Industrial Control Systems (ICS), and many simple Internet of Things (IoT) devices, commonly communicate using unencrypted or unauthenticated protocols. For ICS this is an historical carryover since the introduction of these systems predated practical lightweight cryptography. As the processing power of small devices has grown exponentially at the same time as new, more efficient encryption algorithms have become available, end device encryption of communication protocols is becoming much more practical, but is still not widely used with ICS protocols such as Modbus and IEC61850 (GOOSE) which have tight requirements for both latency and variance. Newer micro-processors can also present challenges both to measurement and use, since features such as dynamic frequency scaling can significantly impact performance measurements. In this paper, we measured the time cost of adding encryption into the communication cycle of low-cost edge devices using ChaCha20-Poly1305, and show that in the worst case the encryption cycle took less than 7.1 percent of the latency requirements of Goose, and less than 3% for IEC-60834-1 on Raspberry PI 4, and an Intel N95 Mini PC, which is well within the specified latency requirements for these protocols.
翻译:工业控制系统(ICS)及众多简易物联网(IoT)设备通常采用未加密或未经认证的协议进行通信。对ICS而言,这是历史遗留问题——因其系统问世时间早于实用轻量级密码学的出现。随着小型设备处理能力呈指数级增长,同时更高效的加密算法不断涌现,通信协议的端到端加密正变得愈发可行,但在对延迟和抖动有严格要求的Modbus和IEC61850(GOOSE)等ICS协议中仍未广泛采用。新型微处理器由于动态频率调整等特性会显著影响性能测量结果,这给测试与使用带来双重挑战。本文测量了使用ChaCha20-Poly1305为低成本边缘设备通信周期添加加密所消耗的时间,结果表明:在最坏情况下,加密周期在Raspberry Pi 4和Intel N95迷你PC上占用GOOSE延迟要求的比例低于7.1%,占用IEC-60834-1延迟要求的比例低于3%,完全满足这些协议规定的延迟指标。