The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
Embedded Security and the IoT – Challenges, Trends and Solutions
1. Data Centric Security for the Industrial IoT
Stan Schneider, RTI CEO
IIC Steering Committee Member
2. The smart machine era will be the most disruptive in the history of IT
-- Gartner 2015
3. The Industrial Internet of Things
Industrial Internet of Things (IIoT)
Consumer Internet of Things (CIoT)
Cyber-Physical Systems (CPS)
4.
5. The Industrial Internet Consortium
• Goal: Interoperability for the IIoT
• 159+ companies!
• RTI role
– Steering committee, data
management (co-lead), architecture,
security (co-lead), use case (co-lead),
marketing
– Lead or co-lead 4 testbed teams
8. Why Choose DDS?
• Reliability: Severe consequences if offline for 5
minutes?
• Performance/scale:
– Measure in ms or µs?
– Or scale > 20+ applications or 10+ teams?
– Or 10k+ data values?
• Architecture: Code active lifetime >3 yrs?
2 or 3 Checks?
10. Data Centric is the Opposite of OO
Object Oriented
• Encapsulate data
• Expose methods
Data Centric
• Encapsulate methods
• Expose data
Explicit
Shared
Data
Model
11. Data-Centric Connection = Data-Path Control
• Global Data Space
– Automatic discovery
– Read & write data in
any OS, language,
transport
– Redundant
sources/sinks/nets
• Type Aware
• QoS control
– Timing, Reliability,
Ownership,
Redundancy,
Filtering, Security
Shared Global Data Space
DDS DataBus
Patient Hx
Device
Identity
Devices
SupervisoryCDS
Physiologic
State
NursingStation
Cloud
Offer: Write this
1000x/sec
Reliable for 10 secs
Request: Read this 10x/sec
If patient = “Joe”
12. Data-Centric Security Model
• Per-Topic Security
– Control r,w access for each
function
– Enforce each dataflow
• Complete Protection
– Discovery authentication
– Data-centric access control
– Cryptography
– Tagging & logging
– Non-repudiation
– Secure multicast
– 100% standards compliant
• No code changes!
• Plugin architecture for
advanced uses
• Topic Security model:
– PMU: State(w)
– CBM: State(r); Alarms(w)
– Control: State(r), SetPoint(w)
– Operator: *(r), Setpoint(w)
CBM AnalysisPMU Control Operator
State Alarms SetPoint
13. Demanding Use Cases
• The USS SECURE
cybersecurity test bed is a
collaboration between:
– The National Security Agency
– Department of Defense
Information Assurance Range
Quantico
– Combat Systems Direction
Activity Dam Neck
– NSWCDD
– NSWC Carderock/Philadelphia
– Office of Naval Research
– Johns Hopkins University
Applied Physics Lab
– Real Time Innovations, Inc.
• Objectives
– Immunize against cyberattack
and to rapidly recover when
impacted
– Determine the best
cyberdefense technologies
without impacting real time
deadline scheduled
performance
http://www.navy.mil/submit/display.asp?story_id=79228
14. DDS Security Standard
• DDS entities are
authenticated
• DDS enforces
topic-level access
control
• DDS maintains
data integrity and
confidentiality
• DDS enforces non-
repudiation
• DDS provides
availability
…while maintaining DDS interoperability & high performance
15. Pluggable Security Architecture
App.
Other
DDS
System
Secure DDS
middleware
Authentication
Plugin
Access Control
Plugin Cryptographic
Plugin
Secure Kernel
Crypto
Module
(e.g. TPM )
Transport (e.g. UDP)
application componentcertificates
?
Data
cache
Protocol
Engine
Kernel
Policies
DDS Entities
Network
Driver
?
Network
Encrypted Data
Other
DDS
System
Other
DDS
System
App.App.
