METHODS, SYSTEMS AND DEVICES FOR SECURING SUPERVISORY CONTROL AND DATA ACQUISITION (SCADA) COMMUNICATIONS

US 20100058052A1
Filed: 04/29/2009
Published: 03/04/2010
Est. Priority Date: 07/01/2003
Status: Abandoned Application

First Claim

Patent Images

1. A secure supervisory control and data acquisition (SCADA) system for communicating with a plurality of remote terminal units (RTUs), the secure SCADA system comprising:

a SCADA control host configured to process SCADA information;

a transceiver configured to transfer the SCADA information between the SCADA control host and at least one of the plurality of remote terminal units; and

a host security device (HSD) operatively coupled between the SCADA control host and the transceiver, wherein the HSD is configured to transparently encrypt and decrypt the SCADA information passing through the HSD to thereby establish secure communications between the SCADA control host and the at least one of the plurality of remote terminal units, and to stream the SCADA information passing therethrough such that a portion of a first packet of SCADA information is encrypted/decrypted as it is received by the HSD and transferred to the at least one of the plurality of RTUs or the control host, respectively, concurrent with the receipt of another portion of the first packet by the HSD.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure supervisory control and data acquisition (SCADA) system includes a SCADA control host system and any number of remote terminal unit (RTU) systems. Each RTU system includes an RTU transceiver, an RTU and a remote security device (RSD) coupling the RTU to the RTU transceiver. The SCADA control host system includes a SCADA control host configured to exchange SCADA information with each of the RTUs in a SCADA format, and a host security device (HSD) coupling the SCADA control host to a host transceiver. The host transceiver is configured to establish communications with each of the plurality of RTU transceivers. The HSD communicates with the RSDs to transparently encrypt the SCADA information using a cryptographic protocol that is independent of the SCADA protocol to thereby secure the communications between the HSD and each of the RSDs.

48 Citations

View as Search Results

61 Claims

1. A secure supervisory control and data acquisition (SCADA) system for communicating with a plurality of remote terminal units (RTUs), the secure SCADA system comprising:
- a SCADA control host configured to process SCADA information;
  
  a transceiver configured to transfer the SCADA information between the SCADA control host and at least one of the plurality of remote terminal units; and
  
  a host security device (HSD) operatively coupled between the SCADA control host and the transceiver, wherein the HSD is configured to transparently encrypt and decrypt the SCADA information passing through the HSD to thereby establish secure communications between the SCADA control host and the at least one of the plurality of remote terminal units, and to stream the SCADA information passing therethrough such that a portion of a first packet of SCADA information is encrypted/decrypted as it is received by the HSD and transferred to the at least one of the plurality of RTUs or the control host, respectively, concurrent with the receipt of another portion of the first packet by the HSD.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 53, 54, 55, 56, 57)
- - 2. The secure SCADA system of claim 1 wherein the at least one of the plurality of RTUs is coupled to a remote security device (RSD), and wherein the RSD is configured to interact with the HSD to thereby implement the secure communications between the HSD and the at least one of the plurality of RTUs.
  - 3. The secure SCADA system of claim 2 wherein the HSD is further configured to authenticate the RSD prior to establishing the secure communications.
  - 4. The secure SCADA system of claim 2 wherein the HSD is further configured to maintain a log of communications with the plurality of RSDs.
  - 5. The secure SCADA system of claim 1 wherein the HSD is further configured to encrypt and decrypt the SCADA information using a cryptography protocol.
  - 6. The secure SCADA system of claim 5 wherein the SCADA information comprises a format independent of the cryptography protocol.
  - 7. The secure SCADA system of claim 5 wherein the cryptography protocol is independent of the SCADA information.
  - 8. The secure SCADA system of claim 2 wherein the HSD is further configured to detect tampering in the RSD.
  - 9. The secure SCADA system of claim 2 wherein the HSD is further configured to detect signal tampering between the HSD and the RSD.
  - 10. The secure SCADA system of claim 2 wherein the HSD is further configured to communicate with the SCADA control host to receive control instructions for the RSD.
  - 11. The secure SCADA system of claim 10 wherein the control instructions comprise an instruction to disable the RSD.
  - 12. The secure SCADA system of claim 10 wherein the control instructions comprise an instruction to reboot the RSD.
  - 13. The secure SCADA system of claim 10 wherein the control instructions comprise an instruction to upgrade software stored within the RSD.
  - 14. The secure SCADA system of claim 10 wherein the control instructions comprise an instruction to query the RSD.
  - 53. The secure SCADA system of claim 1 wherein:
    - (i) the HSD is configured to receive the first packet of SCADA information from the SCADA control host at a clear interface thereof wherein the first packet is of variable length and is comprised of clear data, to encrypt a portion of the first packet as it is received at the clear interface, and to transmit the encrypted information from a secure interface thereof to the at least one of the plurality of RTUs, while concurrently receiving another portion of the first packet at the clear interface, thereby reducing latency in the SCADA system; and
      
