minicps a toolkit for security research on cps networks
play

MiniCPS: A toolkit for security research on CPS Networks D ANIELE A - PowerPoint PPT Presentation

CPS-SPC 15 @ Denver CO MiniCPS: A toolkit for security research on CPS Networks D ANIELE A NTONIOLI (SUTD) N ILS O LE T IPPENHAUER (SUTD) October 26, 2015 MiniCPS: A toolkit for security research on CPS Networks 1 Hi! Personal: D


  1. CPS-SPC 15 @ Denver CO MiniCPS: A toolkit for security research on CPS Networks D ANIELE A NTONIOLI (SUTD) N ILS O LE T IPPENHAUER (SUTD) October 26, 2015 MiniCPS: A toolkit for security research on CPS Networks 1

  2. Hi! • Personal: ◮ D ANIELE A NTONIOLI ◮ SUTD’s ISTD PhD (Prof N.O. T IPPENHAUER ) • SCy-Phy group: ◮ Applied CPS security research October 26, 2015 MiniCPS: A toolkit for security research on CPS Networks 2

  3. Why MiniCPS: Cyber-Physical Systems • CPS are: ◮ Complex ◮ Critical ◮ Connected October 26, 2015 MiniCPS: A toolkit for security research on CPS Networks 3

  4. Why MiniCPS: Cyber-Physical Systems • CPS are: ◮ Complex ◮ Critical ◮ Connected • CPS information may be difficult to: ◮ Obtain ◮ Prove ◮ Share October 26, 2015 MiniCPS: A toolkit for security research on CPS Networks 3

  5. Why MiniCPS: Cyber-Physical Systems • CPS are: ◮ Complex ◮ Critical ◮ Connected • CPS information may be difficult to: ◮ Obtain ◮ Prove ◮ Share • CPS research requires different expertises: ◮ Electronics, Automation ◮ Networking, Computer Science ◮ Physics. . . October 26, 2015 MiniCPS: A toolkit for security research on CPS Networks 3

  6. Why MiniCPS: SWaT testbed • Pure Water: 5 US gallons/min, 6 . 0 − 7 . 0 pH, minimum conductivity of 10 µ S / cm 3 • Recovered Water: 70% processed water, 50% dirty recirculation October 26, 2015 MiniCPS: A toolkit for security research on CPS Networks 4

  7. Why MiniCPS: SWaT network SCADA Historian HMI HMI HMI Switch L1 Network Process 1 Process 2 Process n PLC PLC PLC PLC PLC PLC ... PLC1a PLC1b PLC2a PLC2b PLCna PLCnb L0 Network L0 Network L0 Network Remote IO Remote IO Remote IO RIO RIO ... RIO Sensor Sensor Sensor 42.42 42.42 42.42 Actuators Sensors Actuators Sensors Actuators Sensors • Wired and Wireless links. • Ethernet/IP , Common Industrial Protocol. October 26, 2015 MiniCPS: A toolkit for security research on CPS Networks 5

  8. MiniCPS: Vision • Research Environment: ◮ Reproducible ◮ Extensible ◮ Shareable October 26, 2015 MiniCPS: A toolkit for security research on CPS Networks 6

  9. MiniCPS: Vision • Research Environment: ◮ Reproducible ◮ Extensible ◮ Shareable • Targeted to Cyber-Physical Systems: ◮ Network communications ◮ Control logic ◮ Physical layer interaction October 26, 2015 MiniCPS: A toolkit for security research on CPS Networks 6

  10. MiniCPS: Vision • Research Environment: ◮ Reproducible ◮ Extensible ◮ Shareable • Targeted to Cyber-Physical Systems: ◮ Network communications ◮ Control logic ◮ Physical layer interaction • Don’t reinvent the wheels. . . ◮ But: " Stand on the Shoulders of Giants " ◮ Eg: linux , python , mininet , git October 26, 2015 MiniCPS: A toolkit for security research on CPS Networks 6

  11. MiniCPS: Diagram Network Component Component Logic Logic Physical Layer API Physical Layer Simulation • (C)yber → Network Emulator • (P)hysical → Process Simulation, State API • (S)ystem → Control Logic Simulation October 26, 2015 MiniCPS: A toolkit for security research on CPS Networks 7

