WIRELESS VULNERABILITIES OF SCADADCS

1
WIRELESS VULNERABILITIES OF SCADA/DCS

• Randy Whittle

2
WIRELESS ISSUES RE. DCS SCADA

• Estimated 60-70 IEEE 802.11 systems deployed
  without security features enabled
• Common SCADA DCS protocols frequently transmit
  in clear text
• SCADA DCS initially designed for operation in
  isolation
• WLAN may extent beyond physical security
  boundaries
• Control Systems not designed for open
  access/without adequate defense mechanisms
  incorporated (authentication)

3
POSSIBLE EXPLOITATIONS

• Locate within 1 km (.62 mi) of 802.11b network
  access point and use a laptop with a directional
  antenna
• Use Wired Equivalent Privacy (WEP) cracking
  software to gather between 100 MB and 1 GB of
  data
• Widely available WEP cracking tools (WEPcrack and
  Airsnort) would guess the encryption key,
  allowing hacker to make himself part of the plant
  floor network
• Since connection would be inside the corporate
  firewall, no warnings would be triggered
• If unable to break in through WEP cracking, he
  could launch wireless denial of service attacks
  to shut down the network or force client devices
  to disassociate from the company AP and associate
  with a rogue AP
• Once this attachment is complete, the rogue AP
  can attach to the legitimate AP by forwarding the
  clients traffic executing a man-in-the-middle
  attack.

4
REAL WORLD EXAMPLE

• Australian man found guilty of hacking into waste
  management system releasing millions of liters of
  raw sewage
• He attacked the control system not through the
  firewall but through a wireless network used for
  SCADA control

5
WHAT DOESNT WORK

• Disabling SSID broadcasting
• MAC address filtering
• WEP
• WPA-PSK with weak key

6
WEP ISSUES

• WEP Secret Key is static and shared
• No easy way to distribute new key securely
• Initialization vector broadcast both in plain
  text and as a part of the encryption key
• The fact that an eavesdropper knows 24 bits of
  every key, combined with a problem in the Pseudo
  Random Number Generator algorithm, permits an
  analytic attack that uncovers the key after
  intercepting only a relatively small amount of
  traffic
• The shared key authentication system only
  authenticates the mobile device to the access
  point (AP). This allows field devices to
  accidentally connect to rogue APs or
  man-in-the-middle devices to be inserted
  between the device and AP
• Management and control frames used in IEEE 802.11
  are always sent in plain text whether WEP
  encryption is deployed or not. This allows
  spoofing attacks where an attacker can easily
  represent his device as the AP and cause severe
  denial of service attacks

7
(No Transcript)
8
CRITICAL NEEDS

• Develop clear policy on how wireless will be
  deployed
• Set minimum security requirements for all
  wireless equipment

9
POSSIBLE SOLUTIONS

• Implement overlay Virtual Private Network (VPN)
• Assumes wireless network is as insecure as the
  Internet then superimposes more proven encryption
  scheme such as IPSec
• Traffic is encrypted before it reaches the
  wireless system by either desktop software or
  dedicated encryption gateways
• VPNs tend to be complex, often need reconnection,
  and there is limited VPN client software

10
POSSIBLE SOLUTIONS

• Deploy wireless hardware that supports the new
  Wi-Fi Protected Access (WPA) security
• WPA addresses WEP data encryption problems
  through a set of improvements called the Temporal
  Key Integrity Protocol (TKIP)
• WPA implements both IEEE 802.1x and extensible
  Authentication Protocol (EAP).
• utilizes a central authentication server such as
  RADIUS to authenticate each user before they join
  the network
• employs mutual authentication so the wireless
  user doesnt accidentally join a rogue network
• TKIP and Message Integrity Check (MIC) are easy
  to deploy, but 802.1x, EAP and RADIUS can be
  complex and difficult with devices such as PLCs
  that use non-standard operating systems
• For small facilities there are ways to simplify
  WPA such as using an option called WPA-PSK
  (Pre-Shared Key)

11
(No Transcript)
12
Need for RADIUS Server

• Single point of key management
• Centralized administration
• Seamless roaming without re-authentication
• Session time limits/time of day (user access
  policies)

13
Per Packet Keying

• Each packet is generated using a unique key
• Much more difficult to get back to key from data
• Packet sequence number rollover
• 24-bit sequence number with WEP would rollover
  leading to key re-use
• 48-bit sequence number with WPA leads to
  new session key generation

14
(No Transcript)
15
(No Transcript)
16
(No Transcript)
17
Forgery Protection

• Two forgeries in one second radio assumes it is
  under attack
• It deletes its session key, disassociates
  itself, then forces re-association.

18
REFERENCES

• E.J. Byres Securing Wireless Ethernet on the
  Plant Floor Industrial Networking, Putman
  Publishing, Chicago, Vol. 3, No. 1, Winter 2004
• E.J. Byres Wireless Ethernets Black Eye,
  Industrial Networking, Putman Publishing,
  Chicago, Vol. 2, No. 3, Summer 2003
• E.J. Byres, and J. Lowe The Myths and Facts
  behind Cyber Security Risks for Industrial
  Control Systems, VDE Congress, VDE Association
  For Electrical, Electronic Information
  Technologies, Berlin, October, 2004
• E. Byres, J. Carter, A. Elramly and D. Hoffman
  Worlds in Collision Ethernet on the Plant
  Floor, ISA Emerging Technologies Conference,
  Instrumentation Systems and Automation Society,
  Chicago, October 2002
• WPA The Latest 802.11 Security, by Jim
  Weikert, Product Manager, ProSoft Technology, ISA
  2004
• Auditing Wireless Networks, Randy Franklin Smith,
  SC Midlands Chapter of ISACA, March 24, 2006