signalling and cyber security - irse nederland...component iec 62443-4.1 iec 62443-4.2 system...
TRANSCRIPT
Cyber Security Management System(CSMS: IEC 62443-2-1)
Information Security Management System(ISMS: ISO 27001)
Risk Management
Security Operations Centre(SOC)
One possible risk mitigation
CSMS/ISMS includes
Railways use IT and OT
Cyber security managed by
IOC
One security measure
Vulnerabilities (killchain)
Cryptography - 3DES
One possible risk mitigation
Cryptographic Keys Which makes these really really important
Attackers exploitContext diagram:for (a couple of)
cyber security areas
2
2) Management Systems
3) Cryptography 4) SOC
1) Definitions
Cyber Security Management System(CSMS: IEC 62443-2-1)
Information Security Management System(ISMS: ISO 27001)
Risk Management
One possible risk mitigation
CSMS/ISMS includes
Railways use IT and OT
Cyber security managed by
IOC
One security measure
Vulnerabilities (killchain)
Cryptography - 3DES
One possible risk mitigation
Cryptographic Keys Which makes these really really important
Attackers exploitAgenda for this evening.
Security Operations Centre(SOC)
3
Definitions
VulnerabilitiesZero DaysKill chainIT OT
…threat actors exploit vulnerabilities to launch attacks…
4
Vulnerabilities• A flaw or weakness in a system's design, implementation or operation
and management that could be exploited to violate the system's integrity or security policy (see IEC/TS 62443-1-1).
• Allow a system to be used in a manner for which it was not intended
5
Date of Birth
6
Date of Birth Send me all records…..
7
Vulnerabilities• In Generic Applications, Specific Applications, Operating Systems,
boxes, resident code, firmware…..
• Open Source Vulnerability notices E.g. CVE: Common Vulnerabilities and Exposures
8
10
• CVE does not include zero days
11
Vulnerabilities – People and processes• Phishing emails
• USB sticks
•Manuals
• Engineering back doors / work arounds
12
Vulnerabilities - Standards
© This document has been developed and released by UNISIG
SUBSET-037 v3.2.0
EuroRadio FIS Page 1/126
ERTMS/ETCS
EuroRadio FIS
REF : SUBSET-037 ISSUE : 3.2.0 DATE: 17 December 2015
Company Technical Approval Management approval ALSTOM
ANSALDO
AZD
BOMBARDIER
CAF
SIEMENS
THALES
ERA * UNISIG * EEIG ERTMS USERS GROUP
SUBSET-026-8 3.6.0 13/05/2016
System Requirements Specification Chapter 8 Messages
Page 1/33
ERTMS/ETCS
System Requirements Specification Chapter 8 Messages
REF : SUBSET-026-8 ISSUE : 3.6.0 DATE : 13/05/2016
13
Cyber - concepts
• Vulnerabilities: It works - but not in the way you expect…
• Anatomy of a cyber attack: the kill chain…
Recon. Delivery Exploit Infection Lateral move
Act on objects
Kill Chain TM
14
ATT&CK
attack.mitre.org
15
ERTMS
ERA * UNISIG * EEIG ERTMS USERS GROUP
SUBSET-026-2 3.6.0 13/05/2016
System Requirements Specification Chapter 2
Basic System Description
Page 11/25
2.5.3 ERTMS/ETCS reference architecture
(*) Depending on its functionality and the desired configuration, the national system can be addressed either via an STM using the standard interface or via another national solution
Train On-board recording deviceDriver
BIU TIU Juridical data
BTM
DMI function
STM control function
LTM EURORADIO
Odometry
GSM-RMobile
GSM-R fixed network
SUBSET-034 ERA_ERTMS_015560
SUBSET-037A11T6001
SUBSET-027
RBC 1
EURORADIO
SUBSET-037
RIU
EURORADIOEUROBALISE EUROLOOP
LEUInterlocking
NationalSystem
STM
Othersolution
SUBSET-044SUBSET-036
KMC 2
SU
BSE
T-11
4S
UBS
ET-
137
ETCSOn-board
KMC 1
ETCSTrackside
RBC 2
EURORADIO
SU
BSE
T-11
4S
UBS
ET-
137
SU
BSE
T-11
4S
UBS
ET-
137
NationalSystem(*)
or
SUB
SET-
101
SUBSET-036 SUBSET-044
SUBSET-114SUBSET-137
SUBSET-038SUBSET-137
SUB
SET-
035
SU
BS
ET-
056
SU
BS
ET-
057
SUB
SET-
058
Control Centre
PKI
SU
BSE
T-13
7
SUBSET-137
SUBSET-137
SUBSET-039SUBSET-098
Figure 1: ERTMS/ETCS system and its interfaces
2.5.3.1 Note: the entities inside the ERTMS/ETCS on-board equipment box are shown only to highlight the scope of the interfaces that are specified in the TSI CCS annex A.
