Legacy-Compliant Data Authentication for Industrial Control System Traffic
|
|
- Stanley Holmes
- 6 years ago
- Views:
Transcription
1 Legacy-Compliant Data Authentication for Industrial Control System Traffic John Henry Castellanos, Daniele Antonioli, Nils Ole Tippenhauer and Martín Ochoa Singapore University of Technology and Design 15 th International Conference on Applied Cryptography and Network Security Japan, Kanazawa, July 11,
2 Industrial Control Systems What are ICSs? Automatic control of Industrial Processes: Manufacturing plants Power plants Public transportation infrastructure Utility infrastructure (water treatment, gas/oil, power generation) Source: urvil.wordpress.com 2
3 Industrial Control Systems Industry Evolution Source: 3
4 Industrial Control Systems IT meets OT (Purdue Model) Information Technology: Servers and Client PCs Operational Technology: Servers, PLCs, SCADA, HMI Devices, Actuators and Sensors Integrity Attacks cause Operational Changes Source: 4
5 Cyber-security in ICS Motivation: Integrity Attacks Chemical Dispenser Valve Controller Tank Level Monitor Attacker Attacker PLC PLC Control Center 5
6 Cyber-security in ICS Motivation: Integrity Attacks!! High level Chemical Dispenser Valve Controller Tank Level Monitor Attacker Attacker PLC PLC High level Control Center 6
7 Cyber-security in ICS Motivation: Integrity Attacks!! High level Chemical Dispenser Valve Controller Tank Level Monitor Attacker Attacker High level PLC PLC Normal level Control Center 7
8 Cyber-security in ICS Motivation: Integrity Attacks Chemical Dispenser Valve Controller Tank Level Monitor Attacker Attacker PLC Reduce Chemical PLC Turn off valve Control Center 8
9 Cyber-security in ICS Motivation: Integrity Attacks Chemical Dispenser Valve Controller Tank Level Monitor PLC Increase Chemical PLC Reduce Chemical Attacker Turn on valve Turn off valve Attacker Control Center 9
10 Cyber-security in ICS Motivation: Integrity Attacks Chemical Dispenser Valve Controller Tank Level Monitor Attacker Attacker PLC PLC Control Center 10
11 Countermeasures Authenticity & Integrity checks!! High level High level Tank Level Monitor Control Center 11
12 Countermeasures Authenticity & Integrity checks!! High level High level Tank Level Monitor Control Center 12
13 Countermeasures Authenticity & Integrity checks!! High level High level Tank Level Monitor Control Center 13
14 Countermeasures Authenticity & Integrity checks!! High level High level Tank Level Monitor Control Center 14
15 Countermeasures Authenticity & Integrity checks!! High level High level Tank Level Monitor Control Center Attacker 15
16 Countermeasures Authenticity & Integrity checks!! High level High level Tank Level Monitor Control Center Attacker 16
17 Countermeasures Authenticity & Integrity checks!! High level Tank Level Monitor Control Center High level Attacker 17
18 Countermeasures Authenticity & Integrity checks!! High level Tank Level Monitor Low level Control Center Attacker 18
19 Countermeasures Authenticity & Integrity checks!! High level Tank Level Monitor Low level Control Center Attacker 19
20 Industrial Control Systems IT/OT Requirements Attribute Component Lifetime Connectivity Performance Requirements Information Technology Systems (IT) 3 to 5 years 10 to 15 years Corporate network, IP-based, standard protocols Non-real-time Industrial Control Systems (OT) Control Network, proprietary protocols Real-time Sources: NIST: Guide to Industrial Control Systems Security Rev2 20
21 Data from a real ICS SWaT Testbed Secure Water Treatment (SWaT) is a testbed for research in the area of cyber security. 21
22 Data from a real ICS Real-time requirements 22
23 Data from a real ICS Understanding ICS Data By selecting CIP services with critical data our proposal avoids additional processing and bandwidth overheads in comparison with signing all CIP traffic. 23
24 Data from a real ICS Understanding ICS Data CIP Services (Critical Data): Read_Tag Write_Tag Read_Tag_Fragmented By selecting CIP services with critical data our proposal avoids additional processing and bandwidth overheads in comparison with signing all CIP traffic. 24
