Implementation and Evaluation of Secure Industrial Ethernet Communication Master of Science Thesis, Communication Engineering KAN YU Department of Signals and Systems CHALMERS UNIVERSITY OF TECHNOLOGY Göteborg, Sweden, August 2010 Page 2/88 Abstract Automation network security becomes increasingly important due to the introduction of Ethernet- based fieldbus protocols and cryptographic algorithms play a vital important role in these protocols. Choosing the most suitable cryptographic algorithms under consideration of security and performance according to different application cases is essential. In this thesis, we first present a comprehensive survey of most commonly used cryptographic algorithms which can be applied in automation networks and then identify our candidates based on existing literature and related works for further evaluation in ARM platform for industrial purpose. Finally, according to our evaluation results, we choose suitable algorithms for different applications: for symmetric algorithms, Twofish is recommended for best performance and eXtended Tiny Encryption Algorithm (XTEA) and Corrected Block Tiny Encryption Algorithm (XXTEA) are recommended for the least footprint; for Message Authentication Code (MAC) algorithms, UMAC is strongly recommended for excellent speed; for asymmetric algorithms, Elliptic Curve Cryptography (ECC) has much better performance than RSA at the same security level in our platform. Page 3/88 TABLE OF CONTENTS 1 INTRODUCTION ................................................................................................................................... 5 1.1 AUTOMATION NETWORK SECURITY ..................................................................................................... 5 1.2 RESEARCH PROBLEM ........................................................................................................................ 6 1.3 RESEARCH APPROACH ...................................................................................................................... 6 1.4 THESIS CONTRIBUTIONS .................................................................................................................... 7 1.5 THESIS OUTLINE ............................................................................................................................... 7 2 SECURITY AND NETWORK SECURITY .............................................................................................. 9 2.1 SECURITY ......................................................................................................................................... 9 2.2 OBJECTIVES ..................................................................................................................................... 9 2.3 SECURITY ATTACK .......................................................................................................................... 10 2.4 CRYPTOGRAPHY ............................................................................................................................. 12 2.4.1 Basic Concept ........................................................................................................................ 13 2.4.2 Symmetric Encryption ............................................................................................................ 15 2.4.3 Asymmetric Encryption ........................................................................................................... 16 2.4.4 Hash and MAC Algorithms ..................................................................................................... 18 2.4.5 Cryptanalytic attacks .............................................................................................................. 19 2.5 COMMUNICATION AND NETWORK SECURITY ....................................................................................... 20 2.5.1 Kerberos ................................................................................................................................ 20 2.5.2 SSL/TLS ................................................................................................................................ 21 2.5.3 IPSec ..................................................................................................................................... 22 2.5.4 Virtual Private Networks ......................................................................................................... 23 3 SURVEY OF CRYPTOGRAPHIC ALGORITHMS ................................................................................ 24 3.1 SYMMETRIC ALGORITHMS ................................................................................................................ 24 3.1.1 Introduction ............................................................................................................................ 24 3.1.2 Security and Performance Analysis ........................................................................................ 27 3.1.3 Candidates ............................................................................................................................ 33 3.2 MAC ALGORITHMS .......................................................................................................................... 34 3.2.1 Introduction ............................................................................................................................ 34 3.2.2 Security and Performance Analysis ........................................................................................ 38 3.2.3 Candidates ............................................................................................................................ 44 3.3 ASYMMETRIC ALGORITHMS .............................................................................................................. 45 3.3.1 Introduction ............................................................................................................................ 45 3.3.2 Security and Performance Analysis ........................................................................................ 47 3.3.3 Candidates ............................................................................................................................ 52 4 BENCHMARKING ON ARM PLATFORM ............................................................................................ 53 4.1 INTRODUCTION TO ARM PLATFORM .................................................................................................. 53 4.2 METHODOLOGY AND CONSIDERATION ............................................................................................... 54 4.2.1 Implementation Tools and Settings ......................................................................................... 54 4.2.2 Implementation Sources ......................................................................................................... 54 4.2.3 Cipher Parameters ................................................................................................................. 56 4.2.4 Methods for Measurement...................................................................................................... 57 5 RESULTS AND ANALYSIS ................................................................................................................. 60 5.1 SYMMETRIC ALGORITHMS ................................................................................................................ 60 5.1.1 Memory.................................................................................................................................. 60 Page 4/88 5.1.2 Performance .......................................................................................................................... 61 5.1.3 Analysis and Conclusion ........................................................................................................ 66 5.2 MAC ALGORITHMS .......................................................................................................................... 68 5.2.1 Memory.................................................................................................................................. 68 5.2.2 Performance .......................................................................................................................... 70 5.2.3 Analysis and Conclusion ........................................................................................................ 72 5.3 ASYMMETRIC ALGORITHMS .............................................................................................................. 73 5.3.1 Memory.................................................................................................................................. 73 5.3.2 Performance .......................................................................................................................... 74 5.3.3 Analysis and Conclusion ........................................................................................................ 76 6 CONCLUSION AND FUTURE WORK ................................................................................................. 78 6.1 SUMMARY AND CONCLUSION ............................................................................................................ 78 6.2 FUTURE WORK ............................................................................................................................... 79 7 REFERENCES ...................................................................................................................................