North American collaborations via INSPIRE/MASSIF

North American collaborations viaINSPIRE/MASSIFLuigi RomanoCINI (Consorzio Interuniversitario Nazionale perl’Informatica)luigi.romano@uniparthenope.it Internet of Services 2011: Collaboration meeting for FP7 projects International Collaboration session Brussels September 29, 2011

Roadmap Evidence that Critical Infrastructures (CIs) are vulnerable to cyber-attacks Focus on Power Grids, but true in general How we combined detection, diagnosis, and remediation for protecting CIs from cyber-attacks The INSPIRE project Our experience with International cooperation initiatives The INSPIRE INCO project Collaboration objectives The MASSIF project Contact Info

Evidencethat Critical Infrastructuresare vulnerable to cyber-attacks

Basic Concepts Power Grid (tentative definition): an interconnected network for delivering electricity from suppliers to consumers, which is synchronous with a given phase Phasor: complex number that represents both the magnitude and the phase angle of the sine waves found in electricity Synchro-Phasors: phasor measurements that occur at the same time Phasor Measurement Unit (PMU): device which collects Synchro-Phasors to determine the health of the power grid (using a GPS radio clock)

Results in a nutshell 1 Administrator 2 4 LANPower Synchro Phasor Phasor Grid device 3 Data Concentrator 1) Password Eavesdropping 2) Weak Policies on Password selection/maintenance, device fingerprinting possible (and relatively easy) 3) Unreliable channels (wrt both integrity and availability) 4) Poor input validation

Security Analysis of a commercial Synchro-Phasor - Passwords Password Management Multilevel Security: 0, 1, B, P, A, O, 2, C After a pre-defined time, security level is downgraded to 0 (def. 5 min) Security evaluation results Default passwords are simple and can be found in most common dictionaries No constraints for password selection All levels can share the same password No aging mechanism All passwords can be manually reset

Security Analysis of a commercial Synchro-Phasor - Communication Communications are in clear: ftp, telnet, IEEE C37.118, proprietary protocols Passwords can be easily intercepted Data can be easily intercepted Data can be altered 0000 00 30 a7 02 1c 52 00 1d 92 9c 23 7c 08 00 45 00 .0...R....#|..E. 0010 00 29 15 2b 40 00 80 06 62 50 c0 a8 01 01 c0 a8 .).+@...bP...... 0020 01 02 04 76 00 17 a8 64 9c b4 11 74 59 af 50 18 ...v...d...tY.P. 0030 00 fe 22 b0 00 00 54 .."...T 0000 00 30 a7 02 1c 52 00 1d 92 9c 23 7c 08 00 45 00 .0...R....#|..E. 0010 00 29 15 2e 40 00 80 06 62 4d c0 a8 01 01 c0 a8 .)..@...bM...... 0020 01 02 04 76 00 17 a8 64 9c b5 11 74 59 b0 50 18 ...v...d...tY.P. 0030 00 fe 35 ae 00 00 41 ..5...A 0000 00 30 a7 02 1c 52 00 1d 92 9c 23 7c 08 00 45 00 .0...R....#|..E. 0010 00 29 15 2f 40 00 80 06 62 4c c0 a8 01 01 c0 a8 .)./@...bL...... 0020 01 02 04 76 00 17 a8 64 9c b6 11 74 59 b1 50 18 ...v...d...tY.P. 0030 00 fe 2d ac 00 00 49 ..-...I 0000 00 30 a7 02 1c 52 00 1d 92 9c 23 7c 08 00 45 00 .0...R....#|..E. 0010 00 29 15 31 40 00 80 06 62 4a c0 a8 01 01 c0 a8 .).1@...bJ...... 0020 01 02 04 76 00 17 a8 64 9c b7 11 74 59 b2 50 18 ...v...d...tY.P. 0030 00 fe 2a aa 00 00 4c ..*...L

SQL Injection attack to an Open Source PDCprotected override void ProcessMeasurements(IMeasurement[] measurement { foreach (IMeasurement measurement in measurements) { // Create the command string to insert the measurement as a record in the table. StringBuilder commandString = new StringBuilder ("INSERT INTO Measurement VALUES ("); commandString.Append (measurement.SignalID); commandString.Append (","); commandString.Append ((long)measurement.Timestamp); commandString.Append (","); commandString.Append (measurement.AdjustedValue); commandString.Append ()); MySqlCommand command = new MySqlCommand (commandString.ToString(), m_connection); command.ExecuteNonQuery(); } m_measurementCount += measurements.Length; }

