No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Gateway to the Danger Zone: Secure and Authentic Remote Reset in Machine Safety
ResearchGate has not been able to resolve any citations for this publication.
Industrial Internet of Things (IIoT) gateways are affected by many cybersecurity threats, compromising their security and dependability. These gateways usually represent single points of failure on the IIoT infrastructure. When compromised, they can disrupt the entire system, including the security of the IIoT devices and the confidentiality and privacy of the data. This paper introduces a Secure IIoT Gateway Architecture that encompasses Trusted Execution Environment concepts and consolidated security algorithms to achieve a secure IIoT environment. Sensitive procedures of the IIoT, like device admission, bootstrapping, key management, authentication, and data exchange among operational technology (OT) and information technology (IT) are handled by the gateway inside the secure execution domain. The bootstrapping does not require devices to have any pre-stored secret or a pre-established secure channel to any trusted third party. Moreover, our architecture includes mechanisms for IIoT devices to safely interact with the Cloud without assuming the integrity of the gateways between them, enabling continuous verification of gateway integrity. A formal proof of the proposed solution security is provided. Finally, the security of the proposed architecture is discussed according to the specified requirements.
The inherent complexities of Industrial Internet of Things (IIoT) architecture make its security and privacy issues becoming critically challenging. Numerous surveys have been published to review IoT security issues and challenges. The studies gave a general overview of IIoT security threats or a detailed analysis that explicitly focuses on specific technologies. However, recent studies fail to analyze the gap between security requirements of these technologies and their deployed countermeasure in the industry recently. Whether recent industry countermeasure is still adequate to address the security challenges of IIoT environment are questionable. This article presents a comprehensive survey of IIoT security and provides insight into today's industry countermeasure, current research proposals and ongoing challenges. We classify IIoT technologies into the four-layer security architecture, examine the deployed countermeasure based on CIA+ security requirements, report the deficiencies of today's countermeasure, and highlight the remaining open issues and challenges. As no single solution can fix the entire IIoT ecosystem, IIoT security architecture with a higher abstraction level using the bottom-up approach is needed. Moving towards a data-centric approach that assures data protection whenever and wherever it goes could potentially solve the challenges of industry deployment.
Surveillance video recording is a powerful method of deterring unlawful activities. A robust data protection-by-design solution can be helpful in terms of making a captured video immutable, as such recordings cannot become a piece of evidence until proven to be unaltered. Similarly, video sharing from closed-circuit television video recording or in social media interaction requires self-authentication for responsible and reliable data sharing. This paper presents a computationally inexpensive method of preserving a chain-of-evidence in surveillance videos by means of hashing and steganography. The method conforms to the data protection regulations, which are increasingly adopted by governments, and is applicable to network edge storage. Encryption keys are stored in a hardware wallet independently of the video capture device itself, while evidential information is stored steganographically within video frames themselves, independently of the content. Added protection is provided by hiding information within the two least-valued of pixel bitplanes, using a newly introduced technique that randomizes the pixel storage locations on a per video frame and video-capture device basis. Overall, the proposed method has turned out to not only preserve the integrity of stored video data but also results in minimal degradation of the video data resulting from steganography. Despite the inclusion of hidden information, video frames will still be available for common image-processing tasks such as tracking and classification, as their objective video quality is almost unchanged.
Public key infrastructures (PKIs) are a cornerstone for the security of modern information systems. They also offer a wide range of security mechanisms to industrial automation and control systems (IACS) and can represent an important building block for concepts like zero trust architectures and defense in depth. Hence, the ISA/IEC 62443 series of standards addresses the PKI paradigm, but there is little practical guidance on how to actually apply it to an IACS. This paper analyzes ISA/IEC 62443 for explicit and implicit requirements regarding PKI deployment to provide a guideline for developing and operating a standard-conform PKI. For this purpose, the analyzed requirements and IACS-specific constraints are combined with current research and best practices. To assess its viability, a tangible PKI use case is implemented in a test environment. The evaluation of this use case shows that common IACS components are capable of supporting PKI, but that important features are missing. For instance, the handling of PKI turns out to be time-consuming and involves many manual operations, a potential factor to render large-scale operations impractical at this point in time.KeywordsPKIISA/IEC 62443IACSSecurity EngineeringZero Trust
We present an efficient key recovery attack on the Supersingular Isogeny Diffie–Hellman protocol (SIDH). The attack is based on Kani’s “reducibility criterion” for isogenies from products of elliptic curves and strongly relies on the torsion point images that Alice and Bob exchange during the protocol. If we assume knowledge of the endomorphism ring of the starting curve then the classical running time is polynomial in the input size (heuristically), apart from the factorization of a small number of integers that only depend on the system parameters. The attack is particularly fast and easy to implement if one of the parties uses 2-isogenies and the starting curve comes equipped with a non-scalar endomorphism of very small degree; this is the case for SIKE, the instantiation of SIDH that recently advanced to the fourth round of NIST’s standardization effort for post-quantum cryptography. Our Magma implementation breaks SIKEp434, which aims at security level 1, in about ten minutes on a single core.Keywordsisogeny-based cryptographySIDHelliptic curvesgenus 2 curves
This work introduces new key recovery attacks against the Rainbow signature scheme, which is one of the three finalist signature schemes still in the NIST Post-Quantum Cryptography standardization project. The new attacks outperform previously known attacks for all the parameter sets submitted to NIST and make a key-recovery practical for the SL 1 parameters. Concretely, given a Rainbow public key for the SL 1 parameters of the second-round submission, our attack returns the corresponding secret key after on average 53 h (one weekend) of computation time on a standard laptop.
