We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byHanna Louth
Modified over 2 years ago
Informationssicherheit eingebetteter Systeme 21.10.2009: Einleitung Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST
21.10.2009Embedded Security © Prof. Dr. H. Schlingloff 20092 Ankündigungsfolie vom 8.10.2009 Titel „Informationssicherheit eingebetteter Systeme “ Zeit: Mittwoch 11:15 – 12:45, RUD25, 4.113 Beginn: 21.10. (!) Prüfbar: JA (mündliche Prüfung) Inhalt Einführung in eingebettete Systeme Grundlagen Informationssicherheit Bedrohungen und Schutzmaßnahmen Spezielle Herausforderungen an Rechenleistung, Energie, Kommunikation Entwicklungsprozesse
21.10.2009Embedded Security © Prof. Dr. H. Schlingloff 20093 „Informationssicherheit eingebetteter Systeme“ Reihe von Vorlesungen zum Thema „Eingebettete Systeme – Produktivität und Qualität“ „Eingebettete Systeme – Sicherheit und Zuverlässigkeit“ Baut NICHT auf VL vom SS auf Wiederholungen evtl. unvermeidbar Zwei Seiten der selben Medaille Verwandte Vorlesungen Zuverlässige Systeme, Eigenschaften mobiler und eingebetteter Systeme Kryptologie, Elektronische Signaturen
21.10.2009Embedded Security © Prof. Dr. H. Schlingloff 20094 Hinweise Vorlesung entfällt: am 18. & 25.11. (SEFM) am 16.12. (Koll. UHB) Ersatz: Vorlesungen von M. Conrad Thema Automotive Security Termin nach Vereinbarung (WebEx!) Blockvorlesung M. Roggenbach 15.-17.1.2010 22.-24.1.2010
21.10.2009Embedded Security © Prof. Dr. H. Schlingloff 20095 Blockvorlesung „Algebraische Spezifikation“ Titel: „Algebraische Spezifikation von Software und Hardware“ (H. Schlingloff / M. Roggenbach) Veranstaltungsform: Block-Kurs an 2 Wochenenden 15.1. nachmittags, 16.1., 17.1. 22.1. nachmittags, 23.1., 24.1 Inhalt Spezifikationsformalismen Common Algebraic Specification Language Industrielle Anwendungsbeispiele Werkzeuge (Theorembeweiser, Transformatoren)
21.10.2009Embedded Security © Prof. Dr. H. Schlingloff 20096 Further Remarks Slides will be in English We will have a few mascots indicating a break Slides (without cartoons) available on web site http://www2.informatik.hu-berlin.de/~hs/Lehre/2009-SS_EmSec/index.html after the lecture
21.10.2009Embedded Security © Prof. Dr. H. Schlingloff 20097 Recommended Reading Claudia Eckert: IT-Sicherheit Konzepte - Verfahren – Protokolle, div. Auflagen, Oldenbourg Matt Bishop, Computer Security - Art and Science, Addison-Wesley Peter Marwedel, Embedded System Design, Springer
21.10.2009Embedded Security © Prof. Dr. H. Schlingloff 20098 The Topic “Embedded Security” “Fashion” research topic Not yet very mature many research papers some real, some imagined threats different lectures with different emphasis Industrial relevance questionable however, significant standard methods exist “state-of-the-art” must be followed
21.10.2009Embedded Security © Prof. Dr. H. Schlingloff 20099 Contents – What You Should Learn Embedded systems design Foundations of security Threats and protective measures information security threats technical systems threats and measures Special challenges for embedded systems security processing gap battery gap assurance gap Processes and methods structured development methods validation and proof, formal methods
21.10.2009Embedded Security © Prof. Dr. H. Schlingloff 200910 Structure 1. Introductory example 2. Embedded systems engineering 1.definitions and terms 2.design principles 3. Foundations of security 1.threats, attacks, measures 2.construction of safe systems 4. Design of secure systems 1.design challenges 2.safety modelling and assessment 3.cryptographic algorithms 5. Communication of embedded systems 1.remote access 2.sensor networks 6. Algorithms and measures 1.digital signatures 2.key management 3.authentification 4.authorization 7. Formal methods for security 1.protocol verification 2.logics and proof methods
