Developing a Multi-Layer Strategy for Securing Control Systems of Oil Refineries

doi:10.4236/wsn.2010.27064

Paper Menu >>

Journal Menu >>

Wireless Sensor Network, 2010, 2, 520-527

doi:10.4236/wsn.2010.27064 Published Online July 2010 (http://www.SciRP.org/journal/wsn)

Developing a Multi-Layer Strategy for Securing Control

Systems of Oil Refineries

Musaria K. Mahmood1, Fawzi M. Al-Naima2

1Department of Electrical Engineering, College of Engineering, Tikrit University, Tikrit, Iraq

2Department of Computer Engineering, College of Engineering, Nahrain University, Baghdad, Iraq

E-mail: Musariaoja@yahoo.com,fawzi.alnaima@ieee.org

Received May 12, 2010; revised May 21, 2010; accepted May 27, 2010

Abstract

The energy industry and in particular the Oil Refineries are extremely important elements in Iraq’s infra-

structure. A terrorist attack on one oil refinery will have a catastrophic impact on oil production and the

whole economy. It can also cause serious damage to the environment and even losses of human lives. The

security of information systems and industrial control systems such as Supervisory Control and Data Acqui-

sition (SCADA) systems and Distributed Control System (DCS) used in the oil industry is a major part of

infrastructure protection strategy. This paper describes an attempt to use several security procedures to de-

sign a secure, robust system for the SCADA and DCS systems currently in use in the North Oil Refinery in

the city of Baiji located in northern Iraq.

Keywords: DCS, SCADA, Security, Encryption, Internet, Public Key, DMZ, Data Security

1. Introduction

The increased use of computer network in control sys-

tems and the use of internet as communication backbone

have brought benefits in communication and for the pro-

cess control in general. The ability to share information,

making decision concerning production stoking and dis-

tribution has been greatly improved [1]. New informa-

tion technologies have recently been introduced for con-

trol system based on open standards like Visual Basic,

Java, Open Database Connectivity (ODBC), Ethernet

communication and finally the use of internet based con-

trol system. Internet or web based control system uses

some internet protocols in the application layer to moni-

tor and control plants at a distance. Older control systems

were based on closed protocols implemented by vendors

of SCADA, DCS, and Programmable Logic Controller

(PLC) systems. However, the new common technology

and the use of internet introduced many challenges in the

area of security, such as cyber threats [2].

The North Oil Refinery in Baiji is a large industrial

complex located on various sites scattered around the

city of Baiji, north of Baghdad. This complex comprises

four basic big refineries: 1) Salah Aldine-1, 2) Salah Al-

dine-2, 3) North, and 4) Chemical Products. All these

refineries are functioning under the same direction and

are technically sported by unified sections. Each ref-

inery unit has many DCS systems controlling several

chemical processes. These processes are independent of

each other and are situated at different geographical lo-

cations. Each DCS acts as standalone control system

with its private communication network and local control

room (LCR).

DCS systems in operation are based on new informa-

tion technology (IT) with open standards such as TCP/IP

protocols using fiber optic Ethernet for data transmission

between field and LCR. The refineries direction begins a

new project to connect all DCS systems to a Central

Control Room (CCR) via intranet. Local server of each

DCS will be connected to system server located at the

CCR. System server will be connected to the Internet as

part of web based control system of the refineries.

Multi-layered security system is suggested for Baiji

Oil Refineries. This strategy of security will be based on

the “ring of defense” around each local network of each

DCS and also around the overall corporate intranet

(which will be similar to SCADA system) [2].

The suggested security system can also be used for

other SCADA systems in general like those used in Ele-

ctrical Power Plants, Water Purification and many other

Oil Industries.

2. Networking DCS’s

The model to be adopted in this work is to consider each

M. K. MAHMOOD ET AL.

521

DCS system as a node or “station” of a global SCADA

system in the perspective of grouping all LCR of all

DCS's of the North Refineries in the CCR. CCR will be

the central control of the overall SCADA system. Each

DCS will keep its local server, local database, and local

LCR, and will be connected to the CCR via appropriate

communication links.

The connection of local servers to the system server

(or web server) of SCADA system located at the CCR is

made via corporate intranet as depicted in Figure 1.