System under Consideration
16
ERA * UNISIG * EEIG ERTMS USERS GROUP
SUBSET-026-2 3.6.0 13/05/2016
System Requirements Specification Chapter 2
Basic System Description
Page 11/25
2.5.3 ERTMS/ETCS reference architecture
(*) Depending on its functionality and the desired configuration, the national system can be addressed either via an STM using the standard interface or via another national solution
Train On-board recording deviceDriver
BIU TIU Juridical data
BTM
DMI function
STM control function
LTM EURORADIO
Odometry
GSM-RMobile
GSM-R fixed network
SUBSET-034 ERA_ERTMS_015560
SUBSET-037A11T6001
SUBSET-027
RBC 1
EURORADIO
SUBSET-037
RIU
EURORADIOEUROBALISE EUROLOOP
LEUInterlocking
NationalSystem
STM
Othersolution
SUBSET-044SUBSET-036
KMC 2
SU
BSE
T-11
4S
UBS
ET-
137
ETCSOn-board
KMC 1
ETCSTrackside
RBC 2
EURORADIO
SU
BSE
T-11
4S
UBS
ET-
137
SU
BSE
T-11
4S
UBS
ET-
137
NationalSystem(*)
or
SUB
SET-
101
SUBSET-036 SUBSET-044
SUBSET-114SUBSET-137
SUBSET-038SUBSET-137
SUB
SET-
035
SU
BS
ET-
056
SU
BS
ET-
057
SUB
SET-
058
Control Centre
PKI
SU
BSE
T-13
7
SUBSET-137
SUBSET-137
SUBSET-039SUBSET-098
Figure 1: ERTMS/ETCS system and its interfaces
2.5.3.1 Note: the entities inside the ERTMS/ETCS on-board equipment box are shown only to highlight the scope of the interfaces that are specified in the TSI CCS annex A.
System under Consideration
17
IM engineering, logistics, planning
and operations back room
systems
IM business systems
Operators and fleet maintainers
Train Fleetoperating
Systems(non signalling)Signalling system (trackside)
External parties
Traffic Control regionTraffic Control region
Financial Human Resources
Billing Customer portal
Engineering
System Test Labs
Traffic Control region
InterlockingInterlocking
ATP
Traffic Control
CommsInterlocking
Trackside unitsTrackside
unitsTrackside unitsTrackside
unitsTrackside unitsTrackside
units
Onboard Onboard
Onboard Onboard Base
station
Staff Rostering
Enterprise systemsOperational systems
Operations planning
Operations Recovery
System Control centers
Traction power
systems
Station systems
Maintenance Contractors
Maintenance systems
Fleet planning
Operations networks Engineering networks
Enterprise networks
GSM-R
Passenger Information
systems
Comms, CCTV, Train
radio
Level crossings
Building systems
Bridges, Tunnels
Timetable planning Procurement
Maintenance
Suppliers
Engineering contractors
Customer portal
IT Support
Office automation
Others…..
Onboard systemsOnboard systems
Onboard systems
Asset management
Project delivery
Others….
Key management
Others….Others….
Emergency services
Others….
Multiple trains
Onboard systems
DoorsBraking
Traction
Climate
PA, CommsPublic WiFi
MonitoringSignalling
Radio
Onb
oard
net
wor
ks
Etc….
