Securing Remote State Estimation against Sequential Logic Attack of Sensor Data

Abstract

The SCADA system, which is widely used in the continuous monitoring and control of the physical process of modern critical infrastructure, relies on the feedback control loop. The remote state estimation system triggers the control algorithm or control condition of the controller according to the monitoring data returned by the sensor. The controller sends the control command to the actuator, and the actuator executes the command to control the physical process. Since SCADA system monitoring and control data are usually transmitted through unprotected wireless communication networks, attackers can use false sensor data to trigger control algorithms to make wrong decisions, disrupt the physical processing of the SCADA system, and cause huge economic losses, even casualties. We found an attack strategy based on the sequential logic of sensor data. This kind of attack changes the time logic or sequence logic of the response data, so that the false data detector can be successfully deceived. This would cause the remote state estimation system to trigger wrong control algorithms or control conditions, and eventually disrupt or destroy the physical process. This paper proposes a sequential signature scheme based on the one-time signature to secure the sequential logic and transmission of sensor data. The security analysis proves that the proposed scheme can effectively resist counterfeiting, forgery, denial, replay attacks, and selective forwarding attacks.

1. Introduction

Supervisory Control And Data Acquisition (SCADA) is a distributed cyber-physical system that seamlessly integrates sensing, communication, computing, and control technologies [1] and provides fine-grained monitoring and control in many key infrastructure fields of the state, such as smart grids, smart transportation, environmental monitoring, and healthcare. SCADA is mainly composed of sensors, actuators, remote state estimation systems and controllers. The remote state estimation system triggers the control algorithm or control condition of the controller according to the monitoring data returned by the sensor, and sends the control command to the actuator; the actuator executes the command to control the physical process, and forms a closed-loop feedback control system; the operational security of its cyber-physical system highly depends on the network control system [2,3]. Due to the deep interconnection of modern SCADA system equipment and the wide application of information infrastructure, the SCADA system itself is exposed to attackers [4,5]; the standard communication protocols used in general control systems (such as MODBUS, DNP3, and EtherNET/IP) lack identity verification, which enables the vulnerability mining and attack methods of the traditional information security domain to be used in the SCADA system [6]. Therefore, attacks on SCADA systems have appeared continuously in recent years, such as the “Stuxnet” virus targeting Iranian nuclear facilities in 2010, the “Duqu” worm virus targeting industrial control system information in 2011, the “Flame” cyber spyware in 2012, the “Havex” malicious program found in more than a thousand energy companies in Europe and the United States in 2014, and the “Black Energy” attack that occurred in a Ukrainian substation in 2015. They are all typical industrial control security incidents with extensive and far-reaching impacts, such as heavy economic losses and extremely high social harm.

Sequential logic attack is a unique attack in industrial control systems which highly depends on the control process. By modifying the time logic or sequence logic of the messages or commands sent by the control system, it disturbs or destroys the process control sequence of the actuators in order to destroy the physical process and even the equipment. Since the data value of the message size and time, the command sequence, and the ICS state are completely legal, it is difficult to analyze and detect with the traditional intrusion detecting method based on “semantics” [7]. In recent years, the problem in the sequential logic of industrial control has gradually attracted great attention from academia and industry. Fovino et al. [8] used an experimental prototype in which high-pressure steam flowing on a pipeline is adjusted by the control valve, in order to study the impact and harm of sequential attacks on the pipeline. The high-pressure steam flowing on the pipeline is controlled by two valves (V1 and V2). By closing and opening these two valves (V1 and V2) at the right time, the pressure can be successfully increased to a critical value or can even break the pipeline. In fact, in 1997, a similar case based on sequential attack was proposed in the report of the Critical Infrastructure Protection Committee of the President of the United States [9]. The report analyzed the urban water supply pipe network system and found that if an attacker quickly sent a legal control command to certain main control valves to trigger valve opening or closing commands in a short period of time, these valves would be opened or closed quickly at the same time, leading to the so-called “water hammer effect” directly causing many major pipelines to break at the same time. The most recent typical case is Stuxnet targeting industrial controllers in 2010 [10]; since PLCs did not support digital signatures of control logic, or ICS operators did not use/configure them, attackers modified the control logic of Siemens S7-300 PLCs connected to variable frequency drive to manipulate the control behaviors of the PLCs; actually, they disrupted the normal operation of the motor by periodically changing the speed of the motor; at the same time, the monitoring data was modified to deceive the remote state estimation system and the human–machine interface (HMI), that is, Stuxnet recorded the sensor measurements under normal operating conditions before each attack and replayed these measurements in a loop during the attack. Kleinmann et al. [11] referred to this kind of spoofing attack, which hijacks the communication between the human–machine interface and the programmable logic controller (PLC) and reverses the semantics, as “Stealthy Deception Attacks”. Ghaleb et al. [12] refer to this kind of attack as a replay attack. Hu et al. [13] proposed an enhanced multi-stage semantic attack against ICS, which is undetectable by existing IDS, and the attacker can manipulate the measurement data and control instructions simultaneously. Karimipour et al. [14] refer to this kind of attack that causes the industrial control system to enter a bad or critical state as a “semantic attack”, and propose a state-based semantic attack detection framework adapted to security.

