490 likes | 603 Views
A THREE ALGORITHM SUITE PROVIDES FLEXIBLE SECURITY. A Presentation To The Joint Meeting Of Industry Canada, ANSI C12, and SCC31 by Bill Rush Institute of Gas Technology March 25, 1999 Phoenix, Arizona. A REVIEW OF PREVIOUS SECURITY STANDARDS PRESENTATIONS.
E N D
A THREE ALGORITHM SUITE PROVIDES FLEXIBLE SECURITY A Presentation To The Joint Meeting Of Industry Canada, ANSI C12, and SCC31 by Bill Rush Institute of Gas Technology March 25, 1999 Phoenix, Arizona
START FROM THE ASSUMPTION THAT AMR SYSTEMS SHOULD HAVE THE OPTION TO BE PROTECTED BY ENCRYPTION SCC31 Has Completed Threat Analysis Contribution
GROUP ASSAILANTS INTO 4 CATEGORIES • Unstructured Threat (Hacker, Insider $2,500) • Structured Threat (Company, $250,000) • Foreign Entities (Government, $25,000,000) • Combinations (Of The First 3)
ASSAILANTS HAVE A FORMIDIBLE ARRAY OF CAPABILITIES • Listen & Record • Generate Or Play Back Messages • Steal/Compromise Passwords • Remote Reprogram • Facility Access • User Friendly Hacking Tools • Reverse Engineer Security
“SECURITY THROUGH OBSCURITY” PROVIDES ONLY MINIMAL PROTECTION • Guess Or Steal Passwords • Reverse Engineer Or Leak “Secret Methods” • Secret Methods Have Bad Track Records
STANDARD TECHNIQUES EXIST TO SECURE COMMUNICATIONS • The Need For Secure Communication Is Old • There Is An Extensive Body Of Work • Goal: Match Options To Metering Needs “Secure” Means Hard (Not Impossible) To Read
SECURITY HAS 3 ASPECTS • Privacy - You Can’t Read A Message • Integrity - You Can’t Change A Check Amount • Authenticity - You Can’t Forge A Signature
USE STANDARD, WELL KNOWN AND TESTED ALGORITHMS • Algorithms Are Known And Standard • Very Well Tested • Best Cryptographers Can’t Break Easily
THE MECHANISM OF LOCKS IS PUBLIC KNOWLEDGE But Without The Key Or Combination - You Can’t Open A Single One !
ENCRYPTION GENERATES CYPHERTEXT REVERSIBLY “Close A Valve!” “Close A Valve!” Encrypt Decrypt “^fD%b*m>s#H!j<“ Encrypted SCADA Commands Are Secure Until They Reach Their Destination
Substitute One Letter For Another Rotate Letters By “N” Positions A SIMPLE ROTATION ALGORITHM ILLUSTRATES SEVERAL KEY CONCEPTS GOAL: An Algorithm Simple Enough To See, But Real Enough To Show Issues
PLAINTEXT MAPS TO CYPHERTEXT PREDICTABLY - IF YOU HAVE THE KEY Key = Rotate Each Letter 3 To The Right Plaintext: A B C D E F G H …Z Cyphertext: A B C D E F G H I J K … C With Rotation Key: 3 “HAD” Becomes “KDG” 2 “HAD” Becomes “JCF”
Substitute One Letter For Another Rotate Letters By “N” Positions N Is The (Shared, Secret) Key 0 < N < 25 A SIMPLE ROTATION ALGORITHM ILLUSTRATES SEVERAL KEY CONCEPTS GOAL: An Algorithm Simple Enough To See, But Real Enough To Show Issues
THE ROTATION ALGORITHM HAS GENERAL CHARACTERISTICS • Algorithm Is Known, Key Provides Security • Unique Mapping Of Plaintext To Cyphertext • Coding/Decoding Easy With The Key • Decoding Hard Without The Key • Can Be Broken By Guessing • Longer Keys Harder To Break
