cyber-physicalproductionsystems & security edgar … weippl, sba... · 09.05.17 9 examples...
TRANSCRIPT
![Page 1: CYBER-PHYSICALPRODUCTIONSYSTEMS & SECURITY Edgar … Weippl, SBA... · 09.05.17 9 Examples –BMW “Furthermore, after dumping and inspecting the firmware of the modem in the device,](https://reader033.vdocuments.us/reader033/viewer/2022060221/5f0761c27e708231d41cb476/html5/thumbnails/1.jpg)
09.05.17
1
CYBER-PHYSICAL PRODUCTION SYSTEMS&SECURITYEdgarWeippl,SBAResearch
![Page 2: CYBER-PHYSICALPRODUCTIONSYSTEMS & SECURITY Edgar … Weippl, SBA... · 09.05.17 9 Examples –BMW “Furthermore, after dumping and inspecting the firmware of the modem in the device,](https://reader033.vdocuments.us/reader033/viewer/2022060221/5f0761c27e708231d41cb476/html5/thumbnails/2.jpg)
09.05.17
2
WeakSoftware?
• FlipFengShui• Drammer (Android)
https://www.vusec.net/projects/flip-feng-shui/
2016- SBAResearchgGmbH
Cyber-PhysicalSystems
“...areintegrationsofcomputationwithphysical
processes.Embeddedcomputersandnetworks
monitorandcontrolthephysicalprocesses,usually
withfeedbackloopswherephysicalprocessesaffect
computationsandvice versa.”
(Lee, 2008)
![Page 3: CYBER-PHYSICALPRODUCTIONSYSTEMS & SECURITY Edgar … Weippl, SBA... · 09.05.17 9 Examples –BMW “Furthermore, after dumping and inspecting the firmware of the modem in the device,](https://reader033.vdocuments.us/reader033/viewer/2022060221/5f0761c27e708231d41cb476/html5/thumbnails/3.jpg)
09.05.17
3
Internet-of-Things“umbrellakeywordforcoveringvariousaspectsrelatedtothe
extensionoftheInternetandtheWebintothephysical realm,
bymeansofthewidespreaddeploymentofspatially
distributeddeviceswithembeddedidentification,sensing
and/oractuation capabilities."
(Miorandi, 2012)
Examples
![Page 4: CYBER-PHYSICALPRODUCTIONSYSTEMS & SECURITY Edgar … Weippl, SBA... · 09.05.17 9 Examples –BMW “Furthermore, after dumping and inspecting the firmware of the modem in the device,](https://reader033.vdocuments.us/reader033/viewer/2022060221/5f0761c27e708231d41cb476/html5/thumbnails/4.jpg)
09.05.17
4
Reality
Problem:Security
![Page 5: CYBER-PHYSICALPRODUCTIONSYSTEMS & SECURITY Edgar … Weippl, SBA... · 09.05.17 9 Examples –BMW “Furthermore, after dumping and inspecting the firmware of the modem in the device,](https://reader033.vdocuments.us/reader033/viewer/2022060221/5f0761c27e708231d41cb476/html5/thumbnails/5.jpg)
09.05.17
5
SecurityIssuesbeyondtheObvious
• EffectsonPhysicalPartsandHuman Integrity• DevicesAsPartofAnAttack (DDoS)• GovernmentalInvestigations(“Fearofgoing black”)• BringYourOwnDevice(BYOD) Policies
SecurityGoals:theCIATriad
Confidentiality Integrity
Availability
![Page 6: CYBER-PHYSICALPRODUCTIONSYSTEMS & SECURITY Edgar … Weippl, SBA... · 09.05.17 9 Examples –BMW “Furthermore, after dumping and inspecting the firmware of the modem in the device,](https://reader033.vdocuments.us/reader033/viewer/2022060221/5f0761c27e708231d41cb476/html5/thumbnails/6.jpg)
09.05.17
6
SecurityGoals
Confidentiality Integrity
Availability
IndustrialEngineering
InformationTechnology
Management
ApproachesfromInformationTechnology
![Page 7: CYBER-PHYSICALPRODUCTIONSYSTEMS & SECURITY Edgar … Weippl, SBA... · 09.05.17 9 Examples –BMW “Furthermore, after dumping and inspecting the firmware of the modem in the device,](https://reader033.vdocuments.us/reader033/viewer/2022060221/5f0761c27e708231d41cb476/html5/thumbnails/7.jpg)
09.05.17
7
DistinctCPS Characteristics
• ResourceConstraints(Computing,Memory,etc.)