Internet
Internet
Internet
18
IP protocol stack
ERTMS protocol stack
Subset 026
Subset 037(SaPDU structure)
Subset 037
Subset 037(x.224)
Subset 037(x.70)
Subset 037(x.25)
header application InformationApplication PDU
user dataSaPDUheader
1MAC
8
L4: TSDU
first segment123 octets
header5
TPDUlast segment<= 123 octets
header5
flag1
address1
control2
data<=34
FCS2
flag1
header2
First segment32
header2
last segment<=32
L3: NPDU
L2: HDLC frame
IT v OT(Information Technology v Operational Technology)
Http, HTTPS, FTP,SMTP etc
TCP
IP
Network Interface
Application Layer
Transport Layer
Internet Layer
Network Access Layer
• International standard• Millions of applications• Off the shelf
Versiedatum 30-09-202019
Management Systems
ISO 2700 seriesIEC 62443 seriesNIST
Risk Based cyber security management(cyber security is not part of safety management system)
20
ISO 27000 seriesVocabulary Standards
Requirements Standards
Guideline Standards
Sector Specific guidelines &
Standards
27000Overview & Vocabulary
27001ISMS
27006Auditing bodies
27009Create sector specific
27002controls
27003Guidance on ISMS
27004Monitoring ISMS
27005Risk Management
27007ISMS auditing
2701327001 v 20000
27014Governance
27016economics
27010Information sharing
27011Telecoms
27017Cloud services
27018Cloud Privacy
27019Energy
27015Financials
21
ISO 27000 seriesVocabulary Standards
Requirements Standards
Guideline Standards
Sector Specific guidelines &
Standards
27000Overview & Vocabulary
27006Auditing bodies
27009Create sector specific
27002controls
27003Guidance on ISMS
27004Monitoring ISMS
27005Risk Management
27007ISMS auditing
2701327001 v 20000
27014Governance
27016economics
27010Information sharing
27011Telecoms
27017Cloud services
27018Cloud Privacy
27019Energy
27015Financials
27001ISMS
22
IEC 62443
IEC 62443-2-4:2015+AMD1:2017 CSV – 5 – © IEC 2017
INTRODUCTION
This standard is the part of the IEC 62443 series that contains security requirements for providers of integration and maintenance services for Industrial Automation and Control Systems (IACS). It has been developed by IEC Technical Committee 65 in collaboration with the International Instrumentation Users Association, referred to as the WIB from its original and now obsolete Dutch name, and ISA 99 committee members.
Figure 1 illustrates the relationship of the different parts of IEC 62443 being developed. Those that are normatively referenced are included in the list of normative references in Clause 2, and those that are referenced for informational purposes or that are in development are listed in the Bibliography.
Figure 1 – Parts of the IEC 62443 Series
IEC
IEC 62443-1.1 IEC TR-62443-1.2 IEC 62443-1.3 IEC TR-62443-1.4
IEC 62443-2.1 IEC TR-62443-2.2 IEC TR-62443-2.3 IEC 62443-2.4
IEC TR-62443-3.1 IEC 62443-3.2 IEC 62443-3.3
IEC 62443-4.1 IEC 62443-4.2
Com
pone
nt
Syst
em
Polic
ies
and
proc
edur
es
Gen
eral
Terminology, concepts and models
Security program requirements for
IACS service providers
Master glossary of terms and abbreviations
System security compliance metrics
IACS security lifecycle and use-case
Requirements for an IACS security
management system
Implementation guidance for an IACS security management system
Patch management in the IACS environment
Security technologies for IACS
Security levels for zones and conduits
System security requirements and
security levels
Product development requirements
Technical security requirements for IACS
components
This is a preview - click here to buy the full publication
23
IEC 62443
IEC 62443-2-4:2015+AMD1:2017 CSV – 5 – © IEC 2017
INTRODUCTION
This standard is the part of the IEC 62443 series that contains security requirements for providers of integration and maintenance services for Industrial Automation and Control Systems (IACS). It has been developed by IEC Technical Committee 65 in collaboration with the International Instrumentation Users Association, referred to as the WIB from its original and now obsolete Dutch name, and ISA 99 committee members.
