ABSTRACT
With industrial control systems (ICSs) being increasingly networked, the need for sound forensic capabilities for such systems increases. One vital source of information in forensic investigation are log files. Techniques for secure logging aim to protect log files from manipulation. We investigate how a blockchain can enable secure logging for ICSs. We argue that a blockchain fits well both into general models of secure logging and into the Purdue model for ICSs. We report on experiences from connecting the syslog functionality of a Siemens SIMATIC S7-1500 programmable logic controller to the public Ethereum blockchain network. While the level of manipulation protection is comparably high, the transaction time for the public Ethereum blockchain severely limits the usefulness of this type of secure logging for ICSs.
- Rafael Accorsi. 2009. Log Data as Digital Evidence: What Secure Logging Protocols Have to Offer?. In 2009 33rd Annual IEEE International Computer Software and Applications Conference. IEEE, 398--403. https://doi.org/10.1109/COMPSAC.2009.166Google ScholarDigital Library
- Rafael Accorsi. 2010. BBox: A Distributed Secure Log Architecture. In Proceedings of the 7th European Conference on Public Key Infrastructures, Services and Applications (EuroPKI'10). Springer-Verlag, Berlin, Heidelberg, 109--124. http://dl.acm.org/citation.cfm?id=2035155.2035166Google Scholar
- Mihir Bellare, Ran Canetti, and Hugo Krawczyk. 1996. Keying Hash Functions for Message Authentication. In Advances in Cryptology --- CRYPTO '96, Gerhard Goos, Juris Hartmanis, Jan van Leeuwen, and Neal Koblitz (Eds.). Lecture Notes in Computer Science, Vol. 1109. Springer Berlin Heidelberg, Berlin, Heidelberg, 1--15. https://doi.org/10.1007/3-540-68697-5_1Google ScholarCross Ref
- Mihir Bellare and Bennet S. Yee. 1997. Forward Integrity For Secure Audit Logs. Available: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.28.7970.Google Scholar
- Erik-Oliver Blass and Guevara Noubir. 2017. Secure Logging with Crash Tolerance. Cryptology ePrint Archive, Report 2017/107 https://eprint.iacr.org/2017/107.Google Scholar
- Vitalik Buterin. 2014. Ethereum: A next-generation smart contract and decentralized application platform. https://github.com/ethereum/wiki/wiki/White-Paper Last updated: 2018-08-22. Last accessed: 2019-01-23.Google Scholar
- Jordi Cucurull and Jordi Puiggalí. 2016. Distributed Immutabilization of Secure Logs. In Security and Trust Management, Gilles Barthe, Evangelos Markatos, and Pierangela Samarati (Eds.). Springer International Publishing, Cham, 122--137.Google Scholar
- Didier et al. 2011. Converged Plantwide Ethernet (CPwE) Design and Implementation Guide. Cisco and Rockwell Automation.Google Scholar
- Ali Dorri, Salil S. Kanhere, and Raja Jurdak. 2016. Blockchain in internet of things: Challenges and Solutions. https://arxiv.org/pdf/1608.05187Google Scholar
- Jason E. Holt. 2006. Logcrypt: Forward Security and Public Verification for Secure Audit Logs.Google Scholar
- Edita Bajramovic, Marius Frinken, Felix Freiling. 2018. Lava (Log Authentication and Verification Algorithm). (2018).Google Scholar
- Etherscan. [n.d.]. Ethereum ChainData Size Growth (FAST Sync). https://etherscan.io/chart2/chaindatasizefast Last accessed: 01.02.2019.Google Scholar
- Mislav Findrik, Paul Smith, Kevin Quill, and Kieran McLaughlin. 2018. PLCBlock-Mon: Data Logging and Extraction on PLCs for Cyber Intrusion Detection.Google Scholar
- Felix Freiling and Edita Bajramovic. 2018. Principles of Secure Logging for Safekeeping Digital Evidence. Baier, Harald; Keil, Christian; Kossakowski, KlausPeter; Morgenstern, Holger (Ed.): Proceedings of the 11th International Conference on IT Security Incident Management & IT Forensics (2018), 65--75.Google Scholar
- GitHub. 2018. geth node is consistently behind the mainnet. https://github.com/ethereum/go-ethereum/issues/16218 Last accessed: 26.02.2019.Google Scholar
- Gunnar Hartung. 2017. Attacks on Secure Logging Schemes. Cryptology ePrint Archive, Report 2017/095 https://eprint.iacr.org/2017/095.Google Scholar
- Hannes Holm, Martin Karresand, Arne Vidström, and Erik Westring. 2015. A Survey of Industrial Control System Testbeds. In Secure IT Systems, Sonja Buchegger and Mads Dam (Eds.). Springer International Publishing, Cham, 11--26.Google Scholar
