Data Centric Security for the Industrial IoT

Stan Schneider, RTI CEO

IIC Steering Committee Member

The smart machine era will be the most disruptive in the history of IT-- Gartner 2015

The Industrial Internet of Things

Industrial Internet of Things (IIoT)

Consumer Internet of Things (CIoT)

Cyber-Physical Systems (CPS)

The Industrial Internet Consortium

• Goal: Interoperability for the IIoT• 159+ companies!• RTI role

– Steering committee, data management (co-lead), architecture, security (co-lead), use case (co-lead), marketing

– Lead or co-lead 4 testbed teams

RTI Named Most Influential IIoT Company

RTI’s Experience

• ~800 Designs– Healthcare– Transportation– Communications– Energy– Industrial– Defense

• 15+ Standards & Consortia Efforts

Why Choose DDS?

• Reliability: Severe consequences if offline for 5 minutes?

• Performance/scale:

– Measure in ms or µs?

– Or scale > 20+ applications or 10+ teams?

– Or 10k+ data values?

• Architecture: Code active lifetime >3 yrs?

2 or 3 Checks?

DDS is Different!

Point-to-Point

TCP Sockets

Publish/Subscribe

FieldbusCANbus

Queuing

AMQPActive MQ

Client/Server

MQTT RESTXMPPOPCCORBA

BrokeredDaemon

Data-Centric

DDS

Shared Data Model

DataBus

Data Centric is the Opposite of OO

Object Oriented• Encapsulate data• Expose methods

Data Centric• Encapsulate methods• Expose data

ExplicitShared

Data Model

Data-Centric Connection = Data-Path Control

• Global Data Space– Automatic discovery

– Read & write data in any OS, language, transport

– Redundant sources/sinks/nets

• Type Aware

• QoS control– Timing, Reliability,

Ownership, Redundancy, Filtering, Security

Shared Global Data Space

DDS DataBus

Patient Hx

Device Identity

Devices

Sup

erv

iso

ry C

DS

Physiologic State

Nu

rsin

g St

atio

n

Cloud

Offer: Write this 1000x/sec

Reliable for 10 secs

Request: Read this 10x/secIf patient = “Joe”

Data-Centric Security Model

• Per-Topic Security– Control r,w access for each

function– Enforce each dataflow

• Complete Protection– Discovery authentication– Data-centric access control– Cryptography– Tagging & logging– Non-repudiation– Secure multicast– 100% standards compliant

• No code changes!• Plugin architecture for

advanced uses

• Topic Security model:– PMU: State(w)– CBM: State(r); Alarms(w)– Control: State(r), SetPoint(w)– Operator: *(r), Setpoint(w)

CBM AnalysisPMU Control Operator

State Alarms SetPoint

Demanding Use Cases

• The USS SECURE cybersecurity test bed is a collaboration between:

– The National Security Agency– Department of Defense

Information Assurance Range Quantico

– Combat Systems Direction Activity Dam Neck

– NSWCDD– NSWC Carderock/Philadelphia– Office of Naval Research– Johns Hopkins University

Applied Physics Lab– Real Time Innovations, Inc.

• Objectives– Immunize against cyberattack

and to rapidly recover when impacted

– Determine the best cyberdefense technologies without impacting real time deadline scheduled performance

http://www.navy.mil/submit/display.asp?story_id=79228

DDS Security Standard

• DDS entities are authenticated

• DDS enforces topic-level access control

• DDS maintains data integrity and confidentiality

• DDS enforces non-repudiation

• DDS provides availability

…while maintaining DDS interoperability & high performance

Pluggable Security Architecture

App.

Other DDSSystem

Secure DDS middleware

AuthenticationPlugin

Access ControlPlugin Cryptographic

Plugin

Secure Kernel

Crypto Module(e.g. TPM )

Transport (e.g. UDP)

application componentcertificates

?

Datacache

ProtocolEngine

KernelPolicies

DDS Entities

NetworkDriver

?

