Securing Device and Network Communications: the CoNSEL Lab @ TAU/EE

Prof. Avishai Wool: 

School of Electrical Engineering, Tel Aviv University 

2

Who we are

Prof. Avishai Wool

Ph.D. Student Amit Kleinman

M.Sc. Students: Dvir Schirman Noam Erez Asaf Tzur Ofir Weisse

Undergradute student Gal Lerner

Many past members

3

What we do (2013 snapshot)

Control networks SCADA: On-going

Wireless Security: RFID: Prox-cards (payments, access systems,

passports, Israeli e-voting)

Side-channel cryptography

Other projects: RFID: EPC-Gen2 (product labels) Bluetooth, anti-malware, OS, file systems, …

Example – Power Plant (Coal)On the outside

Industrial Sketch

5

On inside: Typical Components

HMIModbus/TCP (e.g. over Ethernet)

6

SCADA network security

Industrial control systems (energy, chemical, …)

Control protocol is not protected Access to control net “Pwn” all PLCs

Our work: analyze & model Modbus/TCP protocol Identify designs for accurate IDS systems Experiment [TAU has a live Modbus

network!]

7

RFID Prox-card technology

5cm range Access systems, transportation,

credit cards, passports, Israeli e-vote

Relay attacks (Extended-range) Jamming card-to-reader range extension

Range extension attacks

5 cm

HF RFID Reader HF RFID Tag

Leec

h

GhostRe

lay

Extended range

Leech

Extended range

Ghost

9

Side-Channel Cryptanalysis Devices include secret cryptographic keys

Car alarm systems (keeloq), Cellular SIM cards, …

With device in lab, collect input+output pairs … plus side channel

E.g., Power consumption trace sampled by scope Extract secret keys

Our work: algorithms that need very few traces, and can deal with measurement error

10

Questions?

Contact: yash@eng.tau.ac.il http://www.eng.tau.ac.il/~yash