Communication links between LCR sites and CCR can

be accomplished by fiber optics, coaxial cable or wire-

less links regarding several factors related to topology,

geography, and required bandwidth. Reliability, avail-

ability and redundancy are major factors for the design of

network topology. System database and all local data-

bases use the same standard SQL database. The system

database is located near the system server at the interface

zone between corporate intranet and the internet. This

location is chosen at the border of the system to mini-

mize the risk of unauthorized intruder. The topology

definition and the reliability of the communication net-

work are not a part of this work.

3. Security Strategy

The similarity of the new SCADA system and the ordi-

nary IT system leads to the adoption of the same security

approach used in computer communication network. The

principal of networks separation into “rusted network”

and “non-trusted network” fit perfectly for securing

SCADA systems [3]. The ring of defense (multi-layer

security system) will be implemented using various

techniques, which are cited as the principal countermea-

sure for securing SCADA [4]. The goal of such model

will be the repetition of countermeasures to enhance the

global system security as shown in Figure 2.

Figure 1. Networking DCS’s.

Each layer will acts against one or more of possible

security challenges. There exist many cyber threats fac-

ing control systems as cited in Table 1 [5]. Each security

layer will be part of the defense on depth against threats.

The possible attack will be considered from the exter-

nal non trusted network (the Internet) in the direction of

the internal trusted network (the corporate intranet).

The Internet

Non-trusted net.

Medium trust

DCS network

Trusted net.

Refinery

intranet

(1) Enerypted authentication

(2) Data eneryption

(3) Security policles

(4) Demilitarized zone (DMZ)

(5) Proxy server

(6) Applications

(7) DCS DMZ

(8) Data eneryption intern to DCS

Atrack direction

Figure 2. Ring of defense.

Table 1. Correlation of security threats and properties.

Properties Cyber threats Importance

Eavesdropping Low

Message

confidentiality Traffic analysis Low

Message modification High

Message

integrity False message injection High

Message

freshness Message replay High

Denial-of-service Middle

Availability

Malicious codes Middle

Masquerade High

Source

authentication Unauthorized access Middle

M. K. MAHMOOD ET AL.

522

The compatibility of countermeasures like encryption

standards, firewall, antivirus, intrusion detection techni-

ques will be accomplished by the use of standardized

techniques. Each DCS system can be isolated immedi-

ately from the SCADA network and then be controlled

locally if needed. The connection or the disabling of

connection of one DCS can be made locally or from the

CCR by some fixed authorization protocol. The connec-

tion of DCS system to the CCR server and then to the

internet will be subject to several layers of security de-

fense rings as illustrated in Figure 3. Between each DCS

system and the corporate intranet network a demilitarized

zone (DMZ) is used where the local server and database

of DCS reside. The global SCADA system is connected

to the internet via another DMZ. To login from browser

to the SCADA intranet an original process of encrypted

authentication and digital signature is implemented.

3.1. Encrypted Authentication

It is the first security stage for an external client. An origi-

nal authentication process is developed based on asym-

metric key encryption algorithm as shown in Figure 4.

The RSA algorithm is used to encrypt the password two

times for the implementation of authentication and the

secrecy of password [3,6].

Local

darabase

DCS

Inner firewall

DCS

server Outer firewall

DCS

router

To Internet

router

Outer firewall

SCADA

Inner firewall

SCADA

System server

System

database

Figure 3. Security layers from DCS to internet.

Browser side

Eneoding the password

The browser writes the password and username

Eneiphering the result with the browser private key

and then again with public key of the server

Sending the message

(Authentication + confidentiality)

The server checks the username, finds the

corresponding public key of the browser

Server side

Internet

The server receives the encrypted password

Decryption with server private key and again

Decryption the result with browser public key

Compare the password with that in the serve

Sene an acknowledgment to the browser as accept

for communication

Figure 4. Authentication process.

The implementation of public key algorithm was made

with two key groups (e1,d1), and (e2,d2), where e1 is the

public key of the first key group, d1 is the private of

browser (personal private key), e2 is the second public

key, and d2 is the private key of server.

The method of defining these keys, and the encryption

algorithm is as follows:

Choose two large prime numbers (p and q), let:

n = p × q (1)

The function β(n) is the number of numbers less than

(n) with no factors in common with (n).

M. K. MAHMOOD ET AL.

523

Choose an integer number e, (e < n) relatively prime

to β(n). Find second integer (d) such that

{e × d mod β(n) = 1}

Then, the Public Key = (e, n)

The Private Key = (d, n)

The encryption function of RSA for a plain text (M) is

C = M d

mod n (2)

Then, the recovered plain text (M) is:

M = C e

mod n (3)

If (e) is used instead of (d) for the encryption of equa-

tion (2), then (d) will be used for the decryption in Equa-

tion (3).