25 SPA Protocol Selective Packet Authentication PLC Control Center Bridging Non- Critical Data Bridging Non- Critical Data Signing Critical Data Verifying Critical Data Crypto-featured Hardware Crypto-featured Hardware 25
26 Comparison with TLS SPA Evaluation As SPA only signs/verifies selected critical packets, it improves the overall hardened communication rate of the system compared with TLS. 26
27 ASPA Protocol Aggregated Selective Packet PLC Authentication Control Center Bridging Non- Critical Data Bridging Non- Critical Data Marking & Bridging Critical Data Marking & Bridging Critical Data Signing Marked Chunk Crypto-featured Hardware Verifying Marked Chunk Crypto-featured Hardware 27
28 Comparison with TLS ASPA Evaluation Using Aggregated-SPA the system would achieve higher tolerance communication levels processing different percentages of critical data. x-axis represents chunk of packets to be signed. y-axis represents tolerance at communication level reached by the system. 28
29 Implementation Real Scenario on SWaT Testbed PLC1 PLC3 TCP/IP Switch Control Center 29
30 Implementation Real Scenario on SWaT Testbed Critical Data PLC1 PLC3 Signs TCP/IP Switch Verifies Control Center 30
31 Implementation Real Scenario on SWaT Testbed PLC1 Verifies Signs PLC3 TCP/IP Switch Critical Data Control Center 31
32 Implementation Real Scenario on SWaT Testbed PLC1 PLC3 TCP/IP Switch Updates stats Updates stats Control Center 32
33 Implementation Real Scenario on SWaT Testbed PLC1 Monitors System Performance Monitors system performance PLC3 TCP/IP Switch Control Center 33
34 Hardware Processor CPU Memory Controllino *VM: Virtual Machine ATmega2560 Microcontroller 16 MHz 256 KB ARM (VM*) ARM926EJ-S 540 MHz 256 MB Raspberry PI 2 Raspberry PI 3 Benchmark Hardware Selection Quad-core ARM Cortex-A7 Quad-core ARM Cortex-A MHz 1 GB 1200 MHz 1 GB PC (VM*) Intel Core i U 2300 MHz 2 GB 34
35 Data Size (Bytes) Benchmark Hardware Performance Controllino ARM Raspberry PI2 Raspberry PI x x x x K 1.8 x K 3.6 x K 7 x ECDSA N/A 1.5 x x x x 10 3 Cryptographic Algorithms: Symmetric: HMAC-SHA256 Asymmetric: ECDSA PC All data in μs 35
36 ASPA Protocol Performance Evaluation (Speed) Pk/s Min Pk/s required in SWaT Aggregated Signature (Pks in a chunk) 36
37 Features Conclusions Our protocols Protocolsare backward compatible, as they transmit authentication data as payload in legacy industrial protocols. With inexpensive and fast hardware (Raspberry PI), it is feasible to enhance legacy plants with authentic channels for strong signature algorithms with simple protocols. It is feasible to significantly raise the bar against attackers of ICS by including authentication based on modern cryptography without compromising efficiency or cost. We plan to compare the real-time constraints of SWaT with constraints in other ICS Testbeds (Smart Grid). 37
38 Thank you Q & A 38
39 Backup Slides 39
40 Industrial Control Systems IT/OT Requirements Attribute Information Technology Systems (IT) Industrial Control Systems (OT) Purpose Process transaction, provide information Controls and monitor physical processes Role Support people Control machines Architecture Enterprise wide infrastructure and applications Event-driven, real-time, embedded hardware and customized software Component Lifetime 3 to 5 years 10 to 15 years Interfaces GUI, Web browser, terminal and keyboard Electromechanical, sensors, actuators, coded displays Connectivity Corporate network, IP-based, standard protocols Control Network, proprietary protocols Performance Requirements Non-real-time Real-time Major risk impacts Delay of business operations Environmental impacts, loss of life, equipment, or production Sources: NIST: Guide to Industrial Control Systems Security Rev2 40
41 Injecting data into Ethernet IP Protocol Ethernet Frame Ethernet Header IP Header 14 Bytes 20 Bytes Encapsulation Header TCP/UDP Header 20 Bytes Encapsulation Header Encapsulation Packet Encapsulation Data CRC Command Length Session Handle Status Sender Context Options 2 Bytes 2 Bytes 4 Bytes 4 Bytes 8 Bytes 4 Bytes Encapsulation Data (Common Packet Format) Item Count (Usual =2) Type ID 2 Bytes 2 Bytes Address Item Length (l1) 2 Bytes Data (Connection ID) l1 Bytes Type ID 2 Bytes Data Item Length (l2) 2 Bytes Data (CIP Data) l2 Bytes 41
