SCADA) system for communicating with a plurality of remote terminal units (RTUs), the secure SCADA system comprising:
- a SCADA control host configured to process SCADA information;
  
  a transceiver configured to transfer the SCADA information between the SCADA control host and at least one of the plurality of remote terminal units; and
  
  a host security device (HSD) operatively coupled between the SCADA control host and the transceiver, wherein the HSD is configured to transparently encrypt and decrypt the SCADA information passing through the HSD to thereby establish secure communications between the SCADA control host and the at least one of the plurality of remote terminal units.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The secure SCADA system of claim 1 wherein the at least one of the plurality of RTUs is coupled to a remote security device (RSD), and wherein the RSD is configured to interact with the HSD to thereby implement the secure communications between the HSD and the at least one of the plurality of RTUs.
  - 3. The secure SCADA system of claim 2, wherein the HSD is further configured to authenticate the RSD prior to establishing the secure communications.
  - 4. The secure SCADA system of claim 2, wherein the HSD is further configured to maintain a log of communications with the plurality of RSDs.
  - 5. The secure SCADA system of claim 1 wherein the HSD is further configured to encrypt and decrypt the SCADA information using a cryptography protocol.
  - 6. The secure SCADA system of claim 5 wherein the SCADA information comprises a format independent of the cryptography protocol.
  - 7. The secure SCADA system of claim 5 wherein the cryptography protocol is independent of the SCADA information.
  - 8. The secure SCADA system of claim 2 wherein the HSD is further configured to detect tampering in the RSD.
  - 9. The secure SCADA system of claim 2 wherein the HSD is further configured to detect signal tampering between the HSD and the RSD.
  - 10. The secure SCADA system of claim 2 wherein the HSD is further configured to communicate with the SCADA control host to receive control instructions for the RSD.
  - 11. The secure SCADA system of claim 10 wherein the control instructions comprise an instruction to disable the RSD.
  - 12. The secure SCADA system of claim 10 wherein the control instructions comprise an instruction to reboot the RSD.
  - 13. The secure SCADA system of claim 10 wherein the control instructions comprise an instruction to upgrade software stored within the RSD.
  - 14. The secure SCADA system of claim 10 wherein the control instructions comprise an instruction to query the RSD.

15. A secure supervisory control and data acquisition (SCADA) system comprising:
- a plurality of remote terminal units (RTUs) systems, each RTU system comprising an RTU transceiver, an RTU and a remote security device (RSD) coupling the RTU to the RTU transceiver; and
  
  a SCADA control host system comprising a SCADA control host configured to exchange SCADA information with each of the RTUs in a SCADA format, and a host security device (HSD) coupling the SCADA control host to a host transceiver, wherein the host transceiver is configured to establish communications with each of the plurality of RTU transceivers;
  
  wherein the HSD is configured to communicate with the plurality of RSDs to transparently encrypt the SCADA information using a cryptographic protocol that is independent of the SCADA protocol to thereby secure the communications between the HSD and each of the plurality of RSDs.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The secure SCADA system of claim 15 wherein the HSD is further configured to authenticate each of the plurality of RSDs prior to establishing secure communications.
  - 17. The secure SCADA system of claim 16 wherein the HSD is further configured to encrypt the SCADA information transmitted with each of the plurality of RSDs using a cryptographic key that is unique to that RSD.
  - 18. The secure SCADA system of claim 15 wherein the HSD further comprises an RSD table, and wherein the HSD is further configured to validate each of the plurality of RSDs with the RSD table.
  - 19. The secure SCADA system of claim 18 wherein the HSD is further configured to automatically discover the presence of each of the plurality of RSDs listed in the RSD table.
  - 20. The secure SCADA system of claim 18 wherein the HSD is further configured to identify RSDs that are not listed in the RSD table.
  - 21. The secure SCADA system of claim 18 wherein the HSD is further configured to track the status and availability of each of the plurality of RSDs in the RSD table.

22. A host security device (HSD) for securing communications between a SCADA control host and a remote security device (RSD) via a transceiver, the host security device comprising:
- a clear interface configured to communicate with the SCADA control host to thereby exchange clear data between the HSD and the SCADA control host;
  
  a secure interface configured to communicate with the transceiver to thereby exchange encrypted data between the HSD and the RSD; and
  
  a processing module configured to encrypt the clear data received at the clear interface to thereby create encrypted data for transmission via the secure interface, and to decrypt encrypted data received at the secure interface to thereby extract clear data for transmission via the clear interface.
- View Dependent Claims (23)
- - 23. The HSD of claim 22 wherein the processing module is further configured to maintain a data log of communications passing through the HSD.

24. A remote security device for securing communications between a host security device (HSD) and a remote terminal unit (RTU) via a transceiver, the remote security device (RSD) comprising:
- a clear interface configured to communicate with the RTU to thereby exchange clear data between the RSD and the RTU;
  
  a secure interface configured to communicate with the transceiver to thereby exchange encrypted data between the RSD and the HSD; and
  
  a processing module configured to encrypt the clear data received at the clear interface to thereby create encrypted data for transmission via the secure interface, and to decrypt encrypted data received at the secure interface to thereby extract clear data for transmission via the clear interface.
- View Dependent Claims (25, 26, 27, 28, 29)
- - 25. The remote security device of claim 24 further comprising an interface to a camera, and wherein the camera is configured to obtain video images.
  - 26. The remote security device of claim 25 wherein the RSD further comprises a database configured to store the video images.
  - 27. The remote security device of claim 25 wherein the camera is activated when motion in the vicinity of the RSD is detected.
  - 28. The remote security device of claim 25 wherein the video images are photographic images.
  - 29. The remote security device of claim 25 wherein the video images are motion video sequences.

