how aga 12-1 protects scada data in transit
DESCRIPTION
A Presentation To The COTF1 Group By Bill Rush Gas Technology Institute April 26, 2003 Sun Valley, Idaho. How AGA 12-1 Protects SCADA Data In Transit. We Will Overview AGA 12-1 And Develop Background. Project History Threats And Attacks Cryptographic Fundamentals - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/1.jpg)
How AGA 12-1 Protects SCADA Data In Transit
A Presentation To TheCOTF1 Group
ByBill Rush
Gas Technology InstituteApril 26, 2003
Sun Valley, Idaho
![Page 2: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/2.jpg)
We Will Overview AGA 12-1 And Develop Background> Project History
> Threats And Attacks
> Cryptographic Fundamentals
> How AGA 12 Protects Communications
> Future Developments
![Page 3: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/3.jpg)
>
HISTORY OF AGA 12
![Page 4: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/4.jpg)
The AGA 12 Group Adopted A Broad Charter> AGA = American Gas Association
> AGA Report = Recommended Practice
> AGA 12-1, “Cryptographic Protection Of SCADA Communications”
> Launched Effort In October 2001
> Goal: Cover Gas, Water, and Electric
> Balloting: March 25 to April 24
“We have no competitors – only partners we have not yet met !”
![Page 5: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/5.jpg)
SCADA Communications Are Vulnerable> Assailants Can Attack SCADA
Communications
Control Control RoomRoom RTURTUNetwork Is Network Is
InsecureInsecure
(Secure)(Secure)(Secure)(Secure)
![Page 6: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/6.jpg)
AGA 12-1 Has Several Goals
> Solid Cryptographic Communication Protection
> Retrofit To Existing Systems
> Reasonable Cost
> Tolerable Message Delays
> Reliable Certification Methods
> Interoperability Among Manufacturers
Today, Focus Is “What Attacks We Protect Against And How”
![Page 7: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/7.jpg)
>
THREATS AND ATTACKS
![Page 8: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/8.jpg)
There Are Several Possible SCADA Attackers> Hackers
> Organized Crime
> Financial Traders
> Terrorists
> Foreign Governments
> Insiders/Disgruntled Employees
> Combinations
![Page 9: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/9.jpg)
We Protect Against 5 Attacks
> Interception – Listening To Messages
> Fabrication – Creating Forged Messages
> Alteration – Changing Valid Messages
> Replay – Copying Message, Sending Later
> Key Guessing/Extraction – Trial & Error OR Taking Key From Module
![Page 10: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/10.jpg)
AGA 12-1 Protects SCADA Communications> Technical Approach: Attackers can’t read
““Open A Valve!”Open A Valve!”
““^fD%b*m>s#H!j“^fD%b*m>s#H!j“
““Open A Valve!”Open A Valve!”
Encrypt Decrypt
Even Intercepted SCADA Commands Are Secure Even Intercepted SCADA Commands Are Secure Until They Reach Their DestinationUntil They Reach Their Destination
![Page 11: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/11.jpg)
>
CRYPTOGRAPHIC FUNDAMENTALS
![Page 12: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/12.jpg)
Can A Published, Known Standard Encryption Mechanism Really Keep Data A Secret?
YES - And In Fact, It Is The Best Way. How Can This Be?
The Key, Not Algorithm The Key, Not Algorithm Secrecy, Provides SecuritySecrecy, Provides Security
![Page 13: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/13.jpg)
The Mechanism Of Locks Is Public Knowledge
But Without The Key Or Combination -But Without The Key Or Combination - You Can’t Open A Single One !You Can’t Open A Single One !
