attack awareness for spire intrusion tolerant scada
play

ATTACK-AWARENESS FOR SPIRE (INTRUSION-TOLERANT SCADA) Tiger Gao, - PowerPoint PPT Presentation

Nov 24, 2023 •341 likes •530 views

ATTACK-AWARENESS FOR SPIRE (INTRUSION-TOLERANT SCADA) Tiger Gao, Dan Qian, Elaine Wong, & Jason Wong 1. BACKGROUND What is Spire? What is SCADA? What is SCADA? Supervisory Control and Data Acquisition Allows for centralized

  1. ATTACK-AWARENESS FOR SPIRE (INTRUSION-TOLERANT SCADA) Tiger Gao, Dan Qian, Elaine Wong, & Jason Wong

  2. 1. BACKGROUND What is Spire? What is SCADA?

  3. What is SCADA? Supervisory Control and Data Acquisition ▪ Allows for centralized control over systems that are ▪ spread out over large distances Monitors and controls devices that collect information ▪ from and interact with the physical world such as power breakers, valves, HVAC controllers, factory machine computers Used widely in critical infrastructure: ▪ Electrical grids, water treatment facilities, power ▫ plants buildings, factories, facilities etc. 3

  4. SCADA System Layout PLCs/RTUs ▪ Sensors and/or control units ▫ Closest level of interaction with process ▫ SCADA Master ▪ Coordinates network of PLCs/RTUs ▫ HMI ▪ Interface through which human operators can ▫ monitor and give commands to the system

  5. Current SCADA Vulnerabilities Use in critical infrastructure makes SCADA systems ▪ valuable targets to attack, especially by state actors Stuxnet ▫ Compromised SCADA systems can disable or potentially ▪ permanently destroy critical infrastructure 2015 Ukrainian Power Grid Attack ▫ Power cut for 230,000 people ▫ Transition from closed networks to IP exposes SCADA ▪ systems to the internet, easier to attack Experiment with honeypot of PLCs were attacked 39 ▫ times from 14 countries in a month(Aron)

  6. What is Spire? Spire is an open-source, intrusion ▪ tolerant SCADA solution over IP Many components work together to ▪ prevent attacks Spines: Networking ▫ Prime: Timely Byzantine Fault ▫ Tolerance Multicompiler: Entropy ▫ Scheduled Resets ▫ RTU/PLC Proxy ▪

  7. How It Actually Works

  8. Effectiveness - Does It Work? Short Answer: ▪ Resisted an extensive attack by a Sandia National ▪ Laboratories Also retains timeliness consistently, with some variations ▪ because of special circumstances

  9. 2. OUR WORK Introducing attack-awareness to an intrusion-tolerant system

  10. Attack-Awareness Spire handles many attacks silently, without notifying a ▪ human operator Bad leader in byzantine agreement protocol ▫ Dumb DDoS attacks (from compromised device) ▫ These problems could be easily resolved with human ▪ awareness (i.e. unplugging a compromised master) Our goal: Displaying HMI alerts to notify operators of ▪ ongoing attacks of different types 10

  11. Attack Types of Note DDoS Attacks Bad Leader Attacks Dumb attacks from adversaries A compromised SCADA master ▪ ▪ who may have compromised part who leads the agreement of the system and are spamming it protocol sends inconsistent with random messages messages to other masters, delaying instruction execution Can happen at HMI, proxy, and ▪ firewall levels This occurs inside prime ▪ 11

  12. What We Have Accomplished (Part I) First few weeks: Just getting to know the code ▪ Exploring the codebase, learning about Spire in ▫ general Setting up VMs to work with HMIs on PVBrowser ▫ Getting to know PVBrowser ▫ ▪ Then: Learning how to set up the full system (HMIs, PLCs, SCADA masters, oh my!)

  14. What We Have Accomplished (Part II) First: A plain alert message on HMI for internal DDoS attacks ▪ This later became a table displaying which SCADA master is ▪ spamming the HMI, and is therefore the compromised machine Similarly, we display an alert when the proxy is being ▪ spammed Adding an alert for bad leaders in the Prime agreement ▪ protocol Adding logging for possible firewall spam ▪

  15. DEMOS!!!!! 15

  16. Challenges ▪ Getting through the codebase ▪ PVBrowser/Ubuntu/Centos issues with freezing ▪ Mostly, didn’t/haven’t had enough experience with the system to develop an intuition of where different kinds of bugs could be coming from Weird problems like clock synchronization for Spines ▫ communication or temp files that we needed sudo access to delete Sometimes just had to restart the whole thing ▫

