Upload
real-time-innovations-rti
View
569
Download
0
Embed Size (px)
Citation preview
Data Centric Security for the Industrial IoT
Stan Schneider, RTI CEO
IIC Steering Committee Member
The smart machine era will be the most disruptive in the history of IT-- Gartner 2015
The Industrial Internet of Things
Industrial Internet of Things (IIoT)
Consumer Internet of Things (CIoT)
Cyber-Physical Systems (CPS)
The Industrial Internet Consortium
• Goal: Interoperability for the IIoT• 159+ companies!• RTI role
– Steering committee, data management (co-lead), architecture, security (co-lead), use case (co-lead), marketing
– Lead or co-lead 4 testbed teams
RTI Named Most Influential IIoT Company
RTI’s Experience
• ~800 Designs– Healthcare– Transportation– Communications– Energy– Industrial– Defense
• 15+ Standards & Consortia Efforts
Why Choose DDS?
• Reliability: Severe consequences if offline for 5 minutes?
• Performance/scale:
– Measure in ms or µs?
– Or scale > 20+ applications or 10+ teams?
– Or 10k+ data values?
• Architecture: Code active lifetime >3 yrs?
2 or 3 Checks?
DDS is Different!
Point-to-Point
TCP Sockets
Publish/Subscribe
FieldbusCANbus
Queuing
AMQPActive MQ
Client/Server
MQTT RESTXMPPOPCCORBA
BrokeredDaemon
Data-Centric
DDS
Shared Data Model
DataBus
Data Centric is the Opposite of OO
Object Oriented• Encapsulate data• Expose methods
Data Centric• Encapsulate methods• Expose data
ExplicitShared
Data Model
Data-Centric Connection = Data-Path Control
• Global Data Space– Automatic discovery
– Read & write data in any OS, language, transport
– Redundant sources/sinks/nets
• Type Aware
• QoS control– Timing, Reliability,
Ownership, Redundancy, Filtering, Security
Shared Global Data Space
DDS DataBus
Patient Hx
Device Identity
Devices
Sup
erv
iso
ry C
DS
Physiologic State
Nu
rsin
g St
atio
n
Cloud
Offer: Write this 1000x/sec
Reliable for 10 secs
Request: Read this 10x/secIf patient = “Joe”
Data-Centric Security Model
• Per-Topic Security– Control r,w access for each
function– Enforce each dataflow
• Complete Protection– Discovery authentication– Data-centric access control– Cryptography– Tagging & logging– Non-repudiation– Secure multicast– 100% standards compliant
• No code changes!• Plugin architecture for
advanced uses
• Topic Security model:– PMU: State(w)– CBM: State(r); Alarms(w)– Control: State(r), SetPoint(w)– Operator: *(r), Setpoint(w)
CBM AnalysisPMU Control Operator
State Alarms SetPoint
Demanding Use Cases
• The USS SECURE cybersecurity test bed is a collaboration between:
– The National Security Agency– Department of Defense
Information Assurance Range Quantico
– Combat Systems Direction Activity Dam Neck
– NSWCDD– NSWC Carderock/Philadelphia– Office of Naval Research– Johns Hopkins University
Applied Physics Lab– Real Time Innovations, Inc.
• Objectives– Immunize against cyberattack
and to rapidly recover when impacted
– Determine the best cyberdefense technologies without impacting real time deadline scheduled performance
http://www.navy.mil/submit/display.asp?story_id=79228
DDS Security Standard
• DDS entities are authenticated
• DDS enforces topic-level access control
• DDS maintains data integrity and confidentiality
• DDS enforces non-repudiation
• DDS provides availability
…while maintaining DDS interoperability & high performance
Pluggable Security Architecture
App.
Other DDSSystem
Secure DDS middleware
AuthenticationPlugin
Access ControlPlugin Cryptographic
Plugin
Secure Kernel
Crypto Module(e.g. TPM )
Transport (e.g. UDP)
application componentcertificates
?
Datacache
ProtocolEngine
KernelPolicies
DDS Entities
NetworkDriver
?
