Securing Critical Infrastructures
Total Page:16
File Type:pdf, Size:1020Kb
Securing Critical Infrastructures PhD Candidate: Alberto Carelli (241776) XXXII Cycle Advisor: Prof. Stefano Di Carlo PhD Thesis Defense – September 3rd 2020 Politecnico di Torino - Dipartimento di Automatica e Informatica OUTLINE Introduction & Core Concepts Motivations & Goal of the research Contributions Conclusions 2 OUTLINE Introduction & Core Concepts Motivations & Goal of the research Contributions Conclusions 3 INTRODUCTION Definitions - Critical Infrastructures Critical Infrastructures (CIs): “Infrastructures whose incorrect functioning may negatively affect a subject/group with economic losses and exposure of people to safety and security risk.” [1] However, no general definition, but several: • Italy [2], Europe [3], United Kingdom [4], United States [5] 4 INTRODUCTION Definitions - Critical Infrastructures CIs: Public/Private companies of 16 Sectors* Financial Information Chemical Dams Services Technology Defense Food and Nuclear Reactors, Industrial Communications Agriculture Materials, Waste Base Critical Emergency Government Transportation Manufacturing Services Facilities Systems Water, Commercial Healthcare, Energy Wastewater Facilities Public Health Systems *according to U.S. President’s PPD-21, the U.S. Department of Homeland Security’s (DHS) and the Cybersecurity and Infrastructure Security Agency5 (CISA) INTRODUCTION Definitions - Cyber-Physical Systems CIs are based on Cyber-Physical Systems (CPS): “physical and engineered systems whose operations are monitored, coordinated, controlled and integrated by a computing and communication core”. [1] Control Sensors Data Commands Actuators 6 INTRODUCTION Definitions - Cyber-Physical Systems Characteristics of CPSs: • Architecture: Distributed • Components: ⁃ IT + OT (Information Technology) + (Operational Technology) ⁃ Both infrastructures IT & OT are linked to each other • Technologies: • ICS – Industrial Control Systems • SCADA – Supervisory Control and • DCS – Distributed Control Systems Data Acquisition • IIoT/IoT – (Industrial) Internet of Things • PLC – Programmable Logic Controllers • WSN – Wireless Sensor Networks • CNC – Computer Numeric Control • … 7 INTRODUCTION Definitions - Cyber-Physical Systems Characteristics of CPSs: • Architecture: Distributed • Components: ⁃ IT + OT (Information Technology) + (Operational Technology) ⁃ Both infrastructures IT & OT are linked to each other • Technologies: • ICS – Industrial Control Systems • SCADA – Supervisory Control and • DCS – Distributed Control Systems Data Acquisition • IIoT/IoT – (Industrial) Internet of Things • PLC – Programmable Logic Controllers • WSN – Wireless Sensor Networks • CNC – Computer Numeric Control • … 8 INTRODUCTION Definitions – Information Security C.I.A. Triad Information Security 9 INTRODUCTION Definitions – Information Security C.I.A. Triad Information Security Confidentiality Protection of sensitive information from unauthorized third parties 10 INTRODUCTION Definitions – Information Security C.I.A. Triad Information Security Integrity Protection of information from unauthorized or unwanted alterations 11 INTRODUCTION Definitions – Information Security C.I.A. Triad Information Security Availability Ability to readily use an information (or a system) Availability 12 INTRODUCTION Definitions – Information Security C.I.A. Triad Information Security + Non-Repudiation + Authentication Availability + Authorization + … 13 OUTLINE Introduction & Core Concepts Motivations & Goal of the research Contributions Conclusions 14 Source: https://ioactive.com MOTIVATIONS Cyber Attacks Source: https://www.wired.com/story/ekans-ransomware-industrial-control-systems/ Source: https://www.reuters.com/article/us-ukraine-cyber-attack-energy/ukraines- power-outage-was-a-cyber-attack-ukrenergo-idUSKBN1521BA Source: https://ics-cert.kaspersky.com/news/2020/04/29/israel-water-15cyberattacks/ MOTIVATIONS Cyber Attacks ICS Cyber Attacks Source: Kaspersky ICS CERT Reports / Threat landscape for industrial automation systems. Ransomware and other malware: key events of H2 2019 Source: Noguchi M. et al., NEC Technology Journal, 2017 16 MOTIVATIONS Cyber Attacks ICS Cyber Attacks Source: Kaspersky ICS CERT Reports / Threat landscape for industrial automation systems. Ransomware and other malware: key events of H2 2019 Source: Noguchi M. et al., NEC Technology Journal, 2017 17 GOAL Target of PhD [Carelli2020] Carelli, A., ‘‘Securing Critical Infrastructures’’, 2020 {Target} To provide mechanisms and techniques to improve the cybersecurity of Critical Infrastructures 18 STATE OF THE ART Approaches to Security Traditional: • Isolated & air-gapped Systems [6] [7] [8] [9] • Security-through-obscurity [6] [7] [10] Modern: • Cyber-Security Frameworks [11] • National