Download presentation
Presentation is loading. Please wait.
Published byShinta Santoso Modified over 6 years ago
1
High Secured Inter-Cloud Connectivity via Public Networks
Andreas Aldrian Christoph Schmittner AVL List GmbH Austrian Institute of Technology
2
project network
3
storyline Pilot Use Case Consequences of insecure CPS Goal State of the Art Approach Results
4
use case in a nutshell no inbound initiation internet AVL product AVL
no routing isolated network internet AVL product @customer AVL Typical use cases: remote interaction remote updates of software/firmware health and status tracking pre-emptive services (condition based) logistic purposes reporting of availability and utilization
5
Consequences of insecure CPS
Modern ICS and CPS require connection, cooperation, automation These (often legacy) systems have diverse operational and communication requirements (interfaces, protocols) Not just devices but systems can collaborate Goal of the project: Work out the formal and technical details for collaboration
6
Consequences of insecure CPS
Modern ICS and CPS require connection, cooperation, automation These (often legacy) systems have diverse operational and communication requirements (interfaces, protocols) Not just devices but systems can collaborate Goal of the project: Work out the formal and technical details for collaboration
7
Consequences of insecure CPS
Modern ICS and CPS require connection, cooperation, automation These (often legacy) systems have diverse operational and communication requirements (interfaces, protocols) Not just devices but systems can collaborate Goal of the project: Work out the formal and technical details for collaboration
8
Consequences of insecure CPS
Modern ICS and CPS require connection, cooperation, automation These (often legacy) systems have diverse operational and communication requirements (interfaces, protocols) Not just devices but systems can collaborate Goal of the project: Work out the formal and technical details for collaboration
9
Goal Fulfill the security policies and enable smart services without risking Network, system or data of the product operator and of the service provider Safety or reliability of machinery
10
State of the Art First industrial security standard: IEC 62443: Industrial communication networks - Network and system security Considers IT-Security, security of machinery and also impacts on safety and reliability
11
State of the Art First industrial security standard: IEC 62443: Industrial communication networks - Network and system security Considers IT-Security, security of machinery and also impacts on safety and reliability Under Review Development Development Planned Under Review Planned Available Available Under Review Draft Available Draft Draft
12
Approach We needed something which works for safety & security
We developed an approach for safety & security analysis and iterative design workflow
13
Safety & Security analysis approach
System Model Based on ISO 27005 IEC 60812 Microsoft STRIDE Security objectives Failure catalogue Survey Threat catalogue Unified catalogue Impact assessment Risk assessment Likelihood assessment Risk Catalogue Based on: ETSI TS IEC 60812
14
Simplified system model
To ease risk assessment some components have been combined Strongly related processes within a trust boundary Data flows between the same components
15
Threat & Failure Catalogue
Similar approach for safety and security, use system model and identify potential manipulations (STRIDE) or deviations (failure modes) from normal operation STRIDE: Spoofing of user identity, Tampering, Repudiation, Information disclosure, Denial of service (D.o.S), Elevation of privilege Failure modes for communication or processing units: Missing Data, Incorrect Data, Timing of Data, Extra Data, Halt/Abnormal, Omitted Event, Incorrect Logic, Timing/Order Spoofing of user identity Tampering Repudiation Information disclosure (privacy breach or data leak) Denial of service (D.o.S) Elevation of privilege
16
Risk Catalogue Investigate overlap between safety and security effects
Estimate risk based on impact and likelihood Formulate safety and security goals Spoofing of user identity Tampering Repudiation Information disclosure (privacy breach or data leak) Denial of service (D.o.S) Elevation of privilege
17
Design workflow System concept / architecture
Safety & Security analysis Safety & Security concept Review
18
results of the security & safety analysis
no inbound initiation non-routable communication (serial interface) AVL product @customer internet AVL infra mediator unit
19
security controller Secure contactless (NFC) device configuration
Anti-counterfeiting IP protection and feature activation Secure SW update Secured boot of industrial devices Secure contactless (NFC) device configuration Secure TLS client authentication Secure communi-cation
20
final topology & encryption levels
we utilized ISO20922 (MQTT) as data exchange between both clouds
21
ArrowHead contribution
ISO HW security as enabler for secure inter-cloud communication
22
Thank you!
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.