An Efficient Trusted Computing Base (TCB) for a SCADA System Monitor

A fundamental requirement for the ability to monitor a SCADA system is a measure for ensuring that the monitoring process has an accurate picture of the current states of all sensors and actuators in the system. A misrepresentation of the state can be perpetrated either by sending misleading information (for example, by impersonating a sensor) or by preventing sensor measurements from reaching the monitor (for example, jamming). We identify a minimal trusted computing base (TCB) for an untrusted SCADA monitor, and propose a strategy to leverage the TCB efficiently to realize the assurance that “any misrepresentation of the SCADA system state (the states of all sensors and actuators) will be identified.” In the proposed approach the TCB is a set of well-defined and simple functions performed by a trusted module. The untrusted monitor is required to periodically offer proof to the trusted module regarding the integrity of dynamic sensor data received from all sensors. Keywords-SCADA Security, Merkle trees, Authenticated Denial.