42 Injecting data into Ethernet IP Protocol Ethernet Frame Ethernet Header IP Header 14 Bytes 20 Bytes Encapsulation Header TCP/UDP Header 20 Bytes Encapsulation Header Encapsulation Packet Encapsulation Data CRC Command Length Session Handle Status Sender Context Options 2 Bytes 2 Bytes 4 Bytes 4 Bytes 8 Bytes 4 Bytes Encapsulation Data (Common Packet Format) Item Count (Usual =2) X 3 Type ID 2 Bytes 2 Bytes Address Item Length (l1) 2 Bytes Data (Connection ID) l1 Bytes Type ID 2 Bytes Data Item Length (l2) 2 Bytes Data (CIP Data) l2 Bytes Type ID 2 Bytes Signature Item Length (l3) 2 Bytes Data (Signature) l3 Bytes 42
43 Authentication Protocols Implementation: Real Scenario on SWaT Testbed SCADA s supervisory reads PLC variables of signing-verification process. Statistics about integrity checks might be summarize. In case of integrity violations happen an alarm will trigger. 43
44 Implementation Real Scenario on SWaT Testbed A Raspberry PI is directly connected between the hardened PLC and its closest switch. It bridges communication between the PLC and the rest of the system. 44
45 Implementation Real Scenario on SWaT Testbed Different tags were configured at PLC program to store statistics about signing/verification process. It allows to monitor the process and debug it. 45
Gamifying ICS Security Training and Research: Design, Implementation, and Results of S3
CPS-SPC 17 @ Dallas, US Gamifying ICS Security Training and Research: Design, Implementation, and Results of S3 DANIELE ANTONIOLI, H. R. GHAEINI, S. ADEPU, M. OCHOA, N. O. TIPPENHAUER Singapore University
More informationAUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID
AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID Sherif Abdelwahed Department of Electrical and Computer Engineering Mississippi State University Autonomic Security Management Modern
More informationTowards High-Interaction Virtual ICS Honeypots-in-a-Box DANIELE ANTONIOLI ANAND AGRAWAL N. O. TIPPENHAUER
CPS-SPC 16 @ Vienna AU Towards High-Interaction Virtual ICS Honeypots-in-a-Box DANIELE ANTONIOLI ANAND AGRAWAL N. O. TIPPENHAUER daniele_antonioli@sutd.edu.sg Towards High-Interaction Virtual ICS Honeypots-in-a-Box
More informationIPSec. Slides by Vitaly Shmatikov UT Austin. slide 1
IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service
More informationFirewalls (IDS and IPS) MIS 5214 Week 6
Firewalls (IDS and IPS) MIS 5214 Week 6 Agenda Defense in Depth Evolution of IT risk in automated control systems Security Domains Where to put firewalls in an N-Tier Architecture? In-class exercise Part
More informationDanube University Krems. The University for Continuing Education. Security Issues in Resource-limited Sensor Networks. Thilo Sauter Albert Treytl
Danube University Krems. The University for Continuing Education. Security Issues in Resource-limited Sensor Networks Thilo Sauter Albert Treytl Wireless Sensor Network Vision High-level company functions
More informationVirtualizing Industrial Control Systems Testbeds for Cybersecurity Research
Virtualizing Industrial Control Systems Testbeds for Cybersecurity Research CAE Tech Talk 2016 Thiago Alves Faculty: Dr. Tommy Morris Overview Problems: Industrial Control Systems are too big to fit in
More informationIntroduction to ICS Security
Introduction to ICS Security Design. Build. Protect. Presented by Jack D. Oden, June 1, 2018 ISSA Mid-Atlantic Information Security Conference, Rockville, MD Copyright 2018 Parsons Federal 2018 Critical
More informationAuthentication Protocol for Industrial Control Systems without Encryption
STUDENT SUMMER INTERNSHIP TECHNICAL REPORT Authentication Protocol for Industrial Control Systems without Encryption DOE-FIU SCIENCE & TECHNOLOGY WORKFORCE DEVELOPMENT PROGRAM Date submitted: September
More informationSecuring IoT applications with Mbed TLS Hannes Tschofenig Arm Limited
Securing IoT applications with Mbed TLS Hannes Tschofenig Agenda Theory Threats Security services Hands-on with Arm Keil MDK Pre-shared secret-based authentication (covered in webinar #1) TLS Protocol
More informationWHAT FUTURE FOR CONTACTLESS CARD SECURITY?
