Aprisa SR Family Technical Paper - Security Challenges In Narrowband SCADA Networks UTC 2015
1. Security Challenges In Narrowband SCADA Radio Networks John Yaldwyn, CTO, 4RF
2. 2 © 2015 4RF USA, Inc | Public SCADA – supervision control and data acquisition definition SCADA is a transformative process, connecting the real world with a digital counterpart CONTROL MEASURE REAL WORLD CYBER WORLD
12. 12 © 2015 4RF USA, Inc | Public Over - the - air message encryption AES Encryption Cipher text Plain text AES Encryption Plain text Cipher text Hacker Radio path
15. 15 © 2015 4RF USA, Inc | Public OTAR operation using Key Wrap Even if hacker has discovered current SEK he is unable to unwrap new SEK Use KEK to encrypt new SEK • Result is wrapped new SEK Transmit wrapped new SEK over - the - air Unwrap new SEK using previously loaded KEK AES Encryption AES Encryption Hacker
3. 3 © 2015 4RF USA, Inc | Public SCADA – supervision control and data acquisition Connection between field area network devices and utility industrial control system (ICS) is commonly over a private wireless network using radio or cellular backhaul Hacker ACTUATORS SENSORS R T U R A D I O ICS Industrial Control System But we are not alone!
4. 4 © 2015 4RF USA, Inc | Public 21 st Century SCADA radio SCADA radio is a widely deployed traditional solution with a strong heritage Dedicated system are highly resilient compared with shared public solutions [ 1] Point to multipoint operation, typically with directional antennas at remote sites Licensed narrowband options • 220, 450, and 900 MHz FCC Part 90, Part 24, and Part 101 (including MAS ) SCADA radio much faster than systems based on land mobile radio standards 
16. 16 © 2015 4RF USA, Inc | Public Security key management summary Changing encryption keys at regular intervals significantly improves the security of the network The NIST Key Wrap method provides the ability to change the encryption keys remotely throughout the network Need to carefully maintain shared secret keys • Change SEK daily/monthly/quarterly as desired • Change KEK when crypto officer changes or in any circumstances that could give rise to compromise i.e. NERC defined cyber incident  S EK KEK Wrapped Key
6. 6 © 2015 4RF USA, Inc | Public Real world drivers Private narrowband radio is a key technology for utility SCADA addressing the needs of reliability , redundancy, and resilience IP SCADA products bring new protocol, security, and management needs and drive expectations for radio system capacity requirements  • Vendors are responding with new high speed designs up to 200 kbps Using IP is not the same as ‘the Internet’ but they share the same protocols • Need for a careful security approach
13. 13 © 2015 4RF USA, Inc | Public CBC MAC method [8 , 9 ] Block cipher = AES Create unique message fingerprint • Message authentication code (MAC) Randomize with Nonce C59BCF1 • a nd Counter 00000000, 00000001, ... Send unique M AC with message for checking by receiver Over - the - air message authentication – CBC MAC
10. 10 © 2015 4RF USA, Inc | Public Security – SNMP management SNMP is a unified, open network management protocol, supported by many vendors Industry converging on SNMP and away from proprietary applications Authorisation levels verify that the user sending command is authorized to access the information but must use SNMPv3 as this version has security extensions  • Allow only AES and SHA, disable DES and MD5 as these are no longer secure Built - in credential change mechanism, use this regularly over secure IP circuit • Keys generated from USM user passphrases [RFC 3414]
17. 17 © 2015 4RF USA, Inc | Public GUI security Most modern SCADA devices include an embedded web server to provide convenient configuration by installers and end users Authorisation levels limit end user accessible parameters • Limiting the number of personnel who can change functional settings reduces the potential of inadvertent change or malicious tampering Authentication with username and password ensures that the end user must be approved by the system administrator before gaining access to the radio • Can be done with locally stored credentials • Most popularly done with centralized authorization server using RADIUS method Session cookies should expire when the end user’s browser is closed Automatic logout in the event of a user failing to end their management session Also need to secure browser to web server communications to prevent hacker observing username and password credentials
19. 19 © 2015 4RF USA, Inc | Public Browser to web server security Need to secure browser to web server communications HTTPS secures normal web HTTP over a encrypted link implemented with TLS Two step process • Establish trust between browser and server to facilitate exchange of session key • Use session key as a shared secret key to encrypt  communications Trust process usually based on certificate supporting a public key infrastructure • Historically based on RSA public key – difficult factorization of large integers • Industry migrating to ECC  – difficult solution to elliptic curve discrete logarithm Certificates installed in web server and in browser, verified via a central known root R A D I O
