Next Article in Journal
Improving Machining Performance for Deep Hole Drilling in the Electrical Discharge Machining Process Using a Step Cylindrical Electrode
Next Article in Special Issue
Operator and Graph Theoretic Techniques for Distinguishing Quantum States via One-Way LOCC
Previous Article in Journal
Configuration Design of an Upper Limb Rehabilitation Robot with a Generalized Shoulder Joint
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 11
Issue 5
10.3390/app11052082
Review Report
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

An Intrusion Resistant SCADA Framework Based on Quantum and Post-Quantum Scheme

Appl. Sci. 2021, 11(5), 2082; https://doi.org/10.3390/app11052082
by Sagarika Ghosh 1, Marzia Zaman 2, Gary Sakauye 3 and Srinivas Sampalli 1,*
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Appl. Sci. 2021, 11(5), 2082; https://doi.org/10.3390/app11052082
Submission received: 2 February 2021 / Revised: 13 February 2021 / Accepted: 18 February 2021 / Published: 26 February 2021
(This article belongs to the Special Issue Recent Development and Application of Quantum Communication and Security Protocols)

Round 1

Reviewer 1 Report

Review of
An intrusion resistant SCADA framework based on quantum and post-quantum scheme
by Sagarika Ghosh et al.

The work analyzes the AGA-12 -- the security standard defined for SCADA systems. Authors correctly identify the weak points of the present solution. They also propose its improvement by incorporating some primitives from quantum cryptography: namely, QKD for secret key negotiation and QRNG for bootstrapping signature algorithm.

It is a resubmitted version manuscript applsci-1063726. The fundamental problems related to the authentication of QKD control messages are removed. The constraints on the network topology imposed by QKD system are also addressed. I think that the manuscript is now suitable for publication.

Author Response

The authors thank the reviewer for the positive feedback.

Reviewer 2 Report

In the paper, the authors propose a security scheme for SCADA systems where the following characteristics can be identified: an intrusion immune framework by incorporating quantum and post-quantum security scheme, the B92 protocol to generate a secret quantum key for encryption and SPHINCS-256 (a preimage and collision-resistant algorithm to obtain a digital signature with a true random number generator), the introduction of QRNG to obtain a non-deterministic and random HORST secret key, and replacing the message with the cipher obtained in the encryption phase.
I consider that the structure and quality were improved. However, there are still some problems with the quality of some figures (starting with figure 15) in which it is very difficult to follow the results. Maybe giving up some figures and the introduction of some tables would be more appropriate. 

Author Response

Thank you for the suggestions. We have added 5 tables as follows.

  • Table 4 ( new revised manuscript) <- in place of <-- Figure 15 (old manuscript).
  • Table 5 ( new revised manuscript) <- in place of <- Figure 16 (old manuscript).
  • Table 6 ( new revised manuscript) <- in place of <- Figure 17 (old manuscript).
  • Table 7 ( new revised manuscript) <- in place of <- Figure 20 (old manuscript).
  • Table 8 ( new revised manuscript) <- in place of <- Figure 23 (old manuscript).

The above figures in the old manuscript have been removed and in place of those, the above tables are added.

Tables 4, 5, 6 have been added in Section 6.1, page 18 and Tables 7, 8 in Section 6.3.2, page 22 in the revised manuscript. We have also improved the figures by resizing the fonts and labels of Figure 16 in page 21, Figures 17 and 18 in page 23, Figures 19 and 20 in page 24. The attached file lists the tables that have been introduced in the revised manuscript.

Author Response File: Author Response.pdf

This manuscript is a resubmission of an earlier submission. The following is a list of the peer review reports and author responses from that submission.


Round 1

Reviewer 1 Report

Review of
An intrusion resistant SCADA framework based on quantum and post-quantum scheme
by Sagarika Ghosh et al.

The work analyzes the AGA-12 -- the security standard defined for SCADA system. Authors correctly identify the weak points of the present solution. They also propose its improvement by incorporating some primitives from quantum cryptography: namely QKD for secret key negotiation and QRND for bootstrapping signature algorithm. Unfortunately, in my opinion, (a) the proposed solution does not take into account some constraints of QKD protocol and (b) the use of QRND flaws the new scheme by design.
Ad. (a). Authors propose the B92 protocol, but in fact, it can be replaced with any single-photon based QKD solution. However, QKD protocols provide only point-to-point links. Authors should provide detailed explanation how that limitation affects possible deployment scenarios as the quantum channel has to be made as single fiber that connects RTU and MTU without and optical devices in-between. Moreover, QKD is secure only if it is accompanied with the authenticated classical channel. The way of classical channel authentication has to be addressed in the new solution as it is the key component of the new security infrastructure.
Ad. (b). The designers of AGA-12 proposed the improved version of the One-Time Signature scheme to make it secure against well known quantum attacks. In such schemes the seed used to initialize the PRNG is used as the private key and the derived elements are used as public keys. In the manuscript, authors propose replacement of the PRNG with QRNG. However, QRNG is not pseudo-random but truly random generator and such generators do require seeding. In effect, it is not clear which data element is used as a private key.

The rest of the review addresses spotted problems (and its impact on paper quality) in chronological order:


1. line 94 & 95, minor
incorrect key sizes for AES and ECDSA

2. line 96, minor
the referred citation provides only estimation of the resources of the hypothetical quantum computer (Google works on 15-qubit machine). The RSA has not been quantumly broken.

