international society of automation isa bangalore’s...
Post on 27-May-2020
2 Views
Preview:
TRANSCRIPT
Standards
Certification
Education & Training
Publishing
Conferences & Exhibits
ISA Bangalore
Section
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 1
International Society of Automation
ISA Bangalore’s training program on:
IoT, IIoT, and Industrie 4.018-19 November, 2016Hotel Chancery Pavilion, Lavelle Road, Bengaluru
Security in IoT Network
Ms. Apala Ray,
Senior Scientist,
ABB Corporate Research,
Bangalore, India
Mail ID: apala.ray@in.abb.com
Tel: +91 9008588661
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 2
IoT, IIoT, and Industrie 4.0
Security in IoT NetworkApala Ray
Academic
- B. Tech. (ECE): West Bengal University of Technology
- M. Tech. (IT): Networking and Communication, IIIT, Bangalore
- Ph. D.: Security for Industrial Communication, Malardalen University, Sweden
(Pursuing)
Experience:
- ABB Corporate Research, Bangalore as researcher for 8+ years in Industrial Communication System
- 8+ years research and development experience in the area of communication and software in ABB Corporate Research
- Wireless solutions for industrial application:
- WirelessHART Integration and Performance Evaluation,
- ZigBee Energy Meter Gateway, 6LowPAN for Low Voltage Products,
- Tropos Wireless mesh integration with non-Wi-Fi
- Industrial Communication Networks security
- Initial Trust establishment in industrial communication network – Key management infrastructure
- Smart Grid Wireless Security – Intrusion Detection
- ABB Proprietary communication networks
Competency Areas:
- Communication protocol Understanding
- Wireless network Security (802.11, 802.15.4)
- Key Management – Trust Model in security
- Wireless network deployment and integration
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 3
IoT, IIoT, and Industrie 4.0
Security in IoT Network• Contents
• Introduction
• What is Industrial IoT
• How IoT will become prevalent in
coming years
• Cyber Security in Industrial
Automation
• What are the challenges specific to
IIoT Security
• Communication Architecture of
IIoT
• Heterogeneous
communication stack
• User centric view of IIoT
• Trust relationship between
actor
• Key aspects of IIoT security
• Functional Domain of IIoT
• Security Life cycle for IIoT
• Contents (Contd.)
• Overview of Industrial IoT security
• What are the sources of
heterogeneity in Industrial IoT
Security
• Threat and vulnerabilities in IIoT
• Security Focus Areas in IIoT
• Security functional Building
blocks
• Security Framework
• Device Security
• Communication protection
• A quick overview on
symmetric and asymmetric
cryptography
• Security Monitoring
• Conclusion
• Summary
• Future Research Challenges
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 4
IoT, IIoT, and Industrie 4.0
Security in IoT Network
Industrial IoTDefinition
Network of separate, uniquely
identifiable devices that
sometimes have the ability to
talk with each other, without
requiring “human to human” or
“human to computer interaction”
What is Industrial IoT?
• End-to-end digitization of all
physical assets and
integration into digital
ecosystems with value chain
partners
• Generating, analyzing and
communicating data
seamlessly
• Related terms: Industrial IoT,
Industry 4.0, ‘Industrial
Internet, Digital Factory
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 5
IoT, IIoT, and Industrie 4.0
Security in IoT Network
Examples of industrial IoT
Smart grid devices, Machine-to-machine communication, Industrial devices,
Factory automation, Automobile, Health care, etc.
Few aspects of IT-OT convergence
• Security evolution in IT and OT
• Regulatory requirements and standards in IT and OT
• Brownfield deployments in OT
• Cloud systems in IoT
Prevalence of IoT in Coming Years
* Source: Coursera Online Course
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 6
IoT, IIoT, and Industrie 4.0
Security in IoT Network
• Traditional Information
Security model focuses on
Confidentiality, Integrity,
Authentication
• In automation domain
Availability comes first
• The safety of personnel,
equipment, and the
environment is another
important aspects to
consider
• Any loopholes in the security
infrastructure may severely
impact the system and might
affect the safety of the plant
and its personnel.
Cyber Security in Industrial Automation
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 7
IoT, IIoT, and Industrie 4.0
Security in IoT Network
Attacks on Industrial segments
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 8
IoT, IIoT, and Industrie 4.0
Security in IoT Network
Communication architecture
• The key role of the connectivity
framework is to provide syntactic
interoperability among the
endpoints.
