Distributed data security for factory automation
Download
1 / 56

Distributed Data Security for Factory Automation - PowerPoint PPT Presentation


  • 68 Views
  • Uploaded on

Distributed Data Security for Factory Automation. Alfred C. Weaver Professor of Computer Science University of Virginia. Outline. Motivation for data security Proposed security architecture Web services Trust Authentication Authorization Federation Research issues.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Distributed Data Security for Factory Automation' - meryle


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Distributed data security for factory automation

Distributed Data Security for Factory Automation

Alfred C. Weaver

Professor of Computer Science

University of Virginia


Outline
Outline

  • Motivation for data security

  • Proposed security architecture

    • Web services

    • Trust

    • Authentication

    • Authorization

    • Federation

  • Research issues


Data privacy and security
Data Privacy and Security

Plants

PDAs

Global Internet

Processes

Laptops

Databases

Desktops

Cell phones



Risks
Risks

  • Access by unauthorized individuals

  • Access denied to authorized individuals

  • Identity theft and impersonation

  • Authentication techniques of varying reliability

  • Mobile access devices

  • Viruses and worms


Risk mitigation requirements
Risk Mitigation Requirements

  • Establish and maintain trust between data requestor and data provider

  • Techniques must be applicable to both humans and software

  • Trust decisions must be made without human intervention


Outline1
Outline

  • Motivation for data security

  • Proposed security architecture

    • Web services

    • Trust

    • Authentication

    • Authorization

    • Federation

  • Research issues


Outline2
Outline

  • Motivation for data security

  • Proposed security architecture

    • Web services

    • Trust

    • Authentication

    • Authorization

    • Federation

  • Research issues


Security architecture
Security Architecture

  • Based upon web services

    • useful functionality exposed on the WWW

    • provide fundamental, standardized building blocks to support distributed computing over the internet

    • applications communicate using XML documents that are computer-readable


Why web services
Why Web Services?

  • Internet provides a powerful, standardized, ubiquitous infrastructure whose benefits are impossible to ignore

    • provided that access is reliable, dependable, and authentic

  • World-wide acceptance

    • preferential way to interconnect applications in a loosely-coupled, language-neutral, platform-independent way


Web services
Web Services

  • Built on three primary technologies

    • Simple Object Access Protocol (SOAP)

      • specifies format and content of messages

    • Web Services Description Language (WSDL)

      • XML document that describes a set of SOAP messages and how they are exchanged

    • Universal Description, Discovery, and Integration (UDDI)

      • searchable "whitepage directory" of web services


Soap example
SOAP Example

<soap:Envelope>

xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

<soap:Header>

<!-- security credentials -->

<s:credentials xmlns:s="urn:examples-org:security">

<username>Alfred Weaver</username>

<password>jdb5eifgh7a</password>

</s:credentials>

</soap:Header>

<soap:Body>

<x:TransferFunds xmlns:x="urn:examples-org:banking">

<from>22-342439</from>

<to>98-283843</to>

<amount>100.00</amount>

<denomination>USD</denomination>

</x:TransferFunds>

</soap:Body>

</soap:Envelope>

TransferFunds (from, to, amount)


Outline3
Outline

  • Motivation for data security

  • Proposed security architecture

    • Web services

    • Trust

    • Authentication

    • Authorization

    • Federation

  • Research issues


Trust

{Authentication,

Credentials,

Privileges}

Trust

Privileges

What you can do

Who you are

Authentication

What you have

Credentials, attributes


Outline4
Outline

  • Motivation for data security

  • Proposed security architecture

    • Web services

    • Trust

    • Authentication

    • Authorization

    • Federation

  • Research issues


Authentication
Authentication

  • Biometric

    • based upon physical or behavioral characteristics

    • answers “who are you?”

  • Digital

    • something you have or know

  • Two-factor authentication

    • biometric + digital


Identification vs verification
Identification vs. Verification

  • Identification

    • of all humans, which one are you?

  • Verification

    • does your biometric (bid sample) match a previously enrolled biometric template?