      (ii) the HSD is further configured to receive a second packet of SCADA information from the at least one of the plurality of RTUs at a secure interface thereof wherein the second packet is of variable length and is comprised of encrypted data, to decrypt a portion of the second packet as it is received at the secure interface, and to transfer the decrypted information from the clear interface to the SCADA control host, while concurrently receiving another portion of the second packet at the secure interface, thereby reducing latency in the SCADA system.
  - 54. The secure SCADA system of claim 53 wherein the second packet is part of a data stream that further comprises a trailer field that includes a cyclic redundancy code (CRC), the HSD being configured to maintain a running cyclic redundancy code (CRC) based on the decrypted received SCADA information, to compare the next received and decrypted portion of the second packet with the current composition of the running CRC and to recognize the end of the second packet when the running CRC matches the CRC of the trailer.
  - 55. The secure SCADA system of claim 2 wherein the RSD is operatively coupled between the at least one of the plurality of RTUs and a transceiver that is configured to transfer SCADA information between the RSD and the HSD, the RSD being configured to transparently encrypt and decrypt the SCADA information passing therethrough, and to stream the SCADA information such that a portion of a first packet of SCADA information received by the RSD is encrypted/decrypted as it is received by the RSD and transferred to the HSD or the at least one of the plurality of RTUs, respectively, concurrent with the receipt of another portion of the first packet by the RSD.
  - 56. The secure SCADA system of claim 55 wherein:
    - (i) the RSD is configured to receive the first packet of SCADA information from the at least one of a plurality of RTUs at a clear interface thereof wherein the first packet is of variable length and is comprised of clear data, to encrypt a portion of the first packet as it is received at the clear interface, and to transmit the encrypted information from a secure interface thereof to the HSD, while concurrently receiving another portion of the first packet at the clear interface, thereby reducing latency in the SCADA system; and
      
      (ii) the RSD is configured to receive a second packet of SCADA information from the HSD at the secure interface thereof wherein the second packet is of variable length and is comprised of encrypted data, to decrypt a portion of the second packet as it is received at the secure interface, and to transfer the decrypted information from the clear interface to the at least one of the plurality of RTUs, while concurrently receiving another portion of the second packet at the secure interface, thereby reducing latency in the SCADA system.
  - 57. The secure SCADA system of claim 56 wherein the second packet is part of a data stream that further comprises a trailer field that includes a cyclic redundancy code (CRC), the RSD being configured to maintain a running cyclic redundancy code (CRC) based on the decrypted received SCADA information, to compare the next received and decrypted portion of the second packet with the current composition of the running CRC and to recognize the end of the third packet when the running CRC matches the CRC of the trailer field.

