Optimizing Lightweight Intermittent Message Authentication for Programmable Logic Controller

Programmable Logic Controllers (PLCs) are essential for Cyber-Physical Systems (CPS) but lack a software solution for lightweight message authentication to ensure the authenticity and integrity of data. A state-of-the-art lightweight signature, called(\textsf{LiS}), is recently proposed for continuous message authentication in CPS, based on a chameleon hash function and a universal hash function ((\textsf{UHF})) chain. Meanwhile, the signer and verifier should synchronize the randomness in the(\textsf{UHF})chain for message authentication. To deal with the intermittent message authentication, Yanget al.proposed a lightweight authentication scheme(\textsf{LARP})to replace the(\textsf{UHF})chain with a(\textsf{UHF})tree, in which each layer is divided by a series of time slots. The signer can quickly skip some randomness rather than linearly update the randomness as in(\textsf{LiS}). However, the computational overhead required for synchronization might be expensive in(\textsf{LARP})when the signer is suspended for a long time. Additionally, the overhead fluctuates greatly with the growth of interruption time. In this paper, we first propose an optimized(\textsf{UHF})tree to reduce the overhead and mitigate its growth fluctuation. In particular, we implement our optimized scheme on an Allen Bradley ControlLogix 5571, leveraging fast modular reduction of pseudo-Mersenne prime to achieve efficient modulo operation. Our results demonstrate, for the first time, the feasibility and efficiency of running a lightweight signature scheme on the PLC.