  17. Future Work Generalizing the alert system ▪ Ex. There are a lot of places where Prime can detect ▫ suspicious activity, but doesn’t alert Detecting replay attacks (a less dumb DDoS attack) ▫ which forces system to decrypt before discarding message Integrating logging for firewall spam into the HMI ▪ Cleaning up; this was mostly proof of concept ▪ 17

  18. THANK YOU to Amy Babay , for setting us up, coming to our meetings, guiding us through code and bugs to Sam Beckley , for helping us get started with the HMI to Yair Amir , for giving us the opportunity to work on this incredibly impactful and important project 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Evaluating BFT Protocols for Spire Henry Schuh & Sam Beckley 600.667 Advanced Distributed

Evaluating BFT Protocols for Spire Henry Schuh & Sam Beckley 600.667 Advanced Distributed

Evaluating BFT Protocols for Spire Henry Schuh & Sam Beckley 600.667 Advanced Distributed Systems & Networks SCADA & Spire Overview High-Performance, Scalable Spire Trusted Platform Module Known Network Characteristics

1.01k views • 51 slides
Resilient Power Grid Project Report Sahiti Bommareddy | Daniel Qian | Parv Saxena Spring 2020 1

Resilient Power Grid Project Report Sahiti Bommareddy | Daniel Qian | Parv Saxena Spring 2020 1

Resilient Power Grid Project Report Sahiti Bommareddy | Daniel Qian | Parv Saxena Spring 2020 1 Project Goal Extend the Spire intrusion-tolerant SCADA system Three dimensions: 1. Performance optimization for single site configuration 2.

622 views • 33 slides
Out of Control: Demonstrating SCADA Exploitation Brian Meixell Eric Forner Black Hat 2013

Out of Control: Demonstrating SCADA Exploitation Brian Meixell Eric Forner Black Hat 2013

Out of Control: Demonstrating SCADA Exploitation Brian Meixell Eric Forner Black Hat 2013 Agenda SCADA 101 Attack Scenarios Common Vulnerabilities Remediation Exploit Demo SCADA 101 SCADA DCS Supervisory Distributed

626 views • 45 slides
Using U Unikernels to E o Enhan ance t the Attac ack- Resistance of S of Spire, a Ne a

Using U Unikernels to E o Enhan ance t the Attac ack- Resistance of S of Spire, a Ne a

Using U Unikernels to E o Enhan ance t the Attac ack- Resistance of S of Spire, a Ne a Network work-A -Attac ack-R -Resili lient t Intr In trus usion on-Tole olerant S SCADA f for or th the P Powe ower Gr r Grid Brad

677 views • 30 slides
An Intrusion Tolerant Threshold Cryptographic System Kamran Riaz Khan

An Intrusion Tolerant Threshold Cryptographic System Kamran Riaz Khan

Outline Problem Statement Proposed Solution Project Goals Deliverables Related Work References Questions An Intrusion Tolerant Threshold Cryptographic System Kamran Riaz Khan <krkhan@inspirated.com> March 2, 2010 Kamran Riaz Khan

970 views • 93 slides
From Byzantine-Tolerant to Intrusion-Safe Services Christian Cachin IBM Zurich Research

From Byzantine-Tolerant to Intrusion-Safe Services Christian Cachin IBM Zurich Research

From Byzantine-Tolerant to Intrusion-Safe Services Christian Cachin IBM Zurich Research Laboratory & LPD, EPFL With Idit Keidar and Alexander Shraer 22 September 2009 Overview BFT services Are f < n/3 faults realistic?

389 views • 19 slides
Intrusion Tolerant IDS James Riordan Marc Dacier Dominique Alessandri Andreas Wespi IBM

Intrusion Tolerant IDS James Riordan Marc Dacier Dominique Alessandri Andreas Wespi IBM

Intrusion Tolerant IDS James Riordan Marc Dacier Dominique Alessandri Andreas Wespi IBM Forschungslaboratorium R uschlikon, Switzerland 19 June 2001 1 MAFTIA A European project whose aim is to develop: Malicious- and Accidental-

366 views • 13 slides
A DEPTS : Adaptive Intrusion Response using Attack Graphs in an e-Commerce Environment Bingrui

A DEPTS : Adaptive Intrusion Response using Attack Graphs in an e-Commerce Environment Bingrui