Protecting safety-critical Cyber-Physical Systems (CPS) against security threats is becoming a growing necessity. Due to the high level of network integration, CPS pose new targets to remote code-reuse attacks, such as Return-Oriented Programming (ROP). An effective mechanism to detect code-reuse attacks is Control-Flow Integrity (CFI). However, because of the intrusiveness of most current CFI solutions, i.e., their requirement for program instrumentation and run-time interference, we cannot directly apply them to safety-critical CPS. To the best of our knowledge, there is no CFI solution designed for CPS; and more specifically, we are not aware of any solution that fully monitors the forward-edges and backward-edges of an application’s control-flow, while providing independence and freedom from interference guarantees. Hence, for the first time, we propose a safety certifiable, separation kernel-based partitioning architecture to integrate CFI monitoring in a safety-critical system to protect applications with real-time constraints. Our solution leverages ARM CoreSight to transparently enforce both forward-edge and backward-edge CFI for an application at run-time. Despite imposing a significant overhead on the overall system, our approach reliably protects the control-flow of the monitored application, while guaranteeing its real-time constraints. We evaluate our solution by analyzing its timing impact and discussing the resulting considerations for the integration and practical deployment in a safety-critical CPS.
Public key infrastructures (PKIs) build the foundation for secure communication of a vast majority of cloud services. In the recent past, there has been a series of security incidents leading to increasing concern regarding the trust model currently employed by PKIs. One of the key criticisms is the architecture's implicit assumption that certificate authorities (CAs) are trustworthy a priori.
This work proposes a holistic metric to compensate this assumption by a differentiating assessment of a CA's individual trustworthiness based on objective criteria. The metric utilizes a wide range of technical and non-technical factors derived from existing policies, technical guidelines, and research. It consists of self-contained submetrics allowing the simple extension of the existing set of criteria. The focus is thereby on aspects which can be assessed by employing practically applicable methods of independent data collection.
The metric is meant to help organizations, individuals, and service providers deciding which CAs to trust or distrust. For this, the modularized submetrics are clustered into coherent submetric groups covering a CA's different properties and responsibilities. By applying individually chosen weightings to these submetric groups, the metric's outcomes can be adapted to tailored protection requirements according to an exemplifying attacker model.
Cryptographic primitives do not remain secure, they deteriorate over time. On the one hand increasing computing power leads to more powerful attacks on their underlying mathematical problems. On the other hand quantum computing threatens to break many widely used cryptographic primitives. The main goal of cryptographic agility is to enable an easy transition to alternative cryptographic schemes. Considering the long lifetime of products within industrial automation, we argue that vendors should strive for cryptographic agility in their products. In this work we motivate cryptographic agility by discussing the threat of quantum computers to modern cryptography. Additionally, we introduce the reader to the concept of post-quantum cryptography. Ultimately, we demonstrate that cryptographic agility requires three elements: 1) cryptographic application programming interfaces, 2) secure update mechanisms and 3) documentation of cryptographic primitives. By providing practical concepts we show how to meet these requirements in software-based systems.
