SEPTEMBER 6 , 2018 ETFA 2018 Cyber Security Research...
Transcript of SEPTEMBER 6 , 2018 ETFA 2018 Cyber Security Research...
CONFIDENTIAL
SEPTEMBER 6TH, 2018 – ETFA 2018
Cyber Security Research ChallengesAn Industry PerspectiveSebastian Obermeier
—Past: Security is about Creativity - Winning an ebay Auction in 2003
September 4, 2018 Slide 2
20182003
—Past: Security is about Creativity - Winning an ebay Auction in 2003
September 4, 2018 Slide 3
2003
1. Cyber Security in Power and Automation
2. Specifics of Industrial Cyber Security
3. Challenges
4. Summary and Conclusion
September 4, 2018 Slide 4
Agenda
About me
Sebastian Obermeier• Dr. rer. nat. in Computer
Science from the University of Paderborn, Germany• Thesis on Database
Transaction Management in Mobile Ad-Hoc Networks
• Joined ABB in 2008 as scientist for cyber security
• Since 2017 Group Research Area Manager Software
September 4, 2018 Slide 5
Introducing ABB
What
(Offering)
For whom (Customers)
Where (Geographies)
Utilities Industry Transport & Infrastructure
~35% of revenue ~40% of revenue ~25% of revenue
Globally
Asia, Middle East, Africa 38% Americas 29% Europe 33%
~$34 bn revenue ~100 countries ~132,000 employees
Pioneering technology
Products 58% Systems 24% Services & software 18%
Providing technology for tomorrow‘s innovations
ABB Corporate Research
September 4, 2018 Slide 6
ABB Corporate Research
Key figures
– ~ 700 highly qualified scientists and engineers,
– in 7 corporate research centers
around the world,
– in 8 global research areas aligned
to ABB’s core technologies,
– >300 patents and > 700publications annually
Raleigh/Bloomfield
Ladenburg
Dättwil
Västerås
Kraków
Bangalore
Beijing /Shanghai
Software in the focus
September 4, 2018 Slide 7
Role of Software in Power and Automation Technology
Hardware equipment with software inside
Software programming /automation engineering
Software products
Software systems with
hardware components
Software based services
Digitalization Platform
> 50% of offering is software-related
> 3’000 software developers
Smallest software application
Large software application
ABB software business – facts
3-pole contactor
~100 lines of software code
Network Manager
>5 million lines of software code
Comparable to airplane avionics and control system
Software Based Technologies in 2018
September 4, 2018 Slide 8
Robotics Software-Defined Machines
AI and MachineLearning
Internet-Connectable Devices
Cloud Computing
Blockchain and Cryptocurrency
Cyber SecurityAR/Virtual Reality
A definition in the context of power and automation technology
Cyber security
September 4, 2018 *Merriam-Webster’s dictionarySlide 9
Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack*
Measures taken to protect the reliability, integrity and availability of power and automation technologies against unauthorized access or attack
Traditional Power and automation technology
Confidentiality
– Prevent disclosure of information to unauthorized entities
Integrity
– Prevent modification of information by unauthorized entities
Availability
– Ensure access to information and services to authorized entities
Authentication
– Verify the claimed identity of entities
Authorization / Access control
– Manage the permissions of authenticated entities
Auditability
– Be able to reconstruct the complete system behavior history
Accountability (Non-repudiability)
– Provide irrefutable proof to a third party of who initiated a certain action
Objectives
September 4, 2018 Slide 10
What is Cyber Security?
Why is cyber security an issue?
September 4, 2018 Slide 11
Cyber Security in Power and Automation
Modern automation, protection, and control systems are highly specialized IT systems
– Leverage commercial off the shelf IT components
– Use standardized, IP-based communication protocols
– Are distributed and highly interconnected
– Use mobile devices and storage media
– Based on software
Increased attack surface as compared to legacy, isolated systems
Communication with external (non-OT) systems
Attacks from/over the IT world
Power and automation today Cyber security issues
Recent cyber security events
September 4, 2018 https://www.securityweek.com/notpetya-attack-costs-big-companies-millionsSlide 12
$300 million of profits lost due to cyber attack
– One of the world’s biggest container shipping companies, A.P. Moller-Maersk A/S reported the loss in their third quarter financial report.
