Cryptography for Strengthening Cybersecurity in Industrial Environments

Posted date 23/02/2017
Autor
INCIBE (INCIBE)

With the arrival of Industry 4.0, the exposure of control systems to logical attacks has grown, which makes protecting industrial networks a real challenge given the number of devices being incorporated in order to achieve ever more intelligent processes and improve data collection

Therefore, it is important to protect, insofar as possible, both communication and devices. The use of cryptography as an extra security measure can provide great advantages.

The use of certificates in industrial environments is possible and can be applied in cases such as communication with operators or those responsible for HMI web panels, PLC, RTU, etc.

We can also use certificates for the authentication of devices. Through a digital certificate we can check the identity of devices connected to our network and thus make it difficult for certain threats. This mechanism is a great advantage in the world of industry where there exists a multitude of devices and it is possible to suffer attacks such as those we have commented on in the article “Deconstructing Modbus”.

As with certificates, they can be used to authenticate devices in the network. They also provide an alternative when it comes to requesting credentials from users.

Use of certificates for the authentication of devices

-Use of certificates for the authentication of devices-

With the incorporation of certificates in Industry and a PKI system for the distribution of these, we can verify that devices are legitimate and prevent other foreign devices from accessing the network without any kind of restriction. This last fact coincides with the development of Industry 4.0, which seeks the incorporation of multiple devices to obtain greater intelligence in plant processes. On the other hand, depending on the type of encryption used, different problems arise:

  • Symmetric Encryption: No additional infrastructure is required, installation is fast, but it is necessary to enter the secret key in each device in order to encrypt and decrypt messages between the sender and recipient before connecting to the network. This slows down the start-up of the devices.
  • Asymmetric Encryption: Requires a PKI infrastructure and provides greater security, but key management is complex as every device must possess a pair of keys (one public and one private) to verify that the information exchange is performed in a secure manner.

The choice of type of encryption was covered previously in the article “Power consumption under control” with the aim of responding to the problems faced by the electrical sub-sector in relation to storage and distribution of keys in a secure manner between smart meters and concentrators.

Digital Signature

Another useful feature of encryption is the digital signature. This mechanism ensures that the issuer of the message and the content of same is legitimate and, moreover, that the content of the message has not been modified between being sent and received.

Steps to obtaining a digital signature

-Steps to obtaining a digital signature-

The increased time in the generation of signatures between devices generates latencies which are difficult to assume in industrial environments. As a possible solution to this problem, digital signature schemes based on hash functions are proposed, such as HORS and TV-HORS. Hash functions are faster than block cipher or flow mechanisms. The objective of a hash function, unlike that of a block cipher, is to obtain a hash of a chain and not to encrypt the content of same.

To use a hash function, the following properties are required:

  • Unidirectionality. Knowing the hash function, there should be no probabilistic algorithm that, in polynomial time, would allow for the inverse to be performed and find the message from the same hash.
  • Compression. Starting with a message of any length, the hash function must have a fixed length. By general rule, the length of the hash function is shorter than that of the original message.

The basic idea of the Hash value generated by a hash function is to serve as a compact representation of an input chain. When two different input values generate the same hash, this is called a collision.

A priori, we know that not all hash functions are resistant to collision, for example the MD5 is considered obsolete and is not resistant to collision. This means that there exists some method which made it possible to reduce its strength, so that 2 different input values generated the same output hash.

  • Diffusion. The hash function must be a complex function of all the bits of the message. If one bit of the message is modified, the hash function must change approximately half of its bits.

Specifically, HORS is a single-use signature scheme and is based entirely on hash functions. It is one of the fastest signature schemes that currently exist and a possible option for implementing in industrial environments. Its main disadvantage is that it publishes part of its signature and possible attackers could create new messages that are signed using just this part of the signature already known.

On the other hand, TV-HORS is the improved version of HORS and it allows for parts of the signature to be reused within a certain period of time before an attacker finds a collision.

The re-use of the TV-HORS signature depends on the following three factors:

  • Robustness of the hash function
  • Number of output bits
  • Number of messages signed

Cryptographic Processors

Thanks to the technological evolution and the reduction of costs, it is conceivable today to consider the possibility of incorporating cryptographic processors into industrial devices. The savings in terms of processing capacity provided by this type of processor are important for the device to be able to use all its processing power in the tasks it has to perform.

Cryptographic processors are microprocessors dedicated exclusively to performing cryptographic functions. These chips have multiple physical security measures to prevent their manipulation and are integrated in the circuitry of the devices.

One of the problems of the use of cryptographic processors is the energy consumption the device in which they are incorporated would require. This problem in mesh networks, such as those created with Zigbee, is difficult to tackle, as one of the main features of ZigBee is the low energy consumption and duration of the devices without the need for an external power feed.

Cryptographic processor scheme

-Cryptographic processor scheme-

One of the main features of cryptographic processors, compared to normal processors, is their internal instructions for managing cryptographic material, with the key generation process being more efficient than a conventional processor. This efficiency, added to their extra physical security, is an option to keep in mind for new industrial devices.

These types of processors require a redesign of the structure at the internal level of the industrial devices and of new firmware that can use this new feature in order for devices to be incorporated without problems arising in industrial environments.

 

Thanks to the different digital signature schemes and current cryptographic processors, it is possible to tackle problems such as device authentication and communications encryption in real time environments. The computational challenge of these problems is already easier to tackle. If your manufacturer were to offered them, would you use these solutions as an extra security measure in your company?

Etiquetas