Legacy-Compliant Data Authentication for Industrial ... · Real Scenario on SWaT Testbed Verifies...
45
1 ACNS2017 1 Legacy-Compliant Data Authentication for Industrial Control System Traffic John Henry Castellanos, Daniele Antonioli, Nils Ole Tippenhauer and Martín Ochoa Singapore University of Technology and Design 15 th International Conference on Applied Cryptography and Network Security Japan, Kanazawa, July 11, 2017.
Transcript of Legacy-Compliant Data Authentication for Industrial ... · Real Scenario on SWaT Testbed Verifies...
-
1
ACNS20171111
Legacy-CompliantDataAuthenticationfor
IndustrialControlSystemTraffic
JohnHenryCastellanos,DanieleAntonioli,NilsOleTippenhauerandMartínOchoaSingaporeUniversityofTechnologyandDesign
15th InternationalConferenceonAppliedCryptographyandNetworkSecurityJapan,Kanazawa,July11,2017.
-
2
ACNS201722
Source:urvil.wordpress.com
AutomaticcontrolofIndustrialProcesses:
Manufacturingplants
Powerplants
Publictransportationinfrastructure
Utilityinfrastructure(watertreatment,gas/oil,powergeneration)
IndustrialControlSystemsWhatareICSs?
-
3
ACNS201733
Source:http://bcmpublicrelations.com/
IndustrialControlSystemsIndustryEvolution
-
4
ACNS201744
InformationTechnology:
ServersandClientPCs
Source:https://pgjonline.com/
OperationalTechnology:
Servers,PLCs,SCADA,HMIDevices,ActuatorsandSensors
IntegrityAttackscauseOperationalChanges
IndustrialControlSystemsITmeetsOT(PurdueModel)
-
555
ACNS2017
Cyber-securityinICSMotivation:IntegrityAttacks
PLC
ControlCenter
AttackerAttacker
TankLevelMonitor
ValveController
ChemicalDispenser
PLC
-
666
ACNS2017
Cyber-securityinICSMotivation:IntegrityAttacks
PLC
ControlCenter
AttackerAttacker
TankLevelMonitor
ValveController
ChemicalDispenser
PLC Highlevel
!!Highlevel
-
777
ACNS2017
Cyber-securityinICSMotivation:IntegrityAttacks
PLC
ControlCenter
AttackerAttacker
TankLevelMonitor
ValveController
ChemicalDispenser
PLC
Highlevel
Normallevel
!!Highlevel
-
888
ACNS2017
Cyber-securityinICSMotivation:IntegrityAttacks
PLC
ControlCenter
AttackerAttacker
TankLevelMonitor
ValveController
ChemicalDispenser
PLC
Turnoffvalve
ReduceChemical
-
999
ACNS2017
Cyber-securityinICSMotivation:IntegrityAttacks
PLC
ControlCenter
AttackerAttacker
TankLevelMonitor
ValveController
ChemicalDispenser
PLC
TurnonvalveIncrease
ChemicalTurnoffvalve
ReduceChemical
-
101010
ACNS2017
Cyber-securityinICSMotivation:IntegrityAttacks
PLC
ControlCenter
AttackerAttacker
TankLevelMonitor
ValveController
ChemicalDispenser
PLC
-
111111
ACNS2017
ControlCenter
Highlevel
!!Highlevel
TankLevelMonitor
CountermeasuresAuthenticity&Integritychecks
-
121212
ACNS2017
ControlCenter
!!Highlevel
TankLevelMonitor
CountermeasuresAuthenticity&Integritychecks
Highlevel
-
131313
ACNS2017
ControlCenter
!!Highlevel
TankLevelMonitor
CountermeasuresAuthenticity&Integritychecks
Highlevel
-
141414
ACNS2017
ControlCenter
!!Highlevel
TankLevelMonitor
CountermeasuresAuthenticity&Integritychecks
Highlevel
-
151515
ACNS2017
ControlCenter
!!Highlevel
TankLevelMonitor
CountermeasuresAuthenticity&Integritychecks
Attacker
Highlevel
-
161616
ACNS2017
ControlCenter
!!Highlevel
TankLevelMonitor
CountermeasuresAuthenticity&Integritychecks
Attacker
Highlevel
-
171717
ACNS2017
ControlCenter
!!Highlevel
TankLevelMonitor
CountermeasuresAuthenticity&Integritychecks
Attacker
Highlevel
-
181818
ACNS2017
ControlCenter
!!Highlevel
TankLevelMonitor
CountermeasuresAuthenticity&Integritychecks
Attacker
Lowlevel
-
191919
ACNS2017
ControlCenter
!!Highlevel
TankLevelMonitor
CountermeasuresAuthenticity&Integritychecks
Attacker
Lowlevel
-
20
ACNS20172020
Attribute InformationTechnologySystems(IT)
IndustrialControlSystems(OT)
ComponentLifetime
3to5years 10to15years
Connectivity Corporate network,IP-based,standardprotocols
ControlNetwork,proprietaryprotocols
PerformanceRequirements
Non-real-time Real-time
Sources:NIST:GuidetoIndustrialControlSystemsSecurity.800-82Rev2http://www.wbdg.org/
IndustrialControlSystemsIT/OTRequirements
-
212121
ACNS2017
SecureWaterTreatment(SWaT)isatestbedforresearchintheareaofcybersecurity.