Network

Encrypted Data

Other DDSSystem

Other DDSSystem

App.App.

LoggingPlugin

DataTaggingPlugin

MAC

Standard Capabilities (Built-in Plugins)

Authentication X.509 Public Key Infrastructure (PKI) with a pre-configured shared Certificate Authority (CA)

Digital Signature Algorithm (DSA) with Diffie-Hellman and RSA for authentication and key exchange

Access Control Configured by domain using a (shared) Governance file Specified via permissions file signed by shared CA Control over ability to join systems, read or write data

topicsCryptography Protected key distribution

AES128 and AES256 for encryption HMAC-SHA1 and HMAC-SHA256 for message

authentication and integrity Data Tagging Tags specify security metadata, such as classification level

Can be used to determine access privileges (via plugin)Logging Log security events to a file or distribute securely over

Connext DDS

Secure DDS

over UDP

Control Station

MasterDevice

Transmission Substation

SlaveDevice

Security Needs Protection and Detection

DNP3 overRS232/485

DNP3 overEthernet DNP3 over DDS

Attack Detector

Display

AnomalyDetector

(Lua)

ScadaConverter

(C++)

SlaveDevice

Existing DNP3

RTI Routing Service

ComProcessor

RTI Routing Service

ComProcessor

Secure DDS

DDS DDS

About RTI

• Market Leader– 800+ designs; $1T designed-in value

• Over 70% DDS mw market share1• Largest embedded middleware vendor2

– By far the most DDS designs– 2013 Gartner Cool Vendor for technology and Open Community

Source model

• Standards Leader– Active in 15 standards efforts– DDS authors, chair, wire spec, security, more– IIC steering committee; OMG board

• Team Quality Leader– Stanford research pedigree– High-performance, control, systems experts– Top quality product, processes, execution– Consistent head-to-head victors

1Embedded Market Forecasters2VDC Analyst Report

Industrial Internet of Things Thought Leader

• RTI FastTrax IIoTStrategic Consulting– Architectural guidance– Security design– Cloud integration– Business objectives

For More Information

• RTI site: www.rti.com

• Examples, forum, papers: community.rti.com

• IIC website: www.iiconsortium.org

• Email: stan@rti.com

• Connect on LinkedIn

• Free RTI Connext DDS Pro: www.rti.com/downloads

The DDS Data-Centric Standard for the IIoT

• OMG’s Data Distribution Service is the Proven Data Connectivity Standard for the IoT

• OMG: world’s largest systems software standards org

– UML, DDS, Industrial Internet Consortium

• DDS: open & cross-vendor

– Open Standard & Open Source

– 12 implementations

Interoperability between source written for different vendors

Interoperability between applications running on different implementations

DDS-RTPS ProtocolReal-Time Publish-Subscribe

Distribution Fabric

DDS API

This is addressed by DDS Security

Security Boundaries

• System Boundary

• Network Transport– Media access (layer 2)

– Network (layer 3) security

– Session/Endpoint (layer 4/5) security

• Host– Machine/OS/Applications/Files

• Data & Information flows

Ultimately, you need to implement all!

DDS Security ModelConcept Unix Filesystem Security Model DDS Security Model

Subject UserProcess executing for a user

DomainParticipantApplication joining a DDS domain

ProtectedObjects

DirectoriesFiles

Domain (by domain_id)Topic (by Topic name)DataObjects (by Instance/Key)

Protected Operations

Directory.list, Directory.create (File, Dir) Directory.remove (File, Dir) Directory.rename (File, Dir) File.read, File.write,File.execute

Domain.joinTopic.createTopic.read (includes QoS)Topic.write (includes QoS)Data.createInstanceData.writeInstanceData.deleteInstance

Access Control Policy Control

Fixed in Kernel Configurable via Plugin

Builtin Access Control Mode

Per-File/Dir Read/Write/Executepermissions for OWNER, GROUP, USERS

Per-DomainParticipant Permissions :What Domains and Topics it can JOIN/READ/WRITE