Distributed data security for factory automation
This presentation is the property of its rightful owner.
Sponsored Links
1 / 56

Distributed Data Security for Factory Automation PowerPoint PPT Presentation


  • 47 Views
  • Uploaded on
  • Presentation posted in: General

Distributed Data Security for Factory Automation. Alfred C. Weaver Professor of Computer Science University of Virginia. Outline. Motivation for data security Proposed security architecture Web services Trust Authentication Authorization Federation Research issues.

Download Presentation

Distributed Data Security for Factory Automation

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Distributed data security for factory automation

Distributed Data Security for Factory Automation

Alfred C. Weaver

Professor of Computer Science

University of Virginia


Outline

Outline

  • Motivation for data security

  • Proposed security architecture

    • Web services

    • Trust

    • Authentication

    • Authorization

    • Federation

  • Research issues


Data privacy and security

Data Privacy and Security

Plants

PDAs

Global Internet

Processes

Laptops

Databases

Desktops

Cell phones


Virtual factory

Virtual Factory


Risks

Risks

  • Access by unauthorized individuals

  • Access denied to authorized individuals

  • Identity theft and impersonation

  • Authentication techniques of varying reliability

  • Mobile access devices

  • Viruses and worms


Risk mitigation requirements

Risk Mitigation Requirements

  • Establish and maintain trust between data requestor and data provider

  • Techniques must be applicable to both humans and software

  • Trust decisions must be made without human intervention


Outline1

Outline

  • Motivation for data security

  • Proposed security architecture

    • Web services

    • Trust

    • Authentication

    • Authorization

    • Federation

  • Research issues


Outline2

Outline

  • Motivation for data security

  • Proposed security architecture

    • Web services

    • Trust

    • Authentication

    • Authorization

    • Federation

  • Research issues


Security architecture

Security Architecture

  • Based upon web services

    • useful functionality exposed on the WWW

    • provide fundamental, standardized building blocks to support distributed computing over the internet

    • applications communicate using XML documents that are computer-readable


Why web services

Why Web Services?

  • Internet provides a powerful, standardized, ubiquitous infrastructure whose benefits are impossible to ignore

    • provided that access is reliable, dependable, and authentic

  • World-wide acceptance

    • preferential way to interconnect applications in a loosely-coupled, language-neutral, platform-independent way


Web services

Web Services

  • Built on three primary technologies

    • Simple Object Access Protocol (SOAP)

      • specifies format and content of messages

    • Web Services Description Language (WSDL)

      • XML document that describes a set of SOAP messages and how they are exchanged

    • Universal Description, Discovery, and Integration (UDDI)

      • searchable "whitepage directory" of web services


Soap example

SOAP Example

<soap:Envelope>

xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

<soap:Header>

<!-- security credentials -->

<s:credentials xmlns:s="urn:examples-org:security">

<username>Alfred Weaver</username>

<password>jdb5eifgh7a</password>

</s:credentials>

</soap:Header>

<soap:Body>

<x:TransferFunds xmlns:x="urn:examples-org:banking">

<from>22-342439</from>

<to>98-283843</to>

<amount>100.00</amount>

<denomination>USD</denomination>

</x:TransferFunds>

</soap:Body>

</soap:Envelope>

TransferFunds (from, to, amount)


Outline3

Outline

  • Motivation for data security

  • Proposed security architecture

    • Web services

    • Trust

    • Authentication

    • Authorization

    • Federation

  • Research issues


Trust

{Authentication,

Credentials,

Privileges}

Trust

Privileges

What you can do

Who you are

Authentication

What you have

Credentials, attributes


Outline4

Outline

  • Motivation for data security

  • Proposed security architecture

    • Web services

    • Trust

    • Authentication

    • Authorization

    • Federation

  • Research issues


Authentication

Authentication

  • Biometric

    • based upon physical or behavioral characteristics

    • answers “who are you?”

  • Digital

    • something you have or know

  • Two-factor authentication

    • biometric + digital


Identification vs verification

Identification vs. Verification

  • Identification

    • of all humans, which one are you?

  • Verification

    • does your biometric (bid sample) match a previously enrolled biometric template?


