robert altschaffel mario hildebrandt stefan kiltz jana
play

Robert Altschaffel Mario Hildebrandt Stefan Kiltz Jana Dittmann - PowerPoint PPT Presentation

May 08, 2023 •275 likes •429 views

Exploring the Possibility of Forensic Investigations on Steam Turbine Governing Systems Robert Altschaffel Mario Hildebrandt Stefan Kiltz Jana Dittmann Otto-von-Guericke-University Magdeburg, Germany 1 Robert Altschaffel, Mario Hildebrandt ,

  1. Exploring the Possibility of Forensic Investigations on Steam Turbine Governing Systems Robert Altschaffel Mario Hildebrandt Stefan Kiltz Jana Dittmann Otto-von-Guericke-University Magdeburg, Germany 1 Robert Altschaffel, Mario Hildebrandt , Stefan Kiltz, Prof. Dr.-Ing. Jana Dittmann

  2. Outline • Introduction • Fundamentals – Steam Turbine Governing Systems – Computer Forensic Investigation • Generalized Steam Turbine Governing System – Data Streams – Possibilities for Forensic Investigation • Simulation Model of a STG System • Conclusion & Future Work 2 Robert Altschaffel, Mario Hildebrandt , Stefan Kiltz, Prof. Dr.-Ing. Jana Dittmann

  3. Introduction • Industrial automation is a central aspect of modern power plants – Controls different functions – Relies on electronic control systems – Might be interconnected • Like any computer system, an industrial control system might fail – By attack or by accident • How can the events that led to such an incident be reconstructed? 3 Robert Altschaffel, Mario Hildebrandt , Stefan Kiltz, Prof. Dr.-Ing. Jana Dittmann

  4. Steam Turbine Governing Systems • Steam Turbine Governing (STG) Systems are used as a starting point • Steam Turbine [Dic15] – Generates electric power by using steam pressure generated by the steam generator – Consists of a shaft connected to a number of blades – Steam turbine needs a stream with specific temperature and pressure – STG is used to ensure these characteristics • Steam Turbine Governing Systems – Have a range of sensors for temperature and pressure – Have valves as actuators ➢ Classical control system 4 Robert Altschaffel, Mario Hildebrandt , Stefan Kiltz, Prof. Dr.-Ing. Jana Dittmann

  5. Forensics • Forensics = the reconstruction of events by using scientific methods – Events might be attacks or failures • Validation of a forensic examination depends on … – Integrity / Authenticity of the traces – Trustworthiness of the forensic method • Forensic Investigation on computer systems is a well-researched domain – Interest in specialized/connected domains (e.g. automotive, ICS) rises 5 Robert Altschaffel, Mario Hildebrandt , Stefan Kiltz, Prof. Dr.-Ing. Jana Dittmann

  6. Computer Forensic Investigations 1/2 • Three principal sources of data (‘data streams’) [ALK17] – Communication • Data exchanged between components using physical network connections • Can only be gathered at the moment of transmission – Volatile data • Data stored in volatile memory which is lost after voltage loss and/or deactivation of a system • Can be gathered by querying the respective system for this data – Persistent data • Data stored in persistent memory • Can be gathered by querying the respective system for this data or by extracting the data directly from the component 6 Robert Altschaffel, Mario Hildebrandt , Stefan Kiltz, Prof. Dr.-Ing. Jana Dittmann

  7. Computer Forensic Investigations 2/2 • Forensic model according to [KVD15] – Strategic preparation ( SP ) measures taken by the operator n prior to an incident. – Operational preparation ( OP ) measures of preparation after a suspected incident. – Data gathering ( DG ) measures to acquire and secure digital evidence. – Data investigation ( DI ) measures to evaluate and extract data for further investigation. – Data analysis ( DA ) measures for detailed analysis and correlation between digital evidence from various sources. – Documentation ( DO ) measures for the detailed documentation of the proceedings 7 Robert Altschaffel, Mario Hildebrandt , Stefan Kiltz, Prof. Dr.-Ing. Jana Dittmann

  8. Generalized Steam Turbine Governing System • Understanding of components is essential to identify possible traces ➢ Creation of a generalized and simplified model for a STG system 8 Robert Altschaffel, Mario Hildebrandt , Stefan Kiltz, Prof. Dr.-Ing. Jana Dittmann

  9. Generalized Steam Turbine Governing System – Data Streams • Allows Identification of the three forensic useable data streams Communication Volatile Memory Persistent Memory 9 Robert Altschaffel, Mario Hildebrandt , Stefan Kiltz, Prof. Dr.-Ing. Jana Dittmann

  10. Simulation Model of a STG System 1/3 • Simulation environment to create data streams based on an abstract, simplified model • Objective: customizable setup to analyze forensic traces for various attack patterns • FlowNet-based model with simplified thermodynamics 10 Robert Altschaffel, Mario Hildebrandt , Stefan Kiltz, Prof. Dr.-Ing. Jana Dittmann