Sales, distribution and financial networks impacted
– Mondelez International, owner of U.K. chocolate maker Cadbury, estimated the cost of an attack at $150 million in lost sales and incremental expenses
Drug production halted
– Drug and vaccine manufacturer Merck & Co Inc. suffered a worldwide disruption of its operations, halting production of drugs. The financial impact was estimated at around US$135 million.
Avoiding malware infections
A global material solutions company with hundreds of sites was infected with a ransomware virus. ABB 800xA systems were the only systems not impacted.
Compelling numbers from customers
A Different Set of Requirements
Cyber Security has specific challenges
September 4, 2018 Source: Slide 13
Traditional IT Industry
What is being protected Data Physical process
Impact area Disclosure of information; financial loss Safety, availability, financial, environment
Security objective Confidentiality, privacy Availability, integrity
Operating Systems Windows, Linux, … Windows at HMI, RTOS at field devices
Availability requirements 99%99.9% - 99.999%(downtime per year: 8.76 hours to 5.26 min)
System Lifetime 3 – 10 years 5 – 25 years
Logging and Forensics Standard practice Limited
Patching Standard schedule; can be expeditedNon-standard; could be a long time between updates
Why traditional approaches don’t (always) work
September 4, 2018 Slide 14
Office IT vs. Industrial Control Systems
Lock out accounts for 10 minutes after 3 bad password tries
Install patches as soon as they are released and reboot
Use of firewalls and intrusion detection systems
Use of crypto functions to protect data in transit
Use of intrusion prevention systems
Operator has no control over process for 10 minutes!
Control system reboot means shutting down the whole plant
Support of IEC 60870-5-104, IEC 61850, OPC, HART, ProfiNet, Modbus,…?
Real time constraints cannot be met due to limited resources on embedded devices
One false positive might have fatal consequences
IT best practices Potential consequence for OT
There is a lot to learn from information systems security, but approaches and technologies need to be applied with care
Target security level defines remaining risk
There is no 100% security
Attacker capabilitiesSecurity level
Product
features
Solution
aspects
Physical
security
Organisational
measures
(processes)
Mainresponsibility
ManufacturerIntegrator
Operator
Risks not covered by the business target security level
Business Target security level
Security aspects
- Intelligence
- Organisedcrime
- Disgruntledemployee(operator)
- Hacker
National Target security level
ABB Group Cyber Security Council
September 4, 2018 Slide 16
ABB has a formally established cyber security organization reporting to top management
Div
isio
ns
Electrification Products
Robotics and Motion
Power Grids IndustrialAutomation
Cro
ss
fu
nc
tio
ns
IT security Service ResearchCorporate security
Legal Insurance risk management
Communication
ABB Group Cyber Security Council
ABB AbilityTM
Representation
Dig
ita
l AB
B
Cy
be
r s
ec
uri
ty
pro
gra
m m
gm
t.