The Internet of Things (IoT) introduces many new challenges which cannot be solved using traditional cloud and host computing models. A new architecture known as fog computing is emerging to address these technological and security gaps. Traditional security paradigms focused on providing perimeter-based protections and client/server point to point protocols (e.g., Transport Layer Security (TLS)) are no longer the best choices for addressing new security challenges in fog computing end devices, where energy and computational resources are limited. In this paper, we present a lightweight secure streaming protocol for the fog computing "Fog Node-End Device" layer. This protocol is lightweight, connectionless, supports broadcast and multicast operations, and is able to provide data source authentication, data integrity, and confidentiality. The protocol is based on simple and energy efficient cryptographic methods, such as Hash Message Authentication Codes (HMAC) and symmetrical ciphers, and uses modified User Datagram Protocol (UDP) packets to embed authentication data into streaming data. Data redundancy could be added to improve reliability in lossy networks. The experimental results summarized in this paper confirm that the proposed method efficiently uses energy and computational resources and at the same time provides security properties on par with the Datagram TLS (DTLS) standard.
With the rapid increase in the demand for multimedia services, securing the delivery of multimedia content has become an important issue. Accordingly, the problem of multimedia stream authentication has received considerable attention by previous research and various solutions have been proposed. However, these solutions have not been rigorously analyzed and contrasted to each other, and thus their relative suitability for different streaming environments is not clear. This article presents comprehensive analysis and comparison among different schemes proposed in the literature to authenticate multimedia streams. Authentication schemes for nonscalable and scalable multimedia streams are analyzed. To conduct this analysis, we define five important performance metrics, which are computation cost, communication overhead, receiver buffer size, delay, and tolerance to packet losses. We derive analytic formulas for these metrics for all considered authentication schemes to numerically analyze their performance. In addition, we implement all schemes in a simulator to study and compare their performance in different environments. The parameters for the simulator are carefully chosen to mimic realistic settings. We draw several conclusions on the advantages and disadvantages of each scheme. We extend our analysis to authentication techniques for scalable streams. We pay careful attention to the flexibility of scalable streams and analyze its impacts on the authentication schemes. Our analysis and comparison reveal the merits and shortcomings of each scheme, provide guidelines on choosing the most appropriate scheme for a given multimedia streaming application, and could stimulate designing new authentication schemes or improving existing ones. For example, our detailed analysis has led us to design a new authentication scheme that combines the best features of two previous schemes.
We present a new efficient paradigm for signing digital streams. The problem of signing digital streams to prove their authenticity
is substantially different from the problem of signing regular messages. Traditional signature schemes are message oriented
and require the receiver to process the entire message before being able to authenticate its signature. However, a stream
is a potentially very long (or infinite) sequence of bits that the sender sends to the receiver and the receiver is required
to consumes the received bits at more or less the input rate and without excessive delay. Therefore it is infeasible for the
receiver to obtain the entire stream before authenticating and consuming it. Examples of streams include digitized video and
audio files, data feeds and applets. We present two solutions to the problem of authenticating digital streams. The first
one is for the case of a finite stream which is entirely known to the sender (say a movie). We use this constraint to devise
an extremely efficient solution. The second case is for a (potentially infinite) stream which is not known in advance to the
sender (for example a live broadcast). We present proofs of security of our constructions. Our techniques also have applications
in other areas, for example, efficient authentication of long files when communication is at a cost and signature based filtering
at a proxy server.
Recently the use of public key encryption to provide secure network communication has received considerable attention. Such public key systems are usually effective against passive eavesdroppers, who merely tap the lines and try to decipher the message. It has been pointed out, however, that an improperly designed protocol could be vulnerable to an active saboteur, one who may impersonate another user or alter the message being transmitted. Several models are formulated in which the security of protocols can be discussed precisely. Algorithms and characterizations that can be used to determine protocol security in these models are given.
The Transport Layer Security (TLS) Protocol Version 1.3. Request for Comments RFC 8446. Internet Engineering Task Force
- Eric Rescorla
KyberSlash: Introduction
- Daniel J Bernstein
Press Release: Companies Plan to Keep Remote Work Arrangements After Crisis
- Daniel Erdsiek
- Erdsiek Daniel
Directive 2006/42/EC of the European Parliament and of the Council of 17 May 2006 on machinery, and amending Directive 95/16/EC (recast) (Text with EEA relevance
- European Parliament
- Parliament European
The Security of WebRTC
IEC 61508-1 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 1: General requirements
- Iso
IEC 62061 Safety of machinery - Functional safety of safety-related control systems
- Iso
A Description of the ARIA Encryption Algorithm. RFC 5794
Pay per Part - Mit einem neuen Geschäftsmodell bezahlen Kunden nur die reine Maschinennutzung
- S E Trumpf Werkzeugmaschinen
- Co
- Kg