5. 5 © 2015 4RF USA, Inc | Public 100 km 50 km 20 km 10 km 1 km 10 kbps 100 kbps 1 Mbps 10 Mbps 50 Mbps 100 Mbps Over The Air Speed Transport Voice, IP, video, serial Spectrum Licensed 25 kHz and up Infrastructure Private Cost $$$$ Point to Point Wireless technology options Transport Serial, IP Spectrum Licensed 12.5, 25 kHz Infrastructure Private Cost $ Private Narrowband Transport Serial, IP, limited video Spectrum Licensed 12.5 to 50 kHz Infrastructure Private Cost $$ Private Narrowband Transport Serial, IP, video Spectrum Unlicensed 900 MHz Infrastructure Private Cost $$ Private Unlicensed Transport Voice, serial, limited IP Spectrum Licensed 12.5 kHz Infrastructure Private Cost $$$ Land Mobile Transport Voice, serial, IP, limited video Spectrum Network Operator Infrastructure Public Cost leased Cellular Narrowband Broadband
18. 18 © 2015 4RF USA, Inc | Public RADIUS authentication , authorization, and accounting Username/password required, these can be stored locally or in corporate cloud or both Methods include RADIUS [RFC 2865, and RFC 5080] • Local database often retained to allow access if corporate server not available • Audit functions via Accounting Start/Updates/Stop records [ RFC 2866] Username and password In local data base? Success Failure RADIUS server(s) lookup Access request Access accept Accounting R A D I O
20. 20 © 2015 4RF USA, Inc | Public Browser to web server security – elliptic curve crypto (ECC) NIST deadline for 1024 to 2048 bit RSA certificates was end of 2013 As RSA keys get longer the CPU load increases, important for embedded device servers ECC offers more security for shorter key size, ECC 256 similar difficulty to 3072 bit RSA • ECC 256 said to be 10,000 times harder to ‘crack’ than 2048 RSA PKI certificate and ECC used to exchange session key for encryption NIST recommends AES in GC mode (RFC 5288 for TLS) based on NSA Suite B • Key aspect of Suite B is use of ECC technology NIST recommends a 256 bit ECC or 3072 bit RSA key for 128 bit AES key transfer Google’s Chrome considers TLS 1.2 + AES 128 GCM ‘modern cryptography’
7. 7 © 2015 4RF USA, Inc | Public Security – typical ICS network architecture Use of IP provides well standardized interface hence well defined attack surface  ICS integrity critical • The security of all interfaces must be considered  Capacity considerations • ICS LAN fast while radio links slow 10 to 240 kbps System design is important • Filtering rules [10, 11] • Routing tables • VLAN arrangements  • QoS measures RTU 100 Mbps corporate Ethernet network 100 Mbps Ethernet switch Serial or IP RTU ICS servers ICS LAN SCADA radio base station 1 of n remotes
22. 22 © 2015 4RF USA, Inc | Public Secure access summary Disable non - secure management protocols • Telnet • Old SNMPv1 and v2 versions • Insecure proprietary methods Consideration of physical means to circumvent protections – FIPS 140 - 1 L2 tamper evident Modern security protocols • SNMP v3 • Encryption / authentication / OTAR • HTTPS TLS ECC Restriction on management access • By port • By authentication • Access control, audit, and RADIUS
11. 11 © 2015 4RF USA, Inc | Public Over - the - air symmetric message encryption Encryption is used to reduce information leakage Robust cryptographic algorithm approach important, today this is AES  • FIPS 140 - 2 Level 1 (algorithm) Level 2 (physical considerations)  • Key is symmetric, same key used to decrypt as used to encrypt • AES block size is 128 bits with a key lengths of 128 , 192, or 256 bits Security based on algorithm design and shared secret key • Algorithm is public so key must be secret Why change the key? Regularly changing key increases security and guards against compromise • Need a means to distribute new keys
14. 14 © 2015 4RF USA, Inc | Public Over - the - Air Rekeying – NIST Key Wrap Key Wrap mechanism supports the secure distribution of a session encryption key (SEK) by encrypting with a pre - stored encryption key ( KEK)  • SEK used for normal traffic transmission , changed over - the - air • KEK used for encrypting keys , manually loaded into terminals at deployment The input to the key wrap process is the KEK and the new SEK (optionally with other data) treated as the plaintext to be wrapped AES Encryption Cipher T ext = Wrapped Key Plain text Key Encryption Key New Session Key  Actually not just AES but algorithm to RFC 3394