ABB Corporate Research
Develops forward-looking cyber security concepts and technology
Authentication, remote access, security monitoring, security engineering, product/system security assessments, tracking market trends, …
Evaluates security relevant technologies
Adapts enterprise security to industrial control systems context
Research Challenges
Addressing high availability requirements of control systems
Simplification of security engineering
Diversity in security solution approaches across BUs
ABB Motivation
Satisfying customer requirements for security
Drive industry standards
…a topic for ABB Corporate Research
Cyber Security
Month DD, Year | Slide 17
© ABB Group
ABB Corporate Research
September 4, 2018 Slide 18
Power and Automation Security
Changed ABB’s internal processes
Automated Security Hardening
Created an approach for minimal invasive security
hardening
Authentication Architecture
Allowed using a plant-wide password
Example Results
Threat Modeling
Created a system wide threat modeling approach
—Future Research challenges
September 4, 2018 Slide 19
Traditional Security Challenges Privacy
AI/ML and Security Quantum Computing Blockchain and Distributed Ledgers
Industrial challenges
New opportunities and risks Quantum Safe cryptography Replacement of a trusted 3rd party
Overview
(Fully) homomorphic encryption
—Cyber Security
September 4, 2018
Heterogeneity Situational Awareness
Vulnerabilities Compliance Sustaining Security
Traditional Industrial Challenges
Installed Base
—
Low-Security Cloud Computing
September 4, 2018 | Slide 21
Privacy
—
Medium-Security Cloud Computing
September 4, 2018 | Slide 22
Privacy
—
High-Security Cloud Computing
September 4, 2018 | Slide 23
Privacy
—
– Time-series data is encrypted on the fly before sending it to the server/cloud
– The client can run queries (range-queries, closest match) on the encrypted data and display the results
Proof-of-concept
September 4, 2018
Matús Harvan, Thomas Locher, Marta Mularczyk, Yvonne Anne Pignolet: Privacy-preserving Regression on Partially Encrypted Data. SECRYPT 2017: 255-266Matús Harvan, Samuel Kimoto, Thomas Locher, Yvonne Anne Pignolet, Johannes Schneider: Processing Encrypted and Compressed Time Series Data. ICDCS 2017: 1053-1062
Slide 24
Privacy
—
(Fully) Homomorphic Encryption
Privacy
September 4, 2018
[1] C. Gentry. Fully homomorphic encryption using ideal lattices. In Proceedings of the 41st ACM Symposium on Theory of Computing – STOC 2009,
pages 169–178. ACM, 2009
[2] https://github.com/shaih/HElib
Slide 25
Challenges
fx y
g
g
x'
f'y'
{7,23,42} min 7
{/ç,+»,=%} *)=*?
• Craig Gentry has proven that any computation on encrypted data is possible [1]
• But: Impractical performance and space requirements (encryption of 1 Bit up to: 2 hours + 2,3 GB, 100 trillion times slower than plaintext operations)
• Recent advancements in HElib [2]
• 15x to 75x faster, but still impractical for many applications
Novel Opportunities and Threats through AI
September 4, 2018 Source: Slide 26
AI/ML and Security
Traditional Approach AI Approach
Malware Identification Signature-based Predictive analytics
DDoS (Distributed Denial of Service) protection
Monitor network-traffic Global correlation and automated detection
Device specific protection Manual security updates Device and network-level anomaly detection
Social engineering Education on social hygieneSocial biometrics and user-based anomaly detection
Identifying vulnerabilities Reverse engineering, manual trial & error Automated testing and exploit generation
Creating Anti-Virus resistant malwareTest and manually change malware on detection
Automated Anti-Virus evasion using Generative Adversarial Networks
Spear fishing Manual interaction with victim Use of AI Bots, massive scalability
Attacking the computing engineRule based engines are static and pre-programmed
AI engines are fed with malicious data and derive wrong conclusions
—Quantum computing
September 4, 2018 Slide 27
Breaking cryptography?
Problem Size
Computing TimeConventional
ComputerQuantum Computer
„Quantum Supremacy“
Area
Image Recognition Vehicle
Routing?
Protein Folding?
Productionoptimization?
(e.g., steel plants)(global optimum)
[https://en.wikipedia.org/wiki/BQP]
• QC prototypes (Google, IBM) reach 50 – 70 qubits
• First QC algorithms are developed • Large-scale feasibility of QC is still unclear
• Break RSA public-key cryptosystems• Random number generators• Quantum key exchange
• Big players: IT companies and also governmental institutions
• Algorithm development: quantum mechanics competences are needed
• We are still in the very early phases of QC
Status-quo
Potential
Outlook
Which Problems can Quantum Computers solve?
