Trusted Group Key Management for Real-Time Critical Infrastructure Protection

Most critical infrastructures can be modeled as cyber-physical systems whose cyber components control physical processes so as to optimize specific system objectives. Protecting such systems from malicious threats (including insider threats) is particularly challenging. One solution, based on Trusted Computing technologies such as the Trusted Platform Module (TPM), uses an infrastructure that ensures that only trusted programs are executed. Such technologies readily support secure unicast communication. However, many critical infrastructures employ multicast. Addressing multicast requires attention to (a) compatibility and (b) real-time compliance. In particular, sealed multicast storage for which access takes no longer than unicast. We present a trusted computing architecture for multicast communication based on an adaptation of the Kerberos authentication service along with TPM trust engines. This architecture is efficient and scalable (one session key per multicast channel). We show that, by integrating our framework with an open source IEC 61850-90-5 profile emulator for power utility automation, synchrophasor data feeds are protected in real-time (<; 4ms, the IEC61850-90-5 threshold) against strong adversaries.