THE ILLUSTRATION ILLUSTRATES GENERAL CHARACTERISTICS (Cont.) • “Symmetric Key” Means Both Keys The Same • Both Parties Have Common, SECRET Key • If One Key For Many Parties, Getting 1 Gets All • “Symmetric Key” Management An Issue • Changing Keys Adds Security • Never Use A Code To Send Its Own Key
THERE ARE THREE KINDS OF ALGORITHM • Symmetric Key - Same, Secret Key • Public Key - Publish Half Of A Key • Common Number - Parties Get Same Number
SYMMETRIC KEYS ARE THE SAME FOR BOTH PARTIES • Must Be Secret • One Key For All Raises Risk • One Key For Each Is Hard On A Big Network
PUBLIC KEY ALGORITHMS HAVE SPECIAL PROPERTIES • Part Of Key Is Public • Encrypted Messages Are Hard To Read • New Keys Can Be Generated AND NOT SENT • No Key Transmission Risks • Broadcast Needs Special Key
THERE ARE SEVERAL CRITERIA TO SELECT ALGORITHMS • Publicly Available • Keys Can Be Changed Faster Than Broken • Cracking Time > Useful Life Of Message • Assure Message Is Unaltered (Integrity) • Physical Access To Unit Still Possible • Verifies Originator (Authenticates) • Permits Broadcast/Multicast
PROTOCOLS REQUIRE WORK • Key Management Compatible With System • Time Stamp/Message Counter • Source & Destination Addresses • Generate / Distribute / Store Required Keys • Minimal Sending Time (Bandwidth) Increase
BENCHMARKING WORK IS UNDER WAY AT IGT • Clear/Encrypted Length Impacts Bandwidth • Protocol Overhead Adds Comm. Time • “Time Slicing” OS Slows Functions • Must Recognize Memory Limitations
IMPLEMENTATION CRITERIA • Hardware Implementation Desirable (1 Chip) • Short Communication Turnaround Needed • Small Impact On Device Function • Small Code Size • Low Cost (Licensing, O&M, Purchase) • Scale To Various Size Equipment/Needs
DES Diffie-Hellman RSA (PGP) IDEA CAST Skipjack Blowfish SAFER RC5 ODS Rabin ElGamal SEVERAL AVAILABLE ALGORITHMS WERE CONSIDERED No Single Algorithm Met All Criteria, So A Suite Was Needed
A THREE ALGORITHM SUITE COULD SECURE COMMUNICATIONS • RSA (Session Key Exchange) • DES (Communication “Workhorse”) • Diffie-Hellman (RSA/DES Key Exchange) • Protocols Require “Salting” And “Chaining” This Is Similar to System Securing Electronic Banking Transactions
ALGORITHM CLASSES REQUIRE DIFFERENT RESOURCES • Public Code Length 3 Times Symmetric • Public Key Is 10 Times Symmetric Key • Public Key Execution = 100 Symmetric Assumes Same Security, (128 Bit Symmetric Key, 1024 Public Key)
RSA SENDS SESSION KEYS AND AUTHENTICATES • Public Key • 1024 Bit Key • Relatively Slow • Authentic Signature (With Valid Public Key)
RSA USES A PUBLIC AND A PRIVATE KEY • Public Key Is 2 Numbers, N And E • N Is A Modulus • E Is A Large Number Used To Encrypt • D Is A Large Number Used To Decode
RSA IS EASY IN PRINCIPLE • Message Is Called M • Encrypt Message With RECIPIENT’S (N, E) • C = Cyphertext = (M)E Mod N • Mod N = Remainder After Dividing By N • Recipient Decrypts With Private Half Of Key • P = Plaintext = (C)D Mod N