The password will be encoded using ASCII code or

other encoding system. Each byte will be encrypted two

times: the first with (d1) and the second with (e2) This

will ensure both secrecy and authentication of the pass-

word. At the server side, the reverse process is executed.

The received cipher password will be first decrypted

using (d2) and then (e1) in order to get the original plain

text password.

The result will be compared to usernames table in the

server. If matching is achieved then the server will open

a communication channel and begin responding to brow-

ser requests.

3.2. Data Encryption

To protect SCADA system already connected to the in-

ternet and its data from unauthorized accesses many al-

gorithms for data protection exist. In this work two en-

cryption algorithms are used to encrypt data.

1) Encryption-1(security layer 2): This encryption al-

gorithm used to encrypt data over the Internet. We pro-

pose to use the Secure And Fast Encryption Routine

(SAFER+), which is one of the known symmetric key

algorithms that accomplishes requirements for real time

data encryption. The SAFER+ was designed by James

Messey for Cylink Corporation in 1998 as the new algo-

rithm of SAFER family (safer-64, safer-128...) [7]. It was

one of the candidates of the Advanced Encryption Stan-

dard (AES) chosen for its good hardware-software tra-

deoff orientation, simplicity, high throughput compared

to other algorithms, and low memory requirement [8],

[9]. Also, this algorithm brought attention recently by the

use in as security measure in Bluetooth and wireless

communication [10,11].

A detailed analysis of maximum bit rate for one DCS

proves that SAFER+ fits well for the encryption of data

over Internet to get the required real data transmission.

SAFER+ is published with three options, 128 bits, 192,

bits and, 256 bits key lengths. All three options are used

to encrypt 16-byte plaintext. The plaintext block then

passes through R rounds of encryption where R is deter-

mined by the key length chosen for encryption in the

following manner:

● If key length = 128 bits then R = 8 rounds.

● If key length = 192 bits then R = 12 rounds.

● If key length = 256 bits then R = 16 rounds.

Our choice was the adoption of SAFER+ with 128 bits

key length as other key lengths were found with certain

key weaknesses [12]. Also, by increasing key length

more computation time is needed related to rounds num-

ber which will affect the assumption of real data trans-

mission in control system.

This algorithm will be implemented as hardware in the

server side and portable software in the client side. If

there is wireless link between two sites interior to the

corporate intranet, SAFER+ must be used with hardware

encryption decryption processes. SAFER+ algorithm is

divided into three blocks: the key scheduling, encryption

process, and decryption process. Programming is accom-

plished using Turbo Pascal.

2) Encryption-2 (security layer 8): This algorithm is

used to encrypt data over the network of one DCS. This

algorithm is not a part of this work but we can use the

American Gas Association (AGA) standard which is

proven to be a good choice for data over DCS network

when dealing with protocols such as MODBUS or DNP3

[13]. In this work we found that securing data over the

DCS network has no significant impact to enhance the

security of overall system because all DCS system are

well physically protected in isolated areas and we take

care about data security when data circulate outside DCS

network by other countermeasures. This encryption pro-

cedure is mentioned here merely for other case studies

with other compromises and challenges related to other

situations.

3.3. SAFER+ Encryption/Decryption

Giving the 16-byte key (128 bits), SAFER+ begin by

calculating a set of 17 keys each with same length 16

bytes. The calculation uses sample arithmetic and logic

functions like bit rotation, bit-by-bit exclusive-or of

bytes, modulo 256 addition of bytes, and selection byte

process.

The 17 sets of keys are used in the encryption rounds.

Two keys are used for each round. Round (i) uses key

K2i-1 and K2i. At the end of 8 rounds key K17 is used for

the output operation which is the output transformation.

The output transformation uses bit-by-bit exclusive-or of

bytes and modulo 256 byte addition as shown in Figure 5.

At the reception the reverse process is used for decrypt-

ing the cipher text. Beginning by the input transforma-

tion, Key K17 is used. The input transformation uses

same functions of the output transformation but with

modulo 256 subtraction of bytes instead of addition of

bytes. Each encryption round (i) begin by the bit-by-bit

Xor of bytes, and modulo 256 addition of bytes for the

M. K. MAHMOOD ET AL.

524

key K2i-1 to the input 16-byte of the round Figure 6. The

16-bytes result are then fed to a layer of nonlinear func-

tion. The value x of byte j is converted to 45x mod 257

for j = 1, 4, 5, 8, 9, 12, 13, and 16 (with the convention

that when x = 128, then 45128 mod 257 = 256 is repre-

sented by a 0). The value x of byte j is converted to

log45(x) for j = 2, 3, 6, 7, 10, 11, 14, and 15 (with con-

vention that when x = 0, then log450 = 128). The output

of the nonlinear layer is then subject to same addition

and Xor operation similar to the first block with key K2i.