Industrial control systems depend on the feedback control loop (as shown in Figure 1), which needs to continuously monitor the physical process data before making control decisions, and many of the SCADA system measurement and control data are usually transmitted through unprotected wireless communication networks, and the fragility of wireless communication channels brings new network security threats to the SCADA system—attackers can use false data injection (FDI) attacks to trigger control algorithms to make wrong decisions. Khatibi et al. [15], researching from the perspective of the transmission system, found that attackers could launch false data injection attacks against the state estimation without being detected by the residual state estimation, resulting in system state estimation error; if attackers understood the topology of the power system, they could completely bypass the false data detector by adjusting part of the system measurements, so that such system anomalies could not be detected by the residual-based ${\chi }^2$ false data detector [15,16]. Govil et al. [17] proposed a “Ladder Logic Bombs (LLB)” attack against industrial control systems. By manipulating the content of feedback messages, attackers can tamper with the sensor readings sent to PLC and SCADA systems, to trigger the PLC ladder logic language and change the command sent by the controller to the actuator. Guo et al. [18] proposed packet-reordering integrity attack, which they analyzed and studied using discrete-time linear changes. The false data detector can be successfully deceived by changing the time order or sequence order of sensor data, which leads to the remote state estimation system triggering the wrong control algorithm or control conditions to achieve the effect of a sequential logic attack on a control command. We named this kind of attack as sequential logic attack on sensor data. In response to this attack, a sequential signature transmission scheme for sensor data based on a one-time signature is proposed.

The rest of this article is arranged as follows. The second part introduces the related work; the third part is the attack model; the fourth part proposes the transmission of the sequential signature of sensor data; the fifth part carries out the security analysis of the scheme in this paper; the final part is the summary and outlook of the sequential logic security of the sensor data.

2. Related Work

The network control system is a closed-loop feedback control system formed by sensors, actuators, controllers, and remote state estimation systems through the network. The remote state estimation system estimates the current system state based on the monitoring data returned by the sensors, and then triggers the control algorithm or control condition of the controller. The sensor usually communicates with the remote state estimator at a predetermined time period k. That is, the sensor performs local state estimation based on physical process measurements, and then transmits it to the remote state estimator. This requires the remote state estimation system to verify whether the received message comes from the claimed sender and whether it is modified during transmission, to ensure that the received multicast data is complete and that it originated from a source with a specific identity. Without authentication, attackers can easily modify the message in transit, forge any message, or replay the message to trigger control algorithms or control conditions or even catastrophic operations. However, due to their unique requirements, industrial control systems have strict time requirements and the resources of field devices are usually limited. For example, The Distributed Network Protocol (DNP3) standard has a default control duration time of 250 ms [19]. Therefore, identity verification should be completed quickly and efficiently. Public key-based signatures such as the RSA, the digital signature algorithm (DSA), the elliptic curve digital signature algorithm (ECDSA), and message authentication codes (MAC), which are widely used for data integrity verification and some hybrid improvement schemes, fail to meet the industrial control network requirements with limited resources and time sensitivity due to large computation.

The one-time signature (OTS) based on the hash function, first proposed by Lamport, has become an effective and feasible alternative to data verification [20]. It is easy to calculate trapdoor functions and one-way functions in one direction, but difficult in the opposite direction. The difference is that it can easily calculate the trapdoor function in the opposite direction if provided with special information about the trapdoor function. Integer factorization is an example of trapdoor functions, and any hash function can be an example of one-way functions. For a long time, compared with other signature schemes that use trapdoor functions (such as RSA, DSA, and ECDSA), they were considered of theoretical importance only due to their flaws; for a long time afterwards, these one-time signature schemes were almost forgotten. However, the proposal and development of quantum computing and post-quantum cryptography have reversed this situation, mainly because the long-forgotten one-time signature scheme using one-way functions is proved secure for quantum computing, but the commonly used signature scheme using trapdoor functions is not. Precisely, Shor [21] proposed a quantum algorithm that successfully solved the problem of discrete logarithm decomposition in polynomial time, thus challenging the security of RSA, DSA, and ECDSA signature algorithms.

In the following thirty years, one-time signatures have been rapidly developed and continuously improved. Perrig [22] proposed a one-time signature scheme, Biba, based on the bijective function. This function receives the message to be signed as input and returns a list of the private key number index of the shared signature, which can provide short signatures and fast authentication. Reyzin et al. [23] further improved the Biba scheme; based on the subset elastic function instead of the one-way function, they proposed the HORS signature scheme, improving the efficiency of signature generation. Park et al. [24] analyzes and studies the HORS one-time signature, and finds that the limitation of this method is that the adversary can exchange the sequence of a set of signatures and then perform the sequential attack. The signature scheme given by Mitzenmacher et al. [25] has a smaller signature space, but a higher signature cost. Wang et al. [26] proposed that the TV-HORS scheme can provide rapid signature and verification, but that it has a large public key space (8–10 KB). Pieprzyk et al. [27] proposed that the HORS++ signature scheme also has a large key overhead. Therefore, Zaverucha et al. [28] proposed a verification scheme that supports aggregation and batch processing. Kalach et al. [29] provided a quantum-resistant one-time signature scheme based on an anti-collision hash function, which can be applied to resource-constrained devices. Abe et al. [30] proposed a one-time signature scheme based on linear decision assumptions and satisfying structural retention; a new random label is added to each signature, and it is difficult to use the old label to generate a valid signature for a new message; the scheme satisfies the strong unforgeability of signatures. To reduce the space complexity of the one-time signature scheme and solve the complex problems of key management, the improvement scheme based on the Merkle tree is the most typical. Merkle [31] combined the Merkle tree structure with the one-time signature scheme, which can manage the public key and verify signatures with higher efficiency. Shoufan [32] et al. used the Merkle encryption processor to integrate the Merkle tree structure based on Winternitz’s one-time signature into the hardware, improving the performance of the one-time signature scheme.

