The Smart Grid Security Innovation Alliance. John Reynolds October 26, 2011 Cambridge, Massachusetts

Similar documents
Adding value to your MS customers

Who s Protecting Your Keys? August 2018

Improving Security in Embedded Systems Felix Baum, Product Line Manager

Implementing and Administering Security in a Microsoft Windows 2000 Network Course 2820 Five days Instructor-led Published: February 17, 2004

Security Fundamentals for your Privileged Account Security Deployment

IoT It s All About Security

Network Security Essentials

Smart Grid Security. Selected Principles and Components. Tony Metke Distinguished Member of the Technical Staff

KeyOne. Certification Authority

The SafeNet Security System Version 3 Overview

Security: The Key to Affordable Unmanned Aircraft Systems

IMPLEMENTING MICROSOFT CREDENTIAL GUARD FOR ISO 27001, PCI, AND FEDRAMP

HOW SNOWFLAKE SETS THE STANDARD WHITEPAPER

Cryptography and Network Security

Advanced Security Measures for Clients and Servers

Acknowledgments. CSE565: Computer Security Lectures 16 & 17 Authentication & Applications

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

Security+ SY0-501 Study Guide Table of Contents

Substation. Communications. Power Utilities. Application Brochure. Typical users: Transmission & distribution power utilities

IDACCS Wireless Integrity protection in a smart grid environment for wireless access of smart meters

OpenWay by Itron Security Overview

Industrial Control System Security white paper

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

Overview. SSL Cryptography Overview CHAPTER 1

National Identity Exchange Federation. Trustmark Signing Certificate Policy. Version 1.0. Published October 3, 2014 Revised March 30, 2016

Cryptography and Network Security Chapter 14

Enhanced Privacy ID (EPID), 156

Connecting Securely to the Cloud

Smart Grid vs. The NERC CIP

Grid Computing Security

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

KEY DISTRIBUTION AND USER AUTHENTICATION

Verteilte Systeme (Distributed Systems)

TECHNOLOGY Introduction The Difference Protection at the End Points Security made Simple

Hybrid Identity de paraplu in de cloud

The Common Controls Framework BY ADOBE

FPKIPA CPWG Antecedent, In-Person Task Group

A SIMPLE INTRODUCTION TO TOR

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Windows IoT Security. Jackie Chang Sr. Program Manager

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:

Provisioning secure Identity for Microcontroller based IoT Devices

SIEM Solutions from McAfee

Applications of Attestation:

SECURING MOBILITY. Through the Canadian Medium Assurance Solutions Program. ICMC May Greg Hills Director, Architecture and Technology Assurance

Windows 10 Security & Audit

nshield GENERAL PURPOSE HARDWARE SECURITY MODULES

Identity Provider for SAP Single Sign-On and SAP Identity Management

Towards Trustworthy Internet of Things for Mission-Critical Applications. Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things

Thales e-security. Security Solutions. PosAm, 06th of May 2015 Robert Rüttgen

Connectivity 101 for Remote Monitoring Systems

Security and Privacy in Cloud Computing

Security Enhancements

Cybersecurity with Automated Certificate and Password Management for Surveillance

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

CS 425 / ECE 428 Distributed Systems Fall 2017

Microsoft Privacy Protected Network Access: Virtual Private Networking and Intranet Security

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

Security Architecture

CMB-207-1I Citrix Desktop Virtualization Fast Track

Payment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire Version 2.

How Threat Modeling Can Improve Your IAM Solution

Survivable Trust for Critical Infrastructure David M. Nicol, Sean W. Smith, Chris Hawblitzel, Ed Feustel, John Marchesini, Bennet Yee*

Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution

PKI Credentialing Handbook

Chapter 24 Wireless Network Security

XenApp 5 Security Standards and Deployment Scenarios

Kerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos

Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP,

Secure automotive on-board networks

Cisco Secure Boot and Trust Anchor Module Differentiation

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

Getting to Grips with Public Key Infrastructure (PKI)

Trojan-tolerant Hardware

IoT & SCADA Cyber Security Services

NRENs and IoT Security: Challenges and Opportunities. Karen O Donoghue TICAL 2018 Cartagena 4 September 2018