At the end of round (i), a block of matrix multiplication

is used. The 16 bytes are multiplied by matrix T in mod

256 arithmetic. T is a 16 × 16 predefined matrix.

The operations in the decryption round are simply

conducted in reverse order to the operations from the

encryption round.

The first operation in the decryption round (i), is to

post multiply the 16-byte round input by matrix T–1,

which is the modulo 256 inverse of T to give the 16-byte

result (S). The first round sub key K16-2i+2, is then “sub-

tracted” from (S) in the manner that the round sub key

bytes 1, 4, 5, 8, 9, 12, 13, and 16 are subtracted modulo

256 from the corresponding bytes of (S), while round sub

key bytes 2, 3, 6, 7, 10, 11, 14, and 15 are added

bit-by-bit modulo 2 to the corresponding bytes of (S).

The 16-byte result is then processed nonlinearly in the

manner that the value x of byte j is converted to log45(x)

for bytes j = 1, 4, 5, 8, 9, 12, 13, and 16 (with the con-

vention that when x = 0, log450 = 128). For j = 2, 3, 6, 7,

10, 11, 14, and 15, the value x is converted to 45x mod

16-Byte input plain text

SAFER+

single round

Round (i)

Output transformation

Mixed xor/byte addition

16-Byte output cipher text

2i-1

and K

Key

sheduling

Figure 5. SAFER+ encryption process.

Round (i) input 16-bytes

B1 B2 B3 B4 B5 B6 B7 B8

B9 B10 B11 B12 B13 B14 B15 B16

2i-1

xor add add xor xor add add xo

xor

add

xor

add

xor

B1 B2 B3 B4 B5 B6 B7 B8

B9 B10 B11 B12 B13 B14 B15 B16

exp log log exp exp log log exp

B1 B2 B3 B4 B5 B6 B7 B8

B9 B10 B11 B12 B13 B14 B15 B16

xor add add xor xor add add xor

xor

add

xor

add

xor

B1 B2 B3 B4 B5 B6 B7 B8

B9 B10 B11 B12 B13 B14 B15 B16

Multiplication of 16-byte by T (16*16

Matrix) in mod 256 arithmetie

B1 B2 B3 B4 B5 B6 B7 B8

B9 B10 B11 B12 B13 B14 B15 B16

Round (i) output 16-

ytes

B1 B2 B3 B4 B5 B6 B7 B8

B9 B10 B11 B12 B13 B14 B15 B16

Figure 6. Encryption round (i).

257 (with the convention that when x = 128, 45128 mod

257 = 256 round sub key K16-2i+1, is then “subtracted”

from the 16-byte result in the manner that the round sub

key bytes 1, 4, 5, 8, 9, 12, 13, and 16 are added bit-by-bit

modulo 2 to the corresponding input bytes. Sub key

bytes 2, 3, 6, 7, 10, 11, 14, and 15 are subtracted modulo

256 from the corresponding input bytes to produce the

16-byte output of the round.

3.4. Demilitarized Zone (DMZ)

DMZ is a good technique for securing communication

network based on the principal of “networks separation

strategy”, between trusted network (like DCS LAN) and

M. K. MAHMOOD ET AL.

525

another network with less level of trust [1,3]. In the

DMZ the server and database reside in safe place, see

Figure 3. Proxy server and application action like anti-

virus are also deployed in the DMZ. In this work a dou-

ble protection is found by the use of two DMZs. The first

is as a security interface between SCADA system and the

external non-trusted Internet (security layer 4), while the

second is between the DCS trusted network and the less

trusted corporate intranet for SCADA (security layer 7).

DMZ is a zone between an inner firewall and an outer

firewall. This firewall, properly configured, can protect

passwords, IP addresses, and files. Firewall acts as a fil-

ter that permits the data to enter from certain ports and

blocks others. At the DMZ output a router is used as

border router to route information to correct destination.

