1 / 24

Attack Trees Describing Security in Distributed Internet-Enabled Metrology

Attack Trees Describing Security in Distributed Internet-Enabled Metrology. Jeanne H. Espedalen. Contents:. Background, attack trees Background, metrology and calibration The basic ideas of the thesis work Performing the task – a case study Some results Conclusion. Author.

jereni
Download Presentation

Attack Trees Describing Security in Distributed Internet-Enabled Metrology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Attack Trees Describing Security in Distributed Internet-Enabled Metrology Jeanne H. Espedalen

  2. Contents: • Background, attack trees • Background, metrology and calibration • The basic ideas of the thesis work • Performing the task – a case study • Some results • Conclusion

  3. Author • Background in metrology and calibration • Electronics Engineer • Worked at Justervesenet from 1994 • Part time student at GUC from 2002

  4. Background, Attack Trees Open locked door • Introduced by Bruce Scheiner in 1999 • Semi-formal method • Root – main goal, sub-goals and Boolean calculation  possible attacks • Could include attributes, indicating cost, skills etc. • Used to find vulnerabilities, analyze security threats • Not very well known, or much used as methodology Open door Open lock Open lock with a key Burst door open Dismantle door Open lock without key Get someone with a key to open Get a key to open lock Destroy lock Pick lock and and Convince someone to open Find a person with a key Get hold of a key Know which door the key belongs to Find a key Steal key Bribe Threaten Dupe

  5. Background, Metrology and Calibration • Metrology (BIPM) – “The science of measurement” • Calibration (International Vocabulary of Basic and General Terms in Metrology) – • “set of operations that establish, under specified conditions, the relationship between values of quantities indicated by a measuring instrument or measuring system..”

  6. UUT UUT Background, Traditional Calibration • Long downtime for unit under test (UUT) (~weeks) • Less control with the transport uncertainty introduced in the calibration result • The UUT is calibrated in an environment different from it’s normal working conditions • The customer is not part of the calibration process T1, P1, H1 Calibration location T2, P2, H2 Customer Justervesenet High-precision devices

  7. Transfer standard Transfer standard Background, Internet-Enabled Calibration • Justervesenet investigates effects of transport and environmental conditions for the transfer standard and has more control • The UUT is calibrated in it’s normal working environment • Short downtime for the UUT (~hours) • The customer is part of the calibration process T2, P2, H2 T1, P1, H1 Calibration location www Customer Justervesenet UUT

  8. iMet, a System for the Future DUT • Firewall-friendly, bidirectional HTTPS channel • Updated measurement procedures and instrument drivers in database server • Measurement procedures automatically downloaded to customer, compiled and run • Measurement data returned • Security? Firewall Firewall www Transport standard Firewall Customer Justervesenet Measurement software Measurement data Measurement software Measurement data Server

  9. The Basic Goals of the Project • Investigation of the attack tree method, evaluate usability of this • Security analysis of the iMet system, a case study

  10. A Case Study The case study was performed in a process of several steps: • Identification of critical assets • Attack trees  vulnerabilities • Threats • Risk level • Countermeasures

  11. Identifying Critical Assets • Metrology specific: • Correct measurement results • Instruments in setup • System application • IT systems • Application components, SW and HW

  12. Implementing Attack Tree Method • High level analysis, attacks on critical asset: • Correct measurement results

  13. Incorrect calibration values in calibration certificate Incorrect values from data collections Error in calculations Faulty data transfer from cal. result DB to cal.cert. Faulty cal. result in DB Faulty data-collection at customer Faulty data transfer between customer / JV Incorrect calculation routine Error in data input to calculations Error in data-collection at customer Manipulated data-collection at customer Bug in calcu-lation routine Wrong version of calculation routine Incorrect calibra-tion results Incorrect calibrator standard data Perform as customer Use Instr. with incorrect ID Simulate instrument setup at customer Manipulate cal values before they are returned and Pretend to be customer Steal cal. standard in transport Wrong version of program Manipulated calibration results Error in data collection Change ID in Instru-ment Wrong version of program Wrong version of program Wrong version of program Selection based on critical asset

