industrial applications of cryptography
DESCRIPTION
In this talk we introduce some industrial implementations of cryptography. It is focusing on the electric power industry with specific aspects to power generation, transmission, distribution, and retail in nuclear powerplants. The implications of storing sensitive personal data, invoicing, and customer’s money transfers will be described and discussed.TRANSCRIPT
Industrial applications of cryptography
David Podhola
Prague College
30. kvetna 2011
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 1 / 35
Abstract
In this topic industrial implementations of cryptography will be introduced.It is focusing on the electric power industry with particular aspects topower generation in nuclear powerplants, transmission, distribution andretail. The implications of storing sensitive personal data as well as dealingwith invoicing and the customer’s money at the end will be described anddiscussed.
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 2 / 35
Electricity
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 3 / 35
Electricity
“Phenomenon associated with stationary or moving electric charges.The word comes from the Greek elektron (“amber”); the Greeksdiscovered that amber rubbed with fur attracted light objects such asfeathers. Such effects due to stationary charges, or static electricity, werethe first electrical phenomena to be studied. Not until the early 19thcentury were static electricity and electric current shown to be aspects ofthe same phenomenon. The discovery of the electron, which carries acharge designated as negative, showed that the various manifestations ofelectricity are the result of the accumulation or motion of numbers ofelectrons. The invention of the incandescent lightbulb (1879) and theconstruction of the first central power station (1881) by Thomas AlvaEdison led to the rapid introduction of electric power into factories andhomes. See also James Clerk Maxwell.”1
1Encyclopaedia BritannicaDavid Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 4 / 35
Electric power industry
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 5 / 35
Electric power industry
“The electric power industry provides the production and delivery ofelectric energy, often known as power, or electricity, in sufficient quantitiesto areas that need electricity through a grid connection. The griddistributes electrical energy to customers. Electric power is generated bycentral power stations or by distributed generation.Many households and businesses need access to electricity, especially indeveloped nations, the demand being scarcer in developing nations.Demand for electricity is derived from the requirement for electricity inorder to operate domestic appliances, office equipment, industrialmachinery and provide sufficient energy for both domestic and commerciallighting, heating, cooking and industrial processes. Because of this aspectof the industry, it is viewed as a public utility as infrastructure.”2
2WikipediaDavid Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 6 / 35
Current consumption of the Czech Republic
This whole industry is run and controlled by a lot of computers. They havegreat numbers on their fingertips, but...
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 7 / 35
Threats
Threats:3
Intrusion: malicious attackers may intrude client or server bysearching vulnerabilities, and the stable service of control boards maybe threatened.
Impersonation: operators who don’t have the right accounts but canenter , may impersonate operators who have the right accounts sandthe stable service of control boards may be threatened.
Tapping: malicious attackers may tap packets on the Internet, anddata sent and received may be threatened.
Obstruction: malicious attackers may attack client or server veryoften, and smooth operation may be threatened.
Destruction: operators who have the right accounts may executeillegal operations unjustly, and the stable service of control boardsmay be threatened.
3The Security Design of Remote Maintenance System for Nuclear Power Plants,based on ISO/IEC 15408
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 8 / 35
What is cryptography?
The practice and study of hiding information.
Now is much more complex than just encryption to apparent nonsense.
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 9 / 35
Encryption and decryption
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 10 / 35
Public-key cryptography
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 11 / 35
Public-key cryptography
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 12 / 35
Public key infrastructure
CA = Certificate Authority RA = Registration Authority
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 13 / 35
My public key
I am not afraid to show you my public key!
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 14 / 35
Signing
If you have just your key, you can sign
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 15 / 35
Encryption
If you have both keys, you can encrypt
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 16 / 35
General attributes of public keys
Increased security and convenience.
private keys never need to transmitted or revealed to anyone
digital signatures
speed
vulnerable to impersonation (attack on a certification authority)
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 17 / 35
Electric power industry
The legal unbundling laid down in 2005 as part of the second Europeanenergy market package applies in 11 out of 27 EU countries.
Generation
Transmission
Distribution (e.g. consumption measurements)
Retailing (e.g. end customer invoicing)
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 18 / 35
High level overview
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 19 / 35
Organizations involved - CEPS
CEPS jsc is a joint-stock company operating Transmission System (TS) ofthe Czech Republic by law.
ensuring electricity transmission
ensuring balance between electricity generation and consumption atany moment
maintenance, modernization and development of TS equipment
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 20 / 35
Organizations involved - OTE
A processing and reporting business balance of elektricity according todata supplied by electricity market participants.An organization of short-term markets and balancing market withregulating energy in cooperation with transmission system operator.The evaluation and settlement of imbalances between the agreed andactual electricity supplies and consumption.Publishing monthly and annual reports about Czech elektricity market.Collecting metered data from deliveries and supplies for marketpaticipants.The evaluation and settlement of regulating energy.Administration of registry for trading with greenhouse gas emissionallowances.
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 21 / 35
OTE CA
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 22 / 35
Electricity generation
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 23 / 35
Electricity generation
For nuclear powerplants Title 10 of the Code of Federal Regulations (10CFR) Section 73.21(g)(3) states, in part, “. . . Safeguards Informationshall be transmitted only by protected telecommunication circuits(including facsimile) approved by the NRC.” The Nuclear RegulatoryCommission (NRC) considers those encryption systems that the NationalInstitute of Standards and Technology (NIST) has determined conform tothe Security Requirements for Cryptographic Modules in FederalInformation Processing Standard (FIPS) 140-2, as being acceptable. TheSecretary of Commerce has made use of Cryptographic Module ValidationProgram products mandatory and binding for Federal agencies when aFederal agency determines that cryptography is necessary for protectingsensitive information.
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 24 / 35
Stuxnet
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 25 / 35
Stuxnet
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 26 / 35
Transmission
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 27 / 35
Distribution
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 28 / 35
Distribution
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 29 / 35
Retailing
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 30 / 35
Communication
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 31 / 35
Communication
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 32 / 35
Communication
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 33 / 35
SmartGrid
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 34 / 35
Thank you!
David [email protected], [email protected]
http://david.podhola.net
David Podhola (Prague College) Industrial applications of cryptography 30. kvetna 2011 35 / 35