SoylentNews is people
SoylentNews
From the IEEE, an algorithm that creates "background noise" during data transmission that alerts officials to hacking:
Some of the most important industrial control systems (ICSs), such as those that support power generation and traffic control, must accurately transmit data at the milli- or even mirco-second range. This means that hackers need interfere with the transmission of real-time data only for the briefest of moments to succeed in disrupting these systems. The seriousness of this type of threat is illustrated by the Stuxnet incursion in 2010, when attackers succeeded in hacking the system supporting Iran's uranium enrichment factory, damaging more than 1000 centrifuges.
Now a trio of researchers has disclosed a novel technique that could more easily identify when these types of attacks occur, triggering an automatic shutdown that would prevent further damage.
The problem was first brought up in a conversation over coffee two years ago. "While describing the security measures in current industrial control systems, we realized we did not know any protection method on the real-time channels," explains Zhen Song, a researcher at Siemens Corporation. The group began to dig deeper into the research, but couldn't find any existing security measures.
[...] The approach involves the transmission of real-time data over an unencrypted channel, as conventionally done. In the experiment, a specialized algorithm in the form of a recursive watermark (RWM) signal is transmitted at the same time. The algorithm encodes a signal that is similar to "background noise," but with a distinct pattern. On the receiving end of the data transmission, the RWM signal is monitored for any disruptions, which, if present, indicate an attack is taking place. "If attackers change or delay the real-time channel signal a little bit, the algorithm can detect the suspicious event and raise alarms immediately," Song says.
Critically, a special "key" for deciphering the RWM algorithm is transmitted through an encrypted channel from the sender to the receiver before the data transmission takes place.
Tests show that this approach works fast to detect attacks. "We found the watermark-based approach, such as the RWM algorithm we proposed, can be 32 to 1375 times faster than traditional encryption algorithms in mainstream industrial controllers. Therefore, it is feasible to protect critical real-time control systems with new algorithms," says Song.
Originally spotted on The Eponymous Pickle.
Previously:
Cyber Threats from the US and Russia are Now Focusing on Civilian Infrastructure
Hackers Behind Dangerous Oil and Gas Intrusions are Probing US Power Grids
Stuxnet-Style Code Signing is More Widespread Than Anyone Thought
(Score: 4, Interesting) by zocalo on Monday March 30 2020, @05:41PM (3 children)
That said, WTF are they talking about "unencrypted channels" for? I'm currently working on a national infrastructure SCADA project and our government dictated requirements are a private network (we're using a dedicated MPLS network) for primary comms, a dedicated cellular APN for backup, *and* that all traffic over both those telco provided networks be encrypted in transit by us in addition to any encryption and network segregation provided by the bearer. PLC -> router -> encrypted VPN over MPLS/APN (also encrypted) -> router -> SCADA backend. That's not to say we couldn't inject this "watermarking" data between the PLC and the router and check it at the backend, but a lack of encryption and appropriate data integrity validation definitely shouldn't be a thing anymore, at least in any sane post-Stuxnet implementation.
UNIX? They're not even circumcised! Savages!
(Score: 2) by Unixnut on Monday March 30 2020, @06:53PM (1 child)
I imagine they are talking more about physical tampering with "low level" serial channels (like rs-422 - which is still heavily used in factory/industrial automation). These tend to be communication between a controller and a bunch of small embedded systems (that usually control a few functions, think a microcontroller that controls a valve servo).
Usually the embedded controllers are very low power, and cannot realistically support a full encryption stack while still having any kind of usable performance.
You are thinking more of the the PLC -> direct control formula usually used in honking big CNC robots. Those tend to be effectively ruggerdised server systems,and would have no problem to run a full encryption stack.
(Score: 2) by zocalo on Monday March 30 2020, @08:21PM
UNIX? They're not even circumcised! Savages!
(Score: 3, Interesting) by driverless on Tuesday March 31 2020, @02:07AM
Another thing, in SCADA availability is almost always more important than security - think "we can't scram the reactor because the guy who knows the password is on his lunch break". Adding any level of extra complexity, particularly something as notoriously failure-prone as encryption, to something that can never be allowed to fail, won't fly. That's why many SCADA systems, if they want to risk having security at all, have integrity-only security because that doesn't affect availability. This is proposing a complex encryption-like mechanism with many, many points of failure that aren't present in the original, it's a nice academic exercise but nothing more.