network function insertion for reliable and secure
play

Network Function Insertion for Reliable and Secure Control Messaging - PowerPoint PPT Presentation

Dec 02, 2022 •370 likes •541 views

Network Function Insertion for Reliable and Secure Control Messaging Over Commodity Transport Deniz Gurkan, Nicholas Bastin, Stuart Baxley University of Houston Funded by the U.S. Department of Energy and the U.S. Department of Homeland

  1. Network Function Insertion for Reliable and Secure Control Messaging Over Commodity Transport Deniz Gurkan, Nicholas Bastin, Stuart Baxley University of Houston Funded by the U.S. Department of Energy and the U.S. Department of Homeland Security | cred-c.org

  2. Resiliency against Threat Vectors in Commodity Transport • Sensor data and control directives from oil/gas production facilities are transmitted unencrypted using unreliable transport protocols over lossy network infrastructures • Network threats evolve on a time scale significantly faster than the upgrade schedules of industrial equipment

  3. Resiliency Solution: Network Function Insertion • Decouple the implementation of secure, reliable transport from the actual industrial hardware • Provide agility in responding to new threats without downtime or vendor upgrades • Design and implement a network function which can be deployed without infrastructure disruption into existing ICS

  4. Resiliency through Policy Enforcement • Network transport quality • Loss • Delay • Re-ordering • Threat vectors: injection attacks • Signed packets: Integrity of the system – system control data: • Injection by an external third party • Injection by an internal third party • Encryption: Privacy – system sensor data: • Listening by a third party

  5. POLICY: control knobs with trade-off • A lossy network: P2 P1

  6. POLICY: control knobs with trade-off • A lossy network: Existing protocols: retransmissions, lost connections, end point ( not flow-specific ) tuning P1 P3 P2 Custom POLICY: delayed but GUARANTEED delivery Custom POLICY: NO delivery unless IN-ORDER

  7. Resiliency – Network Transport Quality • Loss, delay, re-ordering

  8. POLICY: control knobs with trade-off • A lossy network: P3 P3 P2 P2 P2 P1 P1 P3 P2 P1 ACK RESEND P2 Custom POLICY: GUARANTEED delivery – delayed on lost packets

  9. Resiliency – Attack Vectors: injections • Integrity of the system (system control/sensor data), privacy (sensor data)

  10. Resiliency against attacks Existing protocols: end to end protection with firewalls, without signed packets per flow injecting P3 third party injecting P3 third party P1 P2 P2 P1 listening listening third party third party external third party sensor site internal third party

  11. POLICY: guarantee access by authorized personnel and keep sensor/control data private Custom POLICY: signed and encrypted packets of the flow injecting P3 third party P1 P1 P1 injecting P3 third party listening listening third party third party external third party sensor site internal third party

  12. Reconfigurable ICS Scenario on UH Testbed • Support multiple concurrent arbitrary isolated topologies, with MTS (Managed Topology Services) orchestration system: • Software-defined networking scenarios • Critical infrastructure security • Internet of things • Computer networking education • UH Testbed Resources: • Over 1000 1Gb and 10Gb switch ports from Brocade, Cisco, Dell/Force10, HP, Intel, and Pica8 • Over a dozen SDN switches • A variety of specialized forwarding devices (NPUs, hybrid server-switches, etc.) from Caros, Cavium, Freescale, Intel, and Znyx • Over 250 general purpose CPU cores and 1.5TB of ram across two dozen servers • Over 100TB of raw storage capacity and 24 line-rate taps

  13. Network Function Insertion: Testbed Setup • Number of sites • Sensors per site • Sensor emulation software at sensor nodes • Management emulation software at remote console • Loss • Delay • Reorder • Without a NF - baseline behavior of the network • With NF - network function software at NF nodes

  14. Project Next Steps • Reference implementation that achieves representative ICS scenarios with configurable loss and delay. • A test suite for the reference implementation using the UH Testbed. • A specification document for the network function deployment and logical functionality. • Analysis to show the level of resiliency achieved through the network function deployment. • Validation and verification results of our implementation and testbed setup in collaboration with PNNL.

  15. http://cred-c.org @credcresearch facebook.com/credcresearch/ Funded by the U.S. Department of Energy and the U.S. Department of Homeland Security

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Focus Area: Secure and Reliable Secure and Reliable Computing Base Presenter: Sean Smith,

Focus Area: Secure and Reliable Secure and Reliable Computing Base Presenter: Sean Smith,

Trustworthy Cyber Infrastructure for the Power Grid Presentations Focus Area: Secure and Reliable Secure and Reliable Computing Base Presenter: Sean Smith, Dartmouth College TCIP Industry Day October 17, 2007 University of Illinois

310 views • 16 slides
2 Our Strategy Focused on delivering secure, reliable returns Our Strategy We own and actively

2 Our Strategy Focused on delivering secure, reliable returns Our Strategy We own and actively

2 Our Strategy Focused on delivering secure, reliable returns Our Strategy We own and actively manage a diversified portfolio of quality Australian property assets , delivering long term benefits For our Investors We are a secure , reliable