• KnowledgeonSystem Dynamics
• PowerSavingBehaviorandSleepModes
• ImpossibilityofRegular Patching
• Life Cycles
• Safety Evaluation
AttacksontheControlLoop
![Page 8: CYBER-PHYSICALPRODUCTIONSYSTEMS & SECURITY Edgar … Weippl, SBA... · 09.05.17 9 Examples –BMW “Furthermore, after dumping and inspecting the firmware of the modem in the device,](https://reader033.vdocuments.us/reader033/viewer/2022060221/5f0761c27e708231d41cb476/html5/thumbnails/8.jpg)
09.05.17
8
Approachesfrom Engineering
• Fault Tolerance• RedundantSensorsand Encryption• Robust Control• NetworkedControl Systems
![Page 9: CYBER-PHYSICALPRODUCTIONSYSTEMS & SECURITY Edgar … Weippl, SBA... · 09.05.17 9 Examples –BMW “Furthermore, after dumping and inspecting the firmware of the modem in the device,](https://reader033.vdocuments.us/reader033/viewer/2022060221/5f0761c27e708231d41cb476/html5/thumbnails/9.jpg)
09.05.17
9
Examples– BMW
“Furthermore,afterdumpingandinspectingthefirmwareofthemodeminthedevice,theresearcherfoundthatBMWusedthesamesymmetriccryptographykeys tocommunicatewiththeback-endserverforallcarsandthattheprivatekeyswereeasilyextractedfromthefirmware.”
RemySpaan,Secureupdatesinautomotivesystems,Masterthesis,Radboud University,2016http://www.ru.nl/publish/pages/769526/z_remy_spaan.pdf
2016- SBAResearchgGmbH
Examples– VWAudi:A1,Q3,R8,S3,TT,othertypesofAudicars(e.g.remotecontrol4D0837231)VW:Amarok,(New)Beetle,Bora,Caddy,Craver,e-Up,Eos,Fox,Golf4,Golf5,Golf6,GolfPlus,Jetta,Lupo,Passat,Polo,T4,T5,Scirocco,Sharan,Tiguan,Touran,UpSeat:Alhambra,Altea,Arosa,Cordoba,Ibiza,Leon,MII,ToledoSkoda:CityGo,Roomster,Fabia1,Fabia2,Octavia,Superb,YeG
Insummary:probablymostVWgroupvehiclesbetween2000andtodaynotusingGolf7(MQB)plattform
FlavioD.Garciaetal.,LockItandStillLoseIt-Onthe(In)SecurityofAutomotiveRemoteKeylessEntrySystems.UsenixSecurity2016.https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/garcia
2016- SBAResearchgGmbH
![Page 10: CYBER-PHYSICALPRODUCTIONSYSTEMS & SECURITY Edgar … Weippl, SBA... · 09.05.17 9 Examples –BMW “Furthermore, after dumping and inspecting the firmware of the modem in the device,](https://reader033.vdocuments.us/reader033/viewer/2022060221/5f0761c27e708231d41cb476/html5/thumbnails/10.jpg)
09.05.17
10
Stakeholder Goals
AccessControlPerimeterProtectionIntrusionDetection
EconomicOptimizationIPProtection
RiskAssessment
ProcessControlProcessOptimizationProcessStability
InformationTechnology Management IndustrialEngineering
Security Goals
Confidentiality Integrity
IndustrialEngineering
InformationTechnology
Management
Availability
![Page 11: CYBER-PHYSICALPRODUCTIONSYSTEMS & SECURITY Edgar … Weippl, SBA... · 09.05.17 9 Examples –BMW “Furthermore, after dumping and inspecting the firmware of the modem in the device,](https://reader033.vdocuments.us/reader033/viewer/2022060221/5f0761c27e708231d41cb476/html5/thumbnails/11.jpg)
09.05.17
11
Stakeholder Goals
Confidentiality Integrity
IndustrialEngineering
InformationTechnology
Management
Availability
IntegratingSecurityintoCPPS Engineering
Interoperability SystemDesign Self-Protection
![Page 12: CYBER-PHYSICALPRODUCTIONSYSTEMS & SECURITY Edgar … Weippl, SBA... · 09.05.17 9 Examples –BMW “Furthermore, after dumping and inspecting the firmware of the modem in the device,](https://reader033.vdocuments.us/reader033/viewer/2022060221/5f0761c27e708231d41cb476/html5/thumbnails/12.jpg)
09.05.17
12
Interoperability
• Cyber-physicalproduction systemscompriseofheterogeneouscomponentsmiddlewareasintermediary
• hardtoimplement correctly• consideredtobe isolated• Integrationofsecurity tests• Gainrobustnessagainstmalicious inputs
Self-Protection
• Cyber-physicalproductionsystemsarecomplex
• robustcontrolagainstaccidental/random events
• failingsafe:adenial-of-service?• Simulation environmentandtest
bedsheavilyconstrained• higherdegreeofrealism needed
extendmodelsforcontrolalgorithms Cyber-Physical System
Internet
Cyber-LaunchedAttacks
Cyber-PhysicalAttacks
Physical System
Network
Software
Control
Hardware
![Page 13: CYBER-PHYSICALPRODUCTIONSYSTEMS & SECURITY Edgar … Weippl, SBA... · 09.05.17 9 Examples –BMW “Furthermore, after dumping and inspecting the firmware of the modem in the device,](https://reader033.vdocuments.us/reader033/viewer/2022060221/5f0761c27e708231d41cb476/html5/thumbnails/13.jpg)
09.05.17
13
MovingTarget Defense
Source: desfinafionsuddefrance.com
JointResearch
• Industrialandcomputerengineersareworkingtowardsthesameaims,butfromdifferentperspectives.
