Application of Encryption Algorithms in PLCs: Protecting Intellectual Property and Data Security
Introduction: New Security Challenges in Industrial Control Systems
With the advancement of Industry 4.0, PLC systems are increasingly connected to enterprise networks and even the internet. This connectivity enhances efficiency but also brings unprecedented security risks to the systems. In a automotive parts manufacturing company I served, a set of critical production processes was acquired and replicated by competitors, resulting in losses of millions. This article will share how to protect intellectual property and data security in PLC systems through encryption technology.
1. Security Threats Faced by PLC Systems
PLC systems mainly face the following security threats:
- Program Theft: Core algorithms and process parameters are copied without authorization
- Data Theft: Production data is stolen for reverse engineering
- Parameter Tampering: Process parameters are maliciously modified, leading to product defects
- Unauthorized Access: Systems are operated by unauthorized personnel
- Communication Eavesdropping: Communication between PLC and upper-level computers or other devices is intercepted
Traditional PLC systems rarely consider security during design, with most programs and data stored and transmitted in plaintext, and security measures limited to simple password protection.
2. Implementable Encryption Algorithms in PLCs
Considering the limited computational resources of PLCs, the implementable encryption algorithms mainly include:
2.1 Symmetric Encryption Algorithms
AES (Advanced Encryption Standard)
// AES-128 encryption algorithm pseudocode (SCL)
FUNCTION_BLOCK "AES_Encrypt"
VAR_INPUT
DataIn : ARRAY[0..15] OF BYTE; // 16-byte input data
Key : ARRAY[0..15] OF BYTE; // 16-byte key
END_VAR
VAR_OUTPUT
DataOut : ARRAY[0..15] OF BYTE; // Encryption result
END_VAR
VAR
State : ARRAY[0..3, 0..3] OF BYTE; // State matrix
RoundKeys : ARRAY[0..10, 0..15] OF BYTE; // Round keys
END_VAR
// Key expansion
#KeyExpansion(Key, RoundKeys);
// Initial round key addition
#AddRoundKey(State, RoundKeys[0]);
// 9 rounds of transformation
FOR i := 1 TO 9 DO
#SubBytes(State);
#ShiftRows(State);
#MixColumns(State);
#AddRoundKey(State, RoundKeys[i]);
END_FOR;
// Final round
#SubBytes(State);
#ShiftRows(State);
#AddRoundKey(State, RoundKeys[10]);
// Output result
#StateToOutput(State, DataOut);
END_FUNCTION_BLOCK
XOR Encryption (Lightweight)
// Simple XOR encryption (Ladder Diagram equivalent SCL code)
FUNCTION "Simple_XOR_Encrypt" : VOID
VAR_INPUT
DataIn : ARRAY[0..9] OF BYTE; // Input data
Key : ARRAY[0..9] OF BYTE; // Key
END_VAR
VAR_OUTPUT
DataOut : ARRAY[0..9] OF BYTE; // Encryption result
END_VAR
VAR
i : INT;
END_VAR
FOR i := 0 TO 9 DO
DataOut[i] := DataIn[i] XOR Key[i];
END_FOR;
END_FUNCTION
2.2 Hash Algorithms
CRC32 Checksum
// CRC32 checksum algorithm (Siemens SCL)
FUNCTION "CRC32" : DWORD
VAR_INPUT
DataArray : ARRAY[*] OF BYTE;
END_VAR
VAR
CRC : DWORD := 16#FFFFFFFF;
i, j : INT;
Byte : BYTE;
CRCT : ARRAY[0..255] OF DWORD; // CRC table
END_VAR
// Generate CRC table
FOR i := 0 TO 255 DO
CRCT[i] := INT_TO_DWORD(i);
FOR j := 0 TO 7 DO
IF (CRCT[i] AND 16#00000001) <> 0 THEN
CRCT[i] := SHR(CRCT[i], 1) XOR 16#EDB88320;
ELSE
CRCT[i] := SHR(CRCT[i], 1);
END_IF;
END_FOR;
END_FOR;
// Calculate CRC32
FOR i := 0 TO UPPER_BOUND(DataArray, 1) DO
Byte := DataArray[i];
CRC := (SHR(CRC, 8)) XOR CRCT[(BYTE_TO_INT(Byte) XOR DWORD_TO_INT(CRC)) AND 16#FF];
END_FOR;
CRC := CRC XOR 16#FFFFFFFF;
RETURN CRC;
END_FUNCTION
3. Practical Solutions for Protecting Intellectual Property in PLCs
3.1 Program Encryption Protection
The core technology is to adopt an “executable code encryption” strategy:
- Algorithm Segmentation: Divide critical algorithms into multiple function blocks
- Parameter Encryption: Process parameters are stored using symmetric encryption
- Runtime Decryption: Dynamically decrypt during program execution