518 views • 32 slides
2 GPT Strategy Focused on delivering secure, reliable returns Our Strategy We own and actively

2 GPT Strategy Focused on delivering secure, reliable returns Our Strategy We own and actively

2 GPT Strategy Focused on delivering secure, reliable returns Our Strategy We own and actively manage a diversified portfolio of quality Australian property assets , delivering long term benefits For our Investors We are a secure , reliable

820 views • 33 slides
The Covariance Matrix (insertion) Definition Let x = { x 1 , ..., x N } N be a real

The Covariance Matrix (insertion) Definition Let x = { x 1 , ..., x N } N be a real

1 Feature Selection: Linear Transformations y new = M x old 3 Constraint Optimization (insertion) Problem: Given an objective function f(x) to be optimized and let constraints be given by h k (x)=c k , moving constants to the left, ==> h k

227 views • 19 slides
Semi-Secure Semi-Secure where a hash is a secure one-way function. A cookie is a bit of state

Semi-Secure Semi-Secure where a hash is a secure one-way function. A cookie is a bit of state

One-Slide Summary Users often authenticate themselves by providing passwords. We store and compare hashes of passwords, Semi-Secure Semi-Secure where a hash is a secure one-way function. A cookie is a bit of state associated with a webpage

103 views • 9 slides
Future Electric Power Systems efficient, reliable, secure, resilient, adaptable, and economic 1

Future Electric Power Systems efficient, reliable, secure, resilient, adaptable, and economic 1

Future Electric Power Systems efficient, reliable, secure, resilient, adaptable, and economic 1 Sharif University of Technology March 6, 2018 IoT-aided Smart Grid Amir Safdarian IoT and Smart Grid The IoT is defined as a network that can

372 views • 18 slides
Ensuring a secure, reliable and efficient Power System in a Changing Environment Delivering a

Ensuring a secure, reliable and efficient Power System in a Changing Environment Delivering a

Ensuring a secure, reliable and efficient Power System in a Changing Environment Delivering a Secure Sustainable Power System 17 th August 2011 Outline Agenda Chair: Dick Lewis, Manager, Grid Operations Planning 10.00 a.m. Registration (Tea

833 views • 70 slides
Reliable client-server connections Making Telnet secure Thijs Rozekrans Ren e Klomp

Reliable client-server connections Making Telnet secure Thijs Rozekrans Ren e Klomp

Reliable client-server connections Making Telnet secure Thijs Rozekrans Ren e Klomp thijs.rozekrans@os3.nl rene.klomp@os3.nl System and Network Engineering University of Amsterdam July 3, 2013 Thijs Rozekrans, Ren e Klomp (UvA)

1.39k views • 16 slides
Everything is Quantum The EU Quantum Flagship Our mission is to keep KPN reliable & secure

Everything is Quantum The EU Quantum Flagship Our mission is to keep KPN reliable & secure

Everything is Quantum The EU Quantum Flagship Our mission is to keep KPN reliable & secure and trusted by customers, partners and society part of the vital infra of NL Contents Whats the problem? Whats everyone up to? Are

527 views • 33 slides
CLOUD DELIVERY OF ATSC 3.0 VIA SECURE RELIABLE TRANSPORT JOE SECCIA, PRINCIPAL ARCHITECT

CLOUD DELIVERY OF ATSC 3.0 VIA SECURE RELIABLE TRANSPORT JOE SECCIA, PRINCIPAL ARCHITECT

CLOUD DELIVERY OF ATSC 3.0 VIA SECURE RELIABLE TRANSPORT JOE SECCIA, PRINCIPAL ARCHITECT TELEVISION TRANSMISSION CONNECTING WHATS NEXT MOTIVATION (1) Evolving to NextGen TV is unlike the NTSC DTV conversion. Channel sharing

645 views • 25 slides
Secure, Reliable & Proven Application Performance Management for the Enterprise Web

Secure, Reliable & Proven Application Performance Management for the Enterprise Web

Secure, Reliable & Proven Application Performance Management for the Enterprise Web Performance Matters to the Business Your organization depends on your web applications to do business from customer facing eCommerce, banking or travel

281 views • 6 slides
Fast, Reliable, Secure, Affordable MongoDB on AWS EC2 Paul Marcelin Why are we here today?

Fast, Reliable, Secure, Affordable MongoDB on AWS EC2 Paul Marcelin Why are we here today?

Fast, Reliable, Secure, Affordable MongoDB on AWS EC2 Paul Marcelin Why are we here today? Among open-source databases, MongoDB is a complete production-ready solution Self-managing MongoDB is worthwhile , for the best AWS performance at

444 views • 20 slides
To provide secure, safe and reliable operation, control and despatch of generation facilities.

To provide secure, safe and reliable operation, control and despatch of generation facilities.

