Today's industrial systems comprise of various kinds of devices interconnected by a data network and transferring data among them. Such industrial control systems or SCADA (Supervisory Control and Data Acquisition) Systems increasingly communicate via open protocols such as IP (Internet Protocol), TCP (Transmission Control Protocol), UDP (User Datagram Protocol), HTTP (Hypertext Transfer Protocol) and CoAP (Constrained Application Protocol). In case additional security protocols have to be used, these security protocols typically apply cryptography, making use of authentication tokens such as, e.g., certificates with respective public and private keys, or passwords, etc.
In order to obtain such an authentication token, e.g., a certificate, a device has to prove its identity. This can be achieved by using a previously established authentication parameter, typically a one-time password or a private key, installed, e.g., during production process or during assembly, or during the earlier establishment of an authentication token for the device or a component of it.
An authentication token contains or references the authentication parameter as well as identity information about the device and/or its component, e.g., the device serial number and/or component name, and possibly further information like its validity period and digital signature by the issuing entity.
Hardware, software, people, policies and procedures are specified for a so-called Public Key Infrastructure (PKI) to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. To assign an authentication token to a device, e.g., after installation to an industrial control system in a public key infrastructure, the device sends an authentication token request, which is typically a certificate signing request, message to a registration authority trusted by the certification authority or directly to the certification authority. The registration authority usually verifies the identity of the device, e.g., manually by an administrator or by verifying the authentication parameter, which may be a one-time password sent by the device or signature related to a pre-existing certificate issued and signed by a trusted certification authority. The pre-existing certificate includes information about the device itself and/or one of its components, e.g., a device ID such as a serial number and/or component ID, a validity period of the certificate, and a public key that may be used to verify the request signature. On success of the device authentication, the registration authority will accept this request message and pass it further to a certificate authority, which issues an authentication token.
In order to enhance the security of industrial system applications, authentication tokens of dedicated devices or one of its components shall only be provided in a certain environment, e.g., at dedicated sections of a control system. The provision of device's authentication tokens shall also be restricted in time, e.g., communication to registration and certification authorities shall only be possible during a given time period. This should also help to prevent a device or its software components from being usable outside of the intended control system, e.g., to prevent misuse of the device, e.g., after theft.