Due to the lack of security design,vulnerabilities of traditional Industrial Control Networks (ICS) protocols can be easily exploited remotely from TCP/IP network.In this paper,a novel security enhanced Modbus/TCP protocol called trusted Modbus/TCP was proposed for ICS network based on remote attestation and trusted hardwares.For bidirectional authentication,the proposed protocol modified the original Modbus/TCP communication stack of both field devices and control devices in ICS.Based on a white list,the identities of communication devices and the information of security status were attested.Updates of these information were maintained by an on-line attestation sever,and lately pushed to the field devices in order to reduce its burden.The protocol data were protected in two ways.Firstly,all data couldn't be tampered without knowing by legal devices who had the authenticating key protected by trusted hardwares;secondly,sensitive Modbus/TCP operation data was encrypted under the protection of trusted hardwares.To the authors' best knowledge,there is as yet no paper in the open literature that introduced trusted components into Modbus/TCP network to secure the communication between ICS devices.The trusted Modbus/TCP protocol was described with the HLPSL language.The four security properties, including integrity,authenticity,confidentiality and the freshness of protocol data,were verified with the SPAN tools without finding intruding path.The most time-consuming cryptographic operations for authentication were used only when establishing the communication session or after previous authentication failed.Moreover,the time cost could be reduced rapidly after adopting the latest dedicated trusted hardware for the ICS,compared to the experiments using current Trusted Platform Module (TPM).The overheads of increased protocol packet size compared to the original protocol were μs-level.In conclusion,the trusted Modbus/TCP proposed is practical for the ICS,since it could not only protect protocol data transferred on Modbus/TCP network from illegal entities,but also protect the data from legal entities whose system was tampered.
