ARC-C: Analytical Framework and Software Tool for Automated Risk-Based Cryptoperiod Calculation in Industrial Control Systems

dc.contributor.advisorVlajic, Natalija
dc.contributor.authorCianfarani, Gabriele Alberto
dc.date.accessioned2025-04-10T10:58:46Z
dc.date.available2025-04-10T10:58:46Z
dc.date.copyright2025-02-05
dc.date.issued2025-04-10
dc.date.updated2025-04-10T10:58:46Z
dc.degree.disciplineElectrical and Computer Engineering
dc.degree.levelMaster's
dc.degree.nameMASc - Master of Applied Science
dc.description.abstractOver the past decade, industrial control systems (ICSs) and critical infrastructure (CI) have become prime targets for advanced persistent threat (APT) groups and nation-state actors due to their potential for severe impact. This has resulted in the cybersecurity community increasing their focus on ICS/CI threat modelling and defence. This thesis examines the crucial role of the internal network reconnaissance stage of ICS/CI attacks, particularly those using the OPC UA standard with encrypted in-transit data. We first introduce a comprehensive attack tree outlining data siphoning strategies and highlight the importance of periodic encryption-key rotation to mitigate risk. Noting the lack of clear cryptoperiod guidelines in industry standards, we then present the Automatic Risk-based Cryptoperiod Calculation (ARC-C) framework. ARC-C aims to optimally determine cryptoperiod lengths based on security risks and operational constraints. We demonstrate its application in two realistic ICS environments: a Water Treatment Plant and an Energy Storage System.
dc.identifier.urihttps://hdl.handle.net/10315/42882
dc.languageen
dc.rightsAuthor owns copyright, except where explicitly noted. Please contact the author directly with licensing requests.
dc.subject.keywordsComputer security
dc.subject.keywordsSecurity
dc.subject.keywordsCryptoperiod
dc.subject.keywordsData exfiltration
dc.subject.keywordsData siphoning
dc.subject.keywordsIndustrial control systems
dc.subject.keywordsICS
dc.subject.keywordsRisk
dc.subject.keywordsRisk assessment
dc.subject.keywordsRisk-based framework
dc.titleARC-C: Analytical Framework and Software Tool for Automated Risk-Based Cryptoperiod Calculation in Industrial Control Systems
dc.typeElectronic Thesis or Dissertation

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Cianfarani_Gabriele_Alberto_2025_MASc.pdf
Size:
3.68 MB
Format:
Adobe Portable Document Format
License bundle
Now showing 1 - 2 of 2
No Thumbnail Available
Name:
license.txt
Size:
1.87 KB
Format:
Plain Text
Description:
No Thumbnail Available
Name:
YorkU_ETDlicense.txt
Size:
3.39 KB
Format:
Plain Text
Description: