Wi-Fi Protected Access for Protection and Automation a work in progress by CIGRE Working Group B5.22 Dennis K. Holstein on behalf of CIGRE B5.22
This is an interactive discussion Who is CIGRE B5.22 What is Wi-Fi as defined by IEEE 802.11i Lets get technical WEP is not secure, so we now have WPA Now we have 802.11i Context is defined by limited-life keys What has this to do with Electric Power protection and automation Good question: we took a survey What did we learn Good news and bad news
CIGRE is one of the leading worldwide Organizations on Electric Power Systems Study Committees are the main players of the technical activities B5 is responsible for studying principles, design, application and management of power system protection, substation control, automation, monitoring and recording Working Groups perform studies clearly specified by Terms of Reference their product is a "Technical Brochure B5.22 was commission to Survey applications using Wi-Fi in protection and automation schemes Assess the mitigation of security vulnerabilities offered by IEEE 802.11i on system reliability and performance Recommend design requirements and prioritized security levels needed for Wi-Fi protected access related to critica mission protection and automation functions
Typically a Wi-Fi adapter card is embedded or insert nto a computer so data can be sent to other computers or the Internet via a short-range radio link to a Wi-Fi access point Wi-Fi provides simple wireless broadband access market leader in wireless technology Wi-Fi is a brand name coined by the Wi-Fi Alliance Wi-Fi products must be designed using an industry standard, known as IEEE 802.11 various subgroups within IEEE 802.11 each one is assigned a letter i subgroup is responsible for developing an amendment the 802.11 standard specifying security mechanisms for
802.11a,b,g and n 802.11a operates in the 5 GHz band Transfers 54Mbps Line of sight access because broadcast is directional (travels in only one direction at once) Never was accepted in the market 802.11b operates in the 2.4 GHz band Transfers 11Mbps Signal is omnidirectional (broadcasts in all directions at once) 802.11g operates in the 2.4 GHz band Transfers 54Mbps 802.11b and 802.11g are interoperable 802.11n solves the instability and interference issues with b & g Adds multiple input/multiple output (MIMO) Orthogonal frequency-division multiplexing (OFDM) Uses several different receiver and transmitter antenna Increased data broadcast simultaneously
E n u, w W iginal IEEE 802.11 did provide a security method reless Equivalent Privacy (WEP) Hacking software AirSnort published on the we WEP security was instantly rendered useless -Fi Protected Access (WPA) was the result Better data encryption Ability to authenticate users on large networks using a separate authentication service such as Remote Authentication Dial-In User Service WPA use of Pre-Shared Keys (PSKs) this is the problem
efines a new type of wireless network called Robust Security Network (RSN) Transitional Security Network (TSN) SN and WEP systems can operate in parallel PA and RSN share a common architecture and approac WPA has a subset of capability focused specifically on one way to implement a network RSN allows more flexibility in implementation RSN supports the Advanced Encryption Standard (AE cipher algorithm in addition to Temporal Key Integrity Protocol (TKIP) WPA focuses on TKIP mmon architecture covers procedures such as uppervel authentication, secret key distribution and key newal all which are relevant to both TKIP and AES
How to establish and maintain a security context between th wireless LAN devices usually a mobile device and an access point This context is the secret key upon which security heavily relies RSN the security context is defined by the possession of limited-life keys temporal keys Creation of keys is done in real time as the security conte is established, after authentication Updated from time to time Always destroyed when the security context is closed Authentication is based on some shared secret that cannot created automatically basis for all authentication methods is the entity to be authenticated possesses some special information in advance, which is called the master key the master key is rarely, if ever, used directly; it is used t t l k y y
Extendibility through Security Layers EP was defined within a gle standard No security layers Poor scaling PA & 802.11 is based on security layers Wireless LAN layer Access Control layer Authentication layer N can fit into existing curity architectures EE 802.1X deals with rt access control Licensed Server Proxy Server Authentication Server Authenticator Wireless LAN Key Distribution Network(s) Authentication Client Operating System Supplicant Wireless LAN User Authenti Laye Access C Lay Wireless Laye Access Point Mobile Device
Some definitions Supplicant: an entity that wants to have access Authenticator: an entity that controls the access gate Authorizer: An entity that decides whether the supplicant is to be admitted 5 steps 1. Authenticator is alerted by the supplicant 2. Supplicant identifies itself 3. Authenticator requests authorization from the authorizer 4. Authorizer indicates YES or NO 5. Authenticator allows or blocks access Supplicant needs a token that proves that it has been authorized Three protocols used for WPA and RSN IEEE 802.1X foundation for WPA and RSN EAP: Extensible Authentication Protocol (RFC2284) RADIUS: Remote Authentication Dial-in Service Method of choice for WPA Optional for RSN
protection and automation Does you currently use, or plan to use, wireless LAN based on IEEE 802.11 for substation communications inside the fence? Do security issues have an effect on your decision to not use wireless communications in the substation? Do you feel your utility could benefit by having the capability to get IED technical support at any time regardless of location? Does your utility have a need for local access to the substation IEDs without entering the substation?
More survey questions Does your utility have a need for local access to IEDs that are difficult to physically reach because of terrain or environmental conditions? Is your utility concerned about possible security risks in using wireless for mission critical tasks? Has a security risk assessment been performed at your utility that includes possible use of wireless communications for protection and automation? What operational and enterprise applications does your utility use (plan to use) wireless technology?
What did we learn Are the security mechanisms adequate YES, but utilities need to enforce two principles The principle of least privilege The principle of deny everything not-specifically-allowed Given the organizational complexities of power system operations can a system that relies on limited-life keys be efficiently managed Depends on the degree of complexity Closed self-contained operations YES Open federated operations - NO
n effective security management schem Security Management Center Video Surveillance Firewall/DMZ Satellite Key Material Authentication Key Operations Center Business Functions. Leased Lines Intranet Internet Auditing Admin Network License Server SCADA Radio Communications Authentication Key Key Distribution Modem Local Management Port Substation Key Material Admin Workstation Certificate Authority Key Management Appliance (proxy server) Key Material WAN or Internet Key Distribution Key Material SCM Maintenance Port RTU IED - Relay Maintenance Port Wireless Access Modem MCM Key Material Local Management Port Authentication MCM
Organizational complexity
f n n
q se 802.11 am I secure? f you use WEP No f you use WPA with passphrases - Yes f you use 802.11i - Yes es 802.11 address access control? NO, see 2.1X a small utility can I efficiently manage the ying material? f you implement a Security Management Center Yes f you use a trusted third-party security manager - Yes on t want stovepipe solutions - does 802.11i fit h a comprehensive solution? es, because 802.11i implements a layered schema which is caleable ttom line: Do it right and you're secure
I m a large complex utility and I need to control access and use privileges Between internal organizations With business partners With support organizations With ISO, government and regulatory agencies Good news: 802.11i is secure that s not the problem Good news: If you can force a hierarchical management scheme, a well defined solution is available Bad news: ISO, Government, and Regulatory agencies are the problem You have a management nightmare on your hands A federated, not a hierarchical, scheme is needed A well understood federated management scheme does not exist