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

Security and Privacy in Computer Systems. Lecture 7 The Kerberos authentication system. Security policy, security models, trust Access control models

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Network Virtualization Business Case

IBM KeyWorks Accelerate Development of your Secure e-business Solutions Sekar Chandersekaran IBM

Some Lessons Learned from Designing the Resource PKI

A company built on security

VMware, SQL Server and Encrypting Private Data Townsend Security

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Enterprise & Cloud Security

CyberArk Privileged Threat Analytics

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

Using Smart Cards to Protect Against Advanced Persistent Threat

Trusted Computing Use Cases and the TCG Software Stack (TSS 2.0) Lee Wilson TSS WG Chairman OnBoard Security November 20, 2017

OpenWay Security Overview

SMart esolutions Information Security

EEC-682/782 Computer Networks I

Credential Management in the Grid Security Infrastructure. GlobusWorld Security Workshop January 16, 2003

Lindström Tomas Cyber security from ABB System 800xA PA-SE-XA

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

Version 3 X.509 Certificates

Identity and Authentication PKI Portfolio

Securing V2X communications with Infineon HSM

Transcription:

The Smart Grid Security Innovation Alliance John Reynolds October 26, 2011 Cambridge, Massachusetts

The SGSIA addresses the entire ecosystem. The Smart Grid Security Innovation Alliance is a working association dedicated to practical deployment of the smart grid complex system solution in the United States: Utilities Systems integrators Manufacturers Technology partners National certification and interoperability entity The alliance is intended to give the CEO of a utility the purview of up-to-the moment knowledge of the options available to make wise investment decisions regarding infrastructure deployment for optimal returns. The variation includes the proper orientation for large, medium, and small utilities.

SGSIA Participants First Build Integrated Architectures Drummond Group Sypris SAIC HereNow TeamF1 Tibco NitroSecurity Pitney Bowes McAfee Tiger s Lair PsiNaptic Green Hills DTI Subsequent Builds Verizon Schweitzer Engineering Labs M2M Dynamics* Coulomb Wurldtech OSIsoft SNMP Research Honeywell VeriSign Entrust SafeNet Thales Microsoft Nakina Telcordia Itron Echelon Wind River Ambient Mocana

Our strategy is to provide certified interoperability to the key devices controlling the grid. All points must connect to each other in an end-to-end system. The embedded systems include: The HSM solution would be embedded at each critical point in the energy infrastructure.

The general approach to power distribution requires a thin overlay of end-to-end management services. Central Control Substation Relay Neighborhood Relay Local Area Relay Communications / Firewall Communications Communications / Firewall Communications / Firewall FTL (E&LM) E&LM E&LM Master Agent E&LM Posture Validation Remediation Server Multicast Alert Relay MA Cell Manager SA SA SA SIEM Jini SP SA Sensor Mgt SA Meter App Cell SA SA Meter App Meter App Local

The Department of Energy Tailored Trustworthy Spaces A tailored trustworthy space (TTS) provides a flexible, adaptive, distributed operating system environment for a set of devices and applications that can support functional and policy requirements arising from a wide spectrum of activities in the face of an evolving range of threats. A TTS recognizes a device s context and evolves as the context evolves.

Let us define the Security Fabric by building a control system.

In a control system, there are a controller and several devices controlled by remote device nodes.

Sometimes they are redundant for high availability.

Enet Enet They talk to each other using IP-based switches.

They have management workstations and servers that supervise the controller and device nodes.

Security management is administered on the security server but real-time security operations happens on the domain server.

The Security Fabric permeates the distributed management functions, but is mostly separate from the application functions. Our strategy is to separate the management functions from the application functions as much as possible so that if the application becomes compromised or inoperable, the management system can easily be used to remediate the problem.

With this in mind, both the and the keep the management functions separate from the application.

Hypervisor Hypervisor This is done using a separation kernel to keep the application from ever interfering with the management functions. The hypervisor creates two different virtual machines on both the as well as the They function like two completely separate machines within each physical machine.

