1
ACNS20171111
Legacy-CompliantDataAuthenticationfor
IndustrialControlSystemTraffic
JohnHenryCastellanos,DanieleAntonioli,NilsOleTippenhauerandMartínOchoaSingaporeUniversityofTechnologyandDesign
15th InternationalConferenceonAppliedCryptographyandNetworkSecurityJapan,Kanazawa,July11,2017.
2
ACNS201722
Source:urvil.wordpress.com
AutomaticcontrolofIndustrialProcesses:
Manufacturingplants
Powerplants
Publictransportationinfrastructure
Utilityinfrastructure(watertreatment,gas/oil,powergeneration)
IndustrialControlSystemsWhatareICSs?
3
ACNS201733
Source:http://bcmpublicrelations.com/
IndustrialControlSystemsIndustryEvolution
4
ACNS201744
InformationTechnology:
ServersandClientPCs
Source:https://pgjonline.com/
OperationalTechnology:
Servers,PLCs,SCADA,HMIDevices,ActuatorsandSensors
IntegrityAttackscauseOperationalChanges
IndustrialControlSystemsITmeetsOT(PurdueModel)
555
ACNS2017
Cyber-securityinICSMotivation:IntegrityAttacks
PLC
ControlCenter
AttackerAttacker
TankLevelMonitor
ValveController
ChemicalDispenser
PLC
666
ACNS2017
Cyber-securityinICSMotivation:IntegrityAttacks
PLC
ControlCenter
AttackerAttacker
TankLevelMonitor
ValveController
ChemicalDispenser
PLC Highlevel
!!Highlevel
777
ACNS2017
Cyber-securityinICSMotivation:IntegrityAttacks
PLC
ControlCenter
AttackerAttacker
TankLevelMonitor
ValveController
ChemicalDispenser
PLC
Highlevel
Normallevel
!!Highlevel
888
ACNS2017
Cyber-securityinICSMotivation:IntegrityAttacks
PLC
ControlCenter
AttackerAttacker
TankLevelMonitor
ValveController
ChemicalDispenser
PLC
Turnoffvalve
ReduceChemical
999
ACNS2017
Cyber-securityinICSMotivation:IntegrityAttacks
PLC
ControlCenter
AttackerAttacker
TankLevelMonitor
ValveController
ChemicalDispenser
PLC
TurnonvalveIncrease
ChemicalTurnoffvalve
ReduceChemical
101010
ACNS2017
Cyber-securityinICSMotivation:IntegrityAttacks
PLC
ControlCenter
AttackerAttacker
TankLevelMonitor
ValveController
ChemicalDispenser
PLC
111111
ACNS2017
ControlCenter
Highlevel
!!Highlevel
TankLevelMonitor
CountermeasuresAuthenticity&Integritychecks
121212
ACNS2017
ControlCenter
!!Highlevel
TankLevelMonitor
CountermeasuresAuthenticity&Integritychecks
Highlevel
131313
ACNS2017
ControlCenter
!!Highlevel
TankLevelMonitor
CountermeasuresAuthenticity&Integritychecks
Highlevel
141414
ACNS2017
ControlCenter
!!Highlevel
TankLevelMonitor
CountermeasuresAuthenticity&Integritychecks
Highlevel
151515
ACNS2017
ControlCenter
!!Highlevel
TankLevelMonitor
CountermeasuresAuthenticity&Integritychecks
Attacker
Highlevel
161616
ACNS2017
ControlCenter
!!Highlevel
TankLevelMonitor
CountermeasuresAuthenticity&Integritychecks
Attacker
Highlevel
171717
ACNS2017
ControlCenter
!!Highlevel
TankLevelMonitor
CountermeasuresAuthenticity&Integritychecks
Attacker
Highlevel
181818
ACNS2017
ControlCenter
!!Highlevel
TankLevelMonitor
CountermeasuresAuthenticity&Integritychecks
Attacker
Lowlevel
191919
ACNS2017
ControlCenter
!!Highlevel
TankLevelMonitor
CountermeasuresAuthenticity&Integritychecks
Attacker
Lowlevel
20
ACNS20172020
Attribute InformationTechnologySystems(IT)
IndustrialControlSystems(OT)
ComponentLifetime
3to5years 10to15years
Connectivity Corporate network,IP-based,standardprotocols
ControlNetwork,proprietaryprotocols
PerformanceRequirements
Non-real-time Real-time
Sources:NIST:GuidetoIndustrialControlSystemsSecurity.800-82Rev2http://www.wbdg.org/
IndustrialControlSystemsIT/OTRequirements
212121
ACNS2017
SecureWaterTreatment(SWaT)isatestbedforresearchintheareaofcybersecurity.