WHAT FUTURE FOR CONTACTLESS CARD SECURITY? Alain Vazquez (alain.vazquez@louveciennes.sema.slb.com) 1/27 AV Contents Major contactless features : summary Contactless major constraints Major security issues
More informationLabVIEW Communication Techniques for Distributed Applications
LabVIEW Communication Techniques for Distributed Applications Agenda Intro: What is a Distributed Application? Part I: LabVIEW Communication Techniques Part II: Implementing Communication Tasks Distributed
More informationSecure Water Treatment (SWaT) Testbed
Secure Water Treatment (SWaT) Testbed Version: 4.2 Last updated: 5 October 2018 Contact information: itrust@sutd.edu.sg Website: https://itrust.sutd.edu.sg/ INTRODUCTION Aim This documentation provides
More informationThe Future of Industrial Control Systems Security
The Future of Industrial Control Systems Security Amir Samoiloff, CEO, Siga Security Ilan Gendelman, CTO, Siga Security www.sigasec.com The Importance of Operating Technology Systems Modern life relies
More informationAn Experimental Analysis on Iterative Block Ciphers and Their Effects on VoIP under Different Coding Schemes
An Experimental Analysis on Iterative Block Ciphers and Their Effects on VoIP under Different Coding Schemes Gregory Epiphaniou 1 Carsten Maple 1 Paul Sant 1 Matthew Reeves 2 1 Institute for Research in
More informationSecure Ethernet Communication for Autonomous Driving. Jared Combs June 2016
Secure Ethernet Communication for Autonomous Driving Jared Combs June 2016 Agenda Motivation for Security The Multi-Level Security Architecture Proposal Level 1: Restrict access to the network Level 2:
More informationBCRAN. Section 9. Cable and DSL Technologies
BCRAN Section 9 Cable and DSL Technologies Cable and DSL technologies have changed the remote access world dramatically. Without them, remote and Internet access would be limited to the 56 kbps typical
More informationWhat s new in PI System Security?
What s new in PI System Security? Presented by Brian Bostwick Kevin Geneva The Seven Most Dangerous New Attack Techniques SANS: Alan Paller, Ed Skoudis, Michael Assante, Johannes Ullrich 1. Ransomware
More informationSecurity of cyber-physical systems: an old idea
Security of cyber-physical systems: an old idea Security Issues and Mitigation in Ethernet POWERLINK Jonathan Yung, Hervé Debar and Louis Granboulan AIRBUS Group Innovations & Télécom SudParis February
More informationUsing Operator Interfaces to Optimize Performance of Industrial Wireless Networks
Using Operator Interfaces to Optimize Performance of Industrial Wireless Networks Jim Ralston, Wireless Sales Engineer ProSoft Technology, August 2007 Abstract The performance of wireless networks can
More informationIndustrial Cyber Security. ICS SHIELD Top-down security for multi-vendor OT assets
Industrial Cyber Security ICS SHIELD Top-down security for multi-vendor OT assets OT SECURITY NEED Industrial organizations are increasingly integrating their OT and IT infrastructures. The huge benefits
More informationSicherheitsaspekte für Flashing Over The Air in Fahrzeugen. Axel Freiwald 1/2017
Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen Axel Freiwald 1/2017 All OEMs Will Implement Software OTA As Soon As Possible IHS Study Motivation: Save on recalls caused by software bugs Evolution
More informationSecure Group Communication in Constrained Networks. A Gap Analysis
Tobias Guggemos, Nils gentschen Felde, Dieter Kranzlmüller MNM-Team Ludwig-Maximilians-Universität München Secure Group Communication in Constrained Networks A Gap Analysis IEEE Global IoT Summit 2017
More informationIndustrial Network Trends & Technologies
Industrial Network Trends & Technologies EtherNet/IP on the Plant Floor PUBLIC INFORMATION 5058-CO900F IHS Technology Industrial Internet of Things 2014, April 2014 PUBLIC INFORMATION Forecasts tremendous
More informationCyber Security Bryan Owen PE Principal Cyber Security Manager October 11, 2016
Cyber Security Bryan Owen PE Principal Cyber Security Manager October 11, 2016 Agenda Overview What s new in PI Security Demo What s coming next Call to Action 2 Cyber Security is more of a Marathon than
More informationBlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module
BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE Cryptographic Appliances with Integrated Level 3+ Hardware Security Module The BlackVault hardware security platform keeps cryptographic material
More informationN-Dimension n-platform 340S Unified Threat Management System
N-Dimension n-platform 340S Unified Threat Management System Firewall Router Site-to-Site VPN Remote-Access VPN Serial SCADA VPN Proxy Anti-virus SCADA IDS Port Scanner Vulnerability Scanner System & Service
More information4DIAC. 4DIAC - A Framework for Distributed Industrial Automation and Control. Alois Zoitl. fortiss GmbH An-Institut Technische Universität München
4DIAC A Framework for Distributed Industrial Automation and Control Alois Zoitl fortiss GmbH An-Institut Technische Universität München 1 Outline 2 Background Industrial Automation Short introduction to
More informationLoosely Coupled Actor Systems
Loosely Coupled Actor Systems for the Internet of Things Raphael Hiesgen Internet Technologies Group Hamburg University of Applied Sciences Agenda Introduction Where We Are Next Steps Risks and Conclusion
More informationAbout FIPS, NGE, and AnyConnect
About FIPS, NGE, and AnyConnect, on page 1 Configure FIPS for the AnyConnect Core VPN Client, on page 4 Configure FIPS for the Network Access Manager, on page 5 About FIPS, NGE, and AnyConnect AnyConnect
