Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
IoT/Cybersecurity ModuleFREDDIE WHEELER JR., M.S. CANDIDATEADVISOR: DR. REZA GHORBANI, PH.D.ASSOCIATE PROFESSOR, UH MANOA COLLEGE OF ENGINEERING
Executive Summary
Motivation for Research Cybersecurity Background Demonstration of Encryption/Decryption Example of Security Architecture Example of Attack and Mitigation strategies Physical Testbed/Devices/Software Future Work
Motivation for Research
Growth of the “Internet of Things” (IoT) sector has greatly increased with the proliferation of many devices that use the internet to increase functionality Examples: Nest Learning thermostat, Amazon Echo/Echo Dot
Many of the earlier IoT devices were not designed with cybersecurity in mind and are therefore vulnerabilities within a system’s security network
A need arises to properly secure the transfer of information in this new age of the “Internet of Things”
Cybersecurity Background
Supervisory Control and Data Acquisition (SCADA) systems are now using internet connections to help streamline communications and control
“Air-Gapped” systems have also been proven to be vulnerable Stuxnet attack of nuclear centrifuges is an example of an attack on an
air-gapped system
For SCADA systems in particular, a cybersecurity system must be able to reliably secure data in real time
Cybersecurity Background
Most cyphers are computationally expensive and therefore require expensive hardware to run Example: RSA key exchange
REDLab at UH Manoa is researching a type of hybrid cypher that can be implemented in lower cost FPGA-like devices, yet still provide reliable encryption in real-time
This will help secure reliable encryption of bi-directional communication that you often find in SCADA systems
Method of Bi-Directional CommunicationDevice 1 Device 2
Encryption
Encryption
EmbeddedData
Processor
EmbeddedData
Processor
Decryption
Decryption
Encrypted Message
Encrypted Message
Method of Encryption/Decryption
RSA Cypher
RSA Cypher
CNN Cypher
CNN Cypher
Data
Demonstration of Encryption/Decryption
Original Message
Encrypted Message
Decrypted Message
Demonstration of Encryption/Decryption
Original Message
Encrypted Message
Decrypted Message
Demonstration of Encryption/Decryption
Original Image Encrypted Image Decrypted Image
Example of Security Architecture
PSIM
PLC
FPGA/ASIC
GatewaySensor
Device/System
Wired Connection
RSA Key/SSH Tunnel Encryption
FPGA/ASIC
Traditional SCADA setup
Command Center
Attack and Mitigation Strategies
Device 1
Device 2
Device 3
Device 4
Device 5
Device 6
Command Center
Gateway
Gateway
Comparison of Real-Timeand Historical Data
Authentication
Command Center
Attack and Mitigation Strategies
Device 1
Device 2
Device 3
Device 4
Device 5
Device 6
Gateway
Gateway
Command Center
Command Center
Comparison of Real-Timeand Historical Data
Authentication
Attack and Mitigation Strategies
Device 1
Device 2
Device 3
Device 4
Device 5
Device 6
Gateway
Gateway
Command Center
Command Center
Comparison of Real-Timeand Historical Data
Authentication
Attack and Mitigation Strategies
Device 1
Device 2
Device 3
Device 4
Device 5
Device 6
Gateway
Gateway
Command Center
Command Center
Comparison of Real-Timeand Historical Data
Authentication
Physical Testbed
REDLab has built an inverter tested to test implementation of the hybrid cypher Uses Victron Energy
inverters and battery management system
Implementation of communication pathways has been done using SSH tunnels on low cost microcontrollers (WRT-node)
Physical Devices
Current prices of products with the security capacity to run in real time are extremely cost prohibitive to place in a nodal network like a SCADA system
Target price for REDLab developed device is less than $10 Devices are also being designed with the idea of universal
installation “Plug and Play” type of usage mentality
Network Structure
Node-RED is being used to help program the interface between the computers and servers
Interface with the encryption/decryption for simulation purposes
Graphical programming is intuitive and easy to customize
Future Work
Continue work on implementing cypher on microcontrollers and embedded microchips
Establish benchmarks for performance and iterate for improvements in security reliability and speed
Further develop inverter testbed to improve testing for both cybersecurity and power community needs
Acknowledgements and Thanks
Thank you to Dr. Reza Ghorbani and The University of Hawai`i at Manoa for their guidance and support. Also, thank you to my fellow researchers at the Renewable Energy Design Laboratory for their assistance and support.
Acknowledgements and Sponsors
Thank You for Your TimeANY QUESTIONS?