Comparison of transaction systems
September 4, 2018 Slide 28
Trusted Third Party vs Distributed Ledger
Conventional System Blockchain System
Transaction after trusted 3rd party validates partners and data. Centrally managed, high-level security and trust required
Transaction after agreement of ledger participants.Distributed operation, tampering is detectable
Technical definition
Blockchain
September 4, 2018 Slide 29
Append-only database that
1. represents a verifiable list of records of items
2. is replicated, operates in near real-time
3. uses protocols, hashes, and digital signatures toprove identity, authenticity, and enforce access rights
• Specific participants can add new items and other participants validate them
• Certain participants can read existing items
4. has mechanisms to make it hard to change historical records,or at least make it easy to detect changes (audit trail)
The blockchain provides the underpinning of Bitcoin
Definition
Source: https://blockgeeks.com/guides/what-is-blockchain-technology/
An entry is submitted to
the blockchain
Distribution to peers
Consistency checks and
approval
Addition of new block to
all copies
Pros & Cons
Blockchain Characteristics
September 4, 2018 Slide 30
1. Transparency & VerifiabilityTransaction history is publicly* viewable
2. ImmutabilityTransactions cannot be altered or deleted
3. ResilienceDistributed nature of the blockchain makes it hard/impossible to destroy or tamper with it
4. Use Case AgnosticAny type of use case can theoretically be implemented on a blockchain
* If desired, data can be encrypted and only accessible by a selected set of users
Pros
1. Lack of FlexibilityUpdating the protocol/implementation is very hard
2. ScalabilityLarge number of transactions/sec is challenging*
3. Lack of ControlNo single entity can impose change by design
4. Significant OverheadIn terms of computational power, bandwidth, storage, ...
* Newer blockchain technologies offer higher performance, typicallynot a limitation anymore
Cons
Blockchain Characteristics
September 4, 2018 Slide 31
Permissioned Blockchain:
Membership Management
Audit Support
Privacy-preserving
authentication
Consistency
Immutability Provenance and
Ownership
Blockchain for Business
Transaction
confidentiality
Transparency
High throughput
Current State and Future Vision
When is Blockchain the Right Technology?
September 4, 2018 Slide 32
Applicability & Use Cases
A blockchain-based approach may be appropriate if
– Multiple parties are involved
– The parties do not trust each other
– The correct functioning or behavior of the system is verifiableby inspecting the blockchain (otherwise, trust in otherdevices/systems/parties is required)
Consequently, applicability of blockchain technology is limited if one or more of the conditions above is not met.
In this case, typically a traditional distributed database is a viable and more efficient alternative.
Conditions
Applicability of Blockchain technology is bound to multiple conditions
Thomas Locher; Sebastian Obermeier; Yvonne-Anne Pignolet: “When Can a Distributed Ledger Replace a Trusted Third Party?”, The 2018 IEEE International
Conference on Blockchain, July 2018, Halifax, Canada
Cyber Security Challenges
September 4, 2018 Slide 33
Summary and Conclusion
Riddle
September 4, 2018 Slide 34
The end
Peggy has uncovered a secret word used to open a magic door in a cave.
The cave is shaped like a circle, with the entrance on one side and the
magic door blocking the opposite side.
Victor says he'll pay her for the secret, but not until he's sure that she
really knows it. Peggy says she'll tell him the secret, but not until she
receives the money. The magic word works in only one direction (B to
A); this information should also not be disclosed to Victor.
How can Peggy prove she knows the magic word, without disclosing
the word and the direction?
• Victor waits outside as Peggy enters the cave, secretly choosing path B.
• Victor enters the cave and shouts the name of the desired return path, either A or B, chosen at random.
• Provided Peggy knows the magic word: she opens the door (if necessary) and returns along the desired path.
• If Peggy reliably appears at the exit Victor named, he can conclude that she is very likely to know the secret word
Solution
September 4, 2018 Slide 36
Zero Knowledge Proof
• Victor waits outside as Peggy enters the cave, secretly choosing path B.
• Victor enters the cave and shouts the name of the desired return path, either A or B, chosen at random.
• Provided Peggy knows the magic word: she opens the door (if necessary) and returns along the desired path.
• If Peggy reliably appears at the exit Victor named, he can conclude that she is very likely to know the secret word
Solution
September 4, 2018 Slide 37
Zero Knowledge Proof
Just a nice riddle?
Replace(Peggy Device A)Replace(Victor Device B)Replace(Cave Unsecure Network)Replace(Magic Word Password)