![Page 14: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/14.jpg)
A Simple Rotation Algorithm Provides A Simple Example> Substitute One Letter For Another
> Rotate Letters By “N” Positions
GOAL: An Algorithm Simple Enough ToGOAL: An Algorithm Simple Enough To See, But Real Enough To Show IssuesSee, But Real Enough To Show Issues
![Page 15: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/15.jpg)
Plaintext Maps To Ciphertext Easily - With The Key
A B C D E F G H …ZA B C D E F G H …Z
A B C D E F G H I J … CA B C D E F G H I J … C
Plaintext:Plaintext:
CyphertextCyphertext:
With Rotation Key:With Rotation Key: 2 “HAD” Becomes “JCF”2 “HAD” Becomes “JCF” 3 “HAD” Becomes “KDG”3 “HAD” Becomes “KDG”
Key = Rotate Each Letter 2 To The Right Key = Rotate Each Letter 2 To The Right
![Page 16: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/16.jpg)
A Rotation Algorithm Is A Simple Example> Substitute One Letter For Another
> Rotate Letters By “N” Positions
> N Is The (Shared, Secret) Key
> 0 < N < 25
GOAL: An Algorithm Simple Enough ToGOAL: An Algorithm Simple Enough To See, But Real Enough To Show IssuesSee, But Real Enough To Show Issues
![Page 17: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/17.jpg)
The Rotation Algorithm Has General Characteristics
> Algorithm Is Known, Key Provides Security
> Unique Mapping Of Plaintext To Ciphertext
> Coding/Decoding Easy With The Key
> Decoding Hard Without The Key
> Can Be Broken By Guessing
> Longer Keys Harder To Break
![Page 18: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/18.jpg)
A Digression: How Hard Is “Hard”?> A $250,000 Computer Can Guess A 56-Bit
Key In 2 Hours
> Each Additional Bit Doubles Guessing Time
> 64 Bits Takes 128x2=256 hours
> 128 Bits Takes 2x293 hours
![Page 19: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/19.jpg)
The Rotation Algorithm Has General Characteristics (Cont)
> “Symmetric Key” Means Both Keys The Same
> Both Parties Have Common, SECRET Key
> If One Key For Many Units, Getting 1 Gets All
> “Symmetric Key” Management An Issue
> Changing Keys Adds Security
> Never Use A Key To Send A New Key
![Page 20: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/20.jpg)
There Are Three Kinds Of Algorithm
> Symmetric Key - Same, Secret Key
> Public Key - Publish Half Of A Key
> Common Number - Parties Get Same Keys
AGA 12-1 Uses Only Symmetric Key. AGA 12-1 Uses Only Symmetric Key. AGA 12-2 Will Include Public Key, TooAGA 12-2 Will Include Public Key, Too
![Page 21: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/21.jpg)
Symmetric Keys Are The Same For Both Parties
> Key Must Be Secret
> One Key For All Raises Risk
> One Key Per Pair Is Hard On A Big Network
> Key Knowledge Is Weak Authentication
> Must “Introduce” Units To Each Other
> “AES” Is An Example Of A Symmetric Key
![Page 22: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/22.jpg)
AES Shuffles And Changes Bits According To A Key
0 1 0 0 0 1 0 10 1 0 0 0 1 0 1
0 1 0 0 1 1 0 10 1 0 0 1 1 0 1
MoveMove
ChangeChange
0 1 1 0 1 1 1 00 1 1 0 1 1 1 0
![Page 23: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/23.jpg)
AES Encrypts Messages
> Advanced Encryption Standard (AES)
> AES-128, 192, or 256 -> Key Length
> Winner Of NIST “Shoot-out”
> Both Units Have SHARED, SECRET Key
> NIST/FIPS Approved Algorithm
> Changing One Bit In Plain (Cipher) Text Changes Half The Bits In Cipher (Plain) Text
![Page 24: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/24.jpg)
RSA Uses A Public And A Private Key> Public Key Is 2 Numbers, N And E
> N Is A Modulus
> E Is A Large Number Used To Encrypt
> D Is A Large Number Used To Decode
![Page 25: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/25.jpg)
RSA Is Easy In Principle
> Message Is Called M
> Encrypt Message With RECIPIENT’S (N, E)
> C = Cyphertext = (M)E Mod N
> Mod N = Remainder After Dividing By N
> Recipient Decrypts With Private Half Of Key
> P = Plaintext = (C)D Mod N
![Page 26: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/26.jpg)
RSA Uses Overflow In Modular Arithmetic> Cyphertext = C = (M)E Mod N
> Plaintext = P = (C)D Mod N
> P = (C)D Mod N = (ME)D Mod N = (MED) Mod N
> Note EITHER D Or E Can Encrypt
E And D Are Chosen So Raising M ToE And D Are Chosen So Raising M ToThe ED Power Is MThe ED Power Is M11
![Page 27: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/27.jpg)
RSA Is Easy To Demonstrate By Example
> Take (E,N) As (7, 33)
> Take D = 3
> Take M = 15
> C = (15)7 Mod 33 = 27 (Transmit This)
> P = (27)3 Mod 33 = 15 (Original Message, M)
The Security Comes From How HardThe Security Comes From How HardIt Is To Find D, Given (E, N)It Is To Find D, Given (E, N)
![Page 28: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/28.jpg)
Public Key Has Many Advantages> No Need To Track Key Pairs
> Can Authenticate AND Encrypt
![Page 29: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/29.jpg)
RSA Will Send Session Keys And Authenticate> Public Key
> 1024 Bit Key
> Relatively Slow
> Authentic Signature (With Valid Public Key)
![Page 30: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/30.jpg)
Algorithm Classes Require Different Resources> Public Code Length 3 Times Symmetric
> Public Key Is 10 Times Symmetric Key
> Public Key Execution = 100 Symmetric
Assumes Same Security, (128 Bit Assumes Same Security, (128 Bit Symmetric Key, 1024 Public Key)Symmetric Key, 1024 Public Key)
![Page 31: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/31.jpg)
BUT WAIT! We Have A Problem!