Strategy [12][13] • Security Advisories from ICS-CERT [14][15] • Monitoring & Auditing [10] 19 CHALLENGES Issues Challenges in securing CIs • Complexity → difficult to «secure» as a whole • Interdependence → damage propagates • Legacy → old systems • Heterogeneity → many forms of security 20 GOAL How to achieve? C.I.A. Triad CIA triad is mapped on information systems, composed by: Hardware Software Communication Availability Focus on the security of these components 21 OUTLINE Introduction & Core Concepts Motivations & Goal of the research Contributions Conclusions 22 Securing Critical Infrastructures Contribution: Mitigation against Microarch. SCA CONTRIBUTION C.I.A. Triad CIA triad is mapped on information systems, composed by: Hardware Software Communication Availability Microprocessors are at the base of every system Focus on the#CPU security #Microarchitecure of these #SideChannelAttackscomponents 24 INTRODUCTION Side-Channel Information 25 Exploit this INTRODUCTION information Side-Channel Information 26 INTRODUCTION Side-Channel Information Types of information leaked: - Intended disclosure (Memory Footprint, PMCs, …) - Unintended disclosure (Power, Timing, EM, …) Categories of Side-Channel Attacks (SCA)*: - Active vs Passive - Invasive vs Semi-Invasive vs Non-Invasive SCA = Sampling - Remote vs Near phase + Analysis phase *Taxonomies/Survey: [16][17][18] 27 SIDE-CHANNEL ATTACKS State-of-the-Art Attack Target → Secrets, i.e., cryptographic keys - or: - Existing Security Mechanism (bypass kernel ASLR [19]) - Discovery (detecting crypto libs [20]) - User (keylogging [21] ) - Denial-of-Service (DoS) [22] Attack Surface → CPU Microarchitecture* - Cache memories [25][26] - Translation Lookaside Buffer (TLB) Attacks [27] - Branch Target Buffer (BTB) Attacks [28][29] *Survey: [23][24] 28 SIDE-CHANNEL ATTACKS Measuring Leakage Performance Monitor Counters (PMCs): Hardware registers used to store the counts of specific events occurred. Usually employed to measure a behavior for performance/debug/test purposes. However, PMCs might be considered a source of leak [30] 29 TARGET What is the relation between safety and security of CPS? Safety and security must be taken into account to prevent misbehavior leading to catastrophic consequences. In modern microprocessors the usage of Performance Monitor Counters (PMCs): ✚ Helps to detect abnormal behavior ⁃ Introduces security vulnerability 30 TARGET What is the relation between safety and security of CPS? Safety and securityWe want must to protectbe taken into account to prevent misbehavior leadingPMCs to catastrophic from security consequences . attacks without In modern microprocessors the usage of Performance Monitor Counters (PMCs):compromising safety ✚ Helps to detect abnormal behavior ⁃ Introduces security vulnerability 31 Monitor CPS ARCHITECTURE The nodes Node 0 … Tasks Applications Node N K PMC Encryption E Services Service Service System Y Operating Operating Sensors & Actuators Performance Monitor Counters uProcessor 32 Monitor CPS ARCHITECTURE The nodes Node 0 … Safety Tasks tasks Applications Node N K PMC Encryption E Services Service Service System Y Operating Operating Sensors & Actuators Performance Monitor Counters uProcessor 33 SAFETY Safety Technique Safety mechanism 1) Off-line phase: PMCs profiling Safety is guaranteed through PMCs e.g. [31] Two PMCs are considered: • CCC (Clock Cycle Counter) → deadline check • DCM (L1 Data Cache Miss) → abnormal 2) On-line phase: PMCs monitoring behavior 34 SAFETY TECHNIQUE Detecting deadline misses Off-line phase: PMCs profiling • Profile each application to collect PMC values related to their execution time What is the probability the execution time of the application is lower than t? Cumulative Distribution Function (CDF) of the execution time of an application 35 SAFETY TECHNIQUE Detecting deadline misses Off-line phase: PMCs profiling • Profile each application to collect PMC values related to their execution time • Define 2 thresholds related to the CDF in order to decide when the execution of an application is safe or critical Cumulative Distribution Function (CDF) of the execution time of an application 36 SAFETY TECHNIQUE Detecting deadline misses W C Off-line phase: PMCs profiling TH TH CC • Profile each application to collect PMC CW values related to their execution time • Define 2 thresholds related to the CDF in order to decide when the execution of an application is safe or critical WarningThreshold - WTH Critical Threshold - CTH 푃 푋 > 푊푇퐻 < 퐶푊 → 퐹푋 푊푇퐻 > 1 − 퐶푊 Cumulative Distribution Function (CDF) 푃 푋 > 퐶푇퐻 < 퐶퐶 → 퐹푋 퐶푇퐻 > 1 − 퐶퐶 of the execution time of an application 37 SAFETY TECHNIQUE Detecting deadline misses On-line phase: PMCs monitoring CTH • Profile each application to collect PMC values related to their execution time • Define