Critical Infrastructures and associated real time Informational systems need some security protection mechanisms that will be able to detect and respond to possible attacks. For this reason, Anomaly Detection Systems (ADS), as part of a Security Information and Event Management (SIEM) system, are needed for constantly monitoring and identifying potential threats inside an Information Technology (IT) System. Typically, ADS collect information from various sources within a CI system using security sensors or agents and correlate those information so as to identify anomaly events. Such sensors though in a CI setting (factories, power plants, remote locations) may be placed in open areas and left unattended thus becoming targets themselves of security attacks. They can be tampering and malicious manipulated so that they provide false data that may lead an ADS or SIEM system to falsely comprehend the CI current security status. In this paper, we describe existing approaches on security monitoring in critical infrastructures and focus on how to collect security sensor - agent information in a secure and trusted way. We then introduce the concept of hardware assisted security sensor information collection that improve the level if trust (by hardware means) and also increase the responsiveness of the sensor. Thus, we propose a Hardware Security Token (HST) that when connected to a CI Host, it acts as a secure anchor for security agent information collection. We describe the HST functionality, its association with a host device, its expected role and its log monitoring mechanism. We also provide information on how security can be established between the Host device and the HST.Then, we introduce and describe the necessary Host components that need to be established in order to guarantee a high security level and correct HST functionality. We, also provide a realization-implementation of the HST overall concept in a FPGA SoC evaluation board and describe how the HST implementation can controlled. Finally, we provide indicative use case scenarios of how the HST can be used in practice to provide a variety of different security services beyond acting as a secure ADS sensor.
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.