Figure 1 illustrates the relationship of the different parts of IEC 62443 being developed. Those that are normatively referenced are included in the list of normative references in Clause 2, and those that are referenced for informational purposes or that are in development are listed in the Bibliography.
Figure 1 – Parts of the IEC 62443 Series
IEC
IEC 62443-1.1 IEC TR-62443-1.2 IEC 62443-1.3 IEC TR-62443-1.4
IEC 62443-2.1 IEC TR-62443-2.2 IEC TR-62443-2.3 IEC 62443-2.4
IEC TR-62443-3.1 IEC 62443-3.2 IEC 62443-3.3
IEC 62443-4.1 IEC 62443-4.2
Com
pone
nt
Syst
em
Polic
ies
and
proc
edur
es
Gen
eral
Terminology, concepts and models
Security program requirements for
IACS service providers
Master glossary of terms and abbreviations
System security compliance metrics
IACS security lifecycle and use-case
Requirements for an IACS security
management system
Implementation guidance for an IACS security management system
Patch management in the IACS environment
Security technologies for IACS
Security levels for zones and conduits
System security requirements and
security levels
Product development requirements
Technical security requirements for IACS
components
This is a preview - click here to buy the full publication
24
Business Enterprise zone(IT for Planning,Logistics, Sales, Engineering, Finance, HR etc..)
Control zone(Operating technology –
Signaling, traction, Building systems, traffic control etc..)
e.g. ISO 2700x
EN TS
50701Railway System
IEC 62443IACS
NIS
Dire
ctiv
e
Enterprise systems
Operational systems
Systems Standards Legislation
Impl
emen
tatio
n of
25
Railw
ay S
igna
lling
Cybe
r Sec
urity
Concept
ManufactureDesign and Implementation
Architecture
Requirements
Risk analysis
System definition operational context
Acceptance
Validation
Integration
Operation and maintenance Scope: Signalling system
Process: SMS - Safety Management System, Systems Engineering
Focus: (Safety) risk management, Safe operational performance of the railway signalling system
Technology: OT, with increasing IT
Risk Analysis Addressing risk with CSMS
Monitoring and improving the CSMS
Scope: Business systems (Operational systems and Enterprise systems)
Process: CSMS - Cyber Security Management System
Focus: (Security) risk management, Cyber Security Risk, business continuity
Technology: IT
Signalling development lifecycle
(duration measured in years):
Cybersecurity management(duration measured in days / weeks):
Characteristics
Characteristics
EN TS 50701
26
NIST
27
NIST NIST Special Publication 800-82 Revision 2
Guide to Industrial Control Systems (ICS) Security
Supervisory Control and Data Acquisition (SCADA) Systems, Distributed Control Systems (DCS), and Other Control System Configurations such as Programmable Logic Controllers (PLC)
Keith Stouffer Victoria Pillitteri
Suzanne Lightman Marshall Abrams
Adam Hahn
http://dx.doi.org/10.6028/NIST.SP.800-82r2 7KLV�SXEOLFDWLRQ�LV�DYDLODEOH�IUHH�RI�FKDUJH�IURP�
28
NIST NIST Special Publication 800-82 Revision 2
Guide to Industrial Control Systems (ICS) Security
Supervisory Control and Data Acquisition (SCADA) Systems, Distributed Control Systems (DCS), and Other Control System Configurations such as Programmable Logic Controllers (PLC)
Keith Stouffer Victoria Pillitteri
Suzanne Lightman Marshall Abrams
Adam Hahn
http://dx.doi.org/10.6028/NIST.SP.800-82r2 7KLV�SXEOLFDWLRQ�LV�DYDLODEOH�IUHH�RI�FKDUJH�IURP�
Federal Information Processing Standards
(FIPS)
Federal Information Processing Standards
(FIPS)
Federal Information Processing Standards
(FIPS)
Federal Information Processing Standards
(FIPS)
Federal Information Processing Standards
(FIPS)
29
NIST NIST Special Publication 800-82 Revision 2
Guide to Industrial Control Systems (ICS) Security
Supervisory Control and Data Acquisition (SCADA) Systems, Distributed Control Systems (DCS), and Other Control System Configurations such as Programmable Logic Controllers (PLC)
Keith Stouffer Victoria Pillitteri
Suzanne Lightman Marshall Abrams
Adam Hahn
http://dx.doi.org/10.6028/NIST.SP.800-82r2 7KLV�SXEOLFDWLRQ�LV�DYDLODEOH�IUHH�RI�FKDUJH�IURP�
Federal Information Processing Standards
(FIPS)
Federal Information Processing Standards
(FIPS)
Federal Information Processing Standards
(FIPS)
Federal Information Processing Standards
(FIPS)
Federal Information Processing Standards
(FIPS)
30
Cryptography
XOR0 0 00 1 11 0 11 1 0
The science of passing information over an unsecure communications channel
31
Cifer
Message
Cipher text
Key
Decr
yptio
n
Encr
yptio
n
32
Caesar
A
C
Key
Message
Cipher text
Caesar Cipher
33
Caesar
A
C
Key
Key =2
A B C D E F ….