• Heterogeneous networks with
different communication
protocols
Key system characteristics
• Performance
• Resilience
• Security
• Scalability
• Interoperability
Challenges Specific to IIoT Security
Se
rve
rN
etw
ork
Devic
e
Physical Layer
Link Layer
Network Layer
Transport Layer
Framework
Data Management
….../ Energy & Utility/ Manufacturing/ Transportation/…
802.1/802.3
802.15.4/802.11
802.16
3GPP
IP
UDP TCP
MQTT
HTTP
CoAP
DDSI-RTPS
Web
ServiceDDS/ OPC
Source: Industrial IoT - Security Framework
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 9
IoT, IIoT, and Industrie 4.0
Security in IoT Network
User-centric view of IIoT
Roles involved in IIoT
• When an isolated system is
controlled by a single
owner/operators, there is only
one boundary with clear
security concerns.
• Each stakeholder might have
specific roles in securing IIoT
systems.
• There need to be trusted
assurance between all the
roles
Challenges Specific to IIoT Security
Component
Builder
System
Builder
Plant
Owner
Security
Assurance
Trust
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 10
IoT, IIoT, and Industrie 4.0
Security in IoT Network
Functional domain of IIoT
Key Aspects of IIoT Security
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 11
IoT, IIoT, and Industrie 4.0
Security in IoT Network
Key Aspects of IIoT Security
Security lifecycle in IIoT
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 12
IoT, IIoT, and Industrie 4.0
Security in IoT Network
Sources of Heterogeneity in IIoT
Supporting legacy devices
• Devices with large installation base run processes efficiently over times
• Not enough business motivation to replace those devices for not having
advanced state-of-the-art security support.
• Overall secure plant operation with those traditional devices also
Co-existence of wired and wireless protocols
• Ideal scenario: The end users will look for solutions which do not need
parallel infrastructures of wired and wireless solutions
• Inherent wireless properties with packet losses
Different computation capabilities
• Digital certificates and fixed key management infrastructures can be too
heavy-weight for computationally-insufficient devices.
• Surge of low-cost sensing devices - still there will be light-weight
computing devices for emerging applications
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 13
IoT, IIoT, and Industrie 4.0
Security in IoT Network
A High Level Threat and Vulnerabilities in IIOT
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 14
IoT, IIoT, and Industrie 4.0
Security in IoT Network
Security Focus Areas in IIoT
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 15
IoT, IIoT, and Industrie 4.0
Security in IoT Network
Security Functional Building Blocks
IIoTSecurity
Framework
Device Security
CommSecurity
Security Monitoring & Analysis
Security Config &
Mgmt
Data Protection
• Secure Logging
• Signature/Anomaly
based analysis
• Forensic analysis
• Physical Security
• Secure Identity
• Secure Access
Control
• Security Management
• Secure Operation
Management
• Physical Security of
connection
• Cryptographic protection
• Information flow protection
• Protect Data-in-rest,
Data-in-use and Data-
in-motion
Source: Industrial IoT - Security Framework
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 16
IoT, IIoT, and Industrie 4.0
Security in IoT Network
Device Security• Physical Security
• Access control –
Authentication and
authorization
• Secure identity
• Hardware security
• Trusted platform -
HSM/TPM/TEE
• Firmware security
• Secure boot
• Root of trust - Attestation,
software tagging
• Application security
• Secure programming
interface
• Mutual authentication
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 17
IoT, IIoT, and Industrie 4.0
Security in IoT Network
Device security
• Protection of data
• Integrity Protection
• Data-at-rest
• Data-in-use
• Data-in-motion
• Monitoring and Analysis
• Secure Logging
• Device level intrusion
detection
• Security Policies
• Effect on performance –
Battery Life
• Brownfield deployment – Use
of Gateway
Security Framework of Industrial IoT
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 18
IoT, IIoT, and Industrie 4.0
Security in IoT Network
Device security
• Configuration and
management
• Commissioning phase
• Operational phase
• Maintenance phase
• Manage security
parameters
Component Builder Third Party
Industrial Plant
Device Manufacturer Commissioning Engineer
Operators Maintenance Engineer
Security Framework of Industrial IoT
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 19
IoT, IIoT, and Industrie 4.0
Security in IoT Network
Communication security
• Data security
• Integrity – Tampering
protection
