Legacy-Compliant Data Authentication for Industrial Control System Traffic

Transcription

1 Legacy-Compliant Data Authentication for Industrial Control System Traffic John Henry Castellanos, Daniele Antonioli, Nils Ole Tippenhauer and Martín Ochoa Singapore University of Technology and Design 15 th International Conference on Applied Cryptography and Network Security Japan, Kanazawa, July 11,

2 Industrial Control Systems What are ICSs? Automatic control of Industrial Processes: Manufacturing plants Power plants Public transportation infrastructure Utility infrastructure (water treatment, gas/oil, power generation) Source: urvil.wordpress.com 2

3 Industrial Control Systems Industry Evolution Source: 3

4 Industrial Control Systems IT meets OT (Purdue Model) Information Technology: Servers and Client PCs Operational Technology: Servers, PLCs, SCADA, HMI Devices, Actuators and Sensors Integrity Attacks cause Operational Changes Source: 4

5 Cyber-security in ICS Motivation: Integrity Attacks Chemical Dispenser Valve Controller Tank Level Monitor Attacker Attacker PLC PLC Control Center 5

6 Cyber-security in ICS Motivation: Integrity Attacks!! High level Chemical Dispenser Valve Controller Tank Level Monitor Attacker Attacker PLC PLC High level Control Center 6

7 Cyber-security in ICS Motivation: Integrity Attacks!! High level Chemical Dispenser Valve Controller Tank Level Monitor Attacker Attacker High level PLC PLC Normal level Control Center 7

8 Cyber-security in ICS Motivation: Integrity Attacks Chemical Dispenser Valve Controller Tank Level Monitor Attacker Attacker PLC Reduce Chemical PLC Turn off valve Control Center 8

9 Cyber-security in ICS Motivation: Integrity Attacks Chemical Dispenser Valve Controller Tank Level Monitor PLC Increase Chemical PLC Reduce Chemical Attacker Turn on valve Turn off valve Attacker Control Center 9

10 Cyber-security in ICS Motivation: Integrity Attacks Chemical Dispenser Valve Controller Tank Level Monitor Attacker Attacker PLC PLC Control Center 10

11 Countermeasures Authenticity & Integrity checks!! High level High level Tank Level Monitor Control Center 11

12 Countermeasures Authenticity & Integrity checks!! High level High level Tank Level Monitor Control Center 12

13 Countermeasures Authenticity & Integrity checks!! High level High level Tank Level Monitor Control Center 13

14 Countermeasures Authenticity & Integrity checks!! High level High level Tank Level Monitor Control Center 14

15 Countermeasures Authenticity & Integrity checks!! High level High level Tank Level Monitor Control Center Attacker 15

16 Countermeasures Authenticity & Integrity checks!! High level High level Tank Level Monitor Control Center Attacker 16

17 Countermeasures Authenticity & Integrity checks!! High level Tank Level Monitor Control Center High level Attacker 17

18 Countermeasures Authenticity & Integrity checks!! High level Tank Level Monitor Low level Control Center Attacker 18

19 Countermeasures Authenticity & Integrity checks!! High level Tank Level Monitor Low level Control Center Attacker 19

20 Industrial Control Systems IT/OT Requirements Attribute Component Lifetime Connectivity Performance Requirements Information Technology Systems (IT) 3 to 5 years 10 to 15 years Corporate network, IP-based, standard protocols Non-real-time Industrial Control Systems (OT) Control Network, proprietary protocols Real-time Sources: NIST: Guide to Industrial Control Systems Security Rev2 20

21 Data from a real ICS SWaT Testbed Secure Water Treatment (SWaT) is a testbed for research in the area of cyber security. 21

22 Data from a real ICS Real-time requirements 22

23 Data from a real ICS Understanding ICS Data By selecting CIP services with critical data our proposal avoids additional processing and bandwidth overheads in comparison with signing all CIP traffic. 23

24 Data from a real ICS Understanding ICS Data CIP Services (Critical Data): Read_Tag Write_Tag Read_Tag_Fragmented By selecting CIP services with critical data our proposal avoids additional processing and bandwidth overheads in comparison with signing all CIP traffic. 24

25 SPA Protocol Selective Packet Authentication PLC Control Center Bridging Non- Critical Data Bridging Non- Critical Data Signing Critical Data Verifying Critical Data Crypto-featured Hardware Crypto-featured Hardware 25

26 Comparison with TLS SPA Evaluation As SPA only signs/verifies selected critical packets, it improves the overall hardened communication rate of the system compared with TLS. 26

27 ASPA Protocol Aggregated Selective Packet PLC Authentication Control Center Bridging Non- Critical Data Bridging Non- Critical Data Marking & Bridging Critical Data Marking & Bridging Critical Data Signing Marked Chunk Crypto-featured Hardware Verifying Marked Chunk Crypto-featured Hardware 27

28 Comparison with TLS ASPA Evaluation Using Aggregated-SPA the system would achieve higher tolerance communication levels processing different percentages of critical data. x-axis represents chunk of packets to be signed. y-axis represents tolerance at communication level reached by the system. 28

