A Novel Moving Target Defense Scheme With Physical Unclonable Functions-Based Authentication

Abstract

Recent studies have discovered possible security issues on Supervisory Control and Data Acquisition systems (SCADA) in the critical architecture and focus on developing protection mechanisms on this system. Moving Target Mobile IPv6 Defense II is one of these schemes, in which the node in SCADA system employs the moving target's mobile IPv6 mechanism to solve the possible security problem the attacker targeting the specific node and launching attacks. However, the node in this novel scheme still should need to send update binding message with its new IP address to other nodes, which still possibly causes IP leakage security problem. Hence, in our study, we propose a moving target defense scheme with Physical Unclonable Functions (PUF) based authentication in SCADA system. In our scheme, PUF based authentication scheme ensures the security of the whole IP updating process. Once the nodes finish authentication process, they can perform IP generation mechanism based on unique parameter resulting from PUF outputs. Hence, our proposed scheme can ensure the unique characteristic of our generated IP address and no packet loss in the duration of IP rotation. Compared with other MTD-based schemes, our performance evaluation also shows that our proposed scheme can achieve good security performance in SCADA systems.