Digital identities: the basis of industrial IT security

With the appearance of malware like Stuxnet and other cyber-attacks, securing communication in industrial infrastructures is becoming increasingly important. Roland Fiat and Dr. Thomas Störtkuhl explain that one solution is to improve authentication during device-to-device communication based on digital certificates which guarantee a sufficient level of authentication by using established asymmetric, cryptographic algorithms. But one prerequisite for the widespread use of digital certificates is an infrastructure that allows such certificates to be securely generated and distributed on the devices - ideally in an automated manner.

ADEQUATE AUTHENTICATION OF users, systems and applications is the cornerstone of IT security for any type of IT systems. This applies in particular to the establishment of secure communication, for example, with respect to privacy. Authentication of communication partners prevents attacks such as man-in-the-middle attacks. In the industrial environment especially, secure communication solutions are becoming increasingly important to combat malware such as Stuxnet and cyberattacks.

The use of digital certificates for deviceto- device communication can improve authentication by creating unique digital identities for devices. Using asymmetric cryptography to ensure suffi ciently secure levels of authentication, conventional techniques that are frequently encountered or possible in this context include SSH and TLS/SSL. However, in order to make use of digital certificates, we must create an infrastructure that enables digital certificates to be embedded in devices, ideally by means of an automated yet secure process.

Use of digital certificates

Asymmetric algorithms based on digital certificates (e.g. RSA) can be used to protect the integrity and privacy of device-to-device communication. While the integrity of deviceto- device communication is realized by the digital signature, privacy is protected by means of encryption. Secure communication further requires authentication of the communication partners.

To simplify authentication for device-to-device communication by means of digital certificates, both devices will need to have a digital certificate. Device X is required to authenticate itself to device Y. To do so, device X sends device Y a 'hello' message signed with the private key of device X. Device Y checks the signature against the digital certificate of device X. Signature verifi cation particularly includes validation of the certificate of device X. A positive result for a check of the signature and the validity of the certificate of device X proves that device X has the private key assigned to the certificate, thereby authenticating device X.

Given this, the authentication procedure must perform the following series of basic tasks. Devices must be supplied with private and public key pairs. Certificates must be generated and published for every device. To be suitable for the industrial environment, certificates and certificate revocation lists (CRLs) and/or validation services for digital certificates must offer a high level of availability. Certificate revocation must be possible. And every device needs to have a unique identifier (e.g. serial number) which is included in the certificate and ensures unique global device identification.

Processes must be established that are capable of handling all these tasks in a secure manner. An important consideration in this context is that in the smart grid, for example, the number of devices and also the number of certificates can add up to several millions. In addition, devices and their accompanying keys and certificates are distributed across hundreds of companies.

The management of this huge number of keys and digital certificates presents a major challenge and can only be implemented in a gradual approach. Industrial environments further demand consideration of real-time requirements. Consequently, key management must be organized and structured in a highly efficient manner from the outset; the process must therefore satisfy the highest demands in availability, scalability and efficiency, and further measures must be taken to ensure that real-time requirements can be met.

The fact that symmetric algorithms are highly unsuitable for this type of applications is uncontested, because their number of keys adds up to roughly n²/2 if n devices are to communicate securely with each other.

Potential solution

An essential prerequisite for the solution suggested are standards governing the use of worldwide unique digital identities for devices, and also governing the generation, publication and revocation of certificates.

Unique identities that are recognized worldwide include MAC (Media Access Control) addresses, serial device numbers or, in the future, physical unclonable functions (PUF). Certificate profiles and certificate revocation lists (CRLs) must also be standardized (for example, X.509v3 certificate profiles).

In this article, we will not go into more detail on the topics of standardization and digital identities for devices, but only describe a suggested method for embedding digital certificates into devices.

An imperative factor is that both manufacturer and operator can have a root CA, and proper system implementation does not separate the registration authority (RA) from the certification authority (CA).

Open issues and conclusions

Even though methods similar to the one suggested are already in use for embedding certificates in routers, a host of issues remain to be solved or defined. This includes that the validity of certificates and CRLs must be carefully defined as, in case of network problems, there is no guarantee that a device will obtain the revocation information it needs to correctly establish communication.

Fallback solutions must be developed for this case and emergency response plans should be on hand. Another aspect to be considered in this context is how to establish and structure a suitable directory service that is able to realize secure communications also across companies.

When certificates expire, a clear certificate renewal procedure must be in place (generation of a new key pair or a new certificate with an old key pair). On principle, an automated process like the one described above can be used as long as the expiring certificate (and thus also the private key) is still valid. In addition, a process for certificate revocation must be defined which functions across companies and ensures the authorization of the revocation.

Many devices do not yet have a security module to save keys in a secure manner or carry out cryptographic operations. Whether saving keys in a password-protected file offers adequate security still awaits clarification.

Of course, the sheer amount of certificates to be generated suggests outsourcing of the CA services. In the case of outsourcing, the following issues must be clarified: is the risk acceptable? What processes must be defined and controlled, and in what manner? How can changing to another provider of CA services be made possible?

Even though there are a number of open issues, improved security of the deviceto- device communication in the industrial environment seems imperative. If improved security is based on digital certificates, an automated, scalable and controlled process is required for the supply of certificates to devices and the management of keys. Otherwise the overwhelming number of certificates that are necessary will be unmanageable. However, consideration should also be given to whether certain critical IT networks should not remain physically separated from the general IT network of a smart grid to avoid excessive risks in the first place. Though in this case, steps must be taken to ensure that the controllability of the power network will be maintained.

Roland Fiat and Dr Thomas Störtkuhl from TÜV SÜD AG are experts in embedded systems.

www.tuev-sued.de