29 Implementation Real Scenario on SWaT Testbed PLC1 PLC3 TCP/IP Switch Control Center 29

30 Implementation Real Scenario on SWaT Testbed Critical Data PLC1 PLC3 Signs TCP/IP Switch Verifies Control Center 30

31 Implementation Real Scenario on SWaT Testbed PLC1 Verifies Signs PLC3 TCP/IP Switch Critical Data Control Center 31

32 Implementation Real Scenario on SWaT Testbed PLC1 PLC3 TCP/IP Switch Updates stats Updates stats Control Center 32

33 Implementation Real Scenario on SWaT Testbed PLC1 Monitors System Performance Monitors system performance PLC3 TCP/IP Switch Control Center 33

34 Hardware Processor CPU Memory Controllino *VM: Virtual Machine ATmega2560 Microcontroller 16 MHz 256 KB ARM (VM*) ARM926EJ-S 540 MHz 256 MB Raspberry PI 2 Raspberry PI 3 Benchmark Hardware Selection Quad-core ARM Cortex-A7 Quad-core ARM Cortex-A MHz 1 GB 1200 MHz 1 GB PC (VM*) Intel Core i U 2300 MHz 2 GB 34

35 Data Size (Bytes) Benchmark Hardware Performance Controllino ARM Raspberry PI2 Raspberry PI x x x x K 1.8 x K 3.6 x K 7 x ECDSA N/A 1.5 x x x x 10 3 Cryptographic Algorithms: Symmetric: HMAC-SHA256 Asymmetric: ECDSA PC All data in μs 35

36 ASPA Protocol Performance Evaluation (Speed) Pk/s Min Pk/s required in SWaT Aggregated Signature (Pks in a chunk) 36

37 Features Conclusions Our protocols Protocolsare backward compatible, as they transmit authentication data as payload in legacy industrial protocols. With inexpensive and fast hardware (Raspberry PI), it is feasible to enhance legacy plants with authentic channels for strong signature algorithms with simple protocols. It is feasible to significantly raise the bar against attackers of ICS by including authentication based on modern cryptography without compromising efficiency or cost. We plan to compare the real-time constraints of SWaT with constraints in other ICS Testbeds (Smart Grid). 37

38 Thank you Q & A 38

39 Backup Slides 39

40 Industrial Control Systems IT/OT Requirements Attribute Information Technology Systems (IT) Industrial Control Systems (OT) Purpose Process transaction, provide information Controls and monitor physical processes Role Support people Control machines Architecture Enterprise wide infrastructure and applications Event-driven, real-time, embedded hardware and customized software Component Lifetime 3 to 5 years 10 to 15 years Interfaces GUI, Web browser, terminal and keyboard Electromechanical, sensors, actuators, coded displays Connectivity Corporate network, IP-based, standard protocols Control Network, proprietary protocols Performance Requirements Non-real-time Real-time Major risk impacts Delay of business operations Environmental impacts, loss of life, equipment, or production Sources: NIST: Guide to Industrial Control Systems Security Rev2 40

41 Injecting data into Ethernet IP Protocol Ethernet Frame Ethernet Header IP Header 14 Bytes 20 Bytes Encapsulation Header TCP/UDP Header 20 Bytes Encapsulation Header Encapsulation Packet Encapsulation Data CRC Command Length Session Handle Status Sender Context Options 2 Bytes 2 Bytes 4 Bytes 4 Bytes 8 Bytes 4 Bytes Encapsulation Data (Common Packet Format) Item Count (Usual =2) Type ID 2 Bytes 2 Bytes Address Item Length (l1) 2 Bytes Data (Connection ID) l1 Bytes Type ID 2 Bytes Data Item Length (l2) 2 Bytes Data (CIP Data) l2 Bytes 41

42 Injecting data into Ethernet IP Protocol Ethernet Frame Ethernet Header IP Header 14 Bytes 20 Bytes Encapsulation Header TCP/UDP Header 20 Bytes Encapsulation Header Encapsulation Packet Encapsulation Data CRC Command Length Session Handle Status Sender Context Options 2 Bytes 2 Bytes 4 Bytes 4 Bytes 8 Bytes 4 Bytes Encapsulation Data (Common Packet Format) Item Count (Usual =2) X 3 Type ID 2 Bytes 2 Bytes Address Item Length (l1) 2 Bytes Data (Connection ID) l1 Bytes Type ID 2 Bytes Data Item Length (l2) 2 Bytes Data (CIP Data) l2 Bytes Type ID 2 Bytes Signature Item Length (l3) 2 Bytes Data (Signature) l3 Bytes 42

43 Authentication Protocols Implementation: Real Scenario on SWaT Testbed SCADA s supervisory reads PLC variables of signing-verification process. Statistics about integrity checks might be summarize. In case of integrity violations happen an alarm will trigger. 43

44 Implementation Real Scenario on SWaT Testbed A Raspberry PI is directly connected between the hardened PLC and its closest switch. It bridges communication between the PLC and the rest of the system. 44

45 Implementation Real Scenario on SWaT Testbed Different tags were configured at PLC program to store statistics about signing/verification process. It allows to monitor the process and debug it. 45