VISION 01 To provide secure, safe and reliable operation, control and despatch of generation facilities. MISSION 02 To contribute in the development of prosperous Pakistan by managing smooth and economical transmission and despatch system

892 views • 18 slides
Reliable IPTV Transport Network Reliable IPTV Transport Network Dongmei Wang AT&T

Reliable IPTV Transport Network Reliable IPTV Transport Network Dongmei Wang AT&T

Reliable IPTV Transport Network Reliable IPTV Transport Network Dongmei Wang AT&T labs-research Florham Park, NJ Page 2 Outline Outline Background on IPTV Background on IPTV Motivations for IPTV Motivations for IPTV

284 views • 27 slides
PURPOSE Mission - to support, promote, and encourage the exchange of secure and reliable

PURPOSE Mission - to support, promote, and encourage the exchange of secure and reliable

PURPOSE Mission - to support, promote, and encourage the exchange of secure and reliable health information among stakeholders and regional networks Vision to develop a framework for the efficient exchange of patient-centric health

478 views • 21 slides
Bounds on Reliable Boolean Function Computation with Noisy Gates - R. L. Dobrushin & S. I.

Bounds on Reliable Boolean Function Computation with Noisy Gates - R. L. Dobrushin & S. I.

Bounds on Reliable Boolean Function Computation with Noisy Gates - R. L. Dobrushin & S. I. Ortyukov, 1977 - N. Pippenger, 1985 - P . G acs & A. G al, 1994 Presenter: Da Wang 6.454 Graduate Seminar in Area I EECS, MIT Oct. 5,

830 views • 34 slides
List Order Maintenance E B H D I C F G A Insert(D,I) Build data structure Insert( x , y

List Order Maintenance E B H D I C F G A Insert(D,I) Build data structure Insert( x , y

List Order Maintenance E B H D I C F G A Insert(D,I) Build data structure Insert( x , y ) Insert y after x Order( x , y ) Returns if x is to the left of y Monotonic List Labeling 10 12 14 17 18 19 20 21 24 x y Each node an

301 views • 11 slides
Analyzing algorithms, Growth of functions, and Divide-and-conquer Course: CS 5130 - Advanced Data

Analyzing algorithms, Growth of functions, and Divide-and-conquer Course: CS 5130 - Advanced Data

Analyzing algorithms, Growth of functions, and Divide-and-conquer Course: CS 5130 - Advanced Data Structures and Algorithms Instructor: Dr. Badri Adhikari What kinds of problems are solved by algorithms? Biological problems The human DNA

577 views • 25 slides
CS141: Intermediate Data Structures and Algorithms Analysis of Algorithms Amr Magdy Analyzing

CS141: Intermediate Data Structures and Algorithms Analysis of Algorithms Amr Magdy Analyzing

CS141: Intermediate Data Structures and Algorithms Analysis of Algorithms Amr Magdy Analyzing Algorithms Algorithm Correctness 1. Termination a. Produces the correct output for all possible input. b. Algorithm Performance 2. Either

579 views • 47 slides
LightGraphs: Our Our Network Story James Fairbanks, GTRI Seth Bromberger, LLNL About Seth

LightGraphs: Our Our Network Story James Fairbanks, GTRI Seth Bromberger, LLNL About Seth

LightGraphs: Our Our Network Story James Fairbanks, GTRI Seth Bromberger, LLNL About Seth Security researcher focused on critical infrastructure Looking at ways to combine graph analytics and machine learning to solve cybersecurity

538 views • 20 slides
A Generative Model for Rank Data Based on an Insertion Sorting Algorithm J. Jacques & C.

A Generative Model for Rank Data Based on an Insertion Sorting Algorithm J. Jacques & C.

Motivation The Insertion Sorting Rank model Numerical illustration Concluding remarks A Generative Model for Rank Data Based on an Insertion Sorting Algorithm J. Jacques & C. Biernacki Laboratory of Mathematics, UMR CNRS 8524 &

575 views • 20 slides
Embedded computing projects, Learning TinyOS & nesC Rahav

Embedded computing projects, Learning TinyOS & nesC Rahav

Embedded computing projects, Learning TinyOS & nesC Rahav Dor Spring 2014 Kevin Klues started this lecture series in 2007. It has been inherited and kept up to date with advancements in

1.7k views • 151 slides
OPAVES An open platform for autonomous vehicle tinkerers Fabien Chouteau Embedded Software

OPAVES An open platform for autonomous vehicle tinkerers Fabien Chouteau Embedded Software

OPAVES An open platform for autonomous vehicle tinkerers Fabien Chouteau Embedded Software Engineer at AdaCore Twitter : @DesChips GitHub : Fabien-Chouteau Hackaday.io: Fabien.C 1 What is this project? Open Platform for Autonomous

482 views • 24 slides
Compensable transactions Tony Hoare Microsoft Research, Cambridge, England Summary. The concept

Compensable transactions Tony Hoare Microsoft Research, Cambridge, England Summary. The concept

Compensable transactions Tony Hoare Microsoft Research, Cambridge, England Summary. The concept of a compensable transaction has been embodied in modern business workflow languages like BPEL. This article uses the concept of a box-structured

283 views • 26 slides

More recommend