Physical biometrics

Fingerprint

Iris

Retina

Hand geometry

Finger geometry

Face geometry

Ear shape

Physical Biometrics

  • Palm print

  • Smell

  • Thermal face image

  • Hand vein

  • Fingernail bed

  • DNA


Fingerprint scanners

Fingerprint Scanners

Digital Persona U.are.U Pro

HP IPAQ

IBM Thinkpad T42


False acceptance rejection

False Acceptance/Rejection

  • False acceptance rate (FAR)

    • incorrectly matches a bid sample to an enrolled template

    • this is very bad

    • FAR must be very, very low

  • False rejection rate (FRR)

    • fails to match a legitimate bid sample to an enrolled template

    • this is an annoyance

    • FRR must be low if technique is to be used


Fingerprints

Fingerprints

70 points of differentiation (loops, whirls, deltas, ridges)

Even identical twins have differing fingerprint patterns

False acceptance rate < 0.01%

False rejection rate < 1.4%

Can distinguish a live finger

Fast to enroll

Inexpensive (~$50-100) for the reader


Iris scans

Iris Scans

Iris has 266 degrees of freedom

Identical twins have different iris patterns

False acceptance rate < 0.01%

False rejection rate < 0.01%

Does take some time and controlled lighting to enroll

Pattern is stored as a data template, not a picture

Flash light to detect pupil dilation (prove live eye)


Determining a match

011010101111011110000001...

011010101100011110000111...

Determining a Match

  • Enrollment produces a template

  • Bid sample produces another template

  • Hamming distance between them is the degree of difference


Determining a match1

011010101111011110000001...

011010101100011110000111...

Determining a Match

  • Enrollment produces a template

  • Bid sample produces another template

  • Hamming distance between them is the degree of difference


Behavioral biometrics

Behavioral Biometrics

Alfred C. Weaver

  • Signature

  • Voice

  • Keyboard dynamics


Digital techniques

Digital Techniques

  • PINs and passwords

  • E-tokens

  • Smart cards

  • RFID

  • X.509 certificates


Etoken

Stores credentials such as passwords, digital signatures and certificates, and private keys

Some can support on-board authentication and digital signing

eToken


Smart card

Smart Card

  • Size of a credit card

  • Microprocessor and memory

  • All data movements encrypted


Distributed data security for factory automation

IC with antenna

Works with a variety of transponders

No power supply

Supplies identity information

Susceptible to theft and replay attacks

RFID


X 509 certificates

X.509 Certificates

  • Certificate issued by a trusted Certificate Authority (e.g., VeriSign)

  • Contains

    • name

    • serial number

    • expiration dates

    • certificate holder’s public key (used for encrypting/decrypting messages and digital signatures)

    • digital signature of the Certificate Authority (so recipient knows that the certificate is valid)

  • Recipient may confirm identity of the sender with the Certificate Authority


Authentication token

Authentication Token

<TrustLevelSecToken>

<CreatedAt> 2005-09-20T08:30:00.0000000-04:00 </CreatedAt>

<ExpiresAt> 2005-09-21T08:30:00.0000000-04:00</ExpiresAt>

<UserID> 385739601</UserID>

<TokenIssuer> http://cs.virginia.edu/TrustSTS.asmx</TokenIssuer>

<TrustAuthority> http://cs.virginia.edu/TrustAuthority.asmx</TrustAuthority>

</TrustLevelSecToken>


Authentication token1

Authentication Token

<TrustLevelSecToken>

<CreatedAt> 2005-09-20T08:30:00.0000000-04:00 </CreatedAt>

<ExpiresAt> 2005-09-21T08:30:00.0000000-04:00</ExpiresAt>

<UserID> 385739601</UserID>

<TrustLevel> Fingerprint </TrustLevel>

<AuthenticationMethod> Digital Persona U.are.U </AuthenticationMethod>

<TokenIssuer> http://cs.virginia.edu/TrustSTS.asmx</TokenIssuer>

<TrustAuthority> http://cs.virginia.edu/TrustAuthority.asmx</TrustAuthority>

</TrustLevelSecToken>


Outline5

Outline

  • Motivation for data security

  • Proposed security architecture

    • Web services

    • Trust

    • Authentication

    • Authorization

    • Federation

  • Research issues


Security assertion markup language saml

Security Assertion Markup Language (SAML)

  • Applications require interoperable security solutions that transcend the boundaries of single security domains

  • Interoperable exchange of security information is essential to enable

    • web single sign-on

    • distributed authorization services

    • securing electronic transactions

  • SAML addresses these issues


Saml assertions

SAML Assertions

  • An assertion is a declaration of facts about a subject

  • SAML has three kinds, all related to security:

    • authentication

    • attribute

    • authorization decision


Saml conceptual model

SAML Conceptual Model


Authentication assertion

Authentication Assertion

  • An issuing authority asserts that

    • subject S

    • was authenticated by means M

    • at time T

  • Example

    • subject “Alfred C. Weaver”

