Industrial systems need security ICs--Page 3.
Digital signature. These techniques are used to authenticate messages, orders, or pieces of software. Consider two examples for an ICS:
- In a SCADA system you want to trust information coming from a field sensor. You need to know that it comes from the actual sensor in its physical location, that it is not forged information sent by an attacker to disturb the system. When sent information is digitally signed by the sensor or sensor module, the receiving remote terminal unit (RTU) can verify that the message comes from a genuine and authorized sensor (See Figure 2). This procedure also works in the other direction, i.e. with a descending order to an actuator signed by its originator. The same approach can be taken for communication among the RTU, PLCs, and the master SCADA system.
Figure 2. A digital signature is applied to a sensor reading.
- Digital signatures also allow a system to check that a software package or software update comes from a trusted source. If we again use the Stuxnet example, malicious code was injected into PLCs and driving motors at an unexpected speed. This then caused the PLCs to run a wrong manufacturing process.3 If, however, all software and software updates are digitally signed before being downloaded to the PLC, then the PLC can verify that the software is genuine before starting its execution.
This same digital-signature principle can protect a system against hardware configuration modifications. For example, attackers might modify sensor calibration data. Then the wrongly configured sensors would send erroneous information to their master systems, again disturbing the industrial processes. Particularly vulnerable to this attack are large-scale systems spread over a wide geographical area like fluids distribution, for example, in which one cannot secured physical access to every sensor location. A digital-signature process solves this issue. Now when sending measurement information to a master, the sensor or sensor module can also send along its “signed” calibration data. Alternatively, the master can poll the sensors on a regular basis by sending a challenge and expecting a signed response, which includes a digest of the calibration or configuration data.
A digital signature can also be used to authenticate hardware. This is useful, for example, when an RTU is connected to a SCADA network. Clearly, one would not want to have unknown (i.e., unauthenticated) hardware receiving and sending critical information but rather only genuine hardware used to build a critical ICS. Here is where a digital signature authenticates hardware and creates trust.
is also a useful, widely used technique to protect against the disclosure of information. Manufacturing recipes are often precious assets as they can contain all know-how needed to manufacture products. By monitoring data from sensors or parameters of actuators, one could gain valuable information about a manufacturing process or even individual personal data. There are, for example, many publications about attackers getting to know users’ behavior by tracking their electricity consumption through the smart grid. Data encryption over ICS networks would prevent such disclosure and would be applied as in a classic IT infrastructure.
Why Security ICs to Support Cryptography?
So far we discussed some applications of cryptography for ICS security. Cryptography is often implemented in software, so why would one use security ICs in an ICS? There are several reasons to do so, especially because security ICs actually offer several specific benefits: secure storage of keys; protection against key disclosure through side-channel attacks; simple implementation of bug-free cryptography; accelerated computation; the quality of random numbers; and trusted software through a secure boot.
Secure Storage of Keys
One concept is so important that we cannot overstate it: any security implementation must
use standard crypto algorithms, e.g., AES, Triple DES for symmetric crypto, RSA, ECDSA for public key cryptography. And thus within these crypto systems, the most valuable assets are the keys
. When cryptography is implemented in software on a standard processor, cryptographic keys are stored in the general-purpose system memory and, thus, can be easily retrieved through malware, a debug port (JTAG), or a physical attack. Security ICs dramatically reduce these vulnerabilities.
Secure microcontrollers integrate logical protection. Secure boot and the microcontroller’s Memory Management Unit protect against malware injection. The JTAG port can be disabled.
Security ICs integrate countermeasures such as metal shield, environmental sensors, and external mesh sensors against physical tampering. Moreover, their internal or external memory can be encrypted as well. The highest level of protection would be automatic destruction of keys if tampering is detected.
Protection Against Key Disclosure from Side-Channel Attacks
The power consumption of a microcontroller obviously depends on its activity. By monitoring the power consumption during crypto computation activity, one can retrieve the cryptographic keys. Other side-channel attacks are based on Electromagnetic emission (EMA).
The most advanced security ICs implement countermeasures against side-channel attacks, making it impossible to retrieve keys through those side channels.
Implementation of Trusted, Bug-Free Cryptography
A common weakness found in systems implementing cryptography is a partial or “bogus” implementation of the algorithm. A faulty algorithm makes the ICS vulnerable and can lead to successful attacks a few months after the product is released. By using a security IC from the outset of system design, however, an ICS designer can be assured that the implementation of algorithms is bug free.
That level of assurance can be further increased thanks to third-party evaluation or certification for a given standard.
In ICSs, response time
is often critical. For instance, one may expect a sensor’s measurement to be sent to the RTU of a SCADA main controller within a given delay. With their hardware cryptography engines built-in, security ICs offer better performance than software solutions. Moreover, our sensor’s measurement can be digitally “signed” before it is sent, even if the sensor controller itself has limited computing performance. Security ICs can also offload an application processor if the latter has limited computing resources.
In the tiniest, most constrained systems like sensor modules, the computing capability (typically an 8-bit microcontroller) to run a sophisticated math operation might not exist. In these situations, adding a secure IC is often the only option to bring computing power for cryptography without redesigning the system.
Secure microcontrollers can even add a full security solution such as handling complete security protocols such as TLS/SSL.