9. 9 © 2015 4RF USA, Inc | Public Security – confidentiality and authentication A secure network must be designed around maintaining confidentiality and authenticating devices, users, and messages Encryption is used to reduce information leakage as far as possible • Today the robust cryptographic AES algorithm is used [FIPS 197] • Industry best practice is regular key change (over the air) Network authentication of devices and messages • Prevents replay and man - in - the - middle attacks • Implemented using AES combined with the NIST specified CBC MAC method of authentication [NIST report SP 800 - 38C 2004 and RFC 3610] Management authentication of users • Username / password with access control lists • Move to remote user authentication with RADIUS • Audit user activity
8. 8 © 2015 4RF USA, Inc | Public Security should be designed in from the start A comprehensive and in - depth approach to cyber security from the start is the best way to protect a network Must take into account key concerns • Security fundamentals of integrity, availability, confidentiality and non - repudiation • Communications and control systems are subjected to attack from many sources, internal and external, malicious and accidental (disable unused features) • Types of traffic and interface ports, management and data that could be compromised – disable insecure protocols • Security standards and recommendations , NERC CIP, NIST , FIPS, IETF, etc Image : Vincent Diamante 360 ° Security Secure the perimeter around the environment of the SCADA product, all external ports must be secured – traffic and management Serial Wireless Ethernet USB
23. 23 © 2015 4RF USA, Inc | Public References 1. Recommendations of the Independent Panel Reviewing the Impact of Hurricane Katrina on Communications Networks, Order, EB Docket No. 06 - 119, WC Docket No. 06 - 63 2. TETRA+ Critical Communications Association ‘TETRA versus DMR’, October 2012 3. Kwok - Hong Mak, ‘Migrating electrical power network SCADA systems to TCP/IP and Ethernet networking’, Power Engineering Journal Volume 16, Issue 6, December 2002 4. ABB Switzerland Ltd ‘SCADA over IP - based LAN - WAN connections’, March 2011 5. NSA Systems & Network Analysis Centre ‘Securing Supervisory Control and Data Acquisition (SCADA) and Control Systems (CS)’ 6. NIST FIPS PUB 197 Advanced Encryption Standard (AES) 7. RFC 3394 Advanced Encryption Standard (AES) Key Wrap Algorithm 8. NIST publication SP 800 - 38C ‘Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality’ 9. RFC3610 Counter with CBC - MAC (CCM) 10. Muralidaran Gangadharan, Kai Hwang, ‘Intranet Security with Micro - Firewalls and Mobile Agents for Proactive Intrusion Response’, Proceedings of the 2001 International Conference on Computer Networks and Mobile Computing, p.325, October 16 - 19 2001 11. CPNI Firewall Deployment for SCADA and Process Control Networks Good Practice Guide’ 12. NERC CIP - 008 Incident Reporting and Response Planning 13. FIPS 140 - 2: Security Requirements for Cryptographic Modules 14. RFC 3410 ‘Introduction and Applicability Statements for Internet Standard Management Framework’ 15. NSA Suite B and NIST Special Publication 800 - 56A, NIST SP 800 - 38D, and RFC4492 16. NSA ‘The Case for Elliptic Curve Cryptography’ 17. NERC CIP Version 5 Reliability Standards
21. 21 © 2015 4RF USA, Inc | Public How does RSA / ECC work? The security of PKI systems is based on difficult solutions to mathematical problems, the difficulty forming a one - way function often called a trapdoor RSA is based on difficult factorization of large integers • RSA biprime number n has prime numbers p and q such that n = p × q • Find two primes p and q given only n i.e. factoring n = 91 gives p = 7 and q = 13 • Easy to multiply but harder to factor, increase integer to hundreds of digits ... ECC security based on the ease of a point multiplication and the difficulty to compute the multiplicand given the original and product point – a one way function • Elliptic curves defined as y 2 = x 2 + ax +b • Restricting the number field to a finite number of points Fp • Generates a finite group of points (y pairs for each x value) • Can add a point to itself nP = P + ... + P for integer n and a point P = (x, y ) • But can’t find n from Q = nP given known values of Q and P Apologies to mathematics for this gross simplification! Image: Wikimedia
- 1469 Total Views
- 1125 Website Views
- 344 Embeded Views
- Social Shares
- 0 Likes
- 0 Dislikes
- 0 Comments
- 0 Facebook
- 0 Twitter
- 0 Google+
airOS 7 User Manual5568 Views .
CradlePoint IBR650 Manual5169 Views .
Viper SC User Manual5082 Views .
CradlePoint MBR1400 Manual4005 Views .
EZwarePlus Programming Manual3830 Views .
Integra-TR Quickstart Guide3599 Views .
Cradlepoint AER1600 User Manual3359 Views .
Cradlepoint AER1600 Quick Start Guide3357 Views .
ASCII Character Table3318 Views .
Sure Call Fusion5 User Guide3229 Views .
i-TRiLOGI Tutorial - Getting Started3226 Views .
Aprisa SR+ Migration Master Station Datasheet3046 Views .
Aprisa SR+ Datasheet3001 Views .
Nano-10 User Manual2998 Views .
EZWare-5000 Programming Manual2704 Views .
i-TRiLOGI Programmer Reference Manual2635 Views .
EZwire1616 User Manual2625 Views .
Phantom II Manual2541 Views .
LCD216 User Manual2478 Views .
Picostation M2 HP Datasheet2380 Views .