More informationCSE237B Project Final Report Mobile Console to Industrial Control System Feng Zhang Dustin Medeiros
CSE237B Project Final Report Mobile Console to Industrial Control System Feng Zhang Dustin Medeiros Motivation As wireless technology improves, devices with wireless capability have become a regular part
More informationOpenWay by Itron Security Overview
Itron White Paper OpenWay by Itron OpenWay by Itron Security Overview Kip Gering / R. Eric Robinson Itron Marketing / Itron Engineering 2009, Itron Inc. All rights reserved. 1 Executive Summary 3 Intent
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationSecure Networking with NAT Traversal for Enhanced Mobility
Secure Networking with NAT Traversal for Enhanced Mobility Lubomir Cvrk 1, Vit Vrba 1 1 Brno University of Technology, Dept. of Telecommunications, Purkynova 118, 61200 Brno, Czech Republic {cvrk, vrba}@westcom.cz
More informationCSC 774 Advanced Network Security
Computer Science CSC 774 Advanced Network Security Topic 4.3 Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks 1 Wireless Sensor Networks (WSN) A WSN consists of a potentially
More informationPeter Kreutzer, PSSAM/Automation Power World 2011 New Delhi, Secure and reliable Redundant communication network and cyber security
Peter Kreutzer, PSSAM/Automation Power World 2011 New Delhi, 2011-09-20 Secure and reliable Redundant communication network and cyber security Content Reliable Substation communication networks Introduction
More informationSystem Architecture Challenges in the Home M2M Network
System Architecture Challenges in the Home M2M Network Michael Starsinic InterDigital Communications M2M Background M2M Communications Machine-to-Machine or Machine-to-Man The Machine usually includes
More informationExtending EtherNet/IP TM to Resource- Constrained Industrial Things. Dayin XU, Rockwell Automation Paul Brooks, Rockwell Automation.
Extending EtherNet/IP TM to Resource- Constrained Industrial Things Dayin XU, Rockwell Automation Paul Brooks, Rockwell Automation October 14, 2015 IoT Opportunities for ODVA Constrains of IoT and IIoT
More informationAn Intrusion Detection System for Critical Information Infrastructures Using Wireless Sensor Network Technologies
An Intrusion Detection System for Critical Information Infrastructures Using Wireless Sensor Network Technologies The Fifth international CRIS conference on Critical Infrastructures Beijing China, 20 September
More informationWindows 10 IoT Core Azure Connectivity and Security
Windows 10 IoT Core Azure Connectivity and Security Published July 27, 2016 Version 1.0 Table of Contents Introduction... 2 Device identities... 2 Building security into the platform... 3 Security as a
More informationIntroduction to Computer Networks. CS 166: Introduction to Computer Systems Security
Introduction to Computer Networks CS 166: Introduction to Computer Systems Security Network Communication Communication in modern networks is characterized by the following fundamental principles Packet
More informationREMOTE FORENSIC ANALYSIS OF PROCESS CONTROL SYSTEMS
Chapter 16 REMOTE FORENSIC ANALYSIS OF PROCESS CONTROL SYSTEMS Regis Friend Cassidy, Adrian Chavez, Jason Trent and Jorge Urrea Abstract Forensic analysis can help maintain the security of process control
More informationIndustrial Control Systems Providing Advanced Threat Detection
Industrial Control Systems Providing Advanced Threat Detection Gene Stevens, Co-Founder & CTO, ProtectWise Richard Welch, Senior Software Engineer, ProtectWise November 2016 2 AGENDA Introduction Intro
More informationIE156: ICS410: ICS/SCADA Security Essentials
IE156: ICS410: ICS/SCADA Security Essentials IE156 Rev.001 CMCT COURSE OUTLINE Page 1 of 6 Training Description: In this five-day intensive training, participants will develop and reinforce a common language
More informationSecurity of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices
Security of Embedded Hardware Systems Insight into Attacks and Protection of IoT Devices Dr. Johann Heyszl, Head of Hardware Security Department Fraunhofer-Institute for Applied and Integrated Security
More informationReliable Broadcast Message Authentication in Wireless Sensor Networks
Reliable Broadcast Message Authentication in Wireless Sensor Networks Taketsugu Yao, Shigeru Fukunaga, and Toshihisa Nakai Ubiquitous System Laboratories, Corporate Research & Development Center, Oki Electric
More informationPROFINET The leading communication system
Titel einer Beispielpräsentation PROFINET The leading communication system Proven and future-oriented PROFINET 2 3 4 Market & Applications PROFINET overview 0 Reasons for PROFINET Industrie 4.0 and PROFINET
More informationComparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance. By Akshay Thorat
Comparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance By Akshay Thorat Table of Contents TLS - Why is it needed? Introduction- SSL/TLS evolution Libraries
More informationEvaluating the Impact of RDMA on Storage I/O over InfiniBand
Evaluating the Impact of RDMA on Storage I/O over InfiniBand J Liu, DK Panda and M Banikazemi Computer and Information Science IBM T J Watson Research Center The Ohio State University Presentation Outline
More informationSecuring Industrial Control Systems
L OCKHEED MARTIN Whitepaper Securing Industrial Control Systems The Basics Abstract Critical infrastructure industries such as electrical power, oil and gas, chemical, and transportation face a daunting
More informationWhat's the buzz about HORNET?