- Charlotta Johnsson. 2004. ISA 95 - how and where can it be applied? Lund Institute of Technology. Available: https://www.researchgate.net/publication/281063570_ISA_95_-_how_and_where_can_it_be_applied.Google Scholar
- Pierre Kobes. 2016. Leitfaden Industrial Security - IEC 62443 einfach erklärt.Google Scholar
- Ralph Langner. 2011. Stuxnet: Dissecting a Cyberwarfare Weapon. IEEE Security & Privacy 9, 3 (2011), 49--51. http://doi.ieeecomputersociety.org/10.1109/MSP.2011.67Google ScholarDigital Library
- Di Ma and Gene Tsudik. 2008. A New Approach to Secure Logging. In Data and Applications Security XXII, Vijay Atluri (Ed.). Lecture Notes in Computer Science, Vol. 5094. Springer Berlin Heidelberg, Berlin, Heidelberg, 48--63. https://doi.org/10.1007/978-3-540-70567-3_4Google Scholar
- Giorgia Azzurra Marson and Bertram Poettering. 2013. Practical Secure Logging: Seekable Sequential Key Generators. Cryptology ePrint Archive, Report 2013/397 https://eprint.iacr.org/2013/397.Google Scholar
- Giorgia Azzurra Marson and Bertram Poettering. 2014. Even more practical secure logging: Tree-based Seekable Sequential Key Generators. Cryptology ePrint Archive, Report 2014/479 https://eprint.iacr.org/2014/479.Google Scholar
- Satoshi Nakamoto. 2009. Bitcoin: A peer-to-peer electronic cash system," http://bitcoin.org/bitcoin.pdf.Google Scholar
- Nate McKervey. 2018. https://www.splunk.com/blog/2018/09/24/the-newest-data-attack.html#. https://www.splunk.com/blog/2018/09/24/the-newest-data-attack.html# Last accessed: 03.03.2019.Google Scholar
- Luciana Obregon. 2015. Secure Architecture for Industrial Control Systems. https://www.sans.org/reading-room/whitepapers/ICS/secure-architecture-industrial-control-systems-36327 Last accessed: 01.02.2019.Google Scholar
- Bruce Schneier and John Kelsey. 1999. Secure audit logs to support computer forensics. ACM Transactions on Information and System Security 2, 2 (1999), 159--176. https://doi.org/10.1145/317087.317089Google ScholarDigital Library
- Siemens and Tim Parmer. 2018. Advanced Controllers Enable the Smart Factory - The S7-1518 MFP, a combined PLC and PC, is the latest innovation in automation. Available: https://www.totallyintegratedautomation.com/wp-content/uploads/2018/04/Siemens-Advanced-Controllers-Webinar_Apr-25-2018.pdf.Google Scholar
- T. Spyridopoulos, T. Tryfonas, and J. May. 2013. Incident Analysis and Digital Forensics in SCADA and Industrial Control Systems. In 8th IET International System Safety Conference incorporating the Cyber Security Conference 2013. 1--6. https://doi.org/10.1049/cp.2013.1720Google Scholar
- Trend Micro. [n.d.]. Definition - Industrial Control System. https://www.trendmicro.com/vinfo/us/security/definition/industrial-control-system Last accessed: 14.01.2019.Google Scholar
- ubirch. 2018. Blockchain for Things - Securing high-volume IoT data transmissions. https://ubirch.de/wp-content/uploads/2018/11/ubirch-Blockchain-for-Things-v1.4-2018.pdf Last accessed: 03.03.2019.Google Scholar
- Theodore J. Williams. 1994. The Purdue enterprise reference architecture. Computers in Industry 24, 2-3 (1994), 141--158. https://doi.org/10.1016/0166-3615(94)90017-5Google ScholarCross Ref
- Gavin Wood. 2018. Ethereum Yellow Paper: a formal specification of Ethereum, a programmable blockchain. (2018).Google Scholar
Index Terms
- On the Feasibility of Secure Logging for Industrial Control Systems Using Blockchain
Recommendations
Secure Hierarchical Processing and Logging of Sensing Data and IoT Events with Blockchain
ICBCT '20: Proceedings of the 2020 2nd International Conference on Blockchain TechnologyRecently, we have seen increasing popularity of using the blockchain technology to secure sensing data generated by traditional wireless sensor networks and Internet of Things (IoT). One of the biggest obstacles for integrating the IoT and blockchain ...
A secure and auditable logging infrastructure based on a permissioned blockchain
AbstractInformation systems in organizations are regularly subject to cyber attacks targeting confidential data or threatening the availability of the infrastructure. In case of a successful attack it is crucial to maintain integrity of the ...
Hybrid blockchain and pseudonymous authentication for secure and trusted IoT networks
This paper addresses the issue of secure and trusted Internet of Things (IoT) networks by adopting the emerging blockchain technologies. This paper proposes a new hybrid blockchain technology to address the trusted IoT issues such as trustless ...
Comments