If you don’t trust me ... then trust them

How we combined detection,diagnosis, and remediation forprotecting CIs from cyber-attacks

Typical architecture of aSCADA system

A bird’s eye view of INSPIRE Peer-to-peer overlays P2P MPLS Wireless Sensor Networks Offline Security Framework

INSPIRE main results Analyzed vulnerabilities which affect SCADA systems Analyzed dependencies between CIs and the underlying communication networks Designed a self-reconfigurable architecture, suited for SCADA systems Developed diagnosis and recovery techniques, suited for SCADA systems Provided SCADA traffic with Quality of Service (QoS) guarantees

Our experience withInternational cooperationinitiatives

INSPIRE-INCO in a nutshell Proposal: 248737 Acronym: INSPIRE-International (Cooperation) Program: FP7 Call: FP7-ICT-2009-4 Funding scheme: Small or medium-scale focused research project -STREP - CP-FP-INFSO Duration: 12 months (October 1, 2009 - September 30, 2010) Activity: ICT-4-9.2 - Supplements to support International Cooperation between ongoing projects

The Consortium Europe (INSPIRE): CINI, Consorzio Interuniversitario Nazionale per l’Informatica - Coordinator (Italy) TUD, Technical University of Darmstadt (Germany) ITTI, ITTI Sp.zo.o. (Poland) http://www.inspire-strep.eu/ US (GridStat): WSU, Washington State University (USA) http://www.gridstat.net/

The Funding Scheme Funding for International Funding for Research:Funding for Research: Cooperation: EC Grant 225553 NSF Grant 0326006 Extension to NSF Grant 0326006 Funding for Mobility: EC Grant 248737

Mutual Benefits – Sharing Data INSPIRE Experimental Testbed

Mutual Benefits – SharingExperiences

Mutual Benefits – Sharing Ideas

The MASSIF project Multi-domainparallel-running Alert and reaction processes Highly-scalable, dependable and Predictive security analysis generation multi-level event collection Actions and Counter- measuresOlympic Games Trustworthy event collection Multi-level security event modeling Languages Security analysis and EVENTS POLICIES notification Mobile moneytransfer service RELATIONS REACTIONS Multi-level event Process and attack correlation simulation Resilient framework CI Process architecture Control (Dam) Security-aware processes ManagedEnterprise Service Event and Event, Process Models and Infrastructures Information Collection Attack Models Resilient event processing and integration Scenarios Prototypes Advanced SIEM Framework

Collaboration Status Luigi Romano and Salvatore DAntonio, participated in the "Trustworthy Networks and Services" session on March 24th with two talks, titled "Detection, Diagnosis, and Remediation: Three Pillars for Protecting Critical Infrastructures from Cyber- Attacks" and "Effective Countermeasures Against Emerging Threats in the Future Internet" . Bell Canada has shown great interest in the MASSIF Project and Craig Gibson (Senior Security Advisor) joined the MASSIF Technical Advisory Board

Collaboration Status Craig Gibson Proposed potential use cases for the MASSIF project: Craig Gibson participated MASSIF EB Meeting in Naples 14-15 September providing early feedbacks about the project and proposing to extend the scope of MASSIF to wireless, wireline, video and mobile applications.

Collaborations Plan Among the scenarios proposed by Bell Canada we plan to investigate the consequences of GPS spoofing against Synchrophasor devices. GPS satelliteGPS spoofer GPS receiver Internet SyncroPhasor DB

Contact Info

More InfoLuigi Romano luigi.romano@uniparthenope.it The Fault and Intrusion Tolerant Networked SystemS (FITNESS) research group Web site:http://www.dit.uniparthenope.it/FITNESS/The INSPIRE and INSPIRE INCO project Web sites: http://www.inspire-strep.eu http://www.inspire-inco.eu/ The MASSIF project Web site: http://www.massif-project.eu

North American collaborations via INSPIRE/MASSIF

by mbasti2 on Sep 29, 2011

Accessibility

Categories

Tags

Upload Details

Usage Rights

2 Embeds 165

Statistics

North American collaborations via INSPIRE/MASSIF — Presentation Transcript

http://sofi-project.eu	164
http://translate.googleusercontent.com	1