Since OTS is built on a one-way function without trapdoors, it has the asymmetric characteristic of secret information based on one-way functions, and has no trapdoor, which means that it has a public key and a private key pair. At the same time, it has the characteristics of high computational efficiency and resistance to quantum computer-assisted attacks, which can provide instant authentication for messages; it is suitable for environments with limited equipment resources, and is used for multicast authentication in smart grids [33,34], broadcasting authentication [35,36] in wireless sensor networks, and other aspects.

3. Network and Attack Model

In industrial control network systems, sensors are usually equipped with a microprocessor and have computing capabilities. In each time period k, smart sensors perform local state estimation based on physical process measurements and then transmit their local state estimates to the remote state estimation through a wireless network. The sensors are only allowed to communicate with the remote state estimation within a scheduled period of time. We define $T\in N$ as the communication period between the sensor and the remote state estimation. That is, all data packets $z_{k-T}$ to $z_{k+T}$ collected since the last communication are sent through the wireless network. Because of the insecurity of the wireless network and the lack of integrity and authenticity checks, attackers may change the time logic or sequence logic of sensor response data by selectively using eavesdrop, capture, discard, replay, delay, and other information domain attack methods. The false data detector at the remote state estimation continuous monitoring system state and identifies potential attacks (as shown in Figure 2).

4. Sequential Signature Transmission Scheme for Sensor Data

To ensure the integrity of sensor data and the time and sequence logic and save the cost of nodes, based on the one-time signature scheme proposed by Reyzin [22], we propose a time-based sequential logic signature scheme for sensors to send the authentication of the monitoring data to the remote state estimation system. In our asymmetric key signature scheme, the remote state estimation system is responsible for generating the private key and public key and distributing the public key to the sensors through a secure channel; only the sensor generates the signature, and the remote state estimation system verifies the signature.

In the signature scheme proposed in this paper, $s{k}_1,s{k}_2,\dots ,s{k}_n$ is n different random l bit strings with a fixed length, H( ) is an encrypted hash function using algorithms such as SHA1, SHA256 and SHA384 used to generate private key $sk=\left(H\left(s{k}_1\right),H\left(s{k}_2\right),\dots ,H\left(s{k}_n\right)\right)$; $f\left(\right)$ is a one-way function, used to generate the corresponding public key $pk=\left(p{k}_1,p{k}_2,\dots ,p{k}_n\right)$. $dat{a}_{k+T}$ is the local state estimation data of the sensor in the time period k + T, $S_{k+T}$ is the current cycle time of the sensor end, and $R_{k+T}$ is the current cycle time of the remote state estimation end. To prevent sequential logic errors of the sensor data caused by information attacks such as replay and selective forwarding, we intended to sign the sensor data $dat{a}_{k+T}$ at the current cycle time $S_{k+T}$ of the sensor, and only transmit the data and signature sent in the current time cycle k + T in the network; when the remote state estimation system verifies the signature, it uses its current cycle time $R_{k+T}$ to sign and verify the data $dat{a}_{k+T}$. That is, the remote state estimation system uses the private key sk to sign the sensor identity $i{d}_S$, the data $dat{a}_{k+T}$ sent in the time period k + T, and the corresponding time $S_{k+T}$, and obtains $h=H(i{d}_S\left|\left|dat{a}_{k+T}\right|\right|S_{k+T})$; to maintain the time logic, the time stamp $T_{\Delta }$ of the data $dat{a}_{k+T}$ is generated at the same time; when the receiving end executor verifies the signature, it first checks whether the timestamp meets $T_0\le T_{\Delta }+T_{\xi }$; if so, the public key pk is used for signature verification, otherwise the command message is discarded. The specific protocol is shown in Algorithm 1.