Physical biometrics

Fingerprint

Iris

Retina

Hand geometry

Finger geometry

Face geometry

Ear shape

Physical Biometrics

  • Palm print

  • Smell

  • Thermal face image

  • Hand vein

  • Fingernail bed

  • DNA


Fingerprint scanners
Fingerprint Scanners

Digital Persona U.are.U Pro

HP IPAQ

IBM Thinkpad T42


False acceptance rejection
False Acceptance/Rejection

  • False acceptance rate (FAR)

    • incorrectly matches a bid sample to an enrolled template

    • this is very bad

    • FAR must be very, very low

  • False rejection rate (FRR)

    • fails to match a legitimate bid sample to an enrolled template

    • this is an annoyance

    • FRR must be low if technique is to be used


Fingerprints
Fingerprints

70 points of differentiation (loops, whirls, deltas, ridges)

Even identical twins have differing fingerprint patterns

False acceptance rate < 0.01%

False rejection rate < 1.4%

Can distinguish a live finger

Fast to enroll

Inexpensive (~$50-100) for the reader


Iris scans
Iris Scans

Iris has 266 degrees of freedom

Identical twins have different iris patterns

False acceptance rate < 0.01%

False rejection rate < 0.01%

Does take some time and controlled lighting to enroll

Pattern is stored as a data template, not a picture

Flash light to detect pupil dilation (prove live eye)


Determining a match

011010101111011110000001...

011010101100011110000111...

Determining a Match

  • Enrollment produces a template

  • Bid sample produces another template

  • Hamming distance between them is the degree of difference


Determining a match1

011010101111011110000001...

011010101100011110000111...

Determining a Match

  • Enrollment produces a template

  • Bid sample produces another template

  • Hamming distance between them is the degree of difference


Behavioral biometrics
Behavioral Biometrics

Alfred C. Weaver

  • Signature

  • Voice

  • Keyboard dynamics


Digital techniques
Digital Techniques

  • PINs and passwords

  • E-tokens

  • Smart cards

  • RFID

  • X.509 certificates


Etoken

Stores credentials such as passwords, digital signatures and certificates, and private keys

Some can support on-board authentication and digital signing

eToken


Smart card
Smart Card certificates, and private keys

  • Size of a credit card

  • Microprocessor and memory

  • All data movements encrypted


Distributed data security for factory automation

IC with antenna certificates, and private keys

Works with a variety of transponders

No power supply

Supplies identity information

Susceptible to theft and replay attacks

RFID


X 509 certificates
X.509 Certificates certificates, and private keys

  • Certificate issued by a trusted Certificate Authority (e.g., VeriSign)

  • Contains

    • name

    • serial number

    • expiration dates

    • certificate holder’s public key (used for encrypting/decrypting messages and digital signatures)

    • digital signature of the Certificate Authority (so recipient knows that the certificate is valid)

  • Recipient may confirm identity of the sender with the Certificate Authority


Authentication token
Authentication Token certificates, and private keys

<TrustLevelSecToken>

<CreatedAt> 2005-09-20T08:30:00.0000000-04:00 </CreatedAt>

<ExpiresAt> 2005-09-21T08:30:00.0000000-04:00</ExpiresAt>

<UserID> 385739601</UserID>

<TokenIssuer> http://cs.virginia.edu/TrustSTS.asmx</TokenIssuer>

<TrustAuthority> http://cs.virginia.edu/TrustAuthority.asmx</TrustAuthority>

</TrustLevelSecToken>


Authentication token1
Authentication Token certificates, and private keys

<TrustLevelSecToken>

<CreatedAt> 2005-09-20T08:30:00.0000000-04:00 </CreatedAt>

<ExpiresAt> 2005-09-21T08:30:00.0000000-04:00</ExpiresAt>

<UserID> 385739601</UserID>

<TrustLevel> Fingerprint </TrustLevel>

<AuthenticationMethod> Digital Persona U.are.U </AuthenticationMethod>

<TokenIssuer> http://cs.virginia.edu/TrustSTS.asmx</TokenIssuer>

<TrustAuthority> http://cs.virginia.edu/TrustAuthority.asmx</TrustAuthority>

</TrustLevelSecToken>


Outline5
Outline certificates, and private keys

  • Motivation for data security

  • Proposed security architecture

    • Web services

    • Trust

    • Authentication

    • Authorization

    • Federation

  • Research issues


Security assertion markup language saml
Security Assertion Markup Language (SAML) certificates, and private keys

  • Applications require interoperable security solutions that transcend the boundaries of single security domains

  • Interoperable exchange of security information is essential to enable

    • web single sign-on

    • distributed authorization services

    • securing electronic transactions

  • SAML addresses these issues


Saml assertions
SAML Assertions certificates, and private keys

  • An assertion is a declaration of facts about a subject

  • SAML has three kinds, all related to security:

    • authentication

    • attribute

    • authorization decision


Saml conceptual model
SAML Conceptual Model certificates, and private keys


Authentication assertion
Authentication Assertion certificates, and private keys

  • An issuing authority asserts that

    • subject S

    • was authenticated by means M

    • at time T

  • Example

    • subject “Alfred C. Weaver”

    • was authenticated by “password”

    • at time “2005-09-18T10:02:00Z”


Example authentication assertion
Example Authentication Assertion certificates, and private keys

