Norbert Wiedermann’s research while affiliated with Fraunhofer Institute for Applied and Integrated Security and other places

Public key infrastructures (PKIs) build the foundation for secure communication of a vast majority of cloud services. In the recent past, there has been a series of security incidents leading to increasing concern regarding the trust model currently employed by PKIs. One of the key criticisms is the architecture's implicit assumption that certificate authorities (CAs) are trustworthy a priori. This work proposes a holistic metric to compensate this assumption by a differentiating assessment of a CA's individual trustworthiness based on objective criteria. The metric utilizes a wide range of technical and non-technical factors derived from existing policies, technical guidelines, and research. It consists of self-contained submetrics allowing the simple extension of the existing set of criteria. The focus is thereby on aspects which can be assessed by employing practically applicable methods of independent data collection. The metric is meant to help organizations, individuals, and service providers deciding which CAs to trust or distrust. For this, the modularized submetrics are clustered into coherent submetric groups covering a CA's different properties and responsibilities. By applying individually chosen weightings to these submetric groups, the metric's outcomes can be adapted to tailored protection requirements according to an exemplifying attacker model.

Recent trends in manufacturing and industry accelerate the interconnection of industrial control systems between each other and over public networks. This brings an increase of cyber attack impact with it as the number of potential targets rises and the consequences of the attacks gain in severity. In order to build secure manufacturing systems, it is paramount to measure the possible impact of cyber attacks. This is required to evaluate security controls towards their effectiveness in attack scenarios. In this work, a proposal for an impact assessment framework in manufacturing is given. A suitable attacker model for execution of the attacks is provided. An evaluation metric for quantifying attack impact on manufacturing systems is developed. A light-weight modeling technique is presented and used to study the impact of cyber attacks on a cellular assembly setup. Different attack scenarios are implemented and simulated within the framework. The simulations provide detailed insight and illustrate attack impact.

The next industrial revolution is said to be paved by the use of novel Internet of Things (IoT) technology. One important aspect of the modern IoT infrastructures is decentralised communication, often called Peer-to-Peer (P2P). In the context of industrial communication, P2P contributes to resilience and improved stability for industrial components. Current industrial facilities, however, still rely on centralised networking schemes which are considered to be mandatory to comply with security standards. In order to succeed, introduced industrial P2P technology must maintain the current level of protection and also consider possible new threats. The presented work starts with a short analysis of well-established industrial communication infrastructures and how these could benefit from decentralised structures. Subsequently, previously undefined Information Technology (IT) security requirements are derived from the new cloud based decentralised industrial automation model architecture presented in this paper. To meet those requirements, state-of-the-art communication schemes and their open source implementations are presented and assessed for their usability in the context of industrial IoT. Finally, derived building blocks for industrial IoT P2P security are presented which are qualified to comply with the stated industrial IoT security requirements.

Reliable authentication of entities is the baseline for secure communications infrastructures and services. While traditional password authentication is still widely deployed, while alternatives based on asymmetric cryptography are also available and provide an increased level of security. On the client-side, however, secret keys are often unprotected. Although constantly updated workstations are considered to be trusted environments, security breaches such as Spectre or Meltdown raised doubts in platform integrity. The presented work introduces realistic attack vectors which can be employed to extract cryptographic keys from workstations. Consequently, Hardware Security Modules (HSMs) are introduced which provide secure storage as well as secure utilisation of private cryptographic keys. Due to the huge amount of possible application scenarios, the paper focuses on an application scenario based on the widely used Secure Shell (SSH) protocol. Demonstrating that an improved level of security is not necessarily directly linked to costs, a rough summary of interesting Commercial off the Shelf (COTS) devices is provided.

Customer-individual production in manufacturing is a current trend related to the Industrie 4.0 paradigm. Creation of design files by the customers is becoming more frequent. These design files are typically generated outside the company boundaries and then transferred to the organization where they are eventually processed and scheduled for production. From a security perspective, this introduces new attack vectors targeting producing companies. Design files with malicious configuration parameters can threaten the availability of the manufacturing plant resulting in financial risks and can even cause harm to humans. Human verification of design files is error-prone why an automated solution is required. A graph-theoretic modeling framework for machine tools capable of verifying the security of product designs is proposed. This framework is used to model an exemplary production process implemented in a wood processing plant based on the experiences of a real-world case study. Simulation of the modeled scenario shows the feasibility of the framework. Apart from security verification, the approach can be adopted to decide if a product design can be manufactured with a given set of machine tools.

Smart Grids are characterized by a high level of interconnectedness and interdependency between their sub-components. As this increases the surface for potential cyber attacks, the control system communication needs to be protected. IEC 61850 is about to become the most prevalent communication standard in the process related parts of Smart Grid control systems, but it was not designed with security in mind. IEC 62351 extends IEC 61850 by comprehensive security measures. By analyzing the IEC 61850 and IEC 62351 specifications, three novel weaknesses in the IEC 62351 standard were discovered which will be presented in this paper. Two weaknesses allow for replay of GOOSE and Sampled Values messages and one weakness in the protocol used for time exchange (SNTP) leaves the system vulnerable to a variety of attacks.

Incomplete information about connectivity and functionality of elements of networked control systems is a challenging issue in applying model-based security analysis in practice. This issue can be addressed by modelling techniques providing inherent mechanisms to describe incomplete information. We present and exemplary demonstrate a new, ontology-based method to adaptively model and analyse networked control systems froma security perspective.Ourmethod allowsmodelling different parts of the systemwith different levels of detail. We include a formalism to handle incomplete information by applying iterative extension and iterative refinement of the model where necessary. By usingmachine-based reasoning on an ontologymodel of the system, security-relevant information is deduced. During this process, non-obvious attack vectors are identified using a structural analysis of the model and by connecting the model to vulnerability information.