Security Improvements by Separating the Cryptographic Protocol from the Network Stack onto a Multi-MCU Architecture

The number of IoT devices in SCADA and ICS systems is rising quickly, especially in the domain of critical infrastructures. But these kinds of systems are performing mission critical tasks like controlling devices in industrial facilities or substations in the smart grid. Therefore, they are subject to a lot of regulatory standards. Yet, to provide remote access over the internet, special architectures are developed to integrate a network interface into these devices without inferring with the actual functionality. However, these architectures either lack security measures against cyber-attacks or do not offer the necessary performance for time-critical communication interfaces. To solve that, an architecture consisting of three units is introduced in this paper to provide a network interface with extensive security measures and a high performance. The main feature is the isolation of the cryptographic functionality onto an additional MCU. After proposing the basic concept, the paper presents many implementation details. Based on the current state of implementation, a concept validation of the realized architecture is described.