Industrial systems need security ICs--Page 4.
Quality of Random Numbers
A common attack method against systems supposedly protected by cryptography is the so-called replay attack.
The replay concept is fairly simple: an attacker records an encrypted or signed message (even though the attacker cannot decrypt it or understand it) and sends the recorded message a moment later. Our example of a digitally signed sensor measurement illustrates the problem here. Assume for the moment that water pressure in a remote pipe is normal. The sensor reports normal pressure in the water pipe and sends this message to the SCADA main controller.
The attacker records this message. When the sensor later detects an abnormal pressure, the attacker now intervenes. The attacker replays the message recorded earlier and misleads the controller into believing that the system is in standard operating mode. Given what we know in our example situation, however, one would expect the SCADA system to report an alarm. The standard protection against such a replay attack is to introduce a random number into the transaction, and so prevents the re-use (replay) of a previous transaction. Not all random number generators are of equal quality. There have been cases when a secret key has been retrieved in systems relying on poor-quality random number generators. This is the worst situation that one can envision. Now, the cryptography becomes useless.4
How does this happen? In a standard microcontroller the randomness of the number generated is not guaranteed. Compare this with security ICs, where the random number generator is designed meet challenging criteria in terms of entropy and also tested against standardized methods.
Trusted Software Through Secure Boot
Unfortunately Stuxnet is a brilliant demonstration of the importance of this topic. Systems operators and designers must ensure that all equipment upon which a SCADA or DCS system is built runs a well-identified, genuine piece of software. Secure boot and secure updates management are the way to protect a device from malware or untrusted software injection. Secure boot and secure update management are implemented in the newest state-of-the-art secure microcontrollers.
Security ICs Are Today’s Ultimate Protection Devices
Today’s security ICs integrate several functions designed to ensure the security of an ICS or any critical system 24/7.
today enable crypto-strong authentication, or rejection, of a subsystem to and from its master system. Employing the SHA-2 authentication protocol, they can authenticate the I/O expansion modules of a PLC. They can securely store and digitally sign the configuration and calibration data from a sensor module, thereby preventing it from being replaced by a fake device or having its key parameters changed by an attacker.
Security managers securely store secret keys. This IC also can trigger a key destruction when a tamper is detected. A ecurity manager also supports AES authentication and encryption. Security Managers can be added to an existing microcontroller, which avoids porting software from a previous design.
Secure microcontrollers provide secure key storage, implement secure boot, enable software logical protection, and offer the most flexibility for implementing cryptography up to protocol levels such as PKCS#11. They also support network protocols and offload the main system processor from cryptographic operations. Devices are already providing this full range services in smart meters. The new ARM926-based microcontroller with Linux® BSP, for example, is a single-chip solution for secure communication devices like gateways.
We have said a lot and perhaps you now question, “So are we protected against cyber attacks because we are using security ICSs?” The answer is not a simple, “yes.” Full system security requires a thorough identification of assets to be protected and an in-depth analysis of threats prior to any solution deployment. Then effective security depends to a great extent on implementation of a number of cryptographic measures, which bridge software and hardware. Nonetheless, after a rigorous analysis security ICs definitely elevate the protection for ICSs to the highest level.
1 Scarfone, Karen, Jansen, Wayne, and Tracy, Miles, NIST Special Publication 800-123, Guide to General Server Security, July 2008, at http://csrc.nist.gov/publications/nistpubs/800-123/SP800-123.pdf .
3 Symantec report about Stuxnet at http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf
4 For a discussion of DSA requirements for random k value, see Lawson, Nate, “DSA requirements for random k value,” root labs rdist, November 10, 2010, at http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/ .
Linux is a registered trademark of Linus Torvalds.
Microsoft is a registered trademark and registered service mark of Microsoft Corporation.
Windows is a registered trademark and registered service mark of Microsoft Corporation.
About the Author
Christophe Tremlet is a Security Segment Manager at Maxim Integrated in La Ciotat, France. He spent 13 years at STMicroelectronics’ smart card division—10 years as a product engineer and product engineering manager, and three years as an application manager. After this, he joined Innova Card, where he was the Chief Technology Officer for two years, until Innova Card was acquired by Maxim Integrated Products. He holds a Master’s Degree in Electrical Engineering from INSA Lyon, France.