A DEPTS : Adaptive Intrusion Response using Attack Graphs in an e-Commerce Environment Bingrui Foo, Yu-Sung Wu, Yu-Chun Mao, Saurabh Bagchi, Eugene Spafford Purdue University Dependable Computing Systems Lab (http://shay.ecn.purdue.edu/~dcsl)

608 views • 23 slides
EXTRACTING ATTACK SCENARIOS USING INTRUSION SEMANTICS Sherif Saad, Issa Traore Information

EXTRACTING ATTACK SCENARIOS USING INTRUSION SEMANTICS Sherif Saad, Issa Traore Information

EXTRACTING ATTACK SCENARIOS USING INTRUSION SEMANTICS Sherif Saad, Issa Traore Information Security and Object Technology Lab University of Victoria ECE Department 5 th FPS 2012 Overview 2 Introduction Related Work Approach

946 views • 21 slides
SCADA and Other Dangerous Things Professor Andrew Blyth, PhD. University of South Wales, UK.

SCADA and Other Dangerous Things Professor Andrew Blyth, PhD. University of South Wales, UK.

SCADA and Other Dangerous Things Professor Andrew Blyth, PhD. University of South Wales, UK. E-Mail: andrew.blyth@southwales.ac.uk SCADA and Ukraine SCADA Hacking Typical SCADA Critical Infrastructure Architecture 4 SCADA and IPC Forensic

303 views • 17 slides
SCADA SCADA Sec Securit urity SC SCADA Ne Netwo twork rk Sec Security urity Jodi Jensen

SCADA SCADA Sec Securit urity SC SCADA Ne Netwo twork rk Sec Security urity Jodi Jensen

SCADA SCADA Sec Securit urity SC SCADA Ne Netwo twork rk Sec Security urity Jodi Jensen Operations Support Manager Western Area Power Administration Sub Substation Ne station Netwo twork rk Sec Security urity Tyler Stinson

627 views • 13 slides
Cyber Intrusion Detection by Using Deep Neural Networks with Attack-sharing Loss IEEE DataCom

Cyber Intrusion Detection by Using Deep Neural Networks with Attack-sharing Loss IEEE DataCom

Cyber Intrusion Detection by Using Deep Neural Networks with Attack-sharing Loss IEEE DataCom 19 Boxiang Dong 1 Hui (Wendy) Wang 2 Aparna S. Varde 1 Dawei Li 1 Bharath K. Samanthula 1 Weifeng Sun 3 Liang Zhao 3 1 Montclair State University

476 views • 24 slides
SCADA Security Eric Chan Fortinet SouthEast Asia & HK SCADA Network Architecture CONFIDENTIAL

SCADA Security Eric Chan Fortinet SouthEast Asia & HK SCADA Network Architecture CONFIDENTIAL

SCADA Security Eric Chan Fortinet SouthEast Asia & HK SCADA Network Architecture CONFIDENTIAL INTERNAL ONLY 2 Where are the Threats Coming From? External Sources SCADA systems are often interconnected to other SCADA systems and

480 views • 12 slides
PANACEA: AUTOMATING ATTACK CLASSIFICATION FOR ANOMALY-BASED NETWORK INTRUSION DETECTION SYSTEMS

PANACEA: AUTOMATING ATTACK CLASSIFICATION FOR ANOMALY-BASED NETWORK INTRUSION DETECTION SYSTEMS

PANACEA: AUTOMATING ATTACK CLASSIFICATION FOR ANOMALY-BASED NETWORK INTRUSION DETECTION SYSTEMS DAMIANO BOLZONI, SANDRO ETALLE AND PIETER HARTEL DISTRIBUTED AND EMBEDDED SECURITY GROUP TWENTE SECURITY LAB 10+ YEARS OF RESEARCH OVER ANOMALY

160 views • 14 slides
THE APPLICATION OF THE APPLICATION OF GPRS FOR SCADA GPRS FOR SCADA COMMUNICATIONS

THE APPLICATION OF THE APPLICATION OF GPRS FOR SCADA GPRS FOR SCADA COMMUNICATIONS

THE APPLICATION OF THE APPLICATION OF GPRS FOR SCADA GPRS FOR SCADA COMMUNICATIONS COMMUNICATIONS Dieter Gtschow Telecommunications specialist Industry Association Resource Centre African Utility Week, 810 May 2006 Overview

549 views • 21 slides
SCADA STRANGELOVE SCADA.SL Sergey Gordeychik Internets Aleksandr Timorin StrangeLove movie and

