P3 wireless is a type of Wireless Local Area Network based on the IEEE802.15. Specification. Low power nature of most WLANs means that it is hard to "eavesdrop" from more than a couple of hundred meters away. The area of concern would be if someone were able to send messages to command or operate a device on the network.
P3 wireless is a type of Wireless Local Area Network based on the IEEE802.15. Specification. Low power nature of most WLANs means that it is hard to "eavesdrop" from more than a couple of hundred meters away. The area of concern would be if someone were able to send messages to command or operate a device on the network.
Direitos autorais:
Attribution Non-Commercial (BY-NC)
Formatos disponíveis
Baixe no formato PDF, TXT ou leia online no Scribd
P3 wireless is a type of Wireless Local Area Network based on the IEEE802.15. Specification. Low power nature of most WLANs means that it is hard to "eavesdrop" from more than a couple of hundred meters away. The area of concern would be if someone were able to send messages to command or operate a device on the network.
Direitos autorais:
Attribution Non-Commercial (BY-NC)
Formatos disponíveis
Baixe no formato PDF, TXT ou leia online no Scribd
CASE STUDY NOTES Introduction The P3 wireless system is a type of Wireless Local Area Network (WLAN) The P3 system uses multiple security based on the IEEE802.15.4 specification measures to protect from both malicious (WiFi is based on 802.11). Wireless is and accidental interference. in effect a broadcast system, unlike • P3 wireless is inherently secure due wired networks where the path of the low power radio signals
communication is restricted between • All command messages are encrypted
devices by the physical cable, inherently using AES128
protecting communications. This means • A secure method of joining the
network is employed that someone with a wireless transceiver set to the correct frequency could listen in. • Anti-spoofing ensures messages can not be replayed (recorded then played back at a later time) Of course the low power nature of most WLANs means that is hard to “eavesdrop” from more than a couple of hundred meters away. In an industrial application, depending upon the installation, it is possible that the signals would not be detectable from outside the site perimeter. Security overview providing minimal impact during operation and commissioning. There is a two-fold approach to protecting But we must accept the fact that it may be possible for someone to be command messages. The first is AES - Advanced AES128-bit encoding (Advanced able to pick up the Rotork P3 wireless Encryption Standard) and following Encryption Standard messages with a transceiver set to the this, an anti-spoofing algorithm is correct frequency. Whilst it may be Advanced Encryption Standard is an applied. The AES prevents analysis of possible to pick up the feedback data the command, even if the attacker had algorithm recognised as being strong being transmitted, this is of negligible knowledge of the Rotork propriety enough to protect national security security risk as there is very little that protocol used for control. The anti- with approval of the standard (FIPS can be done with status information. The spoofing prevents replay attacks 197) in 2001. Since then it has been area of concern would be if someone originating from a node on the P3 widely used and is the defacto standard were able to send messages to command wireless network. Anti-spoofing is also for encryption. Rotork are specifically or operate a device on the network. applied during network join to prevent using AES128 - the 128 refers to the non-authorised actuators being placed 128 bit key length. This key operates So, how could someone infiltrate the on the network and intercepting on a 16 byte datablock. It is necessary network to control a device on the command messages from their for commands to be padded out to be Wireless P3 system? To start with they intended recipient. the full 16 bytes in length. The padding would have to know some basic details bytes provide an additional level of security about the network; the channel on which These methods are utilising strong as they are checked for correctness communications are occurring (there are encryption. What is encryption? when the command is deciphered. 16 to chose from), the Personal Area Encryption is the process of changing Network Identification number (PAN data into a form that can be understood Command messages are encoded by ID, a 16bit number), a device address only by the intended receiver. To decipher passing them through the encryption and they would also need to understand the message, the receiver of the algorithm based on the key, before the Rotork P3 wireless protocol. This is encrypted data must have the proper transmission and at the receiving end a non-published proprietary protocol. decryption key. The sender and the the messages are decoded by the BUT... that’s not the end of it; because receiver use the same key to encrypt same algorithm. The algorithm starts we recognise the risk presented by a and decrypt data. with the key-expansion, where a number persistent hacker who wishes to disrupt of round keys are established that are plant operations, we have employed This security infrastructure is designed used later in the algorithm. The data is extra security measures to protect to secure the join process and the arranged in a 2 dimensional block of devices