  12. MiniCPS: What is Mininet Network Component Component Logic Logic Physical Layer API Physical Layer Simulation • Network-in-a-box emulator: ◮ Reproduce (complex) topologies ◮ Generating real packets using real protocols October 26, 2015 MiniCPS: A toolkit for security research on CPS Networks 8

  13. MiniCPS: What is Mininet Network Component Component Logic Logic Physical Layer API Physical Layer Simulation • Network-in-a-box emulator: ◮ Reproduce (complex) topologies ◮ Generating real packets using real protocols • One Linux kernel, multiple devices: ◮ Lightweight virtualization ◮ Each device is a container October 26, 2015 MiniCPS: A toolkit for security research on CPS Networks 8

  14. MiniCPS: What is Mininet Network Component Component Logic Logic Physical Layer API Physical Layer Simulation • Network-in-a-box emulator: ◮ Reproduce (complex) topologies ◮ Generating real packets using real protocols • One Linux kernel, multiple devices: ◮ Lightweight virtualization ◮ Each device is a container • SDN/OpenFlow development October 26, 2015 MiniCPS: A toolkit for security research on CPS Networks 8

  15. MiniCPS: Physical Layer API Network Component Component Logic Logic Physical Layer API Physical Layer Simulation • Database to represent the (physical) state: ◮ Abstract low-level details (SQL query) ◮ Use high level semantic functions: get , set October 26, 2015 MiniCPS: A toolkit for security research on CPS Networks 9

  16. MiniCPS: Physical Layer API Network Component Component Logic Logic Physical Layer API Physical Layer Simulation • Database to represent the (physical) state: ◮ Abstract low-level details (SQL query) ◮ Use high level semantic functions: get , set • Compatibility layer: ◮ Programming Language agnostic ◮ Support different storage back-ends October 26, 2015 MiniCPS: A toolkit for security research on CPS Networks 9

  17. MiniCPS: SWaT example L1 network emulation plc1.py plc2.py plc3.py PLC PLC PLC LIT301 LIT101 Grid FIT101 MV101 Sensor Sensor 42.42 42.42 P_101 FIT201 Sensor 42.42 Sensor 42.42 Physical process Simulation script • Control strategy: ◮ Sensors: level (LIT), flow (FIT) ◮ Actuators: motorized valve (MV) and pump (P) ◮ PLC1 takes decision with the aid of PLC2 and PLC3 ◮ Physical process simulation updates the state • Network: ◮ Realistic addresses (CIDR, MAC, ports) ◮ Replicate services: web-servers, ENIP client/server ◮ Optional Attacker and SDN Controller October 26, 2015 MiniCPS: A toolkit for security research on CPS Networks 10

  18. MiniCPS: SWaT example II SCADA Historian HMI HMI HMI L1 Network Process 1 1a. Write '0' to 1b. Write '1' to PLC PLC PLC valve tag PLC valve tag PLC1a PLC1b L0 Network 2. Write '1' to Remote IO RIO valve tag RIO Attacker Sensor 42.42 3. High current analog signal Actuators Sensors • Passive and Active ARP poisoning MITM attacks • SDN Controller for ARP poisoning Detection and Mitigation October 26, 2015 MiniCPS: A toolkit for security research on CPS Networks 11

  19. MiniCPS: Conclusions • MiniCPS is a CPS research platform: ◮ Reproducible ◮ Extensible ◮ Shareable • MiniCPS is used to investigate issues in real testbeds: ◮ MITM attacks ( ettercap ) ◮ Ethernet/IP reverse-engineering ( scapy ) ◮ SDN controllers development ( pox ) October 26, 2015 MiniCPS: A toolkit for security research on CPS Networks 12

  20. MiniCPS: Conclusions • MiniCPS is a CPS research platform: ◮ Reproducible ◮ Extensible ◮ Shareable • MiniCPS is used to investigate issues in real testbeds: ◮ MITM attacks ( ettercap ) ◮ Ethernet/IP reverse-engineering ( scapy ) ◮ SDN controllers development ( pox ) • Contribute: ◮ http://scy-phy.github.io/index.html ◮ https://github.com/scy-phy/minicps • Thank You! Q & A October 26, 2015 MiniCPS: A toolkit for security research on CPS Networks 12

Recommend


More recommend