DatafromarealICSSWaTTestbed
222222
ACNS2017
DatafromarealICSReal-timerequirements
232323
ACNS2017
DatafromarealICSUnderstandingICSData
ByselectingCIPserviceswithcriticaldataourproposalavoidsadditionalprocessingandbandwidthoverheadsincomparisonwithsigningallCIPtraffic.
242424
ACNS2017
DatafromarealICSUnderstandingICSData
ByselectingCIPserviceswithcriticaldataourproposalavoidsadditionalprocessingandbandwidthoverheadsincomparisonwithsigningallCIPtraffic.
CIPServices(CriticalData):Read_Tag
Write_Tag
Read_Tag_Fragmented
252525
ACNS2017
ControlCenterPLC
Crypto-featuredHardware
BridgingNon-CriticalData
SigningCriticalData
BridgingNon-CriticalData
VerifyingCriticalData
Crypto-featuredHardware
SPAProtocolSelectivePacketAuthentication
262626
ACNS2017
AsSPAonlysigns/verifiesselectedcriticalpackets,itimprovestheoverallhardenedcommunicationrateofthesystemcomparedwithTLS.
ComparisonwithTLSSPAEvaluation
272727
ACNS2017
ControlCenterPLC
Crypto-featuredHardware
BridgingNon-CriticalData
Marking&BridgingCritical
Data
SigningMarkedChunk
Crypto-featuredHardware
BridgingNon-CriticalData
Marking&BridgingCritical
Data
VerifyingMarkedChunk
ASPAProtocolAggregatedSelectivePacket
Authentication
282828
ACNS2017
UsingAggregated-SPAthesystemwouldachievehighertolerancecommunicationlevelsprocessingdifferentpercentagesofcriticaldata.x-axisrepresentschunkofpacketstobesigned.
y-axisrepresentstoleranceatcommunicationlevelreachedbythesystem.
ComparisonwithTLSASPAEvaluation
292929
ACNS2017
ControlCenter
PLC1
TCP/IPSwitch
PLC3
ImplementationRealScenarioonSWaTTestbed
303030
ACNS2017
ControlCenter
PLC1
TCP/IPSwitch
PLC3
ImplementationRealScenarioonSWaTTestbed
Signs Verifies
CriticalData
313131
ACNS2017
ControlCenter
PLC1
TCP/IPSwitch
PLC3
ImplementationRealScenarioonSWaTTestbed
SignsVerifies
CriticalData
323232
ACNS2017
ControlCenter
PLC1
TCP/IPSwitch
PLC3
ImplementationRealScenarioonSWaTTestbed
Updatesstats
Updatesstats
333333
ACNS2017
ControlCenter
PLC1
TCP/IPSwitch
PLC3
ImplementationRealScenarioonSWaTTestbed
Monitorssystem
performance
MonitorsSystem
Performance
343434
ACNS2017
*VM:VirtualMachine
Hardware Processor CPU Memory
Controllino ATmega2560Microcontroller
16MHz 256KB
ARM(VM*) ARM926EJ-S 540MHz 256MB
RaspberryPI2 Quad-core ARMCortex-A7
900MHz 1GB
RaspberryPI3 Quad-coreARMCortex-A53
1200MHz 1GB
PC(VM*) IntelCorei5-5300U 2300MHz 2GB
BenchmarkHardwareSelection
353535
ACNS2017
DataSize(Bytes)
Controllino ARM RaspberryPI2
RaspberryPI3
PC
64 2.2x104 76 53 15 2
128 3.3x104 78 58 16 2
256 5.5x104 84 69 18 3
512 1x105 117 89 32 4
1K 1.8x105 171 130 35 6
2K 3.6x105 252 211 58 10
4K 7x105 474 374 104 18
ECDSA N/A 1.5x105 1x105 3.2x104 3.1x103
AlldatainμsCryptographicAlgorithms:• Symmetric:HMAC-SHA256• Asymmetric:ECDSA
BenchmarkHardwarePerformance
363636
ACNS2017
ASPAProtocolPerformanceEvaluation(Speed)
Pk/s
AggregatedSignature(Pksinachunk)20 40 60 80 100 120
107
106
105
104
103
102
101
MinPk/srequiredinSWaT
373737
ACNS2017
FeaturesProtocols• Ourprotocolsarebackwardcompatible,astheytransmit
authenticationdataaspayloadinlegacyindustrialprotocols.