A B C D E F ….
Attack
Cvvcem
Message:
Cifer text:
Message
Cipher text
Caesar Cipher
Limitations:• Key size = 26 (circa 25)• Deterministic• One character at a
time
34
DESKK
Cipher text
64 bit
64 bit
64 bit
Message DES(Data Encryption Standard)
35
DESKK
Message (64 bit)
Initial Permutation
Li
F
Cipher text
64 bit
64 bit
64 bit
Message
Ri
32 bit 32 bit
P(K)
Round 1
Li+1 Ri+1
Ciphertext block (64 bit)
Initial Permutation-1
Repeat another 15 rounds
DES(Data Encryption Standard)
Limitations:• Key size = 256
• Deterministic• Short messages
36
DESKK
Cipher text
64 bit
64 bit
64 bit
DES k DES k DES k
Cipher text
DES ECB(Electronic Code Book)
Message
Limitations:• Key size = 256
• Deterministic
X 1 X 2 X 3 X 4
H 1 H 2 H 3 H 4
37
DESKK
Cipher text
64 bit
64 bit
64 bit
DES k DES k DES k
Message DES CBC(Cipher Block Chain)
Limitations:• Key size = 256
X 1 X 2 X 3 X 4
H 1 H 2 H 3 CBC MAC
38
DESK1K1
64 bit
192 bitTriple Key
64 bit
Message
DES k1 DES k1
X 1
DES k1
DES-1 k2
DES k3
K2K3
Triple DES CBC mode(Cipher Block Chain)
X 2 X 3 X 4
H 1 H 2 H 3
CBC MAC
39
Subset 37
© This document has been developed and released by UNISIG
SUBSET-037 v3.2.0
EuroRadio FIS Page 34/126
7.2 Safety protocol
7.2.1 Introduction
7.2.1.1 This section provides a precise specification of the safety protocol taking into account the CENELEC standard EN 50159. The method used in the SFM corresponds to the A1 type in EN 50159: cryptographic safety code using secret key.
7.2.2 Generic MAC-Calculation
7.2.2.1 The computation of the MAC in all cases is according to [ISO/IEC 9797-1]. The block cipher used is the single DES with modified MAC algorithm 3, where the last data block in the MAC computation will be computed as encipher with K1, decipher with K2, then encipher with K3 (this is a modification of ISO 9797-1 which uses only two keys, K and K''). ISO 9797-1 Padding Method 1 is used.
7.2.2.2 The CBC-MAC is a value of 64 bits calculated on a message “m” using three 64-bit DES keys.
7.2.2.3 To calculate the CBC-MAC on a value X, the length in bits of the value must be a multiple of 64. If necessary, i.e. if the length of a message m in bits is not a multiple of 64, padding is performed prior to the computation of the CBC-MAC. As few zero bits as needed (possibly none) are added at the end of the message m to obtain a multiple of 64 bits. The padding data p is used for CBC-MAC calculation only. It does not become part of the message.