<saml:Assertion>

AssertionID=“128.9.167.32.12345678” Issuer=“Robotics Corporation” IssueInstant=“2005-09-19T10:02:00Z”> <saml:Conditions NotBefore=“2005-09-19T10:02:00Z” NotAfter=“2005-09-23T10:02:00Z” /> <saml:AuthenticationStatement>

AuthenticationMethod=“password” AuthenticationInstant=“2005-09-18T10:02:00Z”> <saml:Subject> <saml:NameIdentifier SecurityDomain=“robotics.com” Name=“Alfred C. Weaver” /> </saml:Subject> </saml:AuthenticationStatement>

</saml:Assertion>


Attribute assertion
Attribute Assertion certificates, and private keys

  • An issuing authority asserts that

    • subject S

    • is associated with attributes 1, 2, 3…

    • with attribute values a, b, c...

  • Example:

    • “Alfred C. Weaver” in domain “robotics.com”

    • is associated with attribute “Position”

    • with value “Plant Manager”


Example attribute assertion
Example Attribute Assertion certificates, and private keys

  • <saml:Assertion …> <saml:Conditions …/> <saml:AttributeStatement> <saml:Subject> <saml:NameIdentifier SecurityDomain=“robotics.com” Name=“Alfred C. Weaver” /> </saml:Subject> <saml:Attribute AttributeName=“Position” AttributeNamespace=“http://robotics.com”> <saml:AttributeValue>Plant Manager

  • </saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement></saml:Assertion>


Authorization decision assertion
Authorization Decision Assertion certificates, and private keys

  • An issuing authority decides whether to grant the request:

    • by subject S

    • for access type A

    • to resource R

    • given evidence E

  • The subject could be a human or software

  • The resource is any object

    • data, web page, web service, etc.


Example authorization decision assertion

< certificates, and private keyssaml:Assertion …> <saml:Conditions …/> <saml:AuthorizationStatement>

Decision=“Permit” Resource=“http://www.robotics.com/production.html”> <saml:Subject> <saml:NameIdentifier SecurityDomain=“robotics.com” Name=“Alfred C. Weaver” /> </saml:Subject> </saml:AuthorizationStatement></saml:Assertion>

Example Authorization Decision Assertion


Outline6
Outline certificates, and private keys

  • Motivation for data security

  • Proposed security architecture

    • Web services

    • Trust

    • Authentication

    • Authorization

    • Federation

  • Research issues


Federation
Federation certificates, and private keys

  • Web services single sign-on

  • How can identity, once legitimately established in one trust domain, be reliably and securely shared with another trust domain?

  • How does authentication transfer?

  • What are you authorized to do in a different trust domain?


Federated atm network
Federated ATM Network certificates, and private keys

Account Number

and PIN

Visiting Bank Network

Funds

Network of Trust

Home Bank Network


Administrative decision
Administrative Decision certificates, and private keys

IP/STS

Yes

Admin

Get identity

token

1

3

Requestor

Resource

2

Administrator decides on per request basis


Basic federation direct trust token exchange
Basic Federation certificates, and private keysDirect Trust Token Exchange

IP/STS

IP/STS

Trust

Get accesstoken

Get identity

token

1

2

Resource

Requestor

3


Indirect trust

Trust certificates, and private keys

Trust

Indirect Trust

IP/STS

B

IP/STS

IP/STS

A

C

1

2

Resource

Requestor

3

C trusts B which vouches for A who vouches for client


System design
System Design certificates, and private keys


Outline7
Outline certificates, and private keys

  • Motivation for data security

  • Proposed security architecture

    • Web services

    • Trust

    • Authentication

    • Authorization

    • Federation

  • Research issues


Research challenges
Research Challenges certificates, and private keys

  • Authentication tokens

    • SAML permits enumeration, but not substitution, of acceptable tokens

    • Trustworthiness varies even within a technology, but SAML does not capture this distinction

    • Our TrustLevel concept is just a beginning; trust is more complicated than a number


Research challenges1
Research Challenges certificates, and private keys

  • Authorization rules

    • Human organizations are complex, and so are their rules

    • Role delegation

    • Human/computer interface


Research challenges2
Research Challenges certificates, and private keys

  • Federation

    • Currently an infant science

    • Many issues surround trust management

      • establishment

      • representation

      • exchange

      • enforcement

      • storage

      • negotiation


Research challenges3
Research Challenges certificates, and private keys

  • Tools and techniques

    • how to specify access policies

    • locate policy inconsistencies

    • human/computer interface

  • Formalisms

    • need formal methods to structure our thoughts, processes and implementations

    • need proofs of correctness