Algorithm 1. Sequential signature algorithm

Key generation of the remote state estimation system (R): Input: The parameter n represents the number of strings, l represents the length of the string, and k represents the number of substrings. $1.\mathrm{Randomly}\mathrm{generate}n\mathrm{strings}\mathrm{of}l\mathrm{bit}s{k}_1,s{k}_2,\dots ,s{k}_n$. with different lengths; $2.\mathrm{Generate}\mathrm{a}\mathrm{hash}\mathrm{string}:H\left(s{k}_1\right),H\left(s{k}_2\right),\dots ,H\left(s{k}_n\right)$; $3.\mathrm{Calculate}\mathrm{the}\mathrm{public}\mathrm{key}p{k}_i=f(H\left(s{k}_i\right);1\le i\le n$; $\mathrm{Output}:\mathrm{public}\mathrm{key}pk=\left(k,p{k}_1,p{k}_2,\dots ,p{k}_n\right)$$\mathrm{and}\mathrm{private}\mathrm{key}sk=\left(k,H\left(s{k}_1\right),H\left(s{k}_2\right),\dots ,H\left(s{k}_n\right)\right)$. Signature generation of sensor node (SN): $\mathrm{Input}:\mathrm{the}\mathrm{integer}\mathrm{value}\mathrm{of}\mathrm{the}\mathrm{data}{data}_{k+T}$. $\mathrm{sent}\mathrm{in}\mathrm{the}\mathrm{time}\mathrm{period}k+T,\mathrm{and}\mathrm{the}\mathrm{private}\mathrm{key}\mathrm{set}sk=\left(s{k}_1,s{k}_2,\dots ,s{k}_n\right)$. $1.\mathrm{Calculate}h=H(i{d}_S\left|\left|dat{a}_{k+T}\right|\right|S_{k+T})$; $2.\mathrm{Split}h\mathrm{into}m\mathrm{substrings}{h}_1,h_2,\dots ,h_k$ with a length of log2 n bit; $3.\mathrm{Express}{h}_j$$\mathrm{as}\mathrm{an}\mathrm{integer}{i}_j(1\le j\le k)$; $\mathrm{Output}:\mathrm{data}{data}_{k+T}$ $\mathrm{sent}\mathrm{in}\mathrm{the}\mathrm{time}\mathrm{period}T,\mathrm{signature}\left(s_i{}_1,{s_i}_2,\dots ,{s_i}_k\right)$ of ${data}_{k+T}$   $\mathrm{Where}{s}_i=H\left(s{k}_i\right)$$;\mathrm{timestamp}\mathrm{is}{T}_{\Delta }$; Signature verification of the remote state estimation system (R): $\mathrm{Input}:\mathrm{data}{data}_{k+T}$ $\mathrm{sent}\mathrm{in}\mathrm{time}\mathrm{period}k+T,\mathrm{signature}\mathrm{set}\left({s_1}^{\prime },{s_2}^{\prime },\dots ,{s_k}^{\prime }\right)$$;\mathrm{time}\mathrm{stamp}{T}_{\Delta }$; $1.\mathrm{Check}\mathrm{whether}\mathrm{the}\mathrm{timestamp}\mathrm{meets}{T}_0\le T_{\Delta }+T_{\xi }$$,\mathrm{where}{T}_0$ $\mathrm{is}\mathrm{the}\mathrm{current}\mathrm{timestamp}\mathrm{value},\mathrm{and}{T}_{\xi }$ is the threshold value; If the conditions are met, verify the signature further, otherwise discard the data; $2.\mathrm{Calculate}h=H(i{d}_S\left|\left|dat{a}_{k+T}\right|\right|R_{k+T})$; $3.\mathrm{Split}h\mathrm{into}k\mathrm{substrings}{h}_1,h_2,\dots ,h_k$ with a length of log2 n bit $4.\mathrm{Express}\mathrm{hj}\mathrm{as}\mathrm{an}\mathrm{integer}{i}_j(1\le j\le k)$; $\mathrm{Output}:\mathrm{For}\mathrm{each}j,(1\le j\le k)$$,\mathrm{if}f\left(s_j\right)=p{k}_{ij}$, it is accepted; otherwise it is rejected.

In the scheme we propose, the sensor end and the remote state evaluation system end use their own current cycle time $S_{k+T}$ and $R_{k+T}$ to sign and verify, respectively, which requires a synchronized clock between the sensor and the remote state evaluation system. Time deviation, or the natural delay between the time of signature generation and the time of verification, may cause failure of data verification. However, time-sensitive networks such as the industrial control system have higher synchronization accuracy and stable time synchronization; for example, the IEEE 1588 Precision Clock Synchronization Protocol of network measurement and control system can achieve a synchronization accuracy higher than microseconds, so as to fully meet the signature and verification requirements proposed in this paper.

Since $dat{a}_{k+T}$ in $i{d}_S\left|\left|dat{a}_{k+T}\right|\right|S_{k+T}$ or $i{d}_S\left|\left|dat{a}_{k+T}\right|\right|R_{k+T}$ changes with each data message from the sensor node to the remote state estimation system, $S_{k+T}$ and $R_{k+T}$ change with the time cycle; these two parameters determine the value of $i{d}_S\left|\left|dat{a}_{k+T}\right|\right|S_{k+T}$ or $i{d}_S\left|\left|dat{a}_{k+T}\right|\right|R_{k+T}$ within the cycle time. $S_{k+T}$ and $R_{k+T}$ never reappear and are not used repeatedly;$s{k}_i$ and $p{k}_i$ are used only once discarded. In the authentication process where the sensor sends monitoring data to the remote state estimation system, the remote state estimation system provides a set of four public keys for two sensor nodes (such as $S{N}_1$ and $S{N}_2$). After signing the message, the sensor nodes $S{N}_1$ and $S{N}_2$ provide the signatures $s_1$ and $s_2$ for the remote state estimation system, and then the remote state estimation system verifies the signature. The signatures $s_1$ and $s_2$ are never reused by any sensor node by the remote state estimation system, even if every remote state estimation system has some unused signatures. Once the sensor nodes have used all the signatures generated, the remote state estimation system provides each sensor node with a set of new public keys.

Let us understand signature generation and verification through an application example. Assuming that in the sensor node’s communication with the remote state estimation system: n = 160, l = 4, and k = 32. Initially, the remote state estimation system generates a private key $sk=\left(H\left(s{k}_1\right),\dots ,H\left(s{k}_{32}\right)\right)$ and a public key $pk=\left(p{k}_1;\dots ;p{k}_{32}\right)$, and sends the public keys set $pk$ to the sensor node through a secure channel. The sensor node calculates the hash value $h=H(i{d}_S\left|\left|dat{a}_{k+T}\right|\right|S_{k+T})$, then splits the hash value h into four substrings $h_i(1\le i\le 4)$, namely $h_1,h_2,h_3,h_4$, and expresses each hash value $h_i$ as an integer $i_j (1\le j\le 4)$. Here, the security level provided by the hash function is $(l\times lo{g}_{2}k)$, which is 20 bits. It generates four hash substrings, each of which is 5 bits long. Considering that i₁, i₂, i₃ and i₄ are 4, 12, 18, and 30, respectively, the sensor node uses the hash values H(sk₄), H(sk₁₂), H(sk₁₈), and H(sk₃₀) as signatures $s_1,s_2,s_3,s_4$; at the same time, they are sent to the remote state estimation system together with the data message $dat{a}_{k+T}$; the message is actually a certain kind of monitoring data or alarm data. After receiving the signature and message, the remote state estimation system directly calculates f(s_j) and verifies whether a certain public key $p{k}_i{}_{{}_j}(1\le j\le 4)$ in the set matches f(s_j). In actual scenarios, in order to meet the required security level, we choose a large number n, such as log₂ n, which is at least 160 bits. Then, in the case of point-to-point communication, when receiving the signature and monitoring data from the sensor node, the corresponding remote state estimation system calculates h, generates a substring h_j, converts each h_j to i_j, and then and checks whether f(s_j) = pk_ij. For point-to-point communication, the security level of the hash string should meet at least $(l\times lo{g}_{2}k)$ = 128 bits. That is, k = 2⁸ = 256, l = 16 or k = 2¹⁰ = 1024, l = 32 can be considered to ensure the standard security level 160-bit hash code.