The application in the controller monitors and controls the application in the device node. These use the same physical wire, but must be securely isolated. Session

And the management functions and policies in the controller supports the management agent in the device node. These use the same physical wire, but must be securely isolated. Session Session

These are the seven tenets of security as described in the NIST-IR 7628 Guidelines. 1. Identity Ensures the device identity is established genuinely 2. Mutual Authentication Allows both the and the to verify the trustworthiness their identity to each other. 3. Authorization Manages permission to proceed with specific operations. 4. Audit Records noteworthy events for later analysis 5. Confidentiality Encrypts sensitive data for matters of privacy. 6. Integrity Ensures that messages have not been altered. 7. Availability Prevents denial of service attacks To establish the secure communications from the to the using the Security Fabric elements, let us proceed in chronological order.

The must power on before any of the device nodes can use it.

Identity is the most crucial aspect of embedded security we use a Hardware Security Module to protect the unique identity of the. HSM Identity generated & stored here as part of the secure supply chain process. Identity This is a special purpose ASIC that is FIPS 140-2 level 3 certified. (Environmentally tamper resistant) It houses an array of crypto functions. It self-generates and hides the secret key that identifies the device. It manages the public key as well as the key management functions over the lifetime of the device. It also maintains the secure clock for the device.

Step two is to use the secure identity to mutually authenticate and get credentials from the Domain Server that uses Active Directory and its Kerberos PKINIT service meant to support embedded devices. HSM Authentication Authorization Mutual Authentication Mutual authentication occurs first The then authorizes the download of additional security information

Step three is to use the secure credentials exchange to determine the authentic paths to important management servers, and to download the up-to-date whitelist. HSM Auditing IPsec VPN Proxy At registration time, the also verifies the secure path to the Firmware repository and configuration synchronizer on the Database Server Event management service on the Historian Secure time service on the Domain Server The Domain Server maintains the valid security certificates deleting the ones that have been revoked It downloads the whitelist at registration (or any time else on demand). The Historian records the fact that the is now operating.

Flash Step four is to update the firmware to the latest rev if it is out of date. Confidentiality IPsec VPN Proxy Policy Change Mgt Problem Mgt If the firmware is out of date or not yet loaded. The Change policies will Download the manifest of firmware that has been assigned for the device Attest to the fact that the signatures are good so that the firmware is trusted Store the new (as well as the old) firmware to persistent flash memory Transition gracefully into production according to the current policies. IPsec ensures the software cannot be monitored and copied during downloads.

All s that want to be part of the Security Fabric must also authenticate with the Domain Server (the trusted third party) whenever they power up. HSM Authentication Authorization Mutual Authentication This prepares the to join the tailored trustworthy space.

The authentication ticket received from the Domain Server contains a section encrypted by the public identity key plus a section encrypted by the public identity key. HSM Authentication Authorization Mutual Authentication The Device Node also requests a ticket to talk to the. The Domain Server encrypts a portion using the identity of each of the two machines.

The next step is for the to establish secure communications with the. Authentication Authorization Mutual Authentication Mutual Authentication The Device Node requests to join the Security Fabric using the ticket now also trusted by the.

Once authenticated, the device node can proceed to establish two secure paths to the : one for management purposes and one for application purposes. Confidentiality IPsec VPN These use the same physical wire, but must be securely isolated. IPsec VPN Session Session

The small embedded firewall in the communications path protects against denial of service attacks as well as a number of sophisticated malware attacks. Availability IPsec VPN Firewall These use the same physical wire, but must be securely isolated. IPsec VPN Firewall Session Session

The inter-process communications services of the middleware uses messages to communicate back and forth between the and the over the secure sessions. Inter Process Message Session Inter Process

The inter-process communications services computes a secure message digest and appends it to the end of each message to ensure that the message is never altered in flight. Integrity Message Digest Message MD Inter Process Inter Process Session

Event Loop So now, the and the can commence doing real work without ever having to think about the security aspects of the system. Event Loop Event Loop Event Loop Event Loop Event Loop Event Loop Event Loop Exception Handler Message Exception Handler Transform Down Stream Session Transform Down Stream

In Summary, provides the features for embedded security based on the NIST-IR 7628 guidelines. It also provides a framework for a tailored trustworthy space. Kerberos is an integral element for the private network side of smart grid security.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback