Embedded Security and the IoT – Challenges, Trends and Solutions

Data Centric Security for the Industrial IoT

Stan Schneider, RTI CEO

IIC Steering Committee Member

The smart machine era will be the most disruptive in the history of IT-- Gartner 2015

The Industrial Internet of Things

Industrial Internet of Things (IIoT)

Consumer Internet of Things (CIoT)

Cyber-Physical Systems (CPS)

The Industrial Internet Consortium

• Goal: Interoperability for the IIoT• 159+ companies!• RTI role

– Steering committee, data management (co-lead), architecture, security (co-lead), use case (co-lead), marketing

– Lead or co-lead 4 testbed teams

RTI Named Most Influential IIoT Company

RTI’s Experience

• ~800 Designs– Healthcare– Transportation– Communications– Energy– Industrial– Defense

• 15+ Standards & Consortia Efforts

Why Choose DDS?

• Reliability: Severe consequences if offline for 5 minutes?

• Performance/scale:

– Measure in ms or µs?

– Or scale > 20+ applications or 10+ teams?

– Or 10k+ data values?

• Architecture: Code active lifetime >3 yrs?

2 or 3 Checks?

DDS is Different!

Point-to-Point

TCP Sockets

Publish/Subscribe

FieldbusCANbus

Queuing

AMQPActive MQ

Client/Server

MQTT RESTXMPPOPCCORBA

BrokeredDaemon

Data-Centric

DDS

Shared Data Model

DataBus

Data Centric is the Opposite of OO

Object Oriented• Encapsulate data• Expose methods

Data Centric• Encapsulate methods• Expose data

ExplicitShared

Data Model

Data-Centric Connection = Data-Path Control

• Global Data Space– Automatic discovery

– Read & write data in any OS, language, transport

– Redundant sources/sinks/nets

• Type Aware

• QoS control– Timing, Reliability,

Ownership, Redundancy, Filtering, Security

Shared Global Data Space

DDS DataBus

Patient Hx

Device Identity

Devices

Sup

erv

iso

ry C

DS

Physiologic State

Nu

rsin

g St

atio

n

Cloud

Offer: Write this 1000x/sec

Reliable for 10 secs

Request: Read this 10x/secIf patient = “Joe”

Data-Centric Security Model

• Per-Topic Security– Control r,w access for each

function– Enforce each dataflow

• Complete Protection– Discovery authentication– Data-centric access control– Cryptography– Tagging & logging– Non-repudiation– Secure multicast– 100% standards compliant

• No code changes!• Plugin architecture for

advanced uses

• Topic Security model:– PMU: State(w)– CBM: State(r); Alarms(w)– Control: State(r), SetPoint(w)– Operator: *(r), Setpoint(w)

CBM AnalysisPMU Control Operator

State Alarms SetPoint

Demanding Use Cases

• The USS SECURE cybersecurity test bed is a collaboration between:

– The National Security Agency– Department of Defense

Information Assurance Range Quantico

– Combat Systems Direction Activity Dam Neck

– NSWCDD– NSWC Carderock/Philadelphia– Office of Naval Research– Johns Hopkins University

Applied Physics Lab– Real Time Innovations, Inc.

• Objectives– Immunize against cyberattack

and to rapidly recover when impacted

– Determine the best cyberdefense technologies without impacting real time deadline scheduled performance

http://www.navy.mil/submit/display.asp?story_id=79228

DDS Security Standard

• DDS entities are authenticated

• DDS enforces topic-level access control

• DDS maintains data integrity and confidentiality

• DDS enforces non-repudiation

• DDS provides availability

…while maintaining DDS interoperability & high performance

Pluggable Security Architecture

App.

Other DDSSystem

Secure DDS middleware

AuthenticationPlugin

Access ControlPlugin Cryptographic

Plugin

Secure Kernel

Crypto Module(e.g. TPM )

Transport (e.g. UDP)

application componentcertificates

?

Datacache

ProtocolEngine

KernelPolicies

DDS Entities

NetworkDriver

?