• Withinexpensiveandfasthardware(RaspberryPI),itisfeasibletoenhancelegacyplantswithauthenticchannelsforstrongsignaturealgorithmswithsimpleprotocols.
• ItisfeasibletosignificantlyraisethebaragainstattackersofICSbyincludingauthenticationbasedonmoderncryptographywithoutcompromisingefficiencyorcost.
• Weplantocomparethereal-timeconstraintsofSWaTwithconstraintsinotherICSTestbeds(SmartGrid).
Conclusions
383838
ACNS2017
Thankyou
Q&A
393939
ACNS2017
BackupSlides
404040
ACNS2017
Attribute InformationTechnologySystems(IT) IndustrialControlSystems(OT)
Purpose Process transaction,provideinformation Controls andmonitorphysicalprocesses
Role Supportpeople Controlmachines
Architecture Enterprisewideinfrastructureandapplications Event-driven,real-time,embeddedhardwareandcustomizedsoftware
ComponentLifetime
3to5years 10to15years
Interfaces GUI,Webbrowser,terminalandkeyboard Electromechanical, sensors,actuators,codeddisplays
Connectivity Corporate network,IP-based,standardprotocols ControlNetwork,proprietaryprotocols
PerformanceRequirements
Non-real-time Real-time
Majorriskimpacts Delayofbusinessoperations Environmentalimpacts,lossoflife,equipment, orproduction
Sources:NIST:GuidetoIndustrialControlSystemsSecurity.800-82Rev2http://www.wbdg.org/
IndustrialControlSystemsIT/OTRequirements
414141
ACNS2017
InjectingdataintoEthernetIPProtocol
EthernetFrameEthernetHeader
IPHeader
14Bytes 20Bytes
TCP/UDPHeader20Bytes
EncapsulationHeader
EncapsulationData CRC
EncapsulationPacket
Command Length
2Bytes 2Bytes
SessionHandle
4Bytes
Status SenderContext Options
8Bytes4Bytes 4Bytes
EncapsulationHeader
ItemCount(Usual=2) TypeID
2Bytes 2Bytes
Length(l1)
2Bytes
Data(ConnectionID)
l1 Bytes
TypeID
2Bytes
Length(l2)
2Bytes
Data(CIPData)l2 Bytes
AddressItem DataItemEncapsulationData(CommonPacketFormat)
424242
ACNS2017
InjectingdataintoEthernetIPProtocol
EthernetFrameEthernetHeader
IPHeader
14Bytes 20Bytes
TCP/UDPHeader20Bytes
EncapsulationHeader
EncapsulationData CRC
EncapsulationPacket
Command Length
2Bytes 2Bytes
SessionHandle
4Bytes
Status SenderContext Options
8Bytes4Bytes 4Bytes
EncapsulationHeader
ItemCount(Usual=2) TypeID
2Bytes 2Bytes
Length(l1)
2Bytes
Data(ConnectionID)
l1 Bytes
TypeID
2Bytes
Length(l2)
2Bytes
Data(CIPData)l2 Bytes
AddressItem DataItem
TypeID
2Bytes
Length(l3)
2Bytes
Data(Signature)
l3 Bytes
SignatureItemEncapsulationData(CommonPacketFormat)
3X
434343
ACNS2017
AuthenticationProtocolsImplementation:RealScenarioonSWaTTestbed
• SCADA’s supervisory reads PLCvariables of signing-verificationprocess.
• Statistics about integrity checks mightbe summarize.
• In case of integrity violations happenan alarm will trigger.
444444
ACNS2017
ARaspberryPIisdirectlyconnectedbetweenthehardenedPLCanditsclosestswitch.ItbridgescommunicationbetweenthePLCandtherestofthesystem.
ImplementationRealScenarioonSWaTTestbed
454545
ACNS2017
Different tags were configured atPLC program to store statisticsabout signing/verification process.It allows to monitor the processand debug it.
ImplementationRealScenarioonSWaTTestbed
![Technical Interface Description - MDM Portal · 2019. 4. 16. · authentication via HTTPS [URL] [HTTPS]. For this client authentication, X.509-compliant certificates are used [PKI].](https://static.documents.pub/doc/80x56/60160eb7b05cad57f71ceb2a/technical-interface-description-mdm-portal-2019-4-16-authentication-via-https.jpg)