RSA USES OVERFLOW IN MODULAR ARITHMETIC • Cyphertext = C = (M)E Mod N • Plaintext = P = (C)D Mod N • P = (C)D Mod N = (ME)D Mod N = (MED) Mod N E And D Are Chosen So Raising M To The ED Power Is M1
RSA IS EASY TO DEMONSTRATE BY EXAMPLE • Take (E,N) As (7, 33) • Take D = 3 • Take M = 15 • C = (15)7 Mod 33 = 27 (Transmit This) • P = (27)3 Mod 33 = 15 (Original Message, M) The Security Comes From How Hard It Is To Find D, Given (E, N)
DES IS THE WORKHORSE • Digital Encryption Standard • 56 Bit Key for DES • $250k Computer Cracked In 48 Hrs • Good Enough For Many Applications
TRIPLE DES FOR HIGH SECURITY USES • DES Algorithm • Two 56 Bit Keys • Use DES 3 Times
DES SHUFFLES AND CHANGES BITS ACCORDING TO A KEY 0 1 0 0 0 1 0 1 0 1 0 0 1 1 0 1 Move Change 0 1 1 0 1 1 1 0
DIFFIE-HELLMAN IS USED ONLY FOR SESSION KEY GENERATION • Two Users Separately Generate Same Key • Use For DES Session To Change RSA Key
THESE ALGORITHMS ARE FLEXIBLE • Replace DES With AES When Available • Plaintext Communication Option Exists • Public Key Request • Unimportant Messages • Triple DES, 1024 Bit RSA Export Issues • Code Book Chaining Avoids Repetition
THIS IS A FLEXIBLE SUITE • Just DES A Fast Option • Just RSA A Secure Option • Full Suite For Full Security
A COMPLETE SECURITY SYSTEM REQUIRES • Algorithms (Recommended) • Protocols (Need Development) • Code (C Language Code Will Be Provided)
CONSIDER THIS SUITE FOR FLEXIBLE ENCRYPTION • RSA Public Key • DES / Triple DES Symmetric Key • Diffie-Hellman SCC31 Contribution Is Being Submitted
ALGORITHMS OFFER HIGH SECURITY • 2 Days To 400,000,000 Years • Secure Key Change Is Possible • We Will Benchmark Shortly For Time, Code • Standard Code Should Outlast AMR Units
THIS IS A FLEXIBLE SUITE • Just DES A Fast Option • Just RSA A Secure Option • Full Suite For Full Security IGT Will Provide The C Language Code For Free
MESSAGE LENGHTS INCREASE TO 8 BYTE BLOCK MULTIPLES • Messages Must Be As Long As The Key • Pack Unneeded Bytes
DES ENCRYPTION SPEED IS PROBABLY ACCEPTABLE ProcessorDES Blocks/Second 80188 4* (current imp) 8088 370 (optimized) 6811 10-50 90 MHz Pentium 275,000 * Using 10% Of The Resources On A Time-Sliced Platform
OTHERS ARE SLOW IN SOFTWARE Short RSA Key Generation. Time . 80188 35 minutes* 300 MHz Pentium II 4 seconds Crypto i-button < 1 second * Using 10% Of The Resources On A Time-Sliced Platform
SPACE IS NOT EXCESSIVE Function Size DES 6k RSA key generation 12k* * Includes Math Library Also Used By RSA Encryption/Decryption & Diffie-Hellman Symmetric Key Generation
DES CAN RUN IN SOFTWARE; OTHERS NEED HARDWARE IMPLEMENTATIONS • DES Software Implementation Is Fast Enough • RSA Ecryption/Decryption, RSA & Diffie-Hellman Key Generation Are Slow • Hardware Implementation Reduce Time To Seconds
ENCRYPTION WILL REQUIRE MORE RAM • Software Approach Will Probably Require More RAM • Hardware Implementation Can Reduce Software Modifications To Calling Functions On Chip & Retrieving Results
THE ALGORITHM SUITE SECURITY LEVEL CAN BE “ADJUSTED” • DES, No Key Change • DES, 3DES For New Key • Full Suite