ARC-C: Analytical Framework and Software Tool for Automated Risk-Based Cryptoperiod Calculation in Industrial Control Systems
dc.contributor.advisor | Vlajic, Natalija | |
dc.contributor.author | Cianfarani, Gabriele Alberto | |
dc.date.accessioned | 2025-04-10T10:58:46Z | |
dc.date.available | 2025-04-10T10:58:46Z | |
dc.date.copyright | 2025-02-05 | |
dc.date.issued | 2025-04-10 | |
dc.date.updated | 2025-04-10T10:58:46Z | |
dc.degree.discipline | Electrical and Computer Engineering | |
dc.degree.level | Master's | |
dc.degree.name | MASc - Master of Applied Science | |
dc.description.abstract | Over the past decade, industrial control systems (ICSs) and critical infrastructure (CI) have become prime targets for advanced persistent threat (APT) groups and nation-state actors due to their potential for severe impact. This has resulted in the cybersecurity community increasing their focus on ICS/CI threat modelling and defence. This thesis examines the crucial role of the internal network reconnaissance stage of ICS/CI attacks, particularly those using the OPC UA standard with encrypted in-transit data. We first introduce a comprehensive attack tree outlining data siphoning strategies and highlight the importance of periodic encryption-key rotation to mitigate risk. Noting the lack of clear cryptoperiod guidelines in industry standards, we then present the Automatic Risk-based Cryptoperiod Calculation (ARC-C) framework. ARC-C aims to optimally determine cryptoperiod lengths based on security risks and operational constraints. We demonstrate its application in two realistic ICS environments: a Water Treatment Plant and an Energy Storage System. | |
dc.identifier.uri | https://hdl.handle.net/10315/42882 | |
dc.language | en | |
dc.rights | Author owns copyright, except where explicitly noted. Please contact the author directly with licensing requests. | |
dc.subject.keywords | Computer security | |
dc.subject.keywords | Security | |
dc.subject.keywords | Cryptoperiod | |
dc.subject.keywords | Data exfiltration | |
dc.subject.keywords | Data siphoning | |
dc.subject.keywords | Industrial control systems | |
dc.subject.keywords | ICS | |
dc.subject.keywords | Risk | |
dc.subject.keywords | Risk assessment | |
dc.subject.keywords | Risk-based framework | |
dc.title | ARC-C: Analytical Framework and Software Tool for Automated Risk-Based Cryptoperiod Calculation in Industrial Control Systems | |
dc.type | Electronic Thesis or Dissertation |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- Cianfarani_Gabriele_Alberto_2025_MASc.pdf
- Size:
- 3.68 MB
- Format:
- Adobe Portable Document Format