Logging
Plugin
DataTagging
Plugin
MAC
16. Standard Capabilities (Built-in Plugins)
Authentication X.509 Public Key Infrastructure (PKI) with a pre-configured
shared Certificate Authority (CA)
Digital Signature Algorithm (DSA) with Diffie-Hellman and
RSA for authentication and key exchange
Access Control Configured by domain using a (shared) Governance file
Specified via permissions file signed by shared CA
Control over ability to join systems, read or write data
topics
Cryptography Protected key distribution
AES128 and AES256 for encryption
HMAC-SHA1 and HMAC-SHA256 for message
authentication and integrity
Data Tagging Tags specify security metadata, such as classification level
Can be used to determine access privileges (via plugin)
Logging Log security events to a file or distribute securely over
Connext DDS
17. Secure DDS
over UDP
Control Station
Master
Device
Transmission Substation
Slave
Device
Security Needs Protection and Detection
DNP3 over
RS232/485
DNP3 over
Ethernet DNP3 over DDS
Attack Detector
Display
Anomaly
Detector
(Lua)
Scada
Converter
(C++)
Slave
Device
Existing DNP3
RTI Routing
Service
ComProcessor
RTI Routing
Service
ComProcessor
Secure DDS
DDS DDS
18. About RTI
• Market Leader
– 800+ designs; $1T designed-in value
• Over 70% DDS mw market share1
• Largest embedded middleware vendor2
– By far the most DDS designs
– 2013 Gartner Cool Vendor for technology and Open Community
Source model
• Standards Leader
– Active in 15 standards efforts
– DDS authors, chair, wire spec, security, more
– IIC steering committee; OMG board
• Team Quality Leader
– Stanford research pedigree
– High-performance, control, systems experts
– Top quality product, processes, execution
– Consistent head-to-head victors
1Embedded Market Forecasters
2VDC Analyst Report
19. Industrial Internet of Things Thought Leader
• RTI FastTrax IIoT
Strategic Consulting
– Architectural guidance
– Security design
– Cloud integration
– Business objectives
20. For More Information
• RTI site: www.rti.com
• Examples, forum, papers: community.rti.com
• IIC website: www.iiconsortium.org
• Email: stan@rti.com
• Connect on LinkedIn
• Free RTI Connext DDS Pro:
www.rti.com/downloads
21. The DDS Data-Centric Standard for the IIoT
• OMG’s Data Distribution Service is
the Proven Data Connectivity
Standard for the IoT
• OMG: world’s largest systems
software standards org
– UML, DDS, Industrial Internet
Consortium
• DDS: open & cross-vendor
– Open Standard & Open Source
– 12 implementations
Interoperability between source
written for different vendors
Interoperability between applications
running on different implementations
DDS-RTPS Protocol
Real-Time Publish-Subscribe
Distribution Fabric
DDS API
22. This is addressed by DDS Security
Security Boundaries
• System Boundary
• Network Transport
– Media access (layer 2)
– Network (layer 3) security
– Session/Endpoint (layer 4/5) security
• Host
– Machine/OS/Applications/Files
• Data & Information flows
Ultimately, you need to implement all!
23. DDS Security Model
Concept Unix Filesystem Security Model DDS Security Model
Subject User
Process executing for a user
DomainParticipant
Application joining a DDS domain
Protected
Objects
Directories
Files
Domain (by domain_id)
Topic (by Topic name)
DataObjects (by Instance/Key)
Protected
Operations
Directory.list,
Directory.create (File, Dir)
Directory.remove (File, Dir)
Directory.rename (File, Dir)
File.read,
File.write,
File.execute
Domain.join
Topic.create
Topic.read (includes QoS)
Topic.write (includes QoS)
Data.createInstance
Data.writeInstance
Data.deleteInstance
Access Control
Policy Control
Fixed in Kernel Configurable via Plugin
Builtin Access
Control Mode
Per-File/Dir Read/Write/Execute
permissions for OWNER, GROUP,
USERS
Per-DomainParticipant Permissions :
What Domains and Topics it can
JOIN/READ/WRITE