Secrets of Crypto Technology Unleashed for Enhanced · PDF fileSecrets of Crypto Technology...
Transcript of Secrets of Crypto Technology Unleashed for Enhanced · PDF fileSecrets of Crypto Technology...
Secrets of Crypto Technology Unleashed for Enhanced ICS Cybersecurity
Chris Guo Principal Engineer Ultra Electronics, 3eTI
3eTI SLIDE 2
© 2017 Ultra Electronics
• Overview of Cryptographic Technologies
• Crypto gaining acceptance at rapid speed
• ROI become beneficial
• Applying Crypto to ICS Networks
• ICS Crypto Protocols
• Crypto in ICS Product Designs
• Q & A
Agenda & Background Raise awareness and prompt adoption
Ultra Electronics, 3eT – 20 years of history in
secured software/hardware R&D, provider of secured wireless products for government agencies.
– Provide cyber security solutions, including ICS cyber security to DoD customers
3eTI SLIDE 3
© 2017 Ultra Electronics
• Confidentiality (Privacy)
• Integrity (Replay)
• Availability (DoS Attacks)
• Authentication (Identity)
• Authorization (Privileges)
• Non-repudiation (Undeniable Action)
Key Crypto Security Concepts
3eTI SLIDE 4
© 2017 Ultra Electronics
Cryptographic Technologies Algorithms are the building blocks of meeting security requirements
• Block Ciphers (Symmetric ciphers, AES) – Mode: CCM/CMAC, GCM/GMAC, XTS-AES, KW/KWP
– CCM, GCM offers both privacy and integrity
– CMAC/GMAC integrity only
– KW/KWP for key wrap
• Digital Signatures (Asymmetric ciphers, RSA, ECDSA, DSA) – >=112 bits of security strength
• Secure Hashing (SHA1, SHA2, SHA3) – SHA1 should NOT be used in signature generation, time stamp generation after 2015
– SHA-256 at minimum should be used.
• Message Authentication
• Random Number Generation (Entropy source)
• Other Important Components (Key Gen, Key Derivation, Key Establishment)
3eTI SLIDE 5
© 2017 Ultra Electronics
WHAT’S NEXT?
Disgruntled ex-employee hacks into the water system and floods the community of sewage.
INSIDER ATTACK Maroochy Water System - 2010
The Conficker worm infected the control network causing an instability in the communications.
ENTERPRISE INFECTION “Unnamed” Steel Mill - 2011
The attackers backed their way into network by compromising a 3rd-party vendor to steal data.
BACKDOOR ATTACK Target Retail Stores - 2013
Stuxnet infected the air-gapped control network bypassing causing damage to centrifuge.
.
SCADA MALWARE Natanz Nuclear Facility - 2010
Networks infected with the Shamoon virus erased information causing enterprise network outages.
ENTERPRISE ATTACK Saudi Aramco & RasGas - 2012
A team used a penetration test on PLCs to realize how badly vulnerable their SCADA/ICS were .
PLC ATTACK Project Basecamp - 2012
Hackers disrupted networks to access automation equipment resulted in massive damage.
INSIDER ATTACK “Unnamed” Steel Mill, Germany - 2014
SHODAN discovered over 21,000 miss-configured building automation systems.
MISS-CONFIGURE Google HQ, Wharf - 2013
Iranian hackers tried to open flood gates. Was this a dress rehearsal for something bigger?
BACKDOOR ATTACK New York Dam - 2015
Left 225,000 customers in the dark. 1st successful cyber attack to knock a power grid offline.
.
SCADA ATTACK Ukraine Utilities - 2015
Hack accessed hundreds of PLCs used to manipulate control applications altering chemicals.
PLC ATTACK Kemuri Water Company - 2016
Current State of Industrial Cyber Attacks They are getting worse
3eTI SLIDE 6
© 2017 Ultra Electronics
Application Whitelisting (AWL)
Ensure Proper Configuration Mgt
Reducing Your Attack Surface Area
Build A Defendable Environment
Manage Authentication
Secure Remote Access
Monitor and Respond
1 2 3 4 5 6 7
In 2017, 2700+ incidents were reported to ICS-CERT… many more went unreported or undetected
98% of incidents reported would have
been prevented if they follow strategies outlined in this report
DHS’s Seven ICS Security Strategies Recommendations that go beyond the firewall
3eTI SLIDE 7
© 2017 Ultra Electronics
How Crypto Could Have Helped Prevent the Ukraine Electric Network Grid Attack
Enterprise PC OT Workstation
Control gained through email phishing
Shut down & damage
IT OT
Imagine if crypto technology were applied, will it foil the attack? Assume OT is breached.
Control
3eTI SLIDE 8
© 2017 Ultra Electronics
What Is Needed and How To Apply Cryptographic Technologies • Security for non-repudiation critical operation messages
– Authentication & Authorization
– #5 from DHS strategy
• Apply cryptographic digital signatures (Asymmetric Key) – Proper implementation is important o Use multiple factors, use physical smart card to perform the signing
o Do not use hard coded signing key in the control software
o Design the message to be replay-proof
• Consider message authentication (HMAC) – A symmetric key is used (Can the key be compromised on the other end?)
– Where is the key store implemented? o Inside the application? (Hard code?) It won’t work here since hacker has total control
o Operator input on demand? Still vulnerable since hacker can log key strokes
o Stored on separate hardware such as USB drive? How about those copies in memory?