21.10.2009Embedded Security © Prof. Dr. H. Schlingloff 200911 Introductory Example “Malicious Control System Cyber Security Attack Case Study – Maroochy Water Services, Australia” Reference: M. D. Abrams, J. Weiss; Annual Computer Security Applications Conference, Dec. 2008 http://csrc.nist.gov/sec-cert/ics/papers.html http://csrc.nist.gov/sec-cert/ics/papers.html Actual control system cyber event resulted in environmental and economic damage malicious attack by knowledgeable insider, who had been a trusted contractor employee timelines, control system response, and control system policies well investigated
21.10.2009Embedded Security © Prof. Dr. H. Schlingloff 200912 Attack Synopsis Players: V.B., Hunter Watertech, Maroochy Shire Council Mr. B. had worked for Hunter Watertech, a small Australian firm that installed radio-controlled sewage equipment for the Maroochy Shire Council in Queensland, Australia (a rural area of great natural beauty and a tourist destination ) coming from a “strained relationship” with Hunter Watertech, B applied for a job with the Maroochy Shire Council the Council decided not to hire him he decided to “get even” with both the Council and his former employer On at least 46 occasions the offender issued remote radio commands to the sewage equipment of Maroochy Shire these commands caused 800.000 litres of raw sewage to spill out into local parks, rivers and even the grounds of a Hyatt Regency hotel huge environmental and financial damage: marine life died, the creek water turned black and the stench was unbearable for residents
21.10.2009Embedded Security © Prof. Dr. H. Schlingloff 200913 Time Line 1997-December 1999: B employed by Hunter Watertech Dec. 3, 1999: B resigns, seeks City Council employment Early January 2000: B turned down Feb 9-Apr 23, 2000: system experiences a series of faults Pumps were not running when they should have been Alarms were not reporting to the central computer A loss of communication between the central computer and various pumping stations. Mar 16, 2000: Hunter Watertech tried to troubleshoot system Apr 19, 2000: Log indicates that a certain system program had been run (manually) at least 31 times Apr 23, 2000: Alarms at four pumping stations were disabled using the identification of a fake pumping station
21.10.2009Embedded Security © Prof. Dr. H. Schlingloff 200914 Time Line (continued) Apr 23, 2000: B, who was under police surveillance, was pulled over by police with computer equipment in car “Later investigations found B's laptop had been used at the time of the attacks and his hard drive contained software for accessing and controlling the sewage management system“ ( http://www.theregister.co.uk/2001/10/31/hacker_jailed_for_revenge_sewage/ ) http://www.theregister.co.uk/2001/10/31/hacker_jailed_for_revenge_sewage/ B asserted in a taped conversation that all the items in the vehicle were his own. He said he had been up to Rainbow Beach and that he used the computer for study, personal correspondence and work in his family business B sought to establish that some of the electronic messages that gave rise to the charges could have been caused by system malfunction or by error of Council employees Oct 31, 2001: B convicted in trial, sentenced to 2 years Mar 21, 2002: Appeal rejected
21.10.2009Embedded Security © Prof. Dr. H. Schlingloff 200915 Evidence Found in B’s Vehicle Laptop software reloaded February 28, 2000 software used in the sewerage system (re)installed February 29 - run at least 31 times prior to April 19 - last run on April 23 “Motorola M120 two-way radio” (same type used in the Council’s system) tuned into the frequencies of the repeater stations serial numbers matched delivery docket provided by the supplier of the radios to Hunter Watertech “PDS Compact 500” computer control device address set to spoof pumping station serial number identified it as a device which should have been in the possession of Hunter Watertech
21.10.2009Embedded Security © Prof. Dr. H. Schlingloff 200916 Consideration Obviously, this was a “malicious attack”. Why? Obviously, the offender had to be jailed. Why? Obviously, he was the offender. Why? Obviously, this could have been prevented. How?