SCADA STRANGELOVE SCADA.SL Sergey Gordeychik Internets Aleksandr Timorin StrangeLove movie and

SCADA STRANGELOVE SCADA.SL Sergey Gordeychik Internets Aleksandr Timorin StrangeLove movie and other Gleb Gritsai *All pictures are taken from Dr Group of security researchers focused on ICS/SCADA Alexander Timorin Dmitry Serebryannikov

1.13k views • 65 slides
BEST PRACTICES WHEN BENCHMARKING CUDA APPLICATIONS Bill Fiser Senior System Software Engineer

BEST PRACTICES WHEN BENCHMARKING CUDA APPLICATIONS Bill Fiser Senior System Software Engineer

BEST PRACTICES WHEN BENCHMARKING CUDA APPLICATIONS Bill Fiser Senior System Software Engineer Sebastian Jodowski Senior System Software Engineer Peak performance AGENDA vs. Stable performance 2 Peak performance AGENDA vs. Stable

1.09k views • 55 slides
Modelica/Scicos Modelica : language for modeling physical systems. Originally continuous-time

Modelica/Scicos Modelica : language for modeling physical systems. Originally continuous-time

Hybrid dynamics in Modelica: should all events be considered synchronous Ramine Nikoukhah INRIA EOOLT 2007 Modelica/Scicos Modelica : language for modeling physical systems. Originally continuous-time modeling extended to discrete-time.

489 views • 12 slides
Dynamo: Amazons Highly Available Key-value Store Giuseppe DeCandia, Deniz Hastorun, Madan

Dynamo: Amazons Highly Available Key-value Store Giuseppe DeCandia, Deniz Hastorun, Madan

Introduction Background Related Work System Architecture (core distributed systems techniques) Implementation Experiences & Lessons Learned Dynamo: Amazons Highly Available Key-value Store Giuseppe DeCandia, Deniz Hastorun, Madan

1.41k views • 111 slides
MIMO Communication Multiple antennas create additional degree-of-freedom Limited by

MIMO Communication Multiple antennas create additional degree-of-freedom Limited by

Concurrent Channel Access and Estimation for Scalable Multiuser MIMO Networking Tsung-Han Lin and H.T. Kung IEEE INFOCOM 2013 MIMO Communication Multiple antennas create additional degree-of-freedom Limited by scattering environments

395 views • 28 slides
MPIBlib: Benchmarking MPI Communications for Parallel Computing on Homogeneous and Heterogeneous

MPIBlib: Benchmarking MPI Communications for Parallel Computing on Homogeneous and Heterogeneous

Introduction MPIBlib benchmarking suite Conclusion MPIBlib: Benchmarking MPI Communications for Parallel Computing on Homogeneous and Heterogeneous Clusters Alexey Lastovetsky Vladimir Rychkov Maureen OFlynn { Alexey.Lastovetsky,

402 views • 16 slides
Guaranteed phase synchronization of hybrid oscillators using symbolic Eulers method Jawher

Guaranteed phase synchronization of hybrid oscillators using symbolic Eulers method Jawher

Motivation Synchronization using a reachability method Symbolic reachability using Eulers method Brusselator example Biped example Conclusion and P Guaranteed phase synchronization of hybrid oscillators using symbolic Eulers method

275 views • 26 slides
AEROBIC AND ANAEROBIC BIODEGRADABILITY OF ACCUMULATED SOLIDS IN HORIZONTAL SUBSURFACE FLOW

AEROBIC AND ANAEROBIC BIODEGRADABILITY OF ACCUMULATED SOLIDS IN HORIZONTAL SUBSURFACE FLOW

13th IWA Specialized Conference on Small Water and Wastewater Systems & 5th IWA Specialized Conference on Resources-Oriented Sanitation Athens, Greece, 14-17 Setember 2016 AEROBIC AND ANAEROBIC BIODEGRADABILITY OF ACCUMULATED SOLIDS IN

202 views • 18 slides
Lee Tunnel Main Pump Rag Test Lessons Learned from an Extraordinary Pump Test Maik Ulmschneider,

Lee Tunnel Main Pump Rag Test Lessons Learned from an Extraordinary Pump Test Maik Ulmschneider,

Lee Tunnel Main Pump Rag Test Lessons Learned from an Extraordinary Pump Test Maik Ulmschneider, KSB AG Ciaran Heaney, Thames Water Lee Tunnel Rag Test Agenda 1) About the Project 2) Rag Test Requirements 3) Test Facility 4) Rag Tests

384 views • 23 slides

More recommend