SECURING CONTROL NETWORKS AGAINST OUTSIDE THREATS MARK BUCKLAND MAY 2015 2015 Echelon Corporation
IzoT PLATFORM PILLARS Full Monitoring and Control over IP Legacy Co-Existence and Evolution Industrial-strength Reliability Hardened Security
IzoT PLATFORM PILLARS Hardened Security
SECURITY FOR THE INDUSTRIAL INTERNET OF THINGS
KEY SECURITY CONCERNS Privacy Authentication/authorization Transport encryption Secure Web interface Cross-site scripting Poor session management Weak default credentials Secure firmware updates
KEY SECURITY GOALS End-to-end Transparent Integrated Balance Security and Convenience
360º SECURITY
LONTALK/IP PROTOCOL STACK SECURITY
IzoT SECURITY TODAY Authentication Duplicate Transaction Detection Security
DUPLICATE TRANSACTION DETECTION Avoid double execution of commands Guarantee correct message acknowledgment For Repeated Acknowledged message service Receive transaction database msg content + source address + selector + service type + msg code + trans id LonTalk/IP Compatibility Mode and classic LON: 4- bit transaction ID LonTalk/IP Enhanced Mode: 16-bit transaction ID Integrated into LonTalk/IP protocol stack
IzoT SECURITY TODAY Authentication Duplicate Transaction Detection Security
IzoT SECURITY TODAY Authentication Duplicate Transaction Detection Security
AUTHENTICATION Necessary to avoid man-in-the-middle middle attacks Used to authenticate Control messages Most network management commands Firmware updates Integrated into ISO 14908-1 Protocol layers 4/5 Shared 48-bit or 96-bit authentication key 8-bytes random challenge Per-message authentication
AUTHENTICATION Sender ON Challenge Response ACK Receiver
IzoT SECURITY TODAY Authentication Duplicate Transaction Detection Security
IzoT SECURITY NEXT GENERATION LONTALK/IP ENHANCED SECURITY (ES) Authentication Duplicate Transaction Detection Encryption Security
ENCRYPTION LONTALK/IP ES Encryption for NV updates and application messages Network management messages Firmware uploads via the network End-end encryption Integrated into LonTalk/IP ES protocol stacks Application-specific BYOE (bring your own pp p ( g y encryption)
ENCRYPTION (AND AUTHENTICATION) LONTALK/IP ES NIST Suite B algorithms highest level for civilian use Interoperable with virtually all OS platforms ECC for asymmetric key encryption and authentication AES-GCM for symmetric encryption and authentication Record/playback attack resistance Multicast encryption and authentication Can be certified compliant to FIPS 140-2.1 by NIST Can be verified by an independent security lab
THE SECURITY LIFE CYCLE 1/3 Step 1: LonTalk/IP ES chip or module is manufactured Manufacturer root key pair is used to sign each DAKP Each of 3 DAKPs are stored in the private OTP - Used for mutual authentication during the enrollment process which creates the DMAKP - Individual DAKPs can be deleted in the field if the DAKP itself or the root key pair are compromised. DAKP Device Asymmetric Key Pair OTP One Time Programmable memory DMAKP Domain Asymmetric Key Pair
THE SECURITY LIFE CYCLE 2/3 Step 2: LonTalk/IP ES chip or module is integrated into a product using one of 2 security policies Enrollment and DMAKP generation happens at system integration time - Device is vulnerable to tampering until system integration Enrollment and DMAKP generation happens at device manufacture time - Device is protected from the time it leaves the factory - System integrator will need the (private portion of the) DMAKP to use the device. This is communicated out of band
THE SECURITY LIFE CYCLE 3/3 Step 3: Devices get a common DSK for peer-to-peer secure communication from the TMC DAKP and DMAKP are used to generate a shared secret using the ECDH algorithm. The shared secret is used to authenticate and encrypt during the DSK propagation process. To meet the requirements of AES-GCM, the TMC will periodically need to change the DSK Same process as above is used to change the DSK DSK Device Symmetric Key TMC Trusted Management Console. The network manager for the security subsystem. Responsible for generation and management of the DMAKP, DSK and re-keying the DSK.
I ot INFRASTRUCTURE SECURITY IzoT INFRASTRUCTURE SECURITY NO MORE GATEWAYS
IP LEVEL SECURITY PAYLOAD System security is as week as its weakest link IP compression allows for encrypted payload to be untouched until destination End-end encryption from field device to remote server No gateways must be used IzoT platform natively supports IP wired and wireless links 6LowPAN for 802.15.4 links IPv4 with compression for wired twisted pair links IPv4 for WiFi and Ethernett links Infrastructure devices must support secure WAN connectivity HTTPS and secure login Authenticated SOAP messages At least MD5 authentication
END-END ENCRYPTION IP over Ethernet 192.168.1.23 192.168.1.25 IzoT Device on Eth 192.168.2.30 192.168.2.31 -/2/30 -/2/31 IzoT Device on Eth IzoT Router 192.168.1.23 192.168.1.25 -/1/23 -/1/25 IP over FT (compressed) -/2/30 -/2/31 IzoT Devices on FT
IzoT SECURITY SUMMARY Authentication and encryption engine Security primitives integrated in protocol stack End end encrypted End-end encrypted payload
Q&A
THANK YOU