15. A secure supervisory control and data acquisition (SCADA) system comprising:
- a plurality of remote terminal units (RTUs) systems, each RTU system comprising an RTU transceiver, an RTU and a remote security device (RSD) coupling the RTU to the RTU transceiver; and
  
  a SCADA control host system comprising a SCADA control host configured to exchange SCADA information with each of the RTUs in a SCADA format, and a host security device (HSD) coupling the SCADA control host to a host transceiver, wherein the host transceiver is configured to establish communications with each of the plurality of RTU transceivers;
  
  wherein the HSD is configured to communicate with the plurality of RSDs to transparently encrypt the SCADA information using a cryptographic protocol that is independent of the SCADA protocol to thereby secure the communications between the HSD and each of the plurality of RSDs, and to stream the SCADA information passing therethrough such that a portion of a first packet of SCADA information is encrypted as it is received by the HSD and transferred to at least one of the plurality of RSDs concurrent with the receipt of another portion of the first packet by the HSD.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The secure SCADA system of claim 15 wherein the HSD is further configured to authenticate each of the plurality of RSDs prior to establishing secure communications.
  - 17. The secure SCADA system of claim 16 wherein the HSD is further configured to encrypt the SCADA information transmitted with each of the plurality of RSDs using a cryptographic key that is unique to that RSD.
  - 18. The secure SCADA system of claim 15 wherein the HSD further comprises an RSD table, and wherein the HSD is further configured to validate each of the plurality of RSDs with the RSD table.
  - 19. The secure SCADA system of claim 18 wherein the HSD is further configured to automatically discover the presence of each of the plurality of RSDs listed in the RSD table.
  - 20. The secure SCADA system of claim 18 wherein the HSD is further configured to identify RSDs that are not listed in the RSD table.
  - 21. The secure SCADA system of claim 18 wherein the HSD is further configured to track the status and availability of each of the plurality of RSDs in the RSD table.

22. A host security device (HSD) for securing communications between a SCADA control host and a remote security device (RSD) via a transceiver, the HSD comprising:
- a clear interface configured to communicate with the SCADA control host to thereby exchange clear data between the HSD and the SCADA control host;
  
  a secure interface configured to communicate with the transceiver to thereby exchange encrypted data between the HSD and the RSD; and
  
  a processing module configured to encrypt a portion of a first packet of clear data received at the clear interface to thereby create encrypted data for transmission via the secure interface, the processing module being further configured to transmit the encrypted portion of the first packet via the secure interface, while concurrently receiving another portion of the first packet at the clear interface; and
  
  to decrypt a portion of a second packet of data comprising encrypted data received at the secure interface to thereby extract clear data for transmission via the clear interface, the processing module being further configured to transmit the decrypted portion of the second packet via the clear interface while concurrently receiving another portion of the second packet at the secure interface.
- View Dependent Claims (23)
- - 23. The HSD of claim 22 wherein the processing module is further configured to maintain a data log of communications passing through the HSD.

24. A remote security device (RSD) for securing communications between a host security device (HSD) and a remote terminal unit (RTU) via a transceiver, the RSD comprising:
- a clear interface configured to communicate with the RTU to thereby exchange clear data between the RSD and the RTU;
  
  a secure interface configured to communicate with the transceiver to thereby exchange encrypted data between the RSD and the HSD; and
  
  a processing module configured to encrypt a portion of a first packet of clear data received at the clear interface to thereby create encrypted data for transmission via the secure interface, the processing module being further configured to transmit the encrypted portion of the first packet via the secure interface, while concurrently receiving another portion of the first packet at the clear interface; and
  
  to decrypt a portion of a second packet of data comprising encrypted data received at the secure interface to thereby extract clear data for transmission via the clear interface, the processing module being further configured to transmit the decrypted portion of the second packet via the clear interface while concurrently receiving another portion of the second packet at the secure interface.
- View Dependent Claims (25, 26, 27, 28, 29)
- - 25. The RSD of claim 24 further comprising an interface to a camera, and wherein the camera is configured to obtain video images.
  - 26. The RSD of claim 25 further comprising a database configured to store the video images.
  - 27. The RSD of claim 25 wherein the camera is activated when motion in the vicinity of the RSD is detected.
  - 28. The RSD of claim 25 wherein the video images are photographic images.
  - 29. The RSD of claim 25 wherein the video images are motion video sequences.

