-
公开(公告)号:US12047494B2
公开(公告)日:2024-07-23
申请号:US17543979
申请日:2021-12-07
发明人: Eli Biham , Sara Bitan-Erlich , Alon Dankner
CPC分类号: H04L9/0825 , H04L9/3213 , H04L9/3228 , H04L9/3242
摘要: One of the main obstacles of securing industrial control systems is the lack of an appropriate security model that is both implementable by vendors and addresses the inherent security and usability issues needed by organizations. Current solutions such as device passwords and IPSec lack scalable key management infrastructure and fine granularity access control mechanisms. A security model for industrial control systems that supports organizational level authorizations and authentication requirements, while hiding the low-level details (e.g., keys and passwords) from the users is disclosed. It also enables easy addition and removal of PLCs, engineering station, HMI devices and users, and assigning permission to them. A major advantage is its support for hybrid ICS systems, characterized by co-existence of legacy devices and new devices, while using the same protocol. Devices may communicate therein either natively, or by a connected converter. This co-existence allows organizations to gradually switch from a fully-legacy ICS to ICS natively supporting the disclosed security model, by replacing a single (or a few) devices at a time, incurring little or no system downtime. An exemplary protocol supporting the disclosed security model, namely K7, is based on the Siemens S7 protocol, and enhances it with new cryptographic features to support the extra functionality. Similar enhancements may be applied to other protocols. A ticket-based system, (e.g., Kerberos with LDAP server) used to support the exchange of permissions and keys, is incorporated into the disclosed protocol. K7 may be implemented as a protocol converter add-on to standard Siemens clients and PLCs that transform them into augmented devices that use K7. Siemens and other vendors may add direct support for K7 on their ICS systems, devices, and the like in the future.
搜索结果
1 条记录 (耗时 0.014 秒)