• Confidentiality - Privacy
• Flow security
• Network topology
• End-to-end protection
• Cryptography
• Protect communication by
providing authentication and
authorization of the
communicating parties
• Securing the integrity and/or
confidentiality of a message
• Symmetric and asymmetric
key cryptography
Security Framework of Industrial IoT
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 20
IoT, IIoT, and Industrie 4.0
Security in IoT Network
----------
----------
----------
----------
----------
Security Management Component
Manages key used for
communication
1. Secured Channel
2. Secured Channel
3. Secured Channel
3. Secured Channel
Symmetric Key Based Key Distribution
A quick overview
Device B
Device A
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 21
IoT, IIoT, and Industrie 4.0
Security in IoT Network
Asymmetric Key Based Key Distribution
A quick overview
----------
----------
----------
----------
----------
Security Management Component
1. Secured Channel
2. Secured Channel
3. Trusted Channel
Device B
Device A
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 22
IoT, IIoT, and Industrie 4.0
Security in IoT Network
Communication security
• Physical security of connection
• Network access control
• Network segmentation
• Monitoring and Analysis
• Secure Logging
• Filtering technologies
• Network level intrusion detection
• Security policies
• Brownfield deployment – Use of
gateway
• Configuration and management
• Operational phase – Security
assurance
Security Framework of Industrial
IoT
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 23
IoT, IIoT, and Industrie 4.0
Security in IoT Network
Security monitoring
• Incident prevent, detection,
analysis and response
• Data collection and logging
• Security monitoring and
analytics
• Anomaly based
• Signature based
• Security policy
• Brownfield consideration
• Configuration and
management
• Software patch and update
• Identity management
Security Framework of Industrial
IoT
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 24
IoT, IIoT, and Industrie 4.0
Security in IoT NetworkConclusion
Research Challenges
Trust Management
Trade off Performance and Security
Usable Secure
Solutions
Key Management
Mobile Workforce
Human Factors
• Finding an optimal trust model
• The knowledge from operational
phase
• Implications of the trade-offs to
be made keeping usability
aspects in mind.
• Standardized key management
solutions for heterogeneous
industrial networks.
• Manage small mobile handheld
devices with better tracking and
recovery for those devices.
• Security Monitoring – Fear
factors for human workforce
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 25
IoT, IIoT, and Industrie 4.0
Security in IoT Network
References
• Gartner, Hyper Cycles Research. 2014. http://www.gartner.com/
technology/research/hype-cycles.
• Industrial Internet Reference Architecture, Industrial Internet Consortium,
https://www.iiconsortium.org/
• Industrial Internet of Things Volume G4: Security Framework, Industrial Internet
Consortium, https://www.iiconsortium.org/
• IoT security needs scalable solutions, https://techcrunch.com/2016/03/01/iot-
security-needs-scalable-solutions/
• Interim Industrial Security, Icon Labs Firewalls Grandpa Equipment,
http://eejournal.com/archives/articles/20160919-floodgatedefender/
• 4 Security Challenges Facing IoT Devices, https://raed.it/blog/4-security-
challenges-facing-iot-devices/
• These Are The Weakest Points in Your IoT Security,
http://www.iotcentral.io/blog/these-are-the-weakest-points-in-your-iot-security
• Gartner’s Top 10 Security Predictions2016,
http://www.gartner.com/smarterwithgartner/top-10-security-predictions-2016/
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 26
IoT, IIoT, and Industrie 4.0
Security in IoT Network
ABB: the pioneering technology leader
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 27
IoT, IIoT, and Industrie 4.0
Security in IoT Network
ABB technology
All around us
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 28
IoT, IIoT, and Industrie 4.0
Security in IoT Network
What does it take to win in digital?
Mastering the control room
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 29
IoT, IIoT, and Industrie 4.0
Security in IoT Network
Today: ABB –a “hidden” digital champion
Large, global software and digital offering
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 30
IoT, IIoT, and Industrie 4.0
Security in IoT Network
Quantum leap in digital: ABB AbilityTM
Creating one common offering for digital end-to-end solutions
ISA
TR
NG
/2014.0
4.2
5-2
6/S
lide N
o. 31
IoT, IIoT, and Industrie 4.0
Security in IoT Network
………… Apala Ray
top related