Hi, Newbie here... I am developing a small-scale SCADA system with Master Stations controlling up to 100 RTU's each, via short range (100 meters) RF signals. The Master Stations will be connected via the Internet to a host computer.
We need to secure both the RF and the Internet communications. I am new to the security issues involved and need a few clues on where to find techniques for small microcontroller-based systems.
I've found plenty of info on secure shell systems, but they all seem to involve a formal OS such as Linux, whereas my platforms (Master Station and RTU's) will run only simple task schedulers.
The Master Station uses an Atmel ATmega128 (128k code space, 4K SRAM) with serial-to-Ethernet via a Lantronics XPort; probably the encrypted version. Its security level (128-bit AES) is not state of the art but may be enough for our purposes.
The RTU is battery operated and will run on some member of the TI MSP430
2xxx family.We are currently addressing various threat scenarios, such as the sabotage to an Queensland, Australian sewage system:
This was an inside job, but we're also concerned about some hacker targeting our system as a personal challenge.
On the RF side, the transceivers use a proprietary frequency-shifting scheme, but physical security for the RTU's can not be assured due to the nature of the product and if an attacker steals one then the raw RF messages will be visible.
The signals will be fairly infrequent and short; less than a dozen bytes. My first idea was XORing them with the output stream of a Galois LFSR. To ensure that routine polling queries would always be different (and apparently random) I would use a seed value derived from the RTU serial number and a tap configuration supplied by the Master Station.
However this scheme relies on the secrecy of the algorithm, which is bad cryptography, even assuming that the microcontrollers' security fuses afford good code protection; and yet the RTU has limited computing resources so I'm not sure what would be the best practice in this situation.
Any help appreciated; TIA, Sean Quinlan