7.2.2.4 The CBC-MAC (K, X) function using a secret triple-key K and the value X = m | p is defined as follows:
7.2.2.5 Let K = K1 | K2 | K3 be a triple-key and K1, K2, K3 its DES-keys, let X be constituted by the 64-bit blocks X1 | X2 | ... | Xq. Let E(Kn,X) be a block cipher function, single DES in CBC mode, enciphering the data string X using the key Kn (n є {1,2,3}). Let E-1(Kn,X) be a single DES block decipher function, deciphering the data string X using the key Kn (n є {1,2,3}). Let � be the XOR-operation. Then, CBC-MAC is derived by the following iteration:
7.2.2.6 The initial value H0 is of length 64 bits, all bits are of value “0”. H0 is not enciphered before first usage,
7.2.2.7 Hi = E(K1,Hi-1 � Xi), i = 1,2,…, q-1, Hq = E(K3,E-1 (K2, E(K1,Hq-1 � Xq)))
7.2.2.8 The CBC-MAC calculated on the message m is then equal to Hq.
7.2.2.9 An informative example is given in ANNEX E.
7.2.3 Functions of the safety layer
7.2.3.1 The safety layer provides the safe transfer of user data. This includes the establishment and release of the safety connection.
7.2.3.2 Safety procedures
40
An Attack Against Message Authentication in the ERTMSTrain to Trackside Communication Protocols
Tom ChothiaUniversity of Birmingham
Birmingham, [email protected]
Mihai OrdeanUniversity of Birmingham
Birmingham, [email protected]
Joeri de RuiterRadboud University
Nijmegen, [email protected]
Richard J. ThomasUniversity of Birmingham
Birmingham, [email protected]
ABSTRACTThis paper presents the results of a cryptographic analysisof the protocols used by the European Rail Traffic Manage-ment System (ERTMS). A stack of three protocols securesthe communication between trains and trackside equipment;encrypted radio communication is provided by the GSM-Rprotocol, on top of this the EuroRadio protocol providesauthentication for a train control application-level proto-col. We present an attack which exploits weaknesses in allthree protocols: GSM-R has the same well known weak-nesses as the GSM protocol, and we present a new collisionattack against the EuroRadio protocol. Combined with de-sign weaknesses in the application-level protocol, these vul-nerabilities allow an attacker, who observes a MAC collision,to forge train control messages. We demonstrate this at-tack with a proof of concept using train control messages wehave generated ourselves. Currently, ERTMS is only usedto send small amounts of data for short sessions, thereforethis attack does not present an immediate danger. However,if EuroRadio was to be used to transfer larger amounts ofdata trains would become vulnerable to this attack. Addi-tionally, we calculate that, under reasonable assumptions,an attacker who could monitor all backend control centresin a country the size of the UK for 45 days would have a 1%chance of being able to take control of a train.
1. INTRODUCTIONThe European Rail Traffic Management System (ERTMS)
Standard provides a suite of protocols used to deliver next-generation train management and signalling.1 This standardis designed with the intention to enable trains to interoper-ate across borders and optimise the running operation of
1http://www.ertms.net/
Permission to make digital or hard copies of all or part of this work for personal orclassroom use is granted without fee provided that copies are not made or distributedfor profit or commercial advantage and that copies bear this notice and the full citationon the first page. Copyrights for components of this work owned by others than theauthor(s) must be honored. Abstracting with credit is permitted. To copy otherwise, orrepublish, to post on servers or to redistribute to lists, requires prior specific permissionand/or a fee. Request permissions from [email protected] ’17, April 02 - 06, 2017, Abu Dhabi, United Arab Emirates.c© 2017 Copyright held by the owner/author(s). Publication rights licensed to ACM.
