Download presentation
Presentation is loading. Please wait.
Published bySusanna Perkins Modified over 6 years ago
1
Towards End-to-End Data Protection in Low-Powered Networks
1University of Mannheim, 2SAP Product Security Research, 3SAP IoT & Industrie 4.0 Presented at 3rd Workshop On The Security Of Industrial Control Systems & Of Cyber-Physical Systems (CyberICPS 2017) In Conjunction With ESORICS 2017
2
Contents Problem Solution Evaluation and Deployment Conclusion
| CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
3
Problem | CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
4
Smart City Water Distribution Network
The city of Antibes owns and operates its water & gas distribution network instrumented with 2000 sensors for water flow, temperature, pressure for 315 kms of water pipeline, storages and maintenance points. The most mature segment of the emerging market for IoT applications is enterprise asset management. SAP has developed two applications to address opportunities in this space: SAP Predictive Maintenance and Service SAP Asset Intelligence Network As an example, we will look at a real customer situation of an owner and operator of around 2,000 electric trains, 2,000 locomotives, and 30,000 wagons. This company spends in excess of €1bn in annual maintenance, thereof 40% for corrective maintenance. The business case not only envisions to reduce corrective maintenance cost by at least 5%, but also to extend the lifetime of replacement parts, increase asset availability, and increase passenger satisfaction (e.g. by detecting issues with heating, cooling, or sanitary systems early and reducing train cancelations due to corrective action). The main business process transformation is to move from time- and mileage-based maintenance to dynamically optimized maintenance schedules. @ 2016 SAP SE or an SAP affiliate company. All rights reserved. Internal 4
5
Smart City Water Distribution Network
Need to ensure the continuous provisioning of utilities for the population. Predictive maintenance has been identified as one aspect of the city digital transformation. The most mature segment of the emerging market for IoT applications is enterprise asset management. SAP has developed two applications to address opportunities in this space: SAP Predictive Maintenance and Service SAP Asset Intelligence Network As an example, we will look at a real customer situation of an owner and operator of around 2,000 electric trains, 2,000 locomotives, and 30,000 wagons. This company spends in excess of €1bn in annual maintenance, thereof 40% for corrective maintenance. The business case not only envisions to reduce corrective maintenance cost by at least 5%, but also to extend the lifetime of replacement parts, increase asset availability, and increase passenger satisfaction (e.g. by detecting issues with heating, cooling, or sanitary systems early and reducing train cancelations due to corrective action). The main business process transformation is to move from time- and mileage-based maintenance to dynamically optimized maintenance schedules. @ 2016 SAP SE or an SAP affiliate company. All rights reserved. Internal 5
6
Retro fit on Physical Assets Low-Power Wide-Area Networks
Reliable and cost effective, meeting industrial needs Powered Wide Area Networks (LPWAN) Reduced packet size High latency Low throughput. Low-Powered Devices Don’t consume much power to work & communicate Do not require a continuous communication link. | CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
7
Security Requirements
End-to-end security Confidentiality Authenticity Integrity Follow standards (e.g. NIST) Applicable to different existing low-power networks Deployable on the low-power devices When bidirectional communication not supported Low communication complexity Low payload size (e.g. 12 bytes SIGFOX) Compliant with different encryption algorithms (e.g. AES in Counter mode, FF1) | CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
8
State of the Art Industrial Solutions Proposals from Academia
No confidentiality (e.g. SigFox) Single keys (e.g. LoRaWan) Rely on the security of gateway (e.g. WirelessHART) Proposals from Academia Need asymmetric algorithms Rely on third party Use group keys High communication complexity Long computation time | CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
9
Solution | CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
10
Our Contribution Guarantee Secure End-to-End Communication over LPWAN’s from the device to the SAP backend, regardless of the provider & protocol. | CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
11
Ideas Key Management Data Protection Pre-shared master keys
Intermediate keys for synchronization One-time keys for encryption and authentication Data Protection Independent encryption and authentication First encrypt then authenticate Preserving size AES in counter mode Format preserving encryption | CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
12
Key management … … … Master key Kmaster Intermediate keys
Ki = CMAC(Kmaster; i) K0 Ki Ki+1 … … Encryption and Authentication keys KEnc = CMAC(Ki , SN ||DeviceID|| 0) KMac= CMAC(Ki, SN ||DeviceID|| 1) KEnci,0 KMaci,0 KEnci,j KMaci,j KEnci,j+1 KMaci,j+1 | CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
13
Data Protection – Device Keys derivation
| CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
14
Data Protection – Device Message Encryption
| CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
15
Data Protection – Device Authentication Tag
Authent. tag | CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
16
Data Protection – Device Send Message
Authent. tag SN||DeviceID | CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
17
Data Protection - Device
| CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
18
Data Protection – Back-end Keys Derivation
Authent. tag SN||DeviceID | CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
19
Data Protection – Back-end Integrity Check
Authent. tag SN||DeviceID Are equal? Authent. tag | CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
20
Data Protection – Back-end Message Decryption
Authent. tag SN||DeviceID Are equal Authent. tag | CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
21
Data Protection – Back-end
| CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
22
Security Analysis Authentication of the Sender Data integrity
𝑟𝑖𝑠𝑘 = 2 −𝐿 𝑛 𝑚𝑎𝑥 , 𝐿 - length of MAC, 𝑛 𝑚𝑎𝑥 - max number of attempts Data integrity 𝑟𝑖𝑠𝑘 = 2 −𝐿 Data confidentiality Co𝑚𝑝𝑙𝑒𝑥𝑖𝑡𝑦 𝑜𝑓 𝑎𝑡𝑡𝑎𝑐𝑘𝑠 𝑂( ) Replay attacks Excluded by using sequence numbers Generic Side-channel attacks Countermeasures implemented in TinyCrypt library | CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
23
Evaluation and Deployment
| CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
24
Architecture | CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
25
Low-end MCUs Intel® Quark™ microcontrollers equipped with LoRaWan modules D2000 C1000 32-bit address bus 8 KB of cache, 32 MHz clock speed 80 KB SRAM 384 KB integrated Flash | CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
26
Evaluation Results Energy holds for
12 years when data is sent every minute 190 years if sent every 15 minutes | CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
27
| CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
28
| CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
29
| CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
30
Conclusion | CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
31
Conclusion Scheme providing E2E security
Confidentiality, Integrity Authenticity Feasible in most existing LPW technologies Follows NIST recommendations Supports format preserving encryption Deployed on the water distribution network of the City of Antibes | CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
32
Thank you! Vasily Mikhalev mikhalev@uni-mannheim.de 2017-09-15 |
CyberICPS2017 Towards End-To-End Data Protection in Low-Power Networks | Vasily Mikhalev
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.