DatafromarealICSSWaTTestbed
-
222222
ACNS2017
DatafromarealICSReal-timerequirements
-
232323
ACNS2017
DatafromarealICSUnderstandingICSData
ByselectingCIPserviceswithcriticaldataourproposalavoidsadditionalprocessingandbandwidthoverheadsincomparisonwithsigningallCIPtraffic.
-
242424
ACNS2017
DatafromarealICSUnderstandingICSData
ByselectingCIPserviceswithcriticaldataourproposalavoidsadditionalprocessingandbandwidthoverheadsincomparisonwithsigningallCIPtraffic.
CIPServices(CriticalData):Read_Tag
Write_Tag
Read_Tag_Fragmented
-
252525
ACNS2017
ControlCenterPLC
Crypto-featuredHardware
BridgingNon-CriticalData
SigningCriticalData
BridgingNon-CriticalData
VerifyingCriticalData
Crypto-featuredHardware
SPAProtocolSelectivePacketAuthentication
-
262626
ACNS2017
AsSPAonlysigns/verifiesselectedcriticalpackets,itimprovestheoverallhardenedcommunicationrateofthesystemcomparedwithTLS.
ComparisonwithTLSSPAEvaluation
-
272727
ACNS2017
ControlCenterPLC
Crypto-featuredHardware
BridgingNon-CriticalData
Marking&BridgingCritical
Data
SigningMarkedChunk
Crypto-featuredHardware
BridgingNon-CriticalData
Marking&BridgingCritical
Data
VerifyingMarkedChunk
ASPAProtocolAggregatedSelectivePacket
Authentication
-
282828
ACNS2017
UsingAggregated-SPAthesystemwouldachievehighertolerancecommunicationlevelsprocessingdifferentpercentagesofcriticaldata.x-axisrepresentschunkofpacketstobesigned.
y-axisrepresentstoleranceatcommunicationlevelreachedbythesystem.
ComparisonwithTLSASPAEvaluation
-
292929
ACNS2017
ControlCenter
PLC1
TCP/IPSwitch
PLC3
ImplementationRealScenarioonSWaTTestbed
-
303030
ACNS2017
ControlCenter
PLC1
TCP/IPSwitch
PLC3
ImplementationRealScenarioonSWaTTestbed
Signs Verifies
CriticalData
-
313131
ACNS2017
ControlCenter
PLC1
TCP/IPSwitch
PLC3
ImplementationRealScenarioonSWaTTestbed
SignsVerifies
CriticalData
-
323232
ACNS2017
ControlCenter
PLC1
TCP/IPSwitch
PLC3
ImplementationRealScenarioonSWaTTestbed
Updatesstats
Updatesstats
-
333333
ACNS2017
ControlCenter
PLC1
TCP/IPSwitch
PLC3
ImplementationRealScenarioonSWaTTestbed
Monitorssystem
performance
MonitorsSystem
Performance
-
343434
ACNS2017
*VM:VirtualMachine
Hardware Processor CPU Memory
Controllino ATmega2560Microcontroller
16MHz 256KB
ARM(VM*) ARM926EJ-S 540MHz 256MB
RaspberryPI2 Quad-core ARMCortex-A7
900MHz 1GB
RaspberryPI3 Quad-coreARMCortex-A53
1200MHz 1GB
PC(VM*) IntelCorei5-5300U 2300MHz 2GB
BenchmarkHardwareSelection
-
353535
ACNS2017
DataSize(Bytes)
Controllino ARM RaspberryPI2
RaspberryPI3
PC
64 2.2x104 76 53 15 2
128 3.3x104 78 58 16 2
256 5.5x104 84 69 18 3
512 1x105 117 89 32 4
1K 1.8x105 171 130 35 6
2K 3.6x105 252 211 58 10
4K 7x105 474 374 104 18
ECDSA N/A 1.5x105 1x105 3.2x104 3.1x103
AlldatainμsCryptographicAlgorithms:• Symmetric:HMAC-SHA256• Asymmetric:ECDSA
BenchmarkHardwarePerformance
-
363636
ACNS2017
ASPAProtocolPerformanceEvaluation(Speed)
Pk/s
AggregatedSignature(Pksinachunk)20 40 60 80 100 120
107
106
105
104
103
102
101
MinPk/srequiredinSWaT
-
373737
ACNS2017
FeaturesProtocols• Ourprotocolsarebackwardcompatible,astheytransmit
authenticationdataaspayloadinlegacyindustrialprotocols.