    • was authenticated by “password”

    • at time “2005-09-18T10:02:00Z”


Example authentication assertion

Example Authentication Assertion

<saml:Assertion>

AssertionID=“128.9.167.32.12345678” Issuer=“Robotics Corporation” IssueInstant=“2005-09-19T10:02:00Z”> <saml:Conditions NotBefore=“2005-09-19T10:02:00Z” NotAfter=“2005-09-23T10:02:00Z” /> <saml:AuthenticationStatement>

AuthenticationMethod=“password” AuthenticationInstant=“2005-09-18T10:02:00Z”> <saml:Subject> <saml:NameIdentifier SecurityDomain=“robotics.com” Name=“Alfred C. Weaver” /> </saml:Subject> </saml:AuthenticationStatement>

</saml:Assertion>


Attribute assertion

Attribute Assertion

  • An issuing authority asserts that

    • subject S

    • is associated with attributes 1, 2, 3…

    • with attribute values a, b, c...

  • Example:

    • “Alfred C. Weaver” in domain “robotics.com”

    • is associated with attribute “Position”

    • with value “Plant Manager”


Example attribute assertion

Example Attribute Assertion

  • <saml:Assertion …> <saml:Conditions …/> <saml:AttributeStatement> <saml:Subject> <saml:NameIdentifier SecurityDomain=“robotics.com” Name=“Alfred C. Weaver” /> </saml:Subject> <saml:Attribute AttributeName=“Position” AttributeNamespace=“http://robotics.com”> <saml:AttributeValue>Plant Manager

  • </saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement></saml:Assertion>


Authorization decision assertion

Authorization Decision Assertion

  • An issuing authority decides whether to grant the request:

    • by subject S

    • for access type A

    • to resource R

    • given evidence E

  • The subject could be a human or software

  • The resource is any object

    • data, web page, web service, etc.


Example authorization decision assertion

<saml:Assertion …> <saml:Conditions …/> <saml:AuthorizationStatement>

Decision=“Permit” Resource=“http://www.robotics.com/production.html”> <saml:Subject> <saml:NameIdentifier SecurityDomain=“robotics.com” Name=“Alfred C. Weaver” /> </saml:Subject> </saml:AuthorizationStatement></saml:Assertion>

Example Authorization Decision Assertion


Outline6

Outline

  • Motivation for data security

  • Proposed security architecture

    • Web services

    • Trust

    • Authentication

    • Authorization

    • Federation

  • Research issues


Federation

Federation

  • Web services single sign-on

  • How can identity, once legitimately established in one trust domain, be reliably and securely shared with another trust domain?

  • How does authentication transfer?

  • What are you authorized to do in a different trust domain?


Federated atm network

Federated ATM Network

Account Number

and PIN

Visiting Bank Network

Funds

Network of Trust

Home Bank Network


Administrative decision

Administrative Decision

IP/STS

Yes

Admin

Get identity

token

1

3

Requestor

Resource

2

Administrator decides on per request basis


Basic federation direct trust token exchange

Basic FederationDirect Trust Token Exchange

IP/STS

IP/STS

Trust

Get accesstoken

Get identity

token

1

2

Resource

Requestor

3


Indirect trust

Trust

Trust

Indirect Trust

IP/STS

B

IP/STS

IP/STS

A

C

1

2

Resource

Requestor

3

C trusts B which vouches for A who vouches for client


System design

System Design


Outline7

Outline

  • Motivation for data security

  • Proposed security architecture

    • Web services

    • Trust

    • Authentication

    • Authorization

    • Federation

  • Research issues


Research challenges

Research Challenges

  • Authentication tokens

    • SAML permits enumeration, but not substitution, of acceptable tokens

    • Trustworthiness varies even within a technology, but SAML does not capture this distinction

    • Our TrustLevel concept is just a beginning; trust is more complicated than a number


Research challenges1

Research Challenges

  • Authorization rules

    • Human organizations are complex, and so are their rules

    • Role delegation

    • Human/computer interface


Research challenges2

Research Challenges

  • Federation

    • Currently an infant science

    • Many issues surround trust management

      • establishment

      • representation

      • exchange

      • enforcement

      • storage

      • negotiation


Research challenges3

Research Challenges

  • Tools and techniques

    • how to specify access policies

    • locate policy inconsistencies

    • human/computer interface

  • Formalisms

    • need formal methods to structure our thoughts, processes and implementations

    • need proofs of correctness


  • Login