from unsolicited commands. sending of commands while size 4*4 bytes. There are a series of 10 rounds, and Centre (the co-ordinator device) and to commands. This would require within each round the following steps then use this counter combined with knowledge of the AES key and are taken: the anti-spoofing encryption to provide anti-spoofing encryption algorithm. • Subbytes - a non linear byte a successful registration request, and If this acknowledgment to a substitution of each byte in the upon passing this authentication the command is not received, the master data block. P3 master station will add the device station will flag an error. • Shift Rows - within a row the data to its list of Actuators. • The imposter would need to conform is cyclically shifted depending upon to the P3 Wireless proprietary protocol the row number. Replay protection to prevent an error being reported. • MixColumns - the data in each To prevent replay we add additional column is transformed through databytes onto the transmission payload, Replay multiplication with a fixed polynomial. that contain an encrypted counter. The This provides diffusion - each input additional bytes are formed by the anti- The ‘record and replay’ attack is prevented byte affects all 4 of the output bytes. spoofing encryption that takes a system- by the same method that prevents • Add RoundKey - this XORS the data wide counter as input. The encryption spoofing. A command or registration block with the round key derived earlier. used is proprietary and like AES involves message must be ‘fresh’ (not have padding, substitution and rotations. timed out) to be passed on to the target All systems are sent out with the same by the router/ coordinator or acted AES key in the FCUs and the co-ordinator. The routers will request the system time upon by an actuator. This can (and should) be changed to on a periodic basis such that any potential secure the site. The key can be modified drift in the coordinator clock and the Eavesdropping in the master station (assuming the user router clock will not push the time The message protocol used is a proprietary has the correct access rights) using the tolerance outside an acceptable window. one and therefore is not in the public HMI or web pages and in individual domain. Whilst an eavesdropper actuators using the IR interface. On reception of a message the router might be able to gain knowledge to Additionally, a new key can be distributed will examine a particular byte to ascertain understand Rotork messaging protocol throughout the system over the network. if it is a command. Messages which are and successfully decode messages that For this distribution the new key is not classified as commands are simply are not commands, this is deemed to secured by using a Key Transport passed onto the actuator. Commands key that is hard-coded into the will need to have the additional bytes that have no practical use to an attacker. system software. have been added to payload deciphered. The deciphered bytes provide a time Denial of Service Anti-spoofing counter and if this time matches the The most straightforward method of time kept by the router itself, within a creating a Denial of Service (DoS) is to Although the command data is protected certain tolerance, the command is impose so much noise on the channel by AES, it does not prevent replay passed on to the actuator. that devices cannot communicate; this attacks from other nodes on the network. is equivalent to ‘cutting the wire’ on a In theory a hacker could join a node to Common Attacks fully wired system. The use of DSSS the network and replay a message (Direct Sequence Spread Spectrum), with the same payload as a command Imposter Node where the message is spread over a message and with all the message header An Imposter node attack is where an small band of frequencies, can help information correct. In the Rotork P3 attacker places a node on the network with DoS attacks that are focussed on Wireless systems anti-spoofing is the that masquerades as a real actuator, one spot frequency. Site security name given to the encryption algorithm diverting commands to itself rather should be employed to control access applied during network joining to prevent than to the real actuator. The Rotork to the site and therefore prevent non-authorised actuators being placed P3 wireless system provides several equipment capable of a DoS attack on the network and during run time to counter measures to this: being placed within the site. If this did prevent command message replay. • The imposter could not guarantee occur, the operator will soon be alerted diversion since it would need to to the problem since the P3 Master It is an encryption method designed in control the routing tables of all Station will flag a ‘Communications house, but is a similar scheme to message devices on the network. Bad’ alarm for all actuators, making it authentication code and Nonce • Should the imposter node successfully clear there is a problem. A correctly (Number Used Once) alogrithms. join the network (which is an installed wireless network would not unlikely event given the security allow new devices to join and Join protection measures employed) then it will therefore a DoS attack based upon For a device to join the network it must also need to provide authenticated bombarding the master station with first obtain a counter from the Trust and encrypted acknowledgments data would not be possible.