An Adaptive Encryption-as-a-Service Architecture Based on Fog Computing for Real-Time Substation Communications
Published in IEEE Transactions on Industrial Informatics, 16(1), 658-668, 2019
Recommended citation: Zhang, H., Qin, B., Tu, T., Guo, Z., Gao, F., & Wen, Q. (2019). An adaptive encryption-as-a-service architecture based on fog computing for real-time substation communications. IEEE Transactions on Industrial Informatics, 16(1), 658-668. https://doi.org/10.1109/TII.2019.2948113
The recent outbreak of industrial cyber attacks indicates that the current industrial network security architecture is under serious challenges. As one of the critical industrial networks, the heterogeneous and real-time substation network lacks compatibility with the conventional cryptography architecture represented by SSL/TLS and PKI. To enhance the security of smart substations under the premise of low latency, we present a novel encryption-as-a-service architecture based on fog computing in this paper. The architecture offloads encryption to dedicated devices and makes certificate and key management available through unified Web services on the fog and cloud layers. Based on this architecture, we propose MX-SORTS, maximizing security on real-time communication of different services, an algorithm for adaptive configuration of encrypting and signing substation network traffic. By the contrast experiments with the conventional cryptography architecture, we prove that the encryption-as-a-service architecture can significantly improve the real-time and security performance of substation networks.
Zhang, H., Qin, B., Tu, T., Guo, Z., Gao, F., & Wen, Q. (2019). An adaptive encryption-as-a-service architecture based on fog computing for real-time substation communications. IEEE Transactions on Industrial Informatics, 16(1), 658-668.