  11. Simulation Model of a STG System 2/3 Digital Reading/PLC Input Network Data Valve Control Digital Reading/PLC Input: Impulse/Frequency Counter 11 Robert Altschaffel, Mario Hildebrandt , Stefan Kiltz, Prof. Dr.-Ing. Jana Dittmann

  12. Simulation Model of a STG System 3/3 • Simulation model has to cover all operational modes – power-up, operation, power-down • Forensic investigation is not limited to attacks as a result of malicious intent – malfunctions are considered as well • Extension of the model: generator control and communication with the steam turbine governing control, HMI integration 12 Robert Altschaffel, Mario Hildebrandt , Stefan Kiltz, Prof. Dr.-Ing. Jana Dittmann

  13. Conclusion & Future Work • Identification of possible data traces usable for forensic investigation in ICS environment within a power plant • A simplified generic model for STG systems is presented for supporting the forensic process by identifying data traces • The possibility of acquiring these traces has been investigated using a simulated environment • Future work requires practical confirmation on the results yielded in the simulated environment 13 Robert Altschaffel, Mario Hildebrandt , Stefan Kiltz, Prof. Dr.-Ing. Jana Dittmann

  14. References Thank you for your Attention! References: • [Dic15] E. Dick, “Fundamentals of Turbomachines”, Springer, Dordrecht 2015 • [KDV15] S. Kiltz, J. Dittmann, C. Vielhauer, "Supporting Forensic Design - a Course Profile to Teach Forensics", IMF 2015 • [ALK17] R. Altschaffel, K. Lamshöft, S. Kiltz, J. Dittmann , “A Survey on Open Automotive Forensics”, SECUREWARE 2017 Contact information: Robert Altschaffel Mario Hildebrandt Department of Computer Science Department of Computer Science Research Group Multimedia and Security Research Group Multimedia and Security Institute of Technical and Business Information Systems Institute of Technical and Business Information Systems Otto-von-Guericke-University of Magdeburg Otto-von-Guericke-University of Magdeburg Universitaetsplatz 2 Universitaetsplatz 2 39106 Magdeburg, Germany 39106 Magdeburg, Germany EMail: robert.altschaffel@iti.cs.uni-magdeburg.de EMail: mario.hildebrandt@iti.cs.uni-magdeburg.de 14 Phone: +49 (391) 67 58046 Phone: +49 (391) 67 51603 Robert Altschaffel, Mario Hildebrandt , Stefan Kiltz, Prof. Dr.-Ing. Jana Dittmann

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Nuclear Power Plant in a Box Asherah R. Altschaffel 1 T. Holczer 2 R. A. Busqium e Silva 3 J. Li 4

Nuclear Power Plant in a Box Asherah R. Altschaffel 1 T. Holczer 2 R. A. Busqium e Silva 3 J. Li 4

Nuclear Power Plant in a Box Asherah R. Altschaffel 1 T. Holczer 2 R. A. Busqium e Silva 3 J. Li 4 P. Gyorgy 2 M. Hildebrandt 1 M. Hewes 5 1 Otto-von-Guericke University, Magdeburg, Germany 2 BME Crysys, Budapest, Hungary 3 Brazilian Government,

446 views • 16 slides
Presence of Fault Attacks Robert Schilling 1,2 , Mario Werner 1 , Stefan Mangard 1 1 Graz

Presence of Fault Attacks Robert Schilling 1,2 , Mario Werner 1 , Stefan Mangard 1 1 Graz

Securing Conditional Branches in the Presence of Fault Attacks Robert Schilling 1,2 , Mario Werner 1 , Stefan Mangard 1 1 Graz University of Technology, 2 Know-Center GmbH March 22, 2018 Overview Introduction to control-flow integrity and

702 views • 33 slides
Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim Lyubashevsky, Christof Paar, Krzysztof Pietrzak Authentication Protocols Prover Verifier HB-style authentication shared AES key K protocols

563 views • 22 slides
Protecting RISC-V Processors against Physical Attacks Stefan Mangard, Robert Schilling, Thomas

Protecting RISC-V Processors against Physical Attacks Stefan Mangard, Robert Schilling, Thomas

www.iaik.tugraz.at S C I E N C E P A S S I O N T E C H N O L O G Y Protecting RISC-V Processors against Physical Attacks Stefan Mangard, Robert Schilling, Thomas Unterluggauer, Mario Werner

621 views • 57 slides
Eduard Hildebrandt http://www.eduard-hildebrandt.de 3 million images are uploaded to

Eduard Hildebrandt http://www.eduard-hildebrandt.de 3 million images are uploaded to

Distributed Computing the Google way An introduction to Apache Hadoop Eduard Hildebrandt http://www.eduard-hildebrandt.de 3 million images are uploaded to everyday. enough images to fill a 375.000 page photo album. Over 210 210

841 views • 52 slides
THREAT ANALYSIS OF STEGANOGRAPHIC AND COVERT COMMUNICATION IN NUCLEAR I&C SYSTEMS M.