• Withinexpensiveandfasthardware(RaspberryPI),itisfeasibletoenhancelegacyplantswithauthenticchannelsforstrongsignaturealgorithmswithsimpleprotocols.
• ItisfeasibletosignificantlyraisethebaragainstattackersofICSbyincludingauthenticationbasedonmoderncryptographywithoutcompromisingefficiencyorcost.
• Weplantocomparethereal-timeconstraintsofSWaTwithconstraintsinotherICSTestbeds(SmartGrid).
Conclusions
-
383838
ACNS2017
Thankyou
Q&A
-
393939
ACNS2017
BackupSlides
-
404040
ACNS2017
Attribute InformationTechnologySystems(IT) IndustrialControlSystems(OT)
Purpose Process transaction,provideinformation Controls andmonitorphysicalprocesses
Role Supportpeople Controlmachines
Architecture Enterprisewideinfrastructureandapplications Event-driven,real-time,embeddedhardwareandcustomizedsoftware
ComponentLifetime
3to5years 10to15years
Interfaces GUI,Webbrowser,terminalandkeyboard Electromechanical, sensors,actuators,codeddisplays
Connectivity Corporate network,IP-based,standardprotocols ControlNetwork,proprietaryprotocols
PerformanceRequirements
Non-real-time Real-time
Majorriskimpacts Delayofbusinessoperations Environmentalimpacts,lossoflife,equipment, orproduction
Sources:NIST:GuidetoIndustrialControlSystemsSecurity.800-82Rev2http://www.wbdg.org/
IndustrialControlSystemsIT/OTRequirements
-
414141
ACNS2017
InjectingdataintoEthernetIPProtocol
EthernetFrameEthernetHeader
IPHeader
14Bytes 20Bytes
TCP/UDPHeader20Bytes
EncapsulationHeader
EncapsulationData CRC
EncapsulationPacket
Command Length
2Bytes 2Bytes
SessionHandle
4Bytes
Status SenderContext Options
8Bytes4Bytes 4Bytes
EncapsulationHeader
ItemCount(Usual=2) TypeID
2Bytes 2Bytes
Length(l1)
2Bytes
Data(ConnectionID)
l1 Bytes
TypeID
2Bytes
Length(l2)
2Bytes
Data(CIPData)l2 Bytes
AddressItem DataItemEncapsulationData(CommonPacketFormat)
-
424242
ACNS2017
InjectingdataintoEthernetIPProtocol
EthernetFrameEthernetHeader
IPHeader
14Bytes 20Bytes
TCP/UDPHeader20Bytes
EncapsulationHeader
EncapsulationData CRC
EncapsulationPacket
Command Length
2Bytes 2Bytes
SessionHandle
4Bytes
Status SenderContext Options
8Bytes4Bytes 4Bytes
EncapsulationHeader
ItemCount(Usual=2) TypeID
2Bytes 2Bytes
Length(l1)
2Bytes
Data(ConnectionID)
l1 Bytes
TypeID
2Bytes
Length(l2)
2Bytes
Data(CIPData)l2 Bytes
AddressItem DataItem
TypeID
2Bytes
Length(l3)
2Bytes
Data(Signature)
l3 Bytes
SignatureItemEncapsulationData(CommonPacketFormat)
3X
-
434343
ACNS2017
AuthenticationProtocolsImplementation:RealScenarioonSWaTTestbed
• SCADA’s supervisory reads PLCvariables of signing-verificationprocess.
• Statistics about integrity checks mightbe summarize.
• In case of integrity violations happenan alarm will trigger.
-
444444
ACNS2017
ARaspberryPIisdirectlyconnectedbetweenthehardenedPLCanditsclosestswitch.ItbridgescommunicationbetweenthePLCandtherestofthesystem.
ImplementationRealScenarioonSWaTTestbed
-
454545
ACNS2017
Different tags were configured atPLC program to store statisticsabout signing/verification process.It allows to monitor the processand debug it.
ImplementationRealScenarioonSWaTTestbed
