Shoichi Sakane

Security architecture for control networks using IPsec and KINK

There are many kinds of control networks which have been used in various nonIP network areas, such as BA (building automation), FA (factory automation) and PA (process automation). These do not incorporate reasonable security mechanisms as they have been mainly used for closed networks. Recently the security of control networks is becoming important because of the popularization of the Internet, the deployment of wireless technologies and the security requirements of such infrastructures. Control networks require security mechanisms which 1) enable end-to-end security that do not depend upon specific network topology, 2) work with multiple control network technologies, and 3) are suited to small embedded devices commonly used in control networks. This paper shows security mechanisms which can meet the above requirements, assuming that IP is applied to the control networks.

A translation method between 802.15.4 nodes and IPv6 nodes

There are many kinds of control networks based on non-IP, such as BA (building automation), FA (factory automation) and PA (process automation). The IPv6 and wireless technologies are expected to improve those networks. The IEEE 802.15.4 is a candidate for wireless technology in control networks because of its feature, e.g. low power consumption and small implementation. Seamless communication between both technologies is important, though it is not easy for IEEE 802.15.4 packet to carry IPv6 packet due to its limited features. This paper shows a translation method between IPv6 nodes and IEEE 802.15.4 nodes

Secure Plug and Play Architecture for Field Devices

A PA (Process Automation) system is a kind of control systems which have been used in various non-IP (Internet Protocol) network areas. The system is now introducing IP with advantages, and will face the issues of security and configuration complexity due to upcoming new requirements. The authors have proposed a model called Secure Plug and Play which intends to solve these issues while satisfying restrictions, i.e. small embedded devices, isolated networks, private naming system/name space and application transparency, which are required when introducing new functionality into the existing systems. This paper shows the practicability of the model through implementing the model experimentally.

Implementing a Secure Autonomous Bootstrap Mechanism for Control Networks*This research is supported/funded by the Ministry of Internal Affairs and Communications of Japan.

There are many kinds of control networks, which have been used in various non-IP network areas, such as BA (Building Automation), FA (Factory Automation) and PA (Process Automation). They are now introducing IP and face the issues of security and configuration complexity. The authors have proposed a model which intends to solve these issues while satisfying restrictions, i.e. small embedded devices, isolated networks and private naming system/name space, which are required when introducing new functionality into existing control networks. Secure bootstrap sequence and device-to-device communication using the chain of trust are the points of the model. This paper shows the practicability of the model through implementing the model experimentally.

Extending a Secure Autonomous Bootstrap Mechanism to Multicast Security

There are many kinds of control systems, which have been used in industry area, such as process automation (PA) and factory automation (FA). They have numerous sensors and actuators called field devices in their networks, and are introducing Internet protocol (IP) as network technology. Network security is necessary to make the most of IPs capability. The authors have previously studied a security mechanism which can satisfy the restrictions required by control systems and a secure autonomous bootstrap mechanism which is based on the security mechanism. This paper shows an extension of the bootstrap mechanism to support multicast security. The discussion in this paper excludes security of multicast routing protocols and admission control protocols, e.g. IGMP and MLD, because the subject of this paper and those protocols are orthogonal

A prototype of a secure autonomous bootstrap mechanism for control networks

There are many kinds of control networks, which have been used in various non-IP network areas, such as BA (building automation), FA (factory automation) and PA (process automation). They are introducing IP and face the issues of security and configuration complexity. The authors have proposed a model which intends to solve the issues while satisfying restrictions, i.e. small embedded devices, isolated networks and private naming system/name space, which are required when introducing new functionality into existing control networks. Secure bootstrap sequence and device-to-device communication using the chain of trust are the points of the model. This paper shows the practicability of the model through implementing the model experimentally

Design and evaluation of a client-friendly cross-realm framework for Kerberos 5

One problem with the cross-realm operation of Kerberos 5 is that clients need to traverse the authentication paths between realms. Traversal is a burden for clients with limited resources. In this paper, the authors constructed a cross-realm framework, called the client-friendly cross-realm framework, which releases clients from traversal of realms. This framework enables a client to obtain a service ticket in one message exchange with its local key distribution center (KDC). On the other hand, the framework introduces overhead on KDCs. The authors implemented PKCROSS as a component of the framework and showed that the overhead is insignificant.