Selective Encryption Framework for Securing Communication in Industrial Control Systems.

Industrial Control Systems (ICS) implement a distributed process control framework with legacy controllers and proprietary protocols, enabling a wide range of cyber-attacks. The ICS research community and industrial security practitioners recommend implementing TLS/DTLS or bump-in-the-wire techniques for communicating confidential information. In this paper, we discuss how such techniques fail to provide the purpose-built security required in control applications. We examine the proprietary application-layer protocols and how they access the controller memory for performing read/write operations and claim that custom-made ICS security solutions require application-level access to the controller. To this end, we propose SelEnc, a general-purpose modular framework for securely communicating a subset of control information, deemed critical by the process engineer of a controlled environment, with minimal access to the controller memory. We provide a proof-of-concept implementation of the proposed framework over an example testbed and evaluate our construction with two use cases and five different datasets. Our micro-benchmarks indicate a significant reduction in computational overhead (less than 1.5% of overhead incurred due to TLS and other state-of-art approaches), with guarantees of purpose-built security acknowledged at the target control environment.