1 What's the buzz about HORNET? 2 You've probably all seen the news "Internet-scale anonymity" "Without sacrificing security, the network supports data transfer speeds of up to 93GBps" "can be scaled at
More informationSecuring the Frisbee Multicast Disk Loader
Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah 1 What is Frisbee? 2 Frisbee is Emulab s tool to install whole disk images from a server to many clients using
More informationMessaging Overview. Introduction. Gen-Z Messaging
Page 1 of 6 Messaging Overview Introduction Gen-Z is a new data access technology that not only enhances memory and data storage solutions, but also provides a framework for both optimized and traditional
More informationA Virtual Environment for Industrial Control Systems: A Nonlinear Use-Case in Attack Detection, Identification, and Response
ACSAC ICSS 2018 A Virtual Environment for Industrial Control Systems: A Nonlinear Use-Case in Attack Detection, Identification, and Response Andrés F. Murillo Joint work with Luis F. Cómbita, Andrea Calderón,
More informationCoSign Hardware version 7.0 Firmware version 5.2
CoSign Hardware version 7.0 Firmware version 5.2 FIPS 140-2 Non-Proprietary Security Policy Level 3 Validation July 2010 Copyright 2009 AR This document may be freely reproduced and distributed whole and
More informationCSC 4900 Computer Networks: Security Protocols (2)
CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication
More informationIDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller
IDCore Flexible, Trusted Open Platform financial services & retail enterprise > SOLUTION Government telecommunications transport Trusted Open Platform Java Card Alexandra Miller >network identity >smart
More informationAutomotive Security An Overview of Standardization in AUTOSAR
Automotive Security An Overview of Standardization in AUTOSAR Dr. Marcel Wille 31. VDI/VW-Gemeinschaftstagung Automotive Security 21. Oktober 2015, Wolfsburg Hackers take over steering from smart car driver
More informationApplication of Monitoring Standards for enhancing Energy System Security
Application of Monitoring Standards for enhancing Energy System Security G. DONDOSSOLA*, R. TERRUGGIA*, P. WYLACH*, G. PUGNI**, F. BELLIO*** RSE SpA*, Enel SpA**, Enel Produzione SpA*** Italy About RSE
More informationOracle Solaris Userland Cryptographic Framework Software Version 1.0 and 1.1
Oracle Solaris Userland Cryptographic Framework Software Version 1.0 and 1.1 FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Version 1.3 2014-01-08 Copyright 2014 Oracle Corporation Table
More informationManaging & Accelerating Innovation with Open Source at the Edge
Managing & Accelerating Innovation with Open Source at the Edge Bill Hunt, CTO - Dianomic Welcome! The IIoT Opportunity Resolve Complexity & Fragmentation with FogLAMP Use case: Defense Contractor Aircraft
More informationFIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2
Oracle Solaris Kernel Cryptographic Framework with SPARC T4 and T5 Software Version: 1.0 and 1.1; Hardware Version: SPARC T4 (527-1437-01) and T5 (7043165) FIPS 140-2 Non-Proprietary Security Policy Level
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine Security Policy Abstract: This document specifies Security Policy enforced by the SecureDoc Cryptographic Engine compliant with the requirements of FIPS 140-2
More informationPREEMPTIVE PREventivE Methodology and Tools to protect utilities
PREEMPTIVE PREventivE Methodology and Tools to protect utilities 2014 2017 1 With the financial support of FP7 Seventh Framework Programme Grant agreement no: 607093 Preemptive goal The main goal of PREEMPTIVE
More informationSmart Meter Security. Martin Klimke, Principle of Technical Marketing Infineon Chip Card and Security
Smart Meter Security Martin Klimke, Principle of Technical Marketing Infineon Chip Card and Security Smart Grids: Advanced power control, intelligence and communications New Business models and Services
More informationHIP Host Identity Protocol. October 2007 Patrik Salmela Ericsson
HIP Host Identity Protocol October 2007 Patrik Salmela Ericsson Agenda What is the Host Identity Protocol (HIP) What does HIP try to solve HIP basics Architecture The HIP base exchange HIP basic features
More informationThe World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to
1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats
More informationEvaluating BFT Protocols for Spire
Evaluating BFT Protocols for Spire Henry Schuh & Sam Beckley 600.667 Advanced Distributed Systems & Networks SCADA & Spire Overview High-Performance, Scalable Spire Trusted Platform Module Known Network
More informationAre Mobile Technologies Safe Enough for Industrie 4.0?
