Legacy industrial systems, lacking message authentication, are vulnerable to command tampering and malicious injection attacks. To address this, we propose a lightweight, end-to-end authentication mechanism that requires no modification to existing message formats or hardware upgrades. Our approach innovatively embeds cryptographic computation within the legacy CRC field, enabling protocol-agnostic, fully backward-compatible integrity and entity authentication. We design a customized lightweight cryptographic primitive, formally prove its security under standard assumptions, and validate it on industrial-grade real-time platforms. The solution incurs only ~4 μs overhead on resource-constrained devices, effectively mitigating forgery and replay attacks. It supports heterogeneous deployment—enabling seamless coexistence of legacy and new devices—and facilitates incremental adoption. This work delivers a zero-modification, highly compatible, and robust authentication solution for aging industrial networks.

The increasing integration of modern IT technologies into OT technologies and industrial systems is expanding the vulnerability surface of legacy infrastructures, which often rely on outdated protocols and resource-constrained devices. Recent security incidents in safety-critical industries exposed how the lack of proper message authentication enables attackers to inject malicious commands or alter system behavior, revealing fundamental security weaknesses in existing architectures. These shortcomings have thus prompted new regulations that emphasize the pressing need to strengthen cybersecurity, particularly in legacy systems. Authentication is widely recognized as a fundamental security measure that enhances system resilience. However, its adoption in legacy industrial environments is limited due to practical challenges like backward compatibility, message format changes, and hardware replacement or upgrades costs. In this paper, we introduce ACRIC, a message authentication solution to secure legacy industrial communications explicitly tailored to overcome those challenges all at once. ACRIC uniquely leverages cryptographic computations applied to the CRC field - already present in most industrial communication protocols - ensuring robust message integrity protection and authentication without requiring additional hardware or modifications to existing message formats. ACRIC's backward compatibility and protocol-agnostic nature enable coexistence with non-secured devices, thus facilitating gradual security upgrades in legacy infrastructures. Formal security assessment and experimental evaluation on an industrial-grade testbed demonstrate that ACRIC provides robust security guarantees with minimal computational overhead (~ 4 us). These results underscore ACRIC's practicality, cost-effectiveness, and suitability for effective adoption in resource-constrained industrial environments.