3eTI SLIDE 9
© 2017 Ultra Electronics
Enterprise Networks
External Networks
Remote Access
Authentication Server
Mirrored Data Servers
Report/Alarm Server
HMI
Application Server
SCADA Server
Support Networks
Process Control Networks
Engineering Terminal
Wireless
PLC
PLC
PLC
Data/Historian Server
PCs, IT Networks
Embedded Devices (PLCs, etc.) & Serial Buses
Control Network
Facility Network
Office Network
Industrial Process
Infrastructure Automation
Facility Monitoring
Applying Crypto to ICS Networks Typical ICS Architecture
3eTI SLIDE 10
© 2017 Ultra Electronics
Protect the LAN
• IEEE 802.11ae – Media Access Control Security (MACsec)
– Point-to-point security on Ethernet links between directly connected nodes o AES_GCM provide both data frame privacy and integrity
o Secure session rekey
– Encrypt all frames such as LLDP, ARP, LCAP and DHCP
– Prevent most Layer 2 threats o ARP Snooping/spoofing
o passive wiretapping (Network reconnaissance)
o man-in-the-middle, masquerading, reply
o Denial of service
o Intrusion
• Reduce attack surface (DHS Strategy #3)
• Wire-speed encryption on switches
Network without MACsec
Network with MACsec
3eTI SLIDE 11
© 2017 Ultra Electronics
Protect the IP Network Use secure remote access (DHS Strategy #6)
• VPN widely used
• TLS (Transport Layer Security) – Prefer version 1.1 and 1.2
– Tighten up TLS cipher suite configuration o Use Forward Secrecy (FS), it’s also called PFS
o DH group with at least 1024 bits. 2048 bits and higher is preferred. (LogJam, FREAK Attack)
o Use ECDHE if possible
o FS is deployed by Google, Twitter web services, whatsapp, Facebook
o Disable weak cipher, weak DH groups to counter “Downgrade” attacks
– Watch for TLS CVEs
• IPsec – ESP cipher shall provide both privacy & integrity (AES_GCM)
– Use IKEv2 if possible
– Choose strong cipher list for both IKE-SA and ESP phase
3eTI SLIDE 12
© 2017 Ultra Electronics
Crypto in ICS Protocol Case Study: Siemens S7Comm, S7 Commplus
• S7Comm – Clear text, no security protection
– Malware, live worm implemented on S7-300, S7-400 PLCs in 2011 & 2015
• S7Commplus – Designed to address trust between PLC & TIA (HMI)
– S7-1200v3 is the first release
– Use 2-bytes session ID from PLC and expect 2-bytes Object ID from TIA for secret handshake
– Quickly hacked: Object ID=session ID+ 0x80
– S7-1200v4 uses more “encryptions”: total of 3 o 1st “encryption” is Object ID= XOR (session ID+80)
o 2nd and 3rd “encryption” is private
o But they are packed in a Windows DLL so anyone can access them.
o Hacked in 2017
Source: Cheng Lei “The spear to break the security wall of S7CommPlus” DefCom 25
3eTI SLIDE 13
© 2017 Ultra Electronics
ICS Protocol Security Design Lessons learned
• Clearly define the security goal – In S7, if the security objective is setup trust PLC—TIA
– Then asymmetric cipher could be the best fit
• Use open standard cryptographic technology – They are heavily scrutinized, tested and readily available
• Protect the whole protocol packet frame
3eTI SLIDE 14
© 2017 Ultra Electronics
Crypto in ICS Product Designs
•Need to address crypto in both software and hardware • ICS/IoT devices are all hackable, due to poor to no security design
3eTI SLIDE 15
© 2017 Ultra Electronics
• Firmware analysis – Use disassembler
– Attack string manipulation functions
– Modify binary then download it to IoT ( Not digitally signed, no integrity)
• Defense – Firmware compression
– Obfuscation
– Encryption
– Digital signature
– Address space randomization
– Stack cookie
– Better hardware design to protect the firmware o UART trace leftover?
o Bootloader with console?
o JTAG pin left over?
o FLASH read?
How a Hacker Attacks ICS Devices
Example: Cisco’s Catalyst 3000 switch takes Kaspersky research scientist 3 month to gain total control with known CVE telnet vulnerability. Reason: Slightly “obfuscated” firmware and stack cookie
3eTI SLIDE 16
© 2017 Ultra Electronics
Hardware Security TPM (Trusted Platform Module)
• TPM is the corner stone for hardware security – International standard for secure cryptoprocessor
– Integrate keys into hardware
– Secure key storage, generation
– Enable trust anchor
– This is why Apple iPhone latest can’t be jailbroken
• Fit need of ICS – Example: setup a trust chain
PLC made by Foreign
Manufacture PLC Vendor
Certified Solution Provider
PLC Owner PLC Owner
Onsite Engineer
3eTI SLIDE 17
© 2017 Ultra Electronics
Summary Cryptographic technologies enhance ICS cybersecurity • Seriously consider implementing crypto technology
– Hackers are sophisticated crypto power users (Ransom-ware)
– As a defender, ICS needs cryptographic technology
• Adopt CoT technology – IEEE 802.1ae
– VPN
• Strategically build a software & hardware security capabilities framework – Even if partially
• Use open standard cryptographic technology – Software module/library
– Hardware TPM
– Don’t roll your own crypto
Chris Guo Principal Engineer Ultra Electronics, 3eTI Direct: +1 301.944.1294 Email: [email protected] www.ultra-3eti.com [email protected]
Questions