Formal Modeling and Verification of Generic Credential Management Processes for Industrial Cyber–Physical Systems
- Industrial cyber-physical systems (ICPS) face rising cyberattacks, requiring secure credential management also in resource-constrained embedded systems. Standards specifying field level communication of ICPS (e.g., PROFINET or OPC UA) define protocol-specific credential management processes, yet lack formal security verification. We propose a generic model capturing initial security onboarding andIndustrial cyber-physical systems (ICPS) face rising cyberattacks, requiring secure credential management also in resource-constrained embedded systems. Standards specifying field level communication of ICPS (e.g., PROFINET or OPC UA) define protocol-specific credential management processes, yet lack formal security verification. We propose a generic model capturing initial security onboarding and automated credential provisioning. Using ProVerif, an automatic symbolic protocol verifier, we formalize certificate-based authentication under a Dolev-Yao adversary, verifying private key secrecy, component authentication, and mutual authentication with the operator domain. Robustness checks confirm resilience against key leakage and highlight the vulnerabilities of the trust on first use concept proposed by the standards. Our model offers the first formal guarantees for secure credential management in ICPS.…
| Document Type: | Article |
|---|---|
| State of review: | Begutachtet (reviewed) |
| Zitierlink: | https://opus.hs-offenburg.de/11563 | Bibliografische Angaben |
| Title (English): | Formal Modeling and Verification of Generic Credential Management Processes for Industrial Cyber–Physical Systems |
| Author: | Julian GöppertStaff MemberORCiD, Axel SikoraStaff MemberORCiDGND |
| Year of Publication: | 2025 |
| Date of first Publication: | 2025/10/16 |
| Publisher: | IEEE |
| First Page: | 349 |
| Last Page: | 352 |
| Parent Title (English): | IEEE Embedded Systems Letters |
| Volume: | 17 |
| Issue: | 5 |
| ISSN: | 1943-0663 (Print) |
| ISSN: | 1943-0671 (Elektronisch) |
| DOI: | https://doi.org/10.1109/LES.2025.3598202 |
| Language: | English | Inhaltliche Informationen |
| Institutes: | Fakultät Elektrotechnik, Medizintechnik und Informatik (EMI) (ab 04/2019) |
| Research: | ivESK - Institut für verlässliche Embedded Systems und Kommunikationselektronik |
| Collections of the Offenburg University: | Bibliografie |
| Tag: | Communication; credential management; cyber- security; proverif; public key certificates |
| Funded by (selection): | Bundesministerium für Wirtschaft und Energie | Formale Angaben |
| Relevance for "Jahresbericht über Forschungsleistungen": | 5-fach | Wiss. Zeitschriftenartikel reviewed: AGQ-Positivlisten |
| Open Access: | Closed |
| Licence (German): |  Urheberrechtlich geschützt |