30. A method of transferring SCADA information from a sender to a receiver, the method comprising the steps of:
- receiving a portion of a first packet of SCADA information from a sender at a clear interface;
  
  encrypting the received portion of the first packet of SCADA information using a cryptographic protocol that is independent of the SCADA information to create an encrypted data stream; and
  
  providing the encrypted portion of the first packet to a secure interface for transmission to the receiver, while concurrently receiving another portion of the first packet at the clear interface.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 58)
- - 31. The method of claim 30 further comprising the step of authenticating the receiver prior to the encrypting step.
  - 32. The method of claim 31 wherein the authenticating step comprises:
    - generating a first nonce;
      
      receiving a second nonce from the receiver;
      
      computing a first hash as a function of the first and second nonces;
      
      receiving a second hash from the receiver;
      
      comparing the first and second hashes to each other; and
      
      accepting authentication if the first and second hashes match, and otherwise denying authentication.
  - 33. The method of claim 32 wherein the first hash is further encrypted as a function of a masterkey shared between the sender and receiver.
  - 34. The method of claim 31 further comprising the step of selecting between a secure mode and a pass-through mode for transferring the SCADA information.
  - 35. The method of claim 34 wherein the selecting step comprises the steps of:
    - generating a first key exchange message;
      
      transmitting the first key exchange message to the receiver;
      
      receiving a second key exchange message from the receiver;
      
      validating the second key exchange message; and
      
      entering the secure mode with the receiver if the second key exchange message is valid.
  - 36. The method of claim 35 wherein the first and second key exchange messages are generated as a function of a randomly generated nonce and a randomly generated session key.
  - 37. The method of claim 36 wherein the first and second key exchange messages comprise verification information relating to the randomly generated session key.
  - 38. The method of claim 37 wherein the first and second key exchange messages are encrypted with a shared master key.
  - 39. The method of claim 34 further comprising the steps of:
    - generating a key clear message;
      
      transmitting the key clear message to the receiver;
      
      receiving an acknowledgement from the receiver; and
      
      entering the pass-through mode with the receiver after receiving the acknowledgement.
  - 40. The method of claim 39 wherein the key clear message is generated as a function of a nonce, a shared master key, and a session key.
  - 41. The method of claim 30 further comprising the steps of:
    - receiving encrypted data from the receiver at the secure interface;
      
      decrypting the encrypted data using the cryptographic protocol to extract received SCADA information; and
      
      providing the received SCADA information to the sender via the clear interface.
  - 42. The method of claim 30 wherein the cryptographic protocol comprises an RC4 cipher.
  - 43. The method of claim 30 wherein the cryptographic protocol comprises a DES cipher.
  - 44. The method of claim 30 wherein the cryptographic protocol comprises an AES cipher.
  - 45. The method of claim 30 further comprising the step of transmitting a header to the receiver prior to the providing step.
  - 46. The method of claim 45 wherein the header is transmitted to the receiver immediately upon initial receipt of the SCADA information.
  - 47. The method of claim 45 wherein the header is transmitted to the receiver prior to the encrypting step.
  - 48. The method of claim 46 wherein the encrypting and providing steps take place substantially simultaneously.
  - 49. The method of claim 48 further comprising the step of terminating the encrypting step in response to temporal constraints.
  - 50. The method of claim 48 further comprising the step of terminating the encrypting step as a function of the size of the SCADA information.
  - 51. The method of claim 48 further comprising the step of transmitting a trailer to the receiver following the encrypted SCADA information.
  - 58. The method of claim 30 wherein the encrypting step includes adding a trailer field to the data stream comprising the first packet, the trailer field comprising a cyclic redundancy code (CRC) to mark the end of the first packet, and said providing step includes providing the trailer field to the receiver after the first packet has been provided.