> Formulas Are Deterministic
> Same Messages Give Same Ciphertext
> Assailants Can Deduce SCADA Messages
> “Cipher Block Chaining” Is The Solution
![Page 32: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/32.jpg)
Protocol Requires Using The “CBC Mode”> Communicate In Sessions
> Unit A Generates A Random Number
> A Encrypts & Sends To B
> B Decrypts, Both Units Call This The “IV”
> IV = “Initialization Vector
> XOR Message With IV
> Encrypt XORed Message
> Same Plaintext -> Different Ciphertext
> Use Last Ciphertext As Next IV
![Page 33: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/33.jpg)
>
HOW AGA 12 PROTECTS COMMUNICATIONS
![Page 34: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/34.jpg)
AGA 12-1 Scrambles To Protect Against Interception
> AES-128, 192, or 256 Give Privacy
> Winner Of NIST “Shoot-out”
> Both Units Have SHARED, SECRET Key
> Operates In “CBC Mode”– “Cipher Block Chaining”– Same Plaintext -> Different Ciphertext– XOR Plaintext With Last Ciphertext– Both Units Have Same IV– XOR Is Self-Inverse Operation
![Page 35: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/35.jpg)
AGA 12-1 Protects Against Fabrication> Shared Secret Key Helps
> CMID (Unique ID #)
> Public Key Coming – AGA 12-1.1– “Digital Certificates”
![Page 36: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/36.jpg)
AGA 12-1 Protects Against Alteration & Replay> CBC Mode Prevents
– Block Insertion– Block Deletion– Block Re-ordering
> Replay Won’t Decrypt Properly Either– Messages Change Due To XOR With NEW
Number
![Page 37: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/37.jpg)
AGA 12-1 Indicates Key Guessing / Extraction> “Guessing” Possible, But Slow
– Millions of Years– Change Keys Per Policy
> Minimum: Tamper Indication
> Can Specify Tamper Resistant/Envelope
![Page 38: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/38.jpg)
>
FUTURE DEVELOPMENTS
![Page 39: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/39.jpg)
A Few Things We Did Not Have Time To Mention> Need A Security Policy
> A Certification Program Exists
> Work Is Starting To Embed
> There Is A Cryptographic Protocol (SLS)
> Lab & Field Tests Starting
> . . . And A Lot More !
![Page 40: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/40.jpg)
What Should You Do?
> Take A Full Course/Read The Standard
> Contact Bill Rush For Details/Questions– 847/768-0554– [email protected]
> Champion AGA 12 As A Standard
> Champion AGA 12 In Your Company
![Page 41: How AGA 12-1 Protects SCADA Data In Transit](https://reader035.vdocument.in/reader035/viewer/2022062519/56814e95550346895dbc3d3b/html5/thumbnails/41.jpg)
Use AGA 12-1 To Protect SCADA Communications> Gas, Water, Electric
> Protects Against Many Attacks
> Retrofits Many Systems
> Under 100 Millisecond Latency Added
> Reasonable Cost
> Will Be Upgraded
AGA 12-1 Uses Only Symmetric Key. AGA 12-1 Uses Only Symmetric Key. AGA 12-1.1 Will Include Public Key, TooAGA 12-1.1 Will Include Public Key, Too