Are Mobile Technologies Safe Enough for Industrie 4.0? Presented by Bryan Owen PE Mobile Technology is Awesome! Cameras Drone UAVs GPS Sensors Smart phones Wearables https://www.osisoft.com/presentations/geospatial-sensor---driven-analytics-using-drones/
More informationVirtual Private Network
VPN and IPsec Virtual Private Network Creates a secure tunnel over a public network Client to firewall Router to router Firewall to firewall Uses the Internet as the public backbone to access a secure
More informationRenesas Synergy MCUs Build a Foundation for Groundbreaking Integrated Embedded Platform Development
Renesas Synergy MCUs Build a Foundation for Groundbreaking Integrated Embedded Platform Development New Family of Microcontrollers Combine Scalability and Power Efficiency with Extensive Peripheral Capabilities
More informationChapter 8 Information Technology
CRIM 2130 Introduction to Critical Infrastructure Protection Spring 2016 Chapter 8 Information Technology School of Criminology and Justice Studies University of Massachusetts Lowell Enterprise systems
More informationApplication Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )
Application Note Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder ) This document describes how to configure McAfee Firewall Enterprise to provide
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationRTCWEB Working Group. Media Security: A chat about RTP, SRTP, Security Descriptions, DTLS-SRTP, EKT, the past and the future
RTCWEB Working Group Media Security: A chat about RTP, SRTP, Security Descriptions, DTLS-SRTP, EKT, the past and the future Dan Wing dwing@cisco.com IETF83 - March 2012 v2 1 Agenda Scope Upcoming Questions
More informationICS/SCADA Cybersecurity and IT Cybersecurity: Comparing Apples and Oranges
8 December 2017 HITCON PACIFIC 2017 ICS/SCADA Cybersecurity and IT Cybersecurity: Comparing Apples and Oranges Presented by David Ong CEO of Attila Cybertech Quote by Donald Rumsfeld But there are also
More informationMonitoring Remote Access VPN Services
CHAPTER 5 A remote access service (RAS) VPN secures connections for remote users, such as mobile users or telecommuters. RAS VPN monitoring provides all of the most important indicators of cluster, concentrator,
More informationCapacity Planning for Next Generation Utility Networks (PART 1) An analysis of utility applications, capacity drivers and demands
Capacity Planning for Next Generation Utility Networks (PART 1) An analysis of utility applications, capacity drivers and demands Utility networks are going through massive transformations towards next
More informationConnecting a Laser Level Transmitter to the Cloud
IOT-ASAP 2018 AT ICSA 2018, 2018-04-30 IoT Challenges for Smart Manufacturing Connecting a Laser Level Transmitter to the Cloud Heiko Koziolek, Senior Principal Scientist, ABB Corporate Research Germany
More informationUCOS User-Configurable Open System
UCOS User-Configurable Open System User-Configurable Open System (UCOS) UCOS is a complete control system solution. It includes graphical development software, a graphical human machine interface (HMI),
More informationCloudSky: A Controllable Data Self-Destruction System for Untrusted Cloud Storage Networks
CloudSky: A Controllable Data Self-Destruction System for Untrusted Cloud Storage Networks The material in these slides mainly comes from the paper CloudSky: A Controllable Data Self-Destruction System
More informationSIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017
SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and
More informationPerformance implication of elliptic curve TLS
MSc Systems & Network Engineering Performance implication of elliptic curve TLS Maikel de Boer - maikel.deboer@os3.nl Joris Soeurt - joris.soeurt@os3.nl April 1, 2012 Abstract During our research we tested
More informationLow Power Wide Area Network (LPWAN) Presented By: Dr. Hafiz Yasar Lateef Director, Telxperts Pty Ltd.