3. line 126, minor
Please explain why the key sifting is simpler for B92 than for BB84.

4. line 126-127, minor
This is some kind of misunderstanding. The effectiveness of both protocols is known exactly without any simulations and is explicitly stated on the website of the simulator used in [11]. Besides, authors should explain why the lower error rate generated by the attacker is better.

5. line 190, major
see the (b)

6. line 202-204, major
The seminal AGA-12 specification did not require a public channel between the MTU and RTU, so this is a serious drawback of the new approach. How do the authors imagine providing a classic channel in which Eve cannot change the content of sent messages? It is known that the possibility of changing messages in the associated classical channel completely undermines the security of QKD and thus the security of the new solution is also questionable.

7. line 227-228, minor
The explanation how to achieve confidentiality is required, as this is  non-standard function of ECC code.

8. line 228-229, major
Unfortunately, sending the codeword undermines the entire procedure. This simply won't work because Eve can learn all the bits of the key.

9. line 266, major
Seed for truly random generator? Truly random generators do not require SEEDing. They just generate random numbers.

10. line 295-297, major
In my opinion parameters selected for the analysis are improper. Errors can be used for Eve detection only when the quantum channel is perfect, which is not the case in the real world. In practice, the errors induced by Eve are indistinguishable from those resulting from channel imperfections. It is therefore interesting to ask whether Alice and Bob can determine the secret key when the given error rate is observed, and if so, at what bitrate in relation to the number of exchanged qubits.
Authors do not explain why the leak of more than N/2 bits is essential. After all, learning about N/10 will also compromise the system.

11. line 324, major
In my opinion the provided simulations of QBER are meaningless. Authors used QuVis simulator (as in reference [11]) that assumes perfect quantum channel. Such assumption does not correspond with reality.

 

Author Response

The authors thank the reviewer for the in-depth scrutiny, and valuable feedback and suggestions, which have improved the quality of the paper. In the attached PDF document, we provide a point-by-point response to the reviewers' comments. The sentences highlighted in blue font are the new additions in the revised manuscript. These changes have been incorporated into our revised manuscript.

Author Response File: Author Response.pdf

Reviewer 2 Report

The topic is very important and the problem is much debated in the literature in the last years.  The authors propose in the paper an intrusion resistant algorithm exploiting and applying quantum principles in the post-quantum signature algorithm. They use the B92 protocol, a quantum key distribution scheme, to obtain the cipher, and the practical Stateless Hash-based Signatures (SPHINCS)-256 protocol to obtain a post-quantum signature. The validation was done using the Probabilistic Model Checking for Performance and Reliability Analysis and Scyther tools and performed National Institute of Standards and Technology statistical tests.

However, there are some aspects which the authors should consider to improve the quality and structure of the paper:

  1. A list with abbreviations and notations should indicate.
  2. In Abstract, the authors assert “We have validated the proposed algorithm using the Probabilistic Model Checking for Performance and Reliability Analysis (PRISM) and Scyther tools and performed National Institute of Standards and Technology (NIST) statistical tests.". The numerical values must be indicated to highlight the accuracy of the proposed algorithm.
  3. In Section 1, the authors present various approaches from the literature. I think that a synthesis of the solutions proposed in the literature depending on the type of analysis, which to present more clearly the advantages and disadvantages, is useful for readers. Thus, the strengths and weaknesses can be identified and the performance of the proposed approach can be highlighted. This synthesis can be given as a table.
  4. In each section, many paragraphs have a few sentences. These can be merged in a single paragraph.
  5. The figures are unclear. The size should be changed.
  6. In the text, "we" must be replaced by "the authors".
  7. A table with the performance indicators should be introduced.

Author Response

The authors thank the reviewer for the in-depth scrutiny, and valuable feedback and suggestions, which have improved the quality of the paper. In the attached PDF document, we provide a point-by-point response to the reviewers' comments. The sentences highlighted in blue font are the new additions in the revised manuscript. These changes have been incorporated into our revised manuscript.

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

Let us summarize the properties of the system resulting from the corrections made:
- MTU and RTU are connected by a classical network,
- Each RTU is connected to the MTU by a dedicated fiber optic link made of a single piece of fiber connecting directly communicating parties,
- The classical link is authenticated and encrypted (Response No. 3) with a shared symmetric key,
- Authors consider that security of the QKD link depends entirely on the quality of the above authentication and encryption.
Cryptographic systems are as secure as their weakest component. What is the purpose of deploying QKD if its security depends entirely on a less secure solution? In my opinion, the proposed integration of QKD does not introduce the added value and it only complicates the system.

Moreover, the authors did not respond to my main comment on the impact of the use of QKD technology on the network topology. The Response 2 was off-topic as it concerned technical problems not related to the topology of the modeled network. The proposed construction of the private and public key pairs (described in Author responses 1 and 2 to Reviewers 1, comment 2) is unclear. The public key should be deterministically derived from the private key, but it should be computationally difficult to reverse this relationship. Unfortunately, this feature was not demonstrated for the proposed scheme.

There are other minor imperfections in the manuscript, but I think the above deficiencies are sufficient to advise its rejection.

Back to TopTop