Network
Encrypted Data
Other DDSSystem
Other DDSSystem
App.App.
LoggingPlugin
DataTaggingPlugin
MAC
Standard Capabilities (Built-in Plugins)
Authentication X.509 Public Key Infrastructure (PKI) with a pre-configured shared Certificate Authority (CA)
Digital Signature Algorithm (DSA) with Diffie-Hellman and RSA for authentication and key exchange
Access Control Configured by domain using a (shared) Governance file Specified via permissions file signed by shared CA Control over ability to join systems, read or write data
topicsCryptography Protected key distribution
AES128 and AES256 for encryption HMAC-SHA1 and HMAC-SHA256 for message
authentication and integrity Data Tagging Tags specify security metadata, such as classification level
Can be used to determine access privileges (via plugin)Logging Log security events to a file or distribute securely over
Connext DDS
Secure DDS
over UDP
Control Station
MasterDevice
Transmission Substation
SlaveDevice
Security Needs Protection and Detection
DNP3 overRS232/485
DNP3 overEthernet DNP3 over DDS
Attack Detector
Display
AnomalyDetector
(Lua)
ScadaConverter
(C++)
SlaveDevice
Existing DNP3
RTI Routing Service
ComProcessor
RTI Routing Service
ComProcessor
Secure DDS
DDS DDS
About RTI
• Market Leader– 800+ designs; $1T designed-in value
• Over 70% DDS mw market share1• Largest embedded middleware vendor2
– By far the most DDS designs– 2013 Gartner Cool Vendor for technology and Open Community
Source model
• Standards Leader– Active in 15 standards efforts– DDS authors, chair, wire spec, security, more– IIC steering committee; OMG board
• Team Quality Leader– Stanford research pedigree– High-performance, control, systems experts– Top quality product, processes, execution– Consistent head-to-head victors
1Embedded Market Forecasters2VDC Analyst Report
Industrial Internet of Things Thought Leader
• RTI FastTrax IIoTStrategic Consulting– Architectural guidance– Security design– Cloud integration– Business objectives
For More Information
• RTI site: www.rti.com
• Examples, forum, papers: community.rti.com
• IIC website: www.iiconsortium.org
• Email: [email protected]
• Connect on LinkedIn
• Free RTI Connext DDS Pro: www.rti.com/downloads
The DDS Data-Centric Standard for the IIoT
• OMG’s Data Distribution Service is the Proven Data Connectivity Standard for the IoT
• OMG: world’s largest systems software standards org
– UML, DDS, Industrial Internet Consortium
• DDS: open & cross-vendor
– Open Standard & Open Source
– 12 implementations
Interoperability between source written for different vendors
Interoperability between applications running on different implementations
DDS-RTPS ProtocolReal-Time Publish-Subscribe
Distribution Fabric
DDS API
This is addressed by DDS Security
Security Boundaries
• System Boundary
• Network Transport– Media access (layer 2)
– Network (layer 3) security
– Session/Endpoint (layer 4/5) security
• Host– Machine/OS/Applications/Files
• Data & Information flows
Ultimately, you need to implement all!
DDS Security ModelConcept Unix Filesystem Security Model DDS Security Model
Subject UserProcess executing for a user
DomainParticipantApplication joining a DDS domain
ProtectedObjects
DirectoriesFiles
Domain (by domain_id)Topic (by Topic name)DataObjects (by Instance/Key)
Protected Operations
Directory.list, Directory.create (File, Dir) Directory.remove (File, Dir) Directory.rename (File, Dir) File.read, File.write,File.execute
Domain.joinTopic.createTopic.read (includes QoS)Topic.write (includes QoS)Data.createInstanceData.writeInstanceData.deleteInstance
Access Control Policy Control
Fixed in Kernel Configurable via Plugin
Builtin Access Control Mode
Per-File/Dir Read/Write/Executepermissions for OWNER, GROUP, USERS
Per-DomainParticipant Permissions :What Domains and Topics it can JOIN/READ/WRITE