- Self-Destruction Mechanism: Automatically clear critical parameters upon detecting unauthorized access
In a certain injection molding equipment, we implemented the following solution:
// Example of protecting critical process parameters (SCL)
"DecryptionKey" := "GetDynamicKey"(); // Generate dynamic key
"AuthResult" := "Authenticate"("SerialNumber", "LicenseKey");
IF "AuthResult" = TRUE THEN
// Authorization verification passed, decrypt process parameters
"ProcessParams" := "Decrypt"("EncryptedParams", "DecryptionKey");
"AuthFailCount" := 0; // Reset failure count
ELSE
// Authorization failed
"AuthFailCount" := "AuthFailCount" + 1;
IF "AuthFailCount" >= 3 THEN
// Multiple failures, activate self-destruction
"SecureErase"("EncryptedParams");
"AlarmSystem"("UNAUTHORIZED_ACCESS");
END_IF;
END_IF;
3.2 Communication Encryption
Protecting communication between PLC and HMI, SCADA, or other systems:
- Session Key: Create a temporary key for each communication
- Data Encryption: Encrypt critical data before transmission
- Message Verification: Use hash algorithms to verify data integrity
Implementation example:
// Secure communication protocol pseudocode
// 1. Handshake phase
"HandshakeToken" := RANDOM(); // Generate random token
"SessionKey" := "DeriveKey"("MasterKey", "HandshakeToken");
// 2. Data transmission
"EncryptedData" := "XOR_Encrypt"("RawData", "SessionKey");
"DataChecksum" := "CRC32"("RawData");
"TransmitPacket" := CONCAT("EncryptedData", "DataChecksum");
4. Case Study: Application of Encryption Technology in Industrial Sites
Case 1: Intelligent Formula Protection System
In a chemical enterprise, we implemented a formula protection system:
- Hardware Encryption Lock: Use a dedicated hardware lock to store keys
- Two-Factor Authentication: Operator ID card + password
- Parameter Obfuscation: Real parameters are displayed and stored after mathematical transformation
- Periodic Verification: Regularly verify program integrity
Result: The system has been online for a year, successfully preventing two unauthorized access attempts, effectively protecting the core formula.
Case 2: Secure Remote Monitoring Channel
A remote monitoring system for a certain equipment manufacturer:
- Communication Encryption: AES-128 based encrypted channel
- Device Authentication: Each PLC has a unique serial number and authentication key
- Access Control: Fine-grained permission management
- Audit Log: Record all critical operations
Effect: Even through public networks, sensitive data can be transmitted securely, ensuring customer data security.
5. Implementation Recommendations and Best Practices
Based on multiple project experiences, the following recommendations are summarized:
- Layered Defense: A single measure is insufficient; multiple technologies should be applied comprehensively
- Performance Balance: Encryption algorithms consume PLC resources; a balance between security and performance is needed
- Key Management: Establish secure mechanisms for key generation, storage, and updates
- Compliance Consideration: Different industries have different data security compliance requirements
- Regular Updates: Security is an ongoing process; regular assessment and improvement are necessary
Conclusion: Balancing Security and Openness
Industrial systems are undergoing a transition from closed to open systems, and encryption technology is a key tool to ensure the security of this transition. Although PLC computational resources are limited, by reasonably selecting and implementing encryption algorithms, it is entirely possible to effectively protect intellectual property and data security while ensuring system openness.
With the enhancement of computational capabilities in the next generation of PLCs, more complex encryption technologies will be applied, further improving the security of industrial control systems. For automation engineers, understanding and mastering these technologies will become an indispensable professional skill.