3.5. Security Policies

Security policies must be fixed by the security committee

of the enterprise. Correct procedure of effective policies

can reduce violation of security rules. Training personnel

at the vocation of security can increase the defense in

depth strategy. Developing documentation and well de-

fining the access authorization will be a very active point.

The choice of password must be as random as possible

with at least ten characters, including symbols and num-

bers.

In this work all the required information of the group

of DCS in the North Oil Refinery will be available in the

system server in the master DMZ (between corporate

network and the internet).

4. Simulation Results

RSA and SAFER+ encryption algorithms are implemen-

ted in Turbo Pascal language. As example to show how

the encrypted authentication will be calculated. Let the

password be chosen as the random word ‘playmyaudio’.

Encoding this password with simple code from 01 for (a)

to 26 for (z), will give:

M = 16, 12, 1, 25, 13, 25, 1, 21, 4, 9, 15.

C will be composed by the same number of 11 bytes.

Consider for our example the following values for the

keys are taken:

e1 = 13, d1 = 53, e2 = 37, d2 = 17, n = 77

Using equation (2) twice with browser private key d1

and then with server public key e2 the cipher text will be:

(1653 mod 77)37 mod 77 = 60

(1253 mod 77)37 mod 77 = 45

For the same for other bytes, we have:

C = 60, 45, 1, 58, 13, 58, 1, 21, 37, 53, 15.

At the server, the received cipher text will be con-

verted back to the original password using Equation (3)

twice:

(6013 mod 77)17 mod 77 = 16

(4513 mod 77)17 mod 77 = 12

So on for other bytes to get the original password:

M = 16, 12, 1, 25, 13, 25, 1, 21, 4, 9, 15.

The use of double RSA encryption procedure will

gives both authentication and secrecy.

SAFER+ algorithm uses matrix to represent the 17-

sub keys (17 × 16 matrix).given the secrete key (K1) as

series of 16 bytes, the 16 other keys, each of 16 bytes

will be generated. The calculation of each round is made

using iterative process and many preprogrammed proce-

dure (for Xor, Exp, log..).

As an example for the encryption/decryption process,

let the 16 byte user selected input key (secrete key) be:

41, 35, 190, 132, 225, 108, 214, 174, 82, 144, 73, 241,

241, 187, 233, 235.

After the execution of key schedule procedure of Fig-

ure 7, for 128 bit key we have the (17 × 16) matrix

which represents the 17 sub keys each of length 16 bytes

(128 bits). Each key is represented by a row, where row

(1) represents K1 (the secrete key), to row (17) which

represents K17, this will give the matrix (K) shown in

Figure 8. The resulting 17 sub keys and the plain text are

used to generate the cipher text as presented in Figure 5.

The plain text block input (16 byte plain text) = 179,

166, 219, 60, 135, 12, 62, 153, 36, 94, 13, 28, 6, 183, 71,

222.

The resulting cipher text will be = 224, 31, 182, 10, 12,

255, 84, 70, 127, 13, 89, 249, 9, 57, 165, 220.

The predefined bias matrix (B) is given as (16 × 16)

matrix as input to generate sub key matrix [7]. This pro-

cedure will be used to encrypt input data by block of 16

bytes at a time. The schedule procedure will be executed

next time when the secrete key is changed to find the

new matrix (K).

5. Conclusions

The use of open standard improves the control operations

by improving the possibility of interconnecting many

systems from different vendors together without restrict-

ions in term of standards. Action for the security of SC-

ADA system must be up to date regarding the continued

advances in information technology. Care must be taken

for the use of latest version of antivirus, and intrusion

detection programs. Symmetric encryption algorithms

can be used to encrypt data over internet for SCADA

system if the required bit rate is accomplished. SAFER+

algorithm can accomplish the real data transmission re-

quirement. Using SAFER+ give us the possibility to en-

crypt data by software or hardware implementations.

M. K. MAHMOOD ET AL.

526

Enter the key K

: By1,By2

……

By16

By1 By2 By3 By4 By5 By6 By7 By8 By9 By10 By11 By12 By13 By14

By15 By16

Composition of By17 bit by bit

By17 = sum (By1

…

By16) bit by bit mod 2

Rotate each byte left by 3bits position

By(1) By(2) By(3) By(4) By(5) By(6) By(7) By(8)become

By(4) By(5) By(6) By(7) By(8) By(1) By(2) By(3) for all 17 bytes

Rotate each byte left by 3 bits position

By1 By2 By3 By4 By5 By6 By7 By8 By9 By10 By11 By12 By13 By14

By15 By16 By(17)

Rotate each byte left by 3 bits position

By1 By2 By3 By4 By5 By6 By7 By8 By9 By10 By11 By12 By13 By14

By15 By16 By(17)

Select key

= 1,2,3

……

Byte: 2,3

…

Byte: 3,4

…

17,1

Byte: 17,1,2

…

Mod

256

Mod

256

Mod

256

B17

Figure 7. Sub keys generation process.