To analyze and verify signature generation and verification, in the communication system scenario based on the DNP3 protocol, the communication between the remote state estimation system and the sensor nodes is realized. Since the default control duration of the DNP3 protocol standard is 250 ms, the channel latency can be reduced to 15 ms at 9600 baud and 32 bytes of data. We consider baud rate B = 100 bit/s, propagation delay D = 150 ms, MTU = 235 bytes, packet size P = 600 bytes. In the SHA1, SHA256, and SHA384 experiments, our scheme works well, and the signature generation and verification times of the tested five packets respectively are (0.048–0.065, 0.091–0.179), (0.099–0.152, 0.116–0.189), and (0.121–0.176, 0.126–0.368) ms. Compared to SHA256 and SHA384, SHA1 takes less time for signature generation and verification. However, SHA384 can provide better security. Thus, it satisfies the transmission of sensing data and alarm messages for SCADA systems, providing an efficient and safe service. Our proposed scheme is efficient and has less signature generation and verification time. Therefore, the proposed scheme is practical, efficient, and reasonably effective, and can be deployed on a real industrial control system network.

5. Security Analysis and Proof

5.1. Security Analysis

In this part, we conduct a security analysis on the proposed sequential signature mechanism. Assuming that the probability of finding a signature for data message $dat{a}_k$ is equivalent to the probability of finding at least one two-way collision, that is, that there are at least two l-bit strings randomly selected from the set m for $s{k}_1$ and $s{k}_2$, $f\left(H\left(s{k}_1\right)\right)\triangleq f\left(H\left(s{k}_2\right)\right)$, then the security of the signature depends on the probability of forging the signature. The probability that the challenger randomly selects t signatures from the set m would thus be [37]:

$$\mathrm{Pr}ob=1-{{\displaystyle {\prod }_{k=1}^{t-1}\left(\frac{m-k}{m}\right)}}_{(k=1)}^{(t-1)}\approx 1-e^{\frac{t\left(t+1\right)}{2m}}$$

(1)

The protocol in this paper effectively improves its security by embedding periodic time series and timestamps. The security strength analysis is as follows:

(1) Counterfeit attack: between the sensor and the remote state estimator network communication, if A impersonates a sensor and sends a message to the remote state estimator, the remote state estimator will find that its public key is different from public key $p{k}_i$ received previously after receiving the message and verifying its signature, and the attacker A cannot conduct a counterfeit attack. The authors of [37] have analyzed and proved this problem.

(2) Forgery attack: Attacker A cannot forge sensor signatures. Assuming the attacker eavesdrops on a valid signature $\left(s{i}_1,s{i}_2,\dots ,s{i}_k\right)$, since the sensor sends the same monitoring data at different times, the attacker may forge false messages $m^{\prime }$; however, each set of signature data sent and received by the sensor and the remote state estimation system synchronously is associated with a specific time period, if attacker A tries to forge the signature using the previously revealed signature. The reason is that sensor nodes do not reuse previously exposed signatures. And the attacker must know the exact time period of the current data. Therefore, even if the attacker eavesdrops on a valid signature, it is impossible to forge valid monitoring data and data signatures.

(3) Replay attack: A replay attack means that an attacker intercepts the data packet sent by the sensor and replays it after a period of time. The goal of replay attacks is to allow the receiver to receive the same message two or more times, or to change the order of packets to disrupt the application. First, since each signature message in our scheme is associated with a specific time period, the message signed in the time period k-T cannot be replayed in another period of time k + T. Each monitoring data message sent at a sensor node contains a timestamp, whose effective value depends on the propagation time between the sensor and the remote state estimation system. Once the receiving time threshold is exceeded, the remote state estimation system will discard the message. If attacker A sends the monitoring data message captured in advance to the remote state estimation system, the actuator directly discards the message due to the invalid signature time.

(4) Delay and selective forwarding attacks: For time-critical monitoring data transmission, delay attacks can be regarded as weaker packet loss attacks. For the sake of generality, we only analyze selective forwarding attacks. A successful packet loss attack means that attacker A selectively discards a group of packets $\left\{dat{a}_{i_1},\dots ,dat{a}_{i_T}\right\}$, which will cause another packet $dat{a}_j$, $j\notin \left\{i_1,\dots ,i_T\right\}$ to fail authentication. The scheme can resist selective forwarding attacks, because each data packet is independently signed. Assuming that the data message received by the remote state estimation system is inconsistent with the current time period of the state estimator, the state estimator considers the message illegal and sends an alarm message.

