Alexander Giehl’s research while affiliated with Technical University of Munich and other places

Public key infrastructures (PKIs) are a cornerstone for the security of modern information systems. They also offer a wide range of security mechanisms to industrial automation and control systems (IACS) and can represent an important building block for concepts like zero trust architectures and defense in depth. Hence, the ISA/IEC 62443 series of standards addresses the PKI paradigm, but there is little practical guidance on how to actually apply it to an IACS. This paper analyzes ISA/IEC 62443 for explicit and implicit requirements regarding PKI deployment to provide a guideline for developing and operating a standard-conform PKI. For this purpose, the analyzed requirements and IACS-specific constraints are combined with current research and best practices. To assess its viability, a tangible PKI use case is implemented in a test environment. The evaluation of this use case shows that common IACS components are capable of supporting PKI, but that important features are missing. For instance, the handling of PKI turns out to be time-consuming and involves many manual operations, a potential factor to render large-scale operations impractical at this point in time.KeywordsPKIISA/IEC 62443IACSSecurity EngineeringZero Trust

Big data continues to grow in the manufacturing domain due to increasing interconnectivity on the shop floor in the course of the fourth industrial revolution. The optimization of machines based on either real-time or historical machine data provides benefits to both machine producers and operators. In order to be able to make use of these opportunities, it is necessary to access the machine data, which can include sensitive information such as intellectual property. Employing the use case of machine tools, this paper presents a solution enabling industrial data sharing and cloud collaboration while protecting sensitive information. It employs the edge computing paradigm to apply differential privacy to machine data in order to protect sensitive information and simultaneously allow machine producers to perform the necessary calculations and analyses using this data.

With the growing availability and prevalence of internet-capable devices, the complexity of networks and associated connection management increases. Depending on the use case, different approaches in handling connectivity have emerged over the years, tackling diverse challenges in each distinct area. Exposing centralized web-services facilitates reachability; distributing information in a peer-to-peer fashion offers availability; and segregating virtual private sub-networks promotes confidentiality. A common challenge herein lies in connection establishment, particularly in discovering, and securely connecting to peers. However, unifying different aspects, including the usability, scalability, and security of this process in a single framework, remains a challenge. In this paper, we present the Stream Exchange Protocol (SEP) collection, which provides a set of building blocks for secure, lightweight, and decentralized connection establishment. These building blocks use unique identities that enable both the identification and authentication of single communication partners. By utilizing federated directories as decentralized databases, peers are able to reliably share authentic data, such as current network locations and available endpoints. Overall, this collection of building blocks is universally applicable, easy to use, and protected by state-of-the-art security mechanisms by design. We demonstrate the capabilities and versatility of the SEP collection by providing three tools that utilize our building blocks: a decentralized file sharing application, a point-to-point network tunnel using the SEP trust model, and an application that utilizes our decentralized discovery mechanism for authentic and asynchronous data distribution.

Public key infrastructures (PKIs) build the foundation for secure communication of a vast majority of cloud services. In the recent past, there has been a series of security incidents leading to increasing concern regarding the trust model currently employed by PKIs. One of the key criticisms is the architecture's implicit assumption that certificate authorities (CAs) are trustworthy a priori. This work proposes a holistic metric to compensate this assumption by a differentiating assessment of a CA's individual trustworthiness based on objective criteria. The metric utilizes a wide range of technical and non-technical factors derived from existing policies, technical guidelines, and research. It consists of self-contained submetrics allowing the simple extension of the existing set of criteria. The focus is thereby on aspects which can be assessed by employing practically applicable methods of independent data collection. The metric is meant to help organizations, individuals, and service providers deciding which CAs to trust or distrust. For this, the modularized submetrics are clustered into coherent submetric groups covering a CA's different properties and responsibilities. By applying individually chosen weightings to these submetric groups, the metric's outcomes can be adapted to tailored protection requirements according to an exemplifying attacker model.

Recent trends in manufacturing and industry accelerate the interconnection of industrial control systems between each other and over public networks. This brings an increase of cyber attack impact with it as the number of potential targets rises and the consequences of the attacks gain in severity. In order to build secure manufacturing systems, it is paramount to measure the possible impact of cyber attacks. This is required to evaluate security controls towards their effectiveness in attack scenarios. In this work, a proposal for an impact assessment framework in manufacturing is given. A suitable attacker model for execution of the attacks is provided. An evaluation metric for quantifying attack impact on manufacturing systems is developed. A light-weight modeling technique is presented and used to study the impact of cyber attacks on a cellular assembly setup. Different attack scenarios are implemented and simulated within the framework. The simulations provide detailed insight and illustrate attack impact.

With the rise of advanced persistent threats to cyber-physical facilities, new methods for anomaly detection are required. However, research on anomaly detection systems for industrial networks suffers from the lack of suitable training data to verify the methods at early stages. This paper presents a framework and workflow to generate meaningful training and test data for anomaly detection systems in industrial settings. Using process-model based simulations data can be generated on a large scale. We evaluate the data in regard to its usability for state-of-the-art anomaly detection systems. With adequate simulation configurations, it is even possible to simulate a sensor manipulation attack on the model and to derive labeled data.