Network

Encrypted Data

Other DDSSystem

Other DDSSystem

App.App.

LoggingPlugin

DataTaggingPlugin

MAC

Standard Capabilities (Built-in Plugins)

Authentication X.509 Public Key Infrastructure (PKI) with a pre-configured shared Certificate Authority (CA)

Digital Signature Algorithm (DSA) with Diffie-Hellman and RSA for authentication and key exchange

Access Control Configured by domain using a (shared) Governance file Specified via permissions file signed by shared CA Control over ability to join systems, read or write data

topicsCryptography Protected key distribution

AES128 and AES256 for encryption HMAC-SHA1 and HMAC-SHA256 for message

authentication and integrity Data Tagging Tags specify security metadata, such as classification level

Can be used to determine access privileges (via plugin)Logging Log security events to a file or distribute securely over

Connext DDS

Secure DDS

over UDP

Control Station

MasterDevice

Transmission Substation

SlaveDevice

Security Needs Protection and Detection

DNP3 overRS232/485

DNP3 overEthernet DNP3 over DDS

Attack Detector

Display

AnomalyDetector

(Lua)

ScadaConverter

(C++)

SlaveDevice

Existing DNP3

RTI Routing Service

ComProcessor

RTI Routing Service

ComProcessor

Secure DDS

DDS DDS

About RTI

• Market Leader– 800+ designs; $1T designed-in value

• Over 70% DDS mw market share1• Largest embedded middleware vendor2

– By far the most DDS designs– 2013 Gartner Cool Vendor for technology and Open Community

Source model

• Standards Leader– Active in 15 standards efforts– DDS authors, chair, wire spec, security, more– IIC steering committee; OMG board

• Team Quality Leader– Stanford research pedigree– High-performance, control, systems experts– Top quality product, processes, execution– Consistent head-to-head victors

1Embedded Market Forecasters2VDC Analyst Report

Industrial Internet of Things Thought Leader

• RTI FastTrax IIoTStrategic Consulting– Architectural guidance– Security design– Cloud integration– Business objectives

For More Information

• RTI site: www.rti.com

• Examples, forum, papers: community.rti.com

• IIC website: www.iiconsortium.org

• Email: stan@rti.com

• Connect on LinkedIn

• Free RTI Connext DDS Pro: www.rti.com/downloads

The DDS Data-Centric Standard for the IIoT

• OMG’s Data Distribution Service is the Proven Data Connectivity Standard for the IoT

• OMG: world’s largest systems software standards org

– UML, DDS, Industrial Internet Consortium

• DDS: open & cross-vendor

– Open Standard & Open Source

– 12 implementations

Interoperability between source written for different vendors

Interoperability between applications running on different implementations

DDS-RTPS ProtocolReal-Time Publish-Subscribe

Distribution Fabric

DDS API

This is addressed by DDS Security

Security Boundaries

• System Boundary

• Network Transport– Media access (layer 2)

– Network (layer 3) security

– Session/Endpoint (layer 4/5) security

• Host– Machine/OS/Applications/Files

• Data & Information flows

Ultimately, you need to implement all!

DDS Security ModelConcept Unix Filesystem Security Model DDS Security Model

Subject UserProcess executing for a user

DomainParticipantApplication joining a DDS domain

ProtectedObjects

DirectoriesFiles

Domain (by domain_id)Topic (by Topic name)DataObjects (by Instance/Key)

Protected Operations

Directory.list, Directory.create (File, Dir) Directory.remove (File, Dir) Directory.rename (File, Dir) File.read, File.write,File.execute

Domain.joinTopic.createTopic.read (includes QoS)Topic.write (includes QoS)Data.createInstanceData.writeInstanceData.deleteInstance

Access Control Policy Control

Fixed in Kernel Configurable via Plugin

Builtin Access Control Mode

Per-File/Dir Read/Write/Executepermissions for OWNER, GROUP, USERS

Per-DomainParticipant Permissions :What Domains and Topics it can JOIN/READ/WRITE