21.10.2009Embedded Security © Prof. Dr. H. Schlingloff 200917 Observations (1/3) B was an insider who was never an employee of the organization he attacked Employee of contractor that supplied IT/control system technology - With his knowledge he was the “ultimate insider” Difficulty to protect against insider attacks Contractor’s responsibilities unspecified / inadequate Management, technical and operational cyber security controls Personnel security controls - Background investigations - Protection from disgruntled employees
21.10.2009Embedded Security © Prof. Dr. H. Schlingloff 200918 Observations (2/3) As a skilful adversary, B was able to disguise his actions A number of anomalous events occurred before recognition that the incidents were intentional Extensive digital forensics were required to determine that a deliberate attack was underway Importance to determine whether intentional attack, or unintentional flaw or error Insufficient means to differentiate attacks from malfunctions No existing cyber security policies or procedures No cyber security defences
21.10.2009Embedded Security © Prof. Dr. H. Schlingloff 200919 Observations (3/3) Radio communications used in system insecure or improperly configured Wireless devices and software should be secured to the extent possible using physical and logical controls Security controls not implemented or used properly Lack of adequate logging mechanisms for forensic purposes Insufficient further measures Anti-virus Firewall protection Appropriate use of encryption Upgrade-able systems (from a security perspective) Proper staff training Security auditing and control.
21.10.2009Embedded Security © Prof. Dr. H. Schlingloff 200920 Learning From the Maroochy Shire Cyber Attack Public record of an intentional, targeted attack by a knowledgeable person on an industrial control system teaches us to consider: Critical physical, administrative, and supply chain vulnerabilities Vulnerabilities coming from suppliers or others outside the organization Contractor and sub-contractor personnel as a potential attack source Need to be concerned with both inside & outside attack Difficulty in identifying a control system cyber incident as a malicious attack and retaking control of a “hijacked” system A determined, knowledgeable adversary could potentially defeat most controls Structured defence-in-depth security is best
21.10.2009Embedded Security © Prof. Dr. H. Schlingloff 200921 Abrams / Weiss Political Conclusions Public and private sector enterprises today are highly dependent on information systems to carry out their missions and business functions Developments in embedded systems have seen these traditionally closed systems become open and internet-connected, thus putting the national services critical infrastructure at risk To achieve mission and business success, enterprise information systems must be dependable in the face of serious cyber threats To achieve information system dependability, the systems must be appropriately protected 2b discussed: Do you agree with these statements?
Information Security of Embedded Systems : Public Key Cryptosystems, Communication Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.
Information Security of Embedded Systems : Embedded Systems Design Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
Information Security of Embedded Systems : Design of Secure Systems Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
Information Security of Embedded Systems : Communication, wireless remote access Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.
1 Cathay Life Insurance Ltd. (Vietnam) 27/11/20091.
K eep I t C onfidential Prepared by: Security Architecture Collaboration Team.
Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
World Health Organization
Effectively applying ISO9001:2000 clauses 6 and 7.
EMS Checklist (ISO model)
Federal Energy Regulatory Commission July Cyber Security and Reliability Standards Regis F. Binder Director, Division of Logistics & Security Federal.
ICAO State Safety Programme (SSP) Implementation Course
Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.
Privacy Impact Assessment Future Directions TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
1. (c) Alan Rowley Associates Laboratory Accreditation Dr Alan G Rowley Quality Policy based on Quality Objectives Quality Management System Communicate.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
The NIST Special Publications for Security Management By: Waylon Coulter.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Information Security of Embedded Systems : Logics and Proof Methods, Wrap-Up Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer.
1 Quality Indicators for Device Demonstrations April 21, 2009 Lisa Kosh Diana Carl.
© 2017 SlidePlayer.com Inc. All rights reserved.