5.2. Security Proof

In this part, we prove the security of the proposed scheme.

(1) Formal security analysis model based on game theory. We propose a formal security analysis model composed of two factors:

1) We assume that in any probability polynomial time, attackers can communicate with a legitimate user of an industrial control system, retrieve any message on the insecure network, or extract the message selected from the hypothetical probability challenger algorithm as the output.

2) To damage the system and forge messages, the attacker has the ability to successfully forge the true signature of the actual sender. That is, the attacker must capture and generate the sender’s private key and forge the signature.

In our security analysis model, the attacker can interact with the hypothetical probability challenger algorithm, and the challenger can respond to all the inquiries by the attacker. The game ends when the attacker announces his/her decision. If the attacker can correctly deduce the security parameters and crack the system, the attacker wins. If the probability that any attacker will break the system is small, the system is proven to be safe.

The challenger generates a pair of keys $\left(s{k}_i,p{k}_i\right)$, and then the attacker executes the algorithm, which means selecting a security parameter n and a certain public key $p{k}_i$ as input. The attacker addresses inquiries to the challenger, and the challenger executes the signature generation algorithm to calculate signature $S_i$ for the selected sensing data $dat{a}_i$. If the signature $S_i$ generated by the attacker A is a valid signature of the data message $dat{a}_i$, the attacker succeeds in forging the signature.

(2) Proof of digital signature scheme.

Definition 1.

(Digital Signature Scheme): For the message space M, there is a digital signature scheme$\Sigma =\left(KeyGen,Sign,Ver\right)$.

$KeyGen\left(\right)\to \left(sk,pk\right)$: Probabilistic key generation algorithm: input the security parameter 1ⁿ, generate a public and private key pair $\left(s{k}_i,p{k}_i\right)$ and output;

$Sign\left(s{k}_i,dat{a}_i\right)\to s_i$: Probabilistic signature algorithm: input the data message $dat{a}_i\in M$ and the signature key $s{k}_i$, and output the signature $s_i$;

$Ver\left(p{k}_i,dat{a}_i,s_i\right)\to \left\{0,1\right\}$: Deterministic verification algorithm: input the data message $dat{a}_i$, public key $p{k}_i$ and signature $s_i$, and output 0 (invalid signature) or 1 (valid signature).

Definition 2.

(Correctness): For all messages$dat{a}_i\in M$, all$KeyGen\left(\right)\to \left(s{k}_i,p{k}_i\right)$, all $Sign\left(s{k}_i,dat{a}_i\right)\to s_i$, if exists$Ver\left(p{k}_i,dat{a}_i,S_i\right)=1$, then the digital signature scheme is correct.

Then, attacker A may try to achieve the following attack goals: (1) Key recovery: attempt to calculate $s{k}_i$ through a known public key $p{k}_i$ and impersonate the signer; (2) Extensive forgery: calculate a valid signature $s_i$ for a received message $dat{a}_i$; (3) Existential forgery: Calculate a valid signature $s_i$ for a selected data message $dat{a}_i$. At the same time, we assume that the attacker has the following capabilities: (1) Known key: can receive the public key $p{k}_i$ sent by the remote state estimation system; (2) Known message: retrieve data message and signature pairs from a preassigned data message list. (3) Adaptive selection of messages: attackers can adaptively obtain signatures for the selected data messages. The most ideal security situation is unforgeable under the existential unforgeability against chosen-message attacks (EU-CMA), which proves:

$$Suc{c}_{\Sigma }^{EU-CMA}\left(A\right)=Pr\left[Ex{p}_{\Sigma }^{EU-CMA}\left(A\right)=1\right]$$

(2)

To successfully forge the signature of the message $dat{a}_i$, the attacker needs to submit an inquiry to the challenger’s random oracle. In our scheme, H represents the hash function set $H\left(\right)$ used by the challenger, and the attacker can obtain the hash value of the message from the challenger:

$$Challenge{r}_H^{RO}\left(A\right)$$

(3)

$$H\left(\right):\left\{0,1\right\}\to {\mathbb{Z}}_n^{*}$$

(4)

$$\mathrm{Initialization}:Has{h}_{list}\leftarrow \phi$$

(5)

Inquiry: If there is $\left(h_i,dat{a}_i\right)\in Has{h}_{list}$ for message $dat{a}_i$, then return to $dat{a}_i$; otherwise $dat{a}_i\leftarrow {\mathbb{Z}}_n^{*}$, add $\left(h_i,dat{a}_i\right)$ to $Has{h}_{list}$ and return to $dat{a}_i$.

(3) Proof of the scheme based on game theory.

Game 0: This is the original existential unforgeability against the chosen-message attacks (EU-CMA) game of the sequential signature scheme (S-SIG) proposed in this article. Therefore:

$$Suc{c}_{S-SIG}^{EU-CMA}\left(A\right)=Pr\left(S_i\right)$$

(6)

Game 1: Attacker A first tries to retrieve or guess a random private key $s{k}_i$. Assuming that the attacker can correctly retrieve or guess the real private key sent by the remote state estimation system, the attacker successfully forges the signature sent by the remote state estimation system and destroys the system. However, since $s{k}_i$ is randomly selected from ${\mathbb{Z}}_n^{*}$, and ${\mathbb{Z}}_n^{*}$ is generated by the secure pseudo-random generator PRG, they have the same distribution, i.e., $Pr\left(s{k}_1\right)=Pr\left(s{k}_2\right)$. Therefore, the attacker A has no advantages of correctly guessing the private key, and the private key is not sent online, so that it is impossible for Attacker A to obtain the private key from the network.