30. A method of transferring SCADA information from a sender to a receiver, the method comprising the steps of:
- receiving the SCADA information from a sender at a clear interface;
  
  encrypting the SCADA information using a cryptographic protocol that is independent of the SCADA information to create an encrypted data stream; and
  
  providing the encrypted data stream to a secure interface for transmission to the receiver.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
- - 31. The method of claim 30 further comprising the step of authenticating the receiver prior to the encrypting step.
  - 32. The method of claim 31 wherein the authenticating step comprises:
    - generating a first nonce;
      
      receiving a second nonce from the receiver;
      
      computing a first hash as a function of the first and second nonces;
      
      receiving a second hash from the receiver;
      
      comparing the first and second hashes to each other; and
      
      accepting authentication if the first and second hashes match, and otherwise denying authentication.
  - 33. The method of claim 32 wherein the first hash is further encrypted as a function of a masterskey shared between the sender and receiver.
  - 34. The method of claim 31 further comprising the step of selecting between a secure mode and a pass-through mode for transferring the SCADA information.
  - 35. The method of claim 34 wherein the selecting step comprises the steps of:
    - generating a first key exchange message;
      
      transmitting the first key exchange message to the receiver;
      
      receiving a second key exchange message from the receiver;
      
      validating the second key exchange message; and
      
      entering the secure mode with the receiver if the second key exchange message is valid.
  - 36. The method of claim 35 wherein the first and second key exchange messages are generated as a function of a randomly generated nonce and a randomly generated session key.
  - 37. The method of claim 36 wherein the first and second key exchange messages comprise verification information relating to the randomly generated session key.
  - 38. The method of claim 37 wherein the first and second key exchange messages are encrypted with a shared master key.
  - 39. The method of claim 34 further comprising the steps of:
    - generating a key clear message;
      
      transmitting the key clear message to the receiver;
      
      receiving an acknowledgement from the receiver; and
      
      entering the pass-through mode with the receiver after receiving the acknowledgement.
  - 40. The method of claim 39 wherein the key clear message is generated as a function of a nonce, a shared master key, and a session key.
  - 41. The method of claim 30 further comprising the steps of:
    - receiving encrypted data from the receiver at the secure interface;
      
      decrypting the encrypted data using the cryptographic protocol to extract received SCADA information; and
      
      providing the received SCADA information to the sender via the clear interface.
  - 42. The method of claim 30 wherein the cryptographic protocol comprises an RC4 cipher.
  - 43. The method of claim 30 wherein the cryptographic protocol comprises a DES cipher.
  - 44. The method of claim 30 wherein the cryptographic protocol comprises an AES cipher.
  - 45. The method of claim 30 further comprising the step of transmitting a header to the receiver prior to the providing step.
  - 46. The method of claim 45 wherein the header is transmitted to the receiver immediately upon initial receipt of the SCADA information.
  - 47. The method of claim 45 wherein the header is transmitted to the receiver prior to the encrypting step.
  - 48. The method of claim 46 wherein the encrypting and providing steps take place substantially simultaneously.
  - 49. The method of claim 48 further comprising the step of terminating the encrypting step in response to temporal constraints.
  - 50. The method of claim 48 further comprising the step of terminating the encrypting step as a function of the size of the SCADA information.
  - 51. The method of claim 48 further comprising the step of transmitting a trailer to the receiver following the encrypted SCADA information.

52. A data structure for storing SCADA information, the data structure comprising:
- a header field comprising metadata about the SCADA information and a destination address;
  
  a payload field having a variable length for storing the SCADA information; and
  
  a trailer field comprising a checksum for verifying the contents of the payload field.
- View Dependent Claims (53, 54, 55)
- - 53. The data structure of claim 52 wherein the payload field comprises data encrypted in a format that is independent of the format of the SCADA information.
  - 54. A signal modulated on a carrier wave, wherein the signal comprises the data structure of claim 52.
  - 55. A digital storage medium having computer-readable data stored thereon, wherein the computer-readable data is formatted according to the data structure of claim 52.

56. Computerized means for transferring SCADA information from a sender to a receiver, the computerized means comprising:
- means for receiving the SCADA information from the sender;
  
  means for encrypting the SCADA information using a cryptographic protocol that is independent of the SCADA information to create an encrypted data stream; and
  
  means for providing the encrypted data stream for transmission to the receiver.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Robert Thomas Sill
Original Assignee
Robert Thomas Sill
Inventors
Guillotte, Mike, Schneider, Peter, Bartels, Andrew

Application Number

US10/869,217
Publication Number

US 20050005093A1
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

G06F 21/606   by securing the transmissio...

H04L 63/0428   wherein the data content is...

H04L 63/0853   using an additional device,...

H04L 67/12   specially adapted for propr...

H04L 67/34   involving the movement of s...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Methods, systems and devices for securing supervisory control and data acquisition (SCADA) communications

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

203 Citations

56 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, systems and devices for securing supervisory control and data acquisition (SCADA) communications

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

203 Citations

56 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links