ISBN 978-1-4503-4944-4/17/04. . . $15.00.DOI: http://dx.doi.org/10.1145/3052973.3053027
railways. At present, the system is being rolled out acrossEurope and also on high-speed lines around the world.ERTMS is formed of three core communication layers:
GSM-R, EuroRadio and the Application Layer protocol (seeFigure 1). The EuroRadio and the Application Layer proto-cols form ETCS, the European Train Control System. Thelowest layer of the stack, GSM-R, is a rail-specific variantof the GSM protocol, used for communications between thetrain and trackside infrastructure. EuroRadio, the middlelayer, provides authentication and integrity of messages sentbetween the train and track side components using crypto-graphic MACs. The Application Layer protocol is the high-est layer of the stack; this is a stateful protocol that includestimestamps and message acknowledgements to prevent thereplay of messages and ensure successful communication.In this paper, we present the results of a cryptographic
analysis of the ERTMS communication stack, in which wedetermined whether arbitrary, unauthorised messages canbe sent to trains or trackside equipment. We show that onesuch attack is possible and give details on the exact circum-stances which would allow it to happen. We also proposeseveral solutions to mitigate this vulnerability.The MAC algorithm used in EuroRadio is a modified ver-
sion of the ISO 9797-1 MAC Algorithm 3 [13, 23], a standardwhich was introduced in 2011. The ISO algorithm is a CBC-MAC that uses a single DES transformation for all but thelast block, which is encrypted using triple DES (3DES) usingtwo different keys. The use of only two keys for the 3DESoperation is a potential weakness, so EuroRadio uses tripleDES (3DES), with 3 distinct keys, for this final block.As with any 64-bit MAC, it is possible for collisions to
occur, i.e., two different messages may have the same MACfor a particular key. Such a collision is unlikely (requiring229 messages for a 1% chance) however an attacker that canwait long enough will eventually observe one. A well de-signed protocol should not be vulnerable to an attacker thatobserves colliding MACs. However, we show in Section 4that in the case of EuroRadio that such a collision can beused to retrieve the first of the three DES keys using brute-force.Establishing one of the keys used by the MAC should
not pose an immediate threat to the integrity of the pro-tocol, as the final transformation when generating a MACinvolves a 3DES encryption with three distinct keys. Anattacker, therefore, cannot simply generate a valid MAC
41
SOC - IOC
Security Operations CenterIndicator of Compromise
detection processes and procedures …. to ensure timely and adequate awareness of anomalous events
(EC 2018/151 – applies to digital service providers not OED, but a good read in any case….)
42
IOC: What does suspicious look like?
User OtherQuestion
Answer
Versiedatum 30-09-2020
Probably OK
43
IOC: What does suspicious look like?
User Other
User Other
Answer
Versiedatum 30-09-2020
Probably OK
Suspicious
Question
Answer
44
IOC: What does suspicious look like? IT
User Other
User Other
Answer
Versiedatum 30-09-2020
Probably OK
Suspicious
• State firewalls• HTTP not port 80 • HTTPS not port 443• Doom FPS not port 666• User / application mismatch• Transfer of sensitive data• Use profiles• Network traffic anomalies
Question
Answer
45
IOC: What does suspicious look like? Signalling
46
IOC: What does suspicious look like? Signalling
ERTMS L1 & L2
Transition L2 à L1
Probably OK
47
IOC: What does suspicious look like? Signalling
ERTMS L1 & L2
Transition L2 à L1
ERTMS L2 only
Transition L2 à L1
Probably OK
Suspicious
48
IOC: What does suspicious look like? Signalling
• Incoming call from German SIM ?• Incoming call from Germany ?• RBC calling Thailand ?• Interlocking operating unused o/p ?• Data from unused i/p ?• Multiple failed login attempts ?• Unusual delay in transmission ?
Complications:• Custom monitoring tool• Use case to be defined• Data from multiple companies
49
Challenges
• Identification of IOC• Collecting the necessary data (across companies)• SOC (scope, location, management, cost, …..)• Incident response (procedures, escalation)
• Biggest challenge – The Mindset
50
Cyber Security Management System(CSMS: IEC 62443-2-1)
Information Security Management System(ISMS: ISO 27001)
Risk Management
Security Operations Centre(SOC)
One possible risk mitigation
CSMS/ISMS includes
Railways use IT and OT
Cyber security managed by
IOC
One security measure
Vulnerabilities (killchain)
Cryptography - 3DES
One possible risk mitigation
Cryptographic Keys Which makes these really really important
Attackers exploit
51
Questions..
Nederland
Einde