• Thereispotentialforcollaborationofmutualbenefit• securitytestingininteroperabilitytesting
Improvementoftestbeds• Layeredandmovingtargetdefense
2016- SBAResearchgGmbH
![Page 14: CYBER-PHYSICALPRODUCTIONSYSTEMS & SECURITY Edgar … Weippl, SBA... · 09.05.17 9 Examples –BMW “Furthermore, after dumping and inspecting the firmware of the modem in the device,](https://reader033.vdocuments.us/reader033/viewer/2022060221/5f0761c27e708231d41cb476/html5/thumbnails/14.jpg)
09.05.17
14
Ransomware
2016- SBAResearchgGmbH
SpamE-Mail
2016- SBAResearchgGmbH
![Page 15: CYBER-PHYSICALPRODUCTIONSYSTEMS & SECURITY Edgar … Weippl, SBA... · 09.05.17 9 Examples –BMW “Furthermore, after dumping and inspecting the firmware of the modem in the device,](https://reader033.vdocuments.us/reader033/viewer/2022060221/5f0761c27e708231d41cb476/html5/thumbnails/15.jpg)
09.05.17
15
SpamE-Mail
2016- SBAResearchgGmbH
Quelle:Watchlist-Internet.at
SpamE-Mail
• ClickonLinkinEmail
• Website:
2016- SBAResearchgGmbH
Quelle:Watchlist-Internet.at
![Page 16: CYBER-PHYSICALPRODUCTIONSYSTEMS & SECURITY Edgar … Weippl, SBA... · 09.05.17 9 Examples –BMW “Furthermore, after dumping and inspecting the firmware of the modem in the device,](https://reader033.vdocuments.us/reader033/viewer/2022060221/5f0761c27e708231d41cb476/html5/thumbnails/16.jpg)
09.05.17
16
SpamE-Mail
• Clickonbutton leads to download of aZIPfile
• File„VERBUNG-rechnung.js”is Ransomware
2016- SBAResearchgGmbH
:Watchlist-Internet.at
Infection viaDriveBy-Download
Visit Website
• Normalnon-malicious website (butmalicious ad„Malvertising“)• Hacked website
Scanning• Vulnerabilities inthe browser?
Exploit isexecuted
• Browser• Browser-Plugins suchas Java,Flash,AdobeReader
Drive-ByDownload
• Unknown DownloadundInstallationof malware• Infection (e.g.encryption)commences
2016- SBAResearchgGmbH
![Page 17: CYBER-PHYSICALPRODUCTIONSYSTEMS & SECURITY Edgar … Weippl, SBA... · 09.05.17 9 Examples –BMW “Furthermore, after dumping and inspecting the firmware of the modem in the device,](https://reader033.vdocuments.us/reader033/viewer/2022060221/5f0761c27e708231d41cb476/html5/thumbnails/17.jpg)
09.05.17
17
Hackingis Business
• In2014Germansteelmill attacked
• Attackers gain access tocontrol network for theblastfurnance
• Physical damage
2017- SBAResearchgGmbH
Hackingis Business
2017- SBAResearchgGmbH
…einfacherDDoS Angrifffür60$proTag
…Mirai Botnet:3000bis4000DollarfüreinezweiwöchigeDDoS-Kampagnemit50.000Bots
Quelle:[18] ZDNet