Data-centric security provides an in-depth defense layer essential to making the new world of connected industrial things safe.
There is a great deal of excitement surrounding the Industrial Internet of Things (IIoT), which some feel is ushering in the next leap in productivity. Unfortunately hackers, criminal organizations, and terrorists are equally excited about the prospects of a ubiquitous Industrial Internet.
Even a single attack on the US power grid could cost as much as $250 billion, according to Lloyds Insurance, so security must be baked into the IIoT. However, that’s not enough. Engineers must integrate secure, hardened Industrial Internet applications with existing unsecured systems.
Traditional approaches to security lock down the pipes through which the data is passed. This connectivity model is popular in online services like banking and travel booking. This approach is not a good fit for emerging IIoT connectivity deployments where applications dynamically establish connectivity links in real time with other applications or systems they may not know about beforehand.
For example, autonomous vehicles need to share their position and trajectory data with each other, while coordinating with external traffic control, monitoring, or route optimization systems. These scenarios call for peer-to-peer architectures, where each application should be granted task-specific roles and minimal read/write permissions to perform their function.
In this case it is the data itself that requires protection via authenticated encryption, ideally using different keys for each data stream. Then the data streams created by each vehicle can separate data on vehicle’s position, its intended destination, internal health data, and so on. Each of these streams can be encrypted separately and accessed by different trusted peers.
Each application in this model has better control over its data by sharing only the cryptographic keys with those authorized to observe or access the data. With this approach, data can be both stored and relayed in encrypted form. There is no need to trust additional infrastructure servers, brokers, or middle boxes. This approach also significantly reduces the attack surface and limits the impact of any security incidents if and when they do occur.
Data-centric security has other important performance benefits as well. If data from a single data stream (for example, the position of the autonomous car) is shared with multiple consumers, it can be encrypted only once, as long as the same key has been shared with all the authorized consumers. This saves a lot of CPU processing. If available, the data can also be sent via multicast, saving bandwidth.
You can implement data-centric security yourself: start with a good data-centric security model that identifies the subjects, protected objects, protected operations, and access control rules. Tie the security model to a series of policy decision points, message-exchange, and data-encoding/decoding transformations that enforce the policies, authenticate the subjects, and protect the data. Use well-established cryptographic building blocks, such as public-key cryptography, Diffie-Hellman key establishment, the Advanced Encryption Standard, and HMAC for message authentication.
Alternatively, you can use an IIoT connectivity standard such as the OMG Data Distribution Service (DDS) Security standard. A benefit of DDS Security is that if the system is already using DDS for publish-subscribe, securing it only requires a configuration change to provide the proper certificates and permissions. The applications do not need to change at all. This makes creating a secure system as technically straightforward as is could possibly be.
--Dr. Gerardo Pardo-Castellote is CTO at RTI and the main author of the OMG Data Distribution Service Standard (DDS), the OMG Real-Time Publish Subscribe (RTPS) Protocol standard, the DDS Security Standard, and many of the other DDS-related standards.