  14. Incorrect calibration values in calibration certificate Incorrect values from data collections Error in calculations Faulty data transfer from cal. result DB to cal.cert. Faulty cal. result in DB Faulty data-collection at customer Faulty data transfer between customer / JV Incorrect calculation routine Error in data input to calculations Error in data-collection at customer Manipulated data-collection at customer Bug in calcu-lation routine Wrong version of calculation routine Incorrect calibra-tion results Incorrect calibrator standard data Perform as customer Use Instr. with incorrect ID Simulate instrument setup at customer Manipulate cal values before they are returned and Pretend to be customer Steal cal. standard in transport Wrong version of program Wrong version of program Manipulated calibration results Error in data collection Change ID in Instru-ment Wrong version of program Wrong version of program Wrong version of program Wrong version of program Wrong version of program Wrong version of program Selection of goal for refinement

  15. Attack Trees • Refinement and ‘digging’ into the critical or interesting parts of the trees: • Goal: Wrong version of program

  16. Wrong version of program Obsolete version used Manipulated version used Manipulated during upload/ download Valid, manipulated version in DB Manipulated program at customer Obsolete version in DB Obsolete version used at customer and Man-in-the-middle attack and and and Manipulate program in DB Sign code with valid key Obsolete version possible to load at customer Obsolete version available at customer Obsolete version available in DB Obsolete version loaded from DB and Access to source code Required skills to perform change Access to valid key Acc-ess to DB Requir-ed skills to perform change Lack of or insuff. routine for deleting and/or removing obsolete version No/faulty version control No/faulty version control Author-ized access Unauthor-ized access Author-ized access Unauthor-ized access Author-ized access Unauthor-ized access Selected goal for refinement

  17. Wrong version of program Manipulated version used Obsolete version used Manipulated during upload/ download Valid, manipulated version in DB Obsolete version in DB Obsolete version used at customer Manipulated program at customer and Man-in-the-middle attack and and Manipulate program in DB Sign code with valid key Obsolete version possible to load at customer Obsolete version available at customer Obsolete version available in DB and Obsolete version loaded from DB and Access to valid key Acc-ess to DB Requir-ed skills to perform change Access to source code Required skills to perform change Lack of or insuff. routine for deleting and/or removing obsolete version No/faulty version control Author-ized access Unauthor-ized access Author-ized access Unauthor-ized access No/faulty version control Author-ized access Unauthor-ized access Selection of branch/goal for example

  18. Identifying Vulnerabilities, an Example • Program could be manipulated and used at customer’s • A skilled customer could manipulate the downloaded source code, and e.g. simulate measurements • Source code is signed in database, and this signature is checked at download. But customer could run another version, and integrity of the returned measurement data is thereby not secured by this signature.

  19. Threats to the System, Example • Customer could want to simulate or manipulate measurements or instrument ID • Save time (instrument should be used in production most of the time) • Fabricate good results

  20. Assessment of Risk Level, Example • “Program could be manipulated and used at customer” • High criticality (integrity of measurement data) • Low/medium threat (we know our customers..) • Risk level MEDIUM

  21. Countermeasures, Example • Technical: Implement code obfuscator • Make the code harder to understand, and thereby manipulate • Administrative: Signing of contract between customer and authority • Define responsibilities, judicial liability • For the future: Build authentication and signing mechanisms into the instruments • Secure integrity of measurement data

  22. Some Results: Usability of Method • (Semi-)Formalized method: • A guide through analysis • Flexibility • Depth of analysis, maturity of system, interpretation of the trees • Presentation of results from analysis • Should adapt to recipients

  23. Some Results: The iMet System • We have identified 14 vulnerabilities • We have suggested mitigation strategies for these, based on risk assessment. Most of them easily achievable

  24. ConclusionWe have performed: • Evaluation of usability of the attack tree method • General usability • For this system (and similar) • A case study of the iMet system • Security analysis • Countermeasures

More Related