4135 190 132225 108214 1748214473241241187233135

951402132016109 133 15673 12966



8855119 1135

155 204 342252864236497422114 922242142135

147 13417654199141

8721938 16298 167109138 186230

12329 2559250122240 2186512492575943149127

204 15931221892452432445221976177210163209

56190201321224815710916881214 221

102105 5381

152646250 110124 13722274 1351213418149 185

207 6125122417966

183 96253 603778211152229

682159456944935230120133111 1959768203173

156 1901811302226159385953238123180138107

221238152 211241232248255101167 37 36

134 238 244 243

55 11116566105237214179862331421453115 165201

3465 73 224185205

107140123117 55 254417982236

212162 9117411755625116323813249505418074

1592151817420225315191101 8916798148104

127111 186111621323523018423

19925218675 227149

 

 

 

Figure 8. Sub key matrix (K).

M. K. MAHMOOD ET AL.

527

The use of computer network protection can be very

useful in SCADA like DMZ, and network segmentation

from the trust point of view. Layered strategy is a good

method to secure SCADA, DCS and control systems in

general. The use of different layered actions against cy-

ber threats makes the defense in depth active. Authenti-

cation is one of most used and active countermeasure for

security in control systems. The use of RSA public key

algorithm for encrypt password will ensure security and

authenticity.

6. References

[1] R. L. Krutz, “Securing SCADA Systems,” Wesley Pub-

lishing, Inc., Indianapolis, 2006.

[2] J. Pollet, “Developing a Solid SCADA Security Strat-

egy,” Proceedings of the Second ISA/IEEE Sensors for

Industry Conference, Houston, November 2002, pp. 148-

156.

[3] M. Bishop, “Introduction to Computer Security,” Addi-

son-Wesley, Boston, 2005.

[4] J. Nordlander, “What is Special about SCADA System

Cyber Security,” Master Dissertation, Royal Institute of

Technology, Sweden, 2009.

[5] H. Lim, S. Hong, M. S. Choi, S. J. Lee, T. W. Kim, S. W.

Lee and B. N. Ha, “Security Protocols Against Cyber At-

tacks in the Distribution Automation System,” IEEE

Transactions on Power Delivery, Vol. 25, No. 1, 2010, pp.

448-455.

[6] T. Davis, “RSA Encryption,” October 2003. http://www.

geometer.org/mathcircles

[7] J. Messy, H. Kh and K. Kuregian, “Nomination of SA-

FER+ as a Candidate Algorithm for the AES,” 1998.

http://csrc.nist.gov/archive/aes/round1

[8] A. Schubert and W. Anheier, “Efficient VLSI Implemen-

tation of Modern Symmetric Block Ciphers,” 6th IEEE

International Conference on Electronics, Circuit and Sys-

tems, Pafos, Vol. 2, September 1999, pp. 757-760.

[9] S. Mukherjee, D. Ganguly and S. Naskar, “A New Gen-

eration Cryptographic Technique,” International Journal

of Computer Theory and Engineering, Vol. 1, No. 3, Au-

gust 2009, pp. 284-287.

[10] I. S. Ashour, “Online Data and Voice Encryption System

Based on FPGA,” 24th National Radio Science Confer-

ence, Cairo, National Republican Senatorial Committee,

2007, pp. 1-7.

[11] D. Sharmila and R. Neelaveni, “Performance Analysis of

SAFER+ and Triple DES Security Algorithms for Blue-

tooth Security System,” International Journal of Com-

puter Science and Network Security, Vol. 9, No. 2, 2009,

pp. 74-87.

[12] J. Kelsey, B. Schneier and D. Wagner, “Key Schedule

Weaknesses in SAFER+,” Second Advanced Encryption

Standard Candidate Conference, Rome, 1999, pp. 155-

167.

[13] A. West, “Securing DNP3 and Modbus with AGA12-2J,”

IEEE Power and Energy Society General Meeting: Con-

version and Delivery of Electrical Energy in the 21st

Century, Pittsburgh, 20-24 July 2008, pp. 1-4.