Game 2: Attacker A tries to guess $\left(h_i,dat{a}_i\right)$ from $Has{h}_{list}$. That is, the attacker tries to guess the sensor message $dat{a}_i$ correctly and addresses an inquiry to the challenger to obtain signature $S_i=H\left(s{k}_i\right)$ for the selected data message $dat{a}_i$. If Attacker A can correctly guess the data message or the private key, Game 0 has the same effect as Game 1 (or Game 2). Assuming that an attacker obtains a random private key through inquiry (Q_r) and obtains information using H( ) through inquiry (Q_h), then the probability of success in guessing is:

$$Pr\left(Gues{s}_{correct}\right)=1/\left(Q_r+Q_h+1\right)$$

(7)

Game 3: The attacker tries to analyze the private key $s{k}_i$ of l bit and the hash code generated by the hash function $H\left(\right)$. In the scheme in this paper, if the length of the private key $s{k}_i$ used is at least 2048 bits, each private key has 2²⁰⁴⁸ different combinations, and then Attacker A needs to try at least 2²⁰⁴⁸ attempts to guess the private key correctly; that is, Attacker A needs to try at least 2¹⁶⁰, 2²⁵⁶, and 2³⁸⁴ times to guess the private key correctly for SHA1, SHA256, and SHA384. It is impossible for Attacker A to guess and generate the exact private key $s{k}_i$ within limited time.

Game 4: Now we to prove the primary theorem of this article, that is, that as long as the hash function used provides standard security properties, we have proved that the scheme is safe.

Definition 3.

If Attacker A has a negligible probability of winning the game in the maximum q-inquiry situation, the signature scheme is unforgeable under the q-adaptive selection message attack.

For the security parameter n, $Sign\left(1^n\right)$ is signature, $KeyGen\left(1^n\right)$ is key generation, $Sign\left(s{k}_i,\cdot \right)$ is signature generation, and $Ver\left(p{k}_i,dat{a}_1,S_i\right)$ is signature verification, and the generated signature is $s_i$. ${\left\{\left(dat{a}_i,S_i\right)\right\}}_1^q$ indicates a question-answer pair $Sign\left(s{k}_i,\cdot \right)$ generated for the signature. Under the existential unforgeability against chosen-message attacks (EU-CMA), the security standard concept test based on the signature scheme is as follows:

$$ExperimentEx{p}_{SIGN}^{EU-CMA}\left(A\right)$$

(8)

$$Setup:KeyGen\left(1^n\right)\to \left(s{k}_i,p{k}_i\right)$$

(9)

$$Execution:(dat{a}_1,S_i)\neg A^{Sign\left(s{k}_i\right)}(p{k}_i)$$

(10)

If $Ver\left(p{k}_i,dat{a}_1,S_i\right)=1$ and only if $dat{a}_1\notin {(dat{a}_i)}_1^q$, it returns to 1; otherwise it returns to 0.

We define the success probability of Attacker A as:

$$Suc{c}_{S-SIG}^{EU-CMA}\left(A\right)=Pr\left[Ex{p}_{SIGN}^{EU-CMA}\left(A\right)=1\right]$$

(11)

However, in our scheme, to ensure the sequence of monitoring data messages between the sensor and the remote state estimation system, the sensor and the remote state estimation system respectively sign in their respective time periods $R_{k+T}$ T and $S_{k+T}$, which are not transmitted through the network, so that attackers cannot forge a signature. Even if the attackers eavesdrop on a valid signature, they cannot continuously forge effective monitoring data messages and message signatures, that is, they cannot destroy the sequential relationship of the monitoring data messages.

To prove the security under the random oracle model $H\left(\right)$, there is ${\left\{h_i,dat{a}_i\right\}}_{i=1}^t$ in the running time t, if $i\ne j$, then $dat{a}_i\ne dat{a}_j$. An insecure function $In{\mathrm{Sec}}_{SIGN}^{EU-CMA}(s,t,q)$ is used to represent the maximum probability of success of the attacker against the original system s during the running time t with no more than q inquiries by the random oracle. We then define:

$$InSe{c}_{S-SIG}^{EU-CMA}\left(s,t,q\right)\triangleq \underset{A}{max}\left\{Suc{c}_{S-SIG}^{EU-CMA}\left(A\right)\right\}=negl\left(n\right)$$

(12)

Theorem: Set $n,v,data\in {\rm N},F\left\{f:{\left\{0,1\right\}}^n\to {\left\{0,1\right\}}^n\right\}$ as a single-row function family that satisfies anti-second preimage (SPR), undetectability (UD) and maintains one-way encryption (OW). Then $In{\mathrm{Sec}}_{SIGN}^{EU-CMA}\left(\left(1^n,m\right),t,1\right)$, and the proposed sequential signature scheme (S-SIG) satisfies the constraint of insecurity under the anti-EU_CMA attack:

$$In{\mathrm{Sec}}_{S-SIG}^{EU-CMA}\left(\left(1^n,m\right),t,1\right)\le In{\mathrm{Sec}}_{S-SIG}^{UD}\left(F,t^{\prime }\right)+m.\max \left\{In{\mathrm{Sec}}_{S-SIG}^{OW}\left(F,t^{″}\right),In{\sec }_{S-SIG}^{SPR}\left(F,t^{″}\right)\right\}$$