THREAT ANALYSIS OF STEGANOGRAPHIC AND COVERT COMMUNICATION IN NUCLEAR I&C SYSTEMS M.

THREAT ANALYSIS OF STEGANOGRAPHIC AND COVERT COMMUNICATION IN NUCLEAR I&C SYSTEMS M. Hildebrandt 1 , R. Altschaffel 1 , K. Lamshft 1 , M. Lange 2 , M.Szemkus 2 , T. Neubert 3 , C.Vielhauer 1,3 , Y. Ding 2 , J. Dittmann 1 1 Otto-von-Guericke

378 views • 10 slides
Annual Report on 2010 Market Issues and p Performance Eric Hildebrandt Ph D Eric Hildebrandt,

Annual Report on 2010 Market Issues and p Performance Eric Hildebrandt Ph D Eric Hildebrandt,

Annual Report on 2010 Market Issues and p Performance Eric Hildebrandt Ph D Eric Hildebrandt, Ph.D. Director, Department of Market Monitoring Board of Governors General Session May 18-19, 2011 y , Total annual wholesale costs load

144 views • 10 slides
Cloud-Based Data Processing Introduction Jana Giceva 1 About me Jana Giceva Chair for

Cloud-Based Data Processing Introduction Jana Giceva 1 About me Jana Giceva Chair for

Cloud-Based Data Processing Introduction Jana Giceva 1 About me Jana Giceva Chair for Database Systems Boltzmannstr. 3, Office: 02.11.043 jana.giceva@in.tum.de Academic Background: 2006 2009 BSc in Computer Science at Jacobs

779 views • 42 slides
29/10/19 ECSS 2019 ROME Keynote Hildebrandt 2 David Spiegelhalter, a former pr preside dent of

29/10/19 ECSS 2019 ROME Keynote Hildebrandt 2 David Spiegelhalter, a former pr preside dent of

SPEAKING LAW TO COMPUTER SCIENTISTS AND OTHER FOLK Prof. Mireille Hildebrandt Faculty of Law & Criminology, Vrije Universiteit Brussel Science Faculty, Radboud University 29/10/19 ECSS 2019 ROME Keynote Hildebrandt 2 David Spiegelhalter,

751 views • 49 slides
DATA PROTECTION RIGHT Prof. dr. Mireille Hildebrandt Interfacing Law & Technology Vrije

DATA PROTECTION RIGHT Prof. dr. Mireille Hildebrandt Interfacing Law & Technology Vrije

GETTING DATA PROTECTION RIGHT Prof. dr. Mireille Hildebrandt Interfacing Law & Technology Vrije Universiteit Brussel Smart Environments, Data Protection & the Rule of Law Radboud University 21/2/17 Hildebrandt SNS seminar Stockholm

676 views • 50 slides
All Quantum Adversaries Are Equivalent Robert palek joint work with Mario Szegedy Quantum

All Quantum Adversaries Are Equivalent Robert palek joint work with Mario Szegedy Quantum

All Quantum Adversaries Are Equivalent Robert palek joint work with Mario Szegedy Quantum query complexity Want to compute Boolean function f Input queried by oracle calls O x | i , b , z = | i , b x i , z Allow arbitrary

195 views • 18 slides
Oncology Research Analytics Jana Analysis Inspired by and dedicated to Cancer Fighting Patients,

Oncology Research Analytics Jana Analysis Inspired by and dedicated to Cancer Fighting Patients,

Jana Analysis Healthcare Industry Oncology Research Analytics Jana Analysis Inspired by and dedicated to Cancer Fighting Patients, Oncologists & All supporting staff Jana Analysis Jana Analysis HEALTH ANALYTICS COMPANY Board Advisor Dr

516 views • 22 slides
Evaluation: Discovering what works Jana Witt oacc@kcl.ac.uk or jana.witt@kcl.ac.uk 27 June 2014

Evaluation: Discovering what works Jana Witt oacc@kcl.ac.uk or jana.witt@kcl.ac.uk 27 June 2014

Visit our website www.csi.kcl.ac.uk Follow us on twitter: @CSI_KCL Evaluation: Discovering what works Jana Witt oacc@kcl.ac.uk or jana.witt@kcl.ac.uk 27 June 2014 The evidence to date A number of studies have investigated the effects of