Low Power Wide Area Network (LPWAN) Presented By: Dr. Hafiz Yasar Lateef Director, Telxperts Pty Ltd. Low Power Wide Area Network (LPWAN) q Low-Power WAN Technologies are designed for machine-to-machine
More informationInitial connection setup. Adding subflow setup. Three-way handshake with MP_CAPABLE Exchange 64 bit key(key-a, Key-B)
- 2 - Despite the short history, Multipath TCP(MPTCP) prevails drastically As MPTCP was deployed, security concerns increase There have been multiple attempts at verifications to security of MPTCP Initial
More informationARX (Algorithmic Research) PrivateServer Hardware version 4.7 Firmware version 4.8.1
ARX (Algorithmic Research) PrivateServer Hardware version 4.7 Firmware version 4.8.1 FIPS 140-2 Non-Proprietary Security Policy Level 3 Validation April 2012 Copyright 2012 Algorithmic Research This document
More informationCisco Security Solutions for Systems Engineers (SSSE) Practice Test. Version
Cisco 642-566 642-566 Security Solutions for Systems Engineers (SSSE) Practice Test Version 3.10 QUESTION NO: 1 You are the network consultant from Your company. Please point out two requirements call
More informationSmart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability
Smart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability Communications and Embedded Systems Department Southwest Research Institute Gary Ragsdale, Ph.D., P.E. August 24 25,
More informationSecurity Requirements of FIPS PUB 140 & Reconfigurable Hardware. G. Bertoni Politecnico di Milano
Security Requirements of FIPS PUB 140 & Reconfigurable Hardware G. Bertoni Politecnico di Milano What is FIPS PUB 140? It is a standard, issued by NIST and CSE, to define different levels of security requirements
More informationXCo: Explicit Coordination for Preventing Congestion in Data Center Ethernet
XCo: Explicit Coordination for Preventing Congestion in Data Center Ethernet Vijay Shankar Rajanna, Smit Shah, Anand Jahagirdar and Kartik Gopalan Computer Science, State University of New York at Binghamton
More information[MS-SSRTP]: Scale Secure Real-time Transport Protocol (SSRTP) Extensions
[MS-SSRTP]: Scale Secure Real-time Transport Protocol (SSRTP) Extensions Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications
More informationSecurity in Power System Automation Status and Application of IEC Steffen Fries, Siemens Corporate Technology, June 13 th, 2017
Security in Power System Automation Status and Application of IEC 62351 Steffen Fries, Siemens Corporate Technology, June 13 th, 2017 Operator Integrator Vendor IEC 62351-10 Power Systems Security Architecture
More informationConnectivity 101 for Remote Monitoring Systems
Connectivity 101 for Remote Monitoring Systems Paul Wacker Moxa, Inc. Manager - Edge Connectivity Ariana Drivdahl Moxa, Inc. Product Marketing Manager Pain Points of Remote Monitoring Pressure to enhance
More informationINDUSTRIAL CONTROL SYSTEMS & COMPUTER PROCESS CONTROL
1 INDUSTRIAL CONTROL SYSTEMS & COMPUTER PROCESS CONTROL INDUSTRIAL CONTROL - DEFINED The automatic regulation of unit operations and their associated equipment as well as the integration and coordination
More informationSimplify System Complexity
Simplify System Complexity With the new high-performance CompactRIO controller Fanie Coetzer Field Sales Engineer Northern South Africa 2 3 New control system CompactPCI MMI/Sequencing/Logging FieldPoint
More informationM2351 Security Architecture. TrustZone Technology for Armv8-M Architecture
Architecture TrustZone Technology for Armv8-M Architecture Outline NuMicro Architecture TrustZone for Armv8-M Processor Core, Interrupt Handling, Memory Partitioning, State Transitions. TrustZone Implementation
More informationManaging Latency in IPS Networks
Revision C McAfee Network Security Platform (Managing Latency in IPS Networks) Managing Latency in IPS Networks McAfee Network Security Platform provides you with a set of pre-defined recommended settings
More informationOracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1
Oracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1 FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Version 1.2 12/12/2013 Copyright 2013 Oracle Corporation Table of
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationNetwork Security Platform 8.1
8.1.7.91-8.1.7.44 Manager-Virtual IPS Release Notes Network Security Platform 8.1 Revision B Contents About this release New features Enhancements Resolved issues Installation instructions Known issues
More information