IoT/Cybersecurity ModuleFREDDIE WHEELER JR., M.S. CANDIDATEADVISOR: DR. REZA GHORBANI, PH.D.ASSOCIATE PROFESSOR, UH MANOA COLLEGE OF ENGINEERING

Executive Summary

Motivation for Research Cybersecurity Background Demonstration of Encryption/Decryption Example of Security Architecture Example of Attack and Mitigation strategies Physical Testbed/Devices/Software Future Work

Motivation for Research

Growth of the “Internet of Things” (IoT) sector has greatly increased with the proliferation of many devices that use the internet to increase functionality Examples: Nest Learning thermostat, Amazon Echo/Echo Dot

Many of the earlier IoT devices were not designed with cybersecurity in mind and are therefore vulnerabilities within a system’s security network

A need arises to properly secure the transfer of information in this new age of the “Internet of Things”

Cybersecurity Background

Supervisory Control and Data Acquisition (SCADA) systems are now using internet connections to help streamline communications and control

“Air-Gapped” systems have also been proven to be vulnerable Stuxnet attack of nuclear centrifuges is an example of an attack on an

air-gapped system

For SCADA systems in particular, a cybersecurity system must be able to reliably secure data in real time

Cybersecurity Background

Most cyphers are computationally expensive and therefore require expensive hardware to run Example: RSA key exchange

REDLab at UH Manoa is researching a type of hybrid cypher that can be implemented in lower cost FPGA-like devices, yet still provide reliable encryption in real-time

This will help secure reliable encryption of bi-directional communication that you often find in SCADA systems

Method of Bi-Directional CommunicationDevice 1 Device 2

Encryption

Encryption

EmbeddedData

Processor

EmbeddedData

Processor

Decryption

Decryption

Encrypted Message

Encrypted Message

Method of Encryption/Decryption

RSA Cypher

RSA Cypher

CNN Cypher

CNN Cypher

Data

Demonstration of Encryption/Decryption

Original Message

Encrypted Message

Decrypted Message

Demonstration of Encryption/Decryption

Original Message

Encrypted Message

Decrypted Message

Demonstration of Encryption/Decryption

Original Image Encrypted Image Decrypted Image

Example of Security Architecture

PSIM

PLC

FPGA/ASIC

GatewaySensor

Device/System

Wired Connection

RSA Key/SSH Tunnel Encryption

FPGA/ASIC

Traditional SCADA setup

Command Center

Attack and Mitigation Strategies

Device 1

Device 2

Device 3

Device 4

Device 5

Device 6

Command Center

Gateway

Gateway

Comparison of Real-Timeand Historical Data

Authentication

Command Center

Attack and Mitigation Strategies

Device 1

Device 2

Device 3

Device 4

Device 5

Device 6

Gateway

Gateway

Command Center

Command Center

Comparison of Real-Timeand Historical Data

Authentication

Attack and Mitigation Strategies

Device 1

Device 2

Device 3

Device 4

Device 5

Device 6

Gateway

Gateway

Command Center

Command Center

Comparison of Real-Timeand Historical Data

Authentication

Attack and Mitigation Strategies

Device 1

Device 2

Device 3

Device 4

Device 5

Device 6

Gateway

Gateway

Command Center

Command Center

Comparison of Real-Timeand Historical Data

Authentication

Physical Testbed

REDLab has built an inverter tested to test implementation of the hybrid cypher Uses Victron Energy

inverters and battery management system

Implementation of communication pathways has been done using SSH tunnels on low cost microcontrollers (WRT-node)

Physical Devices

Current prices of products with the security capacity to run in real time are extremely cost prohibitive to place in a nodal network like a SCADA system

Target price for REDLab developed device is less than $10 Devices are also being designed with the idea of universal

installation “Plug and Play” type of usage mentality

Network Structure

Node-RED is being used to help program the interface between the computers and servers

Interface with the encryption/decryption for simulation purposes

Graphical programming is intuitive and easy to customize

Future Work

Continue work on implementing cypher on microcontrollers and embedded microchips

Establish benchmarks for performance and iterate for improvements in security reliability and speed

Further develop inverter testbed to improve testing for both cybersecurity and power community needs

Acknowledgements and Thanks

Thank you to Dr. Reza Ghorbani and The University of Hawai`i at Manoa for their guidance and support. Also, thank you to my fellow researchers at the Renewable Energy Design Laboratory for their assistance and support.

Acknowledgements and Sponsors

Thank You for Your TimeANY QUESTIONS?