Paper-Conference

Linus Roepert, Markus Dahlmanns, Ina Berenice Fink, Jan Pennekamp, Martin Henze

Assessing the Security of OPC UA Deployments

Proceedings of the 1st ITG Workshop on IT Security (ITSec ‘20), April 2-3, 2020, Tübingen, Germany

To address the increasing security demands of industrial deployments, OPC UA is one of the first industrial protocols explicitly designed with security in mind. However, deploying it securely requires a thorough configuration of a wide range of options. Thus, assessing the security of OPC UA deployments and their configuration is necessary to ensure secure operation, most importantly confidentiality and integrity of industrial processes. In this work, we present extensions to the popular Metasploit Framework to ease network-based security assessments of OPC UA deployments. To this end, we discuss methods to discover OPC UA servers, test their authentication, obtain their configuration, and check for vulnerabilities. Ultimately, our work enables operators to verify the (security) configuration of their systems and identify potential attack vectors.

PDF DOI
Jan Pennekamp, Markus Dahlmanns, Lars Gleim, Stefan Decker, Klaus Wehrle

Security Considerations for Collaborations in an Industrial IoT-based Lab of Labs

Proceedings of the 3rd IEEE Global Conference on Internet of Things (GCIoT ‘19), December 4–7, 2019, Dubai, United Arab Emirates

The productivity and sustainability advances for (smart) manufacturing resulting from (globally) interconnected Industrial IoT devices in a lab of labs are expected to be significant. While such visions introduce opportunities for the involved parties, the associated risks must be considered as well. In particular, security aspects are crucial challenges and remain unsolved. So far, single stakeholders only had to consider their local view on security. However, for a global lab, we identify several fundamental research challenges in (dynamic) scenarios with multiple stakeholders: While information security mandates that models must be adapted wrt. confidentiality to address these new influences on business secrets, from a network perspective, the drastically increasing amount of possible attack vectors challenges today's approaches. Finally, concepts addressing these security challenges should provide backwards compatibility to enable a smooth transition from today's isolated landscape towards globally interconnected IIoT environments.

PDF DOI
Jens Hiller, Jan Pennekamp, Markus Dahlmanns, Martin Henze, Andriy Panchenko, Klaus Wehrle

Tailoring Onion Routing to the Internet of Things: Security and Privacy in Untrusted Environments

Proceedings of the 27th IEEE International Conference on Network Protocols (ICNP ‘19), October 7-10, 2019, Chicago, IL, USA

An increasing number of IoT scenarios involve mobile, resource-constrained IoT devices that rely on untrusted networks for Internet connectivity. In such environments, attackers can derive sensitive private information of IoT device owners, e.g., daily routines or secret supply chain procedures, when sniffing on IoT communication and linking IoT devices and owner. Furthermore, untrusted networks do not provide IoT devices with any protection against attacks from the Internet. Anonymous communication using onion routing provides a well-proven mechanism to keep the relationship between communication partners secret and (optionally) protect against network attacks. However, the application of onion routing is challenged by protocol incompatibilities and demanding cryptographic processing on constrained IoT devices, rendering its use infeasible. To close this gap, we tailor onion routing to the IoT by bridging protocol incompatibilities and offloading expensive cryptographic processing to a router or web server of the IoT device owner. Thus, we realize resource-conserving access control and end-to-end security for IoT devices. To prove applicability, we deploy onion routing for the IoT within the well-established Tor network enabling IoT devices to leverage its resources to achieve the same grade of anonymity as readily available to traditional devices.

PDF DOI
Jens Hiller, Karsten Komanns, Markus Dahlmanns, Klaus Wehrle

Regaining Insight and Control on SMGW-based Secure Communication in Smart Grids

Proceedings of the 2019 AEIT International Annual Conference, September 18-20, 2019, Firenze, Italy

Smart Grids require extensive communication to enable safe and stable energy supply in the age of decentralized and dynamic energy production and consumption. To protect the communication in this critical infrastructure, public authorities mandate smart meter gateways (SMGWs) to intercept all inbound and outbound communication of premises such as a factory or smart home, and forward the communication data on secure channels established by the SMGW itself to be in control of the communication security. However, using the SMGW as proxy, local devices can neither review the security of these remote connections established by the SMGW nor enforce higher security guarantees than established by the all in one configuration of the SMGW which does not allow for use case-specific security settings. We present mechanisms that enable local devices to regain this insight and control over the full connection, i.e., up to the final receiver, while retaining the SMGW's ability to ensure a suitable security level. Our evaluation shows modest computation and transmission overheads for this increased security in the critical smart grid infrastructure.

PDF DOI