52. A computerized means for transferring SCADA information from a sender to a receiver, the computerized means comprising:
- means for receiving the SCADA information from the sender;
  
  means for encrypting the SCADA information using a cryptographic protocol that is independent of the SCADA information to create an encrypted data stream; and
  
  means for providing the encrypted data stream for transmission to the receiver;
  
  wherein the SCADA information is streamed from the sender to the receiver such that a portion of a first packet of SCADA information is encrypted as it is received from the sender and then transferred to the receiver concurrent with the receipt of another portion of the first packet from the sender.

59. A secure supervisory control and data acquisition (SCADA) system comprising:
- a SCADA control host system; and
  
  a remote terminal system;
  
  wherein said control host system includes a control host, and said remote terminal system includes a remote terminal unit, said control host system and said remote terminal system configured such that SCADA information can be communicated between said control host and said RTU;
  
  said control host system further comprising a host security device (HSD) coupled to said control host, and said remote terminal system further comprising a remote security device (RSD) coupled to said RTU;
  
  wherein each of said HSD and said RSD are configured to transparently encrypt and decrypt the SCADA information passing therethrough to thereby establish secure communications between said control host and said RTU and between said HSD and said RSD;
  
  said HSD including a first module configured to generate a control message comprising instructions relating to the operation of said RSD and to communicate said control message to said RSD; and
  
  said RSD including a second module configured to receive said control message, to interpret said control message and to carry out said instructions of said control message.

60. A host security device (HSD) for use in a secure supervisory control and data acquisition (SCADA) system, wherein said HSD is configured to secure communications between a SCADA control host and a remote security device (RSD), said HSD comprising:
- a clear interface configured to communicate with said control host to thereby exchange clear data between said HSD and said control host;
  
  a secure interface configured to communicate with said RSD and to thereby exchange encrypted data between said HSD and said RSD; and
  
  a module configured to encrypt the clear data received at said clear interface to thereby create encrypted data for transmission via said secure interface, and to decrypt encrypted data received at said secure interface to thereby extract clear data for transmission via said clear interface;
  
  said module further configured to generate a control message comprising instructions relating to the operation of said RSD and to communicate said control message to said RSD.

61. A remote security device (RSD) for use in a supervisory control and data acquisition (SCADA) system, wherein said RSD is configured to secure communications between a host security device (HSD) and a remote terminal unit (RTU), said RSD comprising:
- a clear interface configured to communicate with said RTU to thereby exchange clear data between said RSD and RTU;
  
  a secure interface configured to communicate with said HSD and to thereby exchange encrypted data between said RSD and said HSD; and
  
  a module configured to encrypt clear data received at said clear interface to thereby create encrypted data for transmission via said secure interface, and to decrypt encrypted data received at said secure interface to thereby extract clear data for transmission via said clear interface;
  
  said module further configured to receive a control message comprising instructions relating to the operation of said RSD generated and communicated by said HSD, to interpret said control message, and to carry out said instructions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Robert Thomas Sill
Original Assignee
Robert Thomas Sill
Inventors
Schneider, Peter, Guillote, Mike, Bartels, Andrew

Application Number

US12/432,280
Publication Number

US 20100058052A1
Time in Patent Office

Days
Field of Search
US Class Current

713/153
CPC Class Codes

G06F 21/606   by securing the transmissio...

H04L 63/0428   wherein the data content is...

H04L 63/0853   using an additional device,...

H04L 67/12   specially adapted for propr...

H04L 67/34   involving the movement of s...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

METHODS, SYSTEMS AND DEVICES FOR SECURING SUPERVISORY CONTROL AND DATA ACQUISITION (SCADA) COMMUNICATIONS

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

61 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS, SYSTEMS AND DEVICES FOR SECURING SUPERVISORY CONTROL AND DATA ACQUISITION (SCADA) COMMUNICATIONS

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

61 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links