(13)

where: $t^{\prime }=t+3m$,$t^{″}=t+3m+l$ Proof by contradiction: Assuming that Attacker A may use adaptive selection messages to attack S-SIG within time t, resulting in existence forgery, and that the probability $Suc{c}_{S-SIG}^{EU-CMA}\left(A\right)$ of success is greater than the claimed $Suc{c}_{S-SIG}^{EU-CMA}\left(\left(1^n,m\right),t,1\right)$, the random oracle first runs $KeyGen\left(\right)$ to obtain a secret key pair $\left(s{k}_i,p{k}_i\right)$. Therefore, to generate a public key from the recovered signature $s_i^{\prime }$, Attacker A must know the one-way function $f\left(\right)$ of generating the public key. Even if the Attacker A knows the one-way function $f\left(\right)$, the public key ${pk}_i^{\prime }$ generated by Attacker A must be the same as the public key ${pk}_i^{\prime }$ currently used by the sensor. That is, Attacker A must first correctly guess l, and then correctly select the same public key $p{k}_i$ as the sensor; however, each set of signature data sent and received by the sensor and the remote state estimation system synchronously is associated with an independent specific time cycle, which proves that the mechanism in this paper is safe for random guessing.

Assuming that Attacker A can recover public key $p{k}_i$ and signature $s_i^{\prime }$ of the controller, the attacker correctly guessed l, runs $A^{Sign\left(s{k}_i,\cdot \right)}\left(p{k}_i\right)$, and thinks about the signature inquiry of ${data}_i^{\prime }$ submitted by the randomly oracle; the oracle machine runs $Sign\left({sk}_i^{\prime },{data}_i^{\prime }\right)$ and generates signature $s_i^{\prime }$ for Attacker A, then there is $s_i^{\prime }=H\left({sk}_i^{\prime }\right)$. At this time, Attacker A has ${data}_i^{\prime }$, $s_i^{\prime }$ and $p{k}_i^{\prime }$, and the real purpose of Attacker A is to recover ${sk}_i^{\prime }$. The existence of such a function with these properties is equivalent to a one-way function. Based on the hypothesis of one-way encryption and anti-second preimage of the function F, the probability of success of Attacker A’s obtaining the signature m through the random oracle is:

$$Suc{c}_{RO}^A=m.\max \left\{In{\mathrm{Sec}}_{S-SIG}^{OW}\left(H,t^{″}\right),In{\sec }_{S-SIG}^{SPR}\left(H,t^{″}\right)\right\}$$

(14)

where $t^{″}=t+3m+l$ meets the last of all three algorithms at runtime. The one-way encryption of public key generation depends on the one-way encryption of one-way function $f\left(\right)$, while signature generation requires the private key hash function to maintain anti-preimage. The encryption hash function $f\left(\right)$ we use meets the anti-preimage.

Assuming that Attacker A addresses an inquiry on the signature of a certain message M to the random oracle, based on the advantages of the random oracle in data message distribution (DMD) and public key distribution (PKD), Attacker A’s constraint relationship with the success probability $Suc{c}_{EXP}^P\left(A\right)$ using the random oracle and the success probability $Suc{c}_{EXP}^P\left(A\right)$ of the original experiment (EXP) is:

$$Ad{v}_{PKD,DMD}\left(A\right)=Suc{c}_{EXP}^P\left(A\right)-Suc{c}_{RO}^P\left(A\right)$$

(15)

Then, we only need to consider the situation of $Suc{c}_{EXP}^P\left(A\right)\ge Suc{c}_{RO}^P\left(A\right)$, namely:

$$Suc{c}_{EXP}^P\left(A\right)=Ad{v}_{PKD,DMD}\left(A\right)+Suc{c}_{RO}^P\left(A\right)$$

(16)

However, when Attacker A adopts the pseudo-random generator key distribution, there are non-negligible advantages, namely:

$$Ad{v}_{PKD,DMD}\left(A\right)\le In{\mathrm{Sec}}_{S-SIG}^{UD}\left(A\right)+Suc{c}_{RO}^P\left(A\right)$$

(17)

where $t^{\prime }=t+3m$.

Then there is:

$$Ad{v}_{PKD,DMD}\left(A\right)\le In{\mathrm{Sec}}_{S-SIG}^{UD}\left(H,t^{\prime }\right)+m.\max \left\{In{\mathrm{Sec}}_{S-SIG}^{OW}\left(H,t^{″}\right),In{\sec }_{S-SIG}^{SPR}\left(H,t^{″}\right)\right\}$$

(18)

where $t^{\prime }=t+3m$ and $t^{″}=t+3m+l$, which is contradictory. This proves that there is no existential forgery under which success probability $Suc{c}_{S-SIG}^{EU-CMA}\left(A\right)$ is greater than $InSe{c}_{S-SIG}^{EU-CMA}\left(\left(1^n,m\right),t,1\right)$ of the attacker at runtime t.

6. Conclusions

This paper studied the sensor sequential logic attack in the feedback control loop of the network control system, and found that changing the time logic or sequence logic of the sensor data can successfully deceive the false data detector without the false injection attack, and that it can also destroy the control command for sequential logic attacks. For the remote dynamic estimation system’s sensor data time and sequential logic attack, this paper proposes a time cycle-based sequential command authentication solution to ensure the integrity of the sensor data and the time and sequence logic. According to security analysis and proof, the scheme in this paper can effectively resist the sequential logic attacks caused by message attacks such as counterfeiting, forgery, replay attacks, and selective forwarding. Considering that it is difficult to detect sensor sequential logic attacks through false data detectors, and that it is also difficult to detect them through “semantic” analysis, intrusion detection based on sequential awareness may be a potential research direction in the future.