P2P-Enabling for Critical Infrastructure Protection

Transcription

1 AUTONOMICS 2009 P2P-Enabling for Critical Infrastructure Protection Abdelmajid Khelil, Hamza Ghani, Daniel Germanus and Neeraj Suri Technische Universität Darmstadt, Germany Cyprus, Sept. 10, 2009 Dependable Embedded Systems & SW Group DEEDS 1

2 Critical Infrastructures (CI): New Era Financial Infrastructures (FI) Cyber attackers empty business accounts in minutes (Network World, June 2009) 100 compromised payment cards used by a network of coordinated attackers retrieving (9M $) cash from 130 ATMs in 49 countries worldwide! SCADA: Supervisory Control and Data Acquisition based CI Researchers launched an experimental cyber attack causing a generator to self-destruct (CNN, September 2007) Cyberspies penetrate electrical grid (Reuters, April 2009) 'Smart Grid' Raises Security Concerns (Washignton Post, July 2009) Dependable Embedded Systems & SW Group DEEDS 2

3 Outline Critical Infrastructure Protection (CIP) Peer-to-Peer (P2P) Overlay Basis for CIP Non-Intrusive CIP Large scale, internet based passive monitoring The EU CoMiFin approach Financial infrastructure overlays Intrusive CIP Active monitoring The EU INSPIRE approach SCADA overlays Conclusions & Open Issues Dependable Embedded Systems & SW Group DEEDS 3

4 Critical Infrastructure Protection (CIP) Critical infrastructures (CI) Critical! Increasingly interconnected Not easy to modify/replace Aging, evolving (incremental) Main trends All-IP, COTS, Internet Higher interconnectivity Higher risks (vulnerabilities) Water distribution Power grid Telco Interconnected critical infrastructures Gas distribution Financial infrastructure Protection enhancements are needed Dependable Embedded Systems & SW Group DEEDS 4

5 Beneficial protection Requirements on CIP Mitigation/avoidance of known/hidden threats No perturbation of the CI functionality No added risks on core CIP functionality Minimal intrusiveness Easy to add-on Support for incremental technology penetration level Controllability Use on-demand Easy to shut-down Dependable Embedded Systems & SW Group DEEDS 5

6 Core Requirements Requisite CIP-specific monitoring Responsive (RT & reliable) information dissemination CIP-specific information analysis & control Dependable Embedded Systems & SW Group DEEDS 6

7 Core Requirements Requisite CIP-specific monitoring Responsive (RT & reliable) information dissemination CIP-specific information analysis & control Use of Overlays! Dependable Embedded Systems & SW Group DEEDS 7

8 Overlay Networks Middleware mask underlying heterogeneity Autonomicity/self-organization allows for Improved scalability Dynamic adaptation to changing conditions Domain tunability/customization Data storage and retrieval are inherent Data/path replication for fault-tolerance Rel. simple requirements TCP/IP stack Some new risks Network overhead Dependable Embedded Systems & SW Group DEEDS 8

9 P2P Overlay Networks Peers share resources and data Pure P2P vs. hybrid approaches Two ways to find data: It is directly addressed Structured P2P E.g., Chord, Pastry, Kademlia, CAN Distributed hashtables (DHTs): nodes - stored contents Differences in mathematical notions of address spaces, mechanisms of node lookup, data retrieval, routing and replication. It is searched Unstructured P2P E.g., Gnutella Dependable Embedded Systems & SW Group DEEDS 9

10 One-to-one P2P Applications P2P app. enables its owner to access peers E.g., ubiquitous access of own data Intrusive protection of CI One-to-many Enable the controlled sharing of data with trusted peers E.g., cooperation/collaboration Non-intrusive protection of CI Many-to-many Enable anonymous sharing and publishing of data E.g., file sharing Dependable Embedded Systems & SW Group DEEDS 10

11 1. Non-Intrusive Protection of CI Authorized passive monitoring Based on minimal/anonymized data CIP case study: Financial infrastructures Security for FI is a field of cooperation and not competition anymore! Information sharing and collaboration Spontaneous, however trustworthy One-to-many P2P application Dependable Embedded Systems & SW Group DEEDS 11

12 The EU CoMiFin Approach A secure communication middleware acts as a mean to exchange events and shared information between financial domains Proprietary networks Dependable Embedded Systems & SW Group DEEDS 12 UNICREDIT Financial Domains LLYODS TSB SWIFT AT&T ENEL CoMiFin system can be considered as a reserved space build inside Internet to disseminate critical data produce by the monitoring subsystem of each actor CoMiFin External parts of each actor are connected to Internet by CoMiFin components to exploit Internet s robustness CoMiFin secure communications Internet Source: CoMiFin Consortium

13 Semantic Rooms (SR) Share specific information with specific partners and under specific SLAs (Service Level Agreements) SR data handling, members and clients Dependable Embedded Systems & SW Group DEEDS 13 Source: CoMiFin Consortium

14 P2P-based overlays The CoMiFin Overlays Internet-based P2P-based connectivity Semantic rooms: Semantic overlay on top of connectivity overlays Three possible resource sharing models Private platform Third party-owned platform Mixed platform Dependable Embedded Systems & SW Group DEEDS 14

15 2. Intrusive Protection of CI Active monitoring Functionality enhancement CIP case study: SCADA systems Adopt established P2P techniques to increase the resilience of deployed SCADA systems One-to-one and one-to-many P2P applications Enhance RT and reliable information dissemination Dependable Embedded Systems & SW Group DEEDS 15

16 P2P Overlay on Interconnected SCADA P2P masks heterogeinity in Links: wired/wireless, reliable/best-effort Nodes (RTU.. PDA.. Server) Network topologies FI SCADA 2 Central rooms P2P overlay WAN SCADA 1 SCADA 3 RTUs Interconnected SCADA Systems Sensors/actuators Dependable Embedded Systems & SW Group DEEDS 16

17 The EU INSPIRE Approach Select/adopt the appropriate P2P architecture for SCADA systems Synthesize an envelope of best practices Maintain the application requirements on responsiveness (timeliness and reliability of sensor data and actuator commands transport) P2P routing protocols for SCADA data Path redundancy P2P secure distributed storage for SCADA data Data redundancy P2P-enabling New vulnerabilities Threat models for P2P-enabled SCADA Countermeasures to bound network overhead Dependable Embedded Systems & SW Group DEEDS 17

18 Ongoing P2P Overlay Issues Best practices for use of P2P technologies in CIP Benchmarking of P2P classes to CI classes Underlying topology Applications and their requirements Domain-tunable middleware (optional) On-demand P2P on-off Run-time selection of the appropriate technique Adaptation/reconfiguration of the same technique to requirements/situation Dependable Embedded Systems & SW Group DEEDS 18

19 Synopsis P2P overlays as Standalone passive monitoring Integrative/active supplemental functionality layer Promising approach for multiple CI domains Simple add-on Middleware for easy recovery and FT Open Issues Quality of achieved (supplemental) protection Protection/security metrics are needed P2P as inegrative monitoring layer Support security management (testing and monitoring) Establish, disseminate and manage trust Dependable Embedded Systems & SW Group DEEDS 19

20 CIP: FIP CIP: SCADA Dependable Embedded Systems & SW Group DEEDS 20