459 views • 13 slides
http://ls.st/lse-163 Zeljko Ivezic, Robert Lupton & Mario Juric LSST JTM Meeting, Mar 6, 2017

http://ls.st/lse-163 Zeljko Ivezic, Robert Lupton & Mario Juric LSST JTM Meeting, Mar 6, 2017

Data Products Definition Document (LSE-163) http://ls.st/lse-163 Zeljko Ivezic, Robert Lupton & Mario Juric LSST JTM Meeting, Mar 6, 2017 Why DPDD? http://ls.st/lse-163 LSST Products in LSST Science Requirements Large Synoptic

334 views • 20 slides
Features of Emotional Planning in Software Agents Stefan Rank, Paolo Petta, Robert Trappl

Features of Emotional Planning in Software Agents Stefan Rank, Paolo Petta, Robert Trappl

ISSEK Workshop on Intelligent Agents, Udine 2004/10/01 1 Features of Emotional Planning in Software Agents Stefan Rank, Paolo Petta, Robert Trappl Austrian Research Institute for Artificial Intelligence 2004/10/01 Stefan Rank, Paolo Petta,

552 views • 31 slides
CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme L eo Ducas (CWI), Eike Kiltz

CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme L eo Ducas (CWI), Eike Kiltz

CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme L eo Ducas (CWI), Eike Kiltz (Ruhr-Universit at Bochum), Tancr` ede Lepoint (SRI International), Vadim Lyubashevsky (IBM Research), Peter Schwabe (Radboud University), Gregor

1.06k views • 36 slides
through embedded employability Dr. Chris Shepherd School of Physical Sciences The module: PS620

through embedded employability Dr. Chris Shepherd School of Physical Sciences The module: PS620

The UKs European university A novel approach to running final year research projects: empowering students to manage their own projects through embedded employability Dr. Chris Shepherd School of Physical Sciences The module: PS620

544 views • 15 slides
Reasoning About a Simulated Printer Case Investigation with Forensic Lucid 1 Serguei A. Mokhov

Reasoning About a Simulated Printer Case Investigation with Forensic Lucid 1 Serguei A. Mokhov

Introduction Background Sample Case Conclusion Reasoning About a Simulated Printer Case Investigation with Forensic Lucid 1 Serguei A. Mokhov Joey Paquet Mourad Debbabi Department of Computer Science and Software Engineering Faculty of

720 views • 46 slides
How Forensic Accounting Services can help your business Do you find yourself asking Where is my

How Forensic Accounting Services can help your business Do you find yourself asking Where is my

How Forensic Accounting Services can help your business Do you find yourself asking Where is my money going? But, Im not worried about embezzling You may not have issues regarding inappropriate disbursements/theft. But, you may have

234 views • 10 slides
Forensic Accounting & Fraud Examination

Forensic Accounting & Fraud Examination

Forensic Accounting & Fraud Examination What is the ACFE?

150 views • 13 slides
Trends in Mobile Device Forensics Jonathan Rajewski, MS, CCE, CFE, CISSP, ENCE, TJFC Director -

Trends in Mobile Device Forensics Jonathan Rajewski, MS, CCE, CFE, CISSP, ENCE, TJFC Director -

8/29/2016 Trends in Mobile Device Forensics Jonathan Rajewski, MS, CCE, CFE, CISSP, ENCE, TJFC Director - Senator Leahy Center for Digital Investigation @jtrajewski Associate Professor - Digital Forensics | Cyber Security

344 views • 18 slides
National Commission on Forensic Science Washington, DC December 8, 2015 AAAS Project Staff Mark

National Commission on Forensic Science Washington, DC December 8, 2015 AAAS Project Staff Mark

Forensic Science Assessments A Quality and Gap Analysis National Commission on Forensic Science Washington, DC December 8, 2015 AAAS Project Staff Mark S. Frankel , Deborah Runkle , Michelle Barretta Scientific Responsibility, Human Rights and

378 views • 13 slides
Co Coll llege ege of f Ar Arts s an and d Sc Sciences iences FY18 Annual Report FY19

Co Coll llege ege of f Ar Arts s an and d Sc Sciences iences FY18 Annual Report FY19

Co Coll llege ege of f Ar Arts s an and d Sc Sciences iences FY18 Annual Report FY19 Planning Document Leadership Team Chairs and Directors College Office Craig Gatto BSC Greg Simpson Dean Craig McLauchlan CHE Steve Hunt

611 views • 27 slides
First-year Summer Springboard Orientation 2016 College Meetings: UNIVERSITY STUDIES University

First-year Summer Springboard Orientation 2016 College Meetings: UNIVERSITY STUDIES University

First-year Summer Springboard Orientation 2016 College Meetings: UNIVERSITY STUDIES University Studies Why do you need a Deans Office? Role of the Office Deans List Transferring Credits Answering Questions Dr. Herb

406 views • 26 slides

More recommend