Intel
advertisement
Doug Cooper Canada Country Manager Intel Corporation March 20, 2007 Mr. Cooper My name is Andre Brisson and I am a founder of Whitenoise Laboratories Inc. I want you to consider another “product line” and to do so I need to use a couple of examples, each brought up with the utmost respect. First, Whitenoise is the fastest encryption ever but it is truly characterized by the fact that it provides continuous stateful authentication of persons and devices, inherent detection, and automatic denial of network access to hackers and thieves. I propose that Intel should “dust off” one of its older chips and utilize Whitenoise to create a SCADA specific chip. Analogy – Moore’s law at some point will become obsolete simply because there will become a saturation point when humans are not generating data at exponential rates any more. Until then, it seems as if it is an expensive proposition to follow the Gillette model of product releases: one blade, then two, then three, then four and now five blades to a razor! For chips it becomes daunting to fathom the progression from chip, to dual cores, quad cores etc. etc. Margins become progressively harder to maintain as the processors get more sophisticated and expensive. I have attached an article from a couple of years ago when Texas Instruments surpassed Intel for the first time in total chips sold. They dusted off an old chip and sold it to Nokia. SCADA, Systems Control and Data Acquisition, networks absolutely dwarf in size what we consider to be the “human networks”. A small SCADA network will have 150,000 endpoints. Machine to machine communications control all of our critical infrastructure. Andre Brisson Whitenoise Laboratories Inc. Executive Vice President Business Development (Co-founder) Phone: 604-724-5094 Fax: 604-873-2467 Email: brisson@lightspeed.ca 1 Because of the characteristics of Whitenoise, particularly its negligible processing overhead, its incredible speed, and offset management, this security technology can be deployed in an archaic Intel chip and easily outperform anything in the market today. INTEL could market a line of chips particularly aimed at the SCADA markets. The cost to INTEL to rollout would be a fraction of the cost of embarking on a next generation chip. We can provide verification of all metrics and we have world class security experts you can reference. http://www.wnlabs.com/advisors.html There is much to learn about Whitenoise at http://www.wnlabs.com/technology.html. I would like you to consider the potential of a paradigm that we have developed called Dynamic Distributed Key Infrastructure. On the CD provided are several presentations. One has chip characteristics and was a presentation used recently with another chip manufacturer. California is looking towards utility companies monitoring energy consumption in homes so they don’t have the rolling blackouts they recently ran into etc. Their crypto needs for this project are listed below. Whitenoise can be used just for authentication, or the same key can also be used for encryption, detection, authorization, DRM, RNG etc. As you read the crypto requirements for this SCADA proposal, consider that Whitenoise satisfies all of their requirements without doing a hybrid of symmetric keys with asymmetric key update (PKI). If you read the attachment called SFI2_AES_DIVA.pdf you will see that we can accomplish the same thing but with the Whitenoise process of distributed keys in turn distributing more session keys. This tremendously simplifies the architecture, performance costs etc. Thank you for any time you spend looking into Whitenoise technologies and a possible collaborative effort on making chips for SCADA devices. This system can be demonstrated for you via SFI2 by Lofty Perch (www.loftyperch.com ). And it eliminates problems of relying on time stamps etc. Sincerely, Andre Brisson CEO www.whitenoiselabs.com Andre Brisson Whitenoise Laboratories Inc. Executive Vice President Business Development (Co-founder) Phone: 604-724-5094 Fax: 604-873-2467 Email: brisson@lightspeed.ca 2 SCADA space example Specs for utility project http://sharepoint.californiademandresponse.org/pct/default.aspx Issues for Cryptographic Measures The working group has identified the following issues concerning cryptographic measures: The consensus of the group is that encryption of the broadcast Confidentiality vs. Authentication messages is not necessary for confidentiality purposes; only authentication is necessary. While encryption is not considered necessary for purposes of Authentication confidentiality, it has been suggested that it may require less Methods processing power to encrypt the entire message as a form of authentication than to use another method of authentication and integrity checking, e.g. a cryptographic hash. Because the thermostat may pass through many hands: utility, Symmetric vs. manufacturer, installer, customer, etc., it seems likely that Asymmetric asymmetric keys would be very useful in this application. Cryptography However, the amount of processing required is orders of magnitude higher, and the memory and code footprint required could raise costs considerably. Is has been suggested that there be multiple levels of keys, with the Periodic Key lowest level being symmetric and periodically changed using a Changing higher level key to avoid eavesdropping attacks. Considering how infrequent the event messages are, however, it is not clear how often the keys would need to be changed. It has been suggested that it would be preferable to have multiple Number and Grouping of Keys sets of keys so that the number of customers affected by the compromise of any particular key or set of keys would be limited. It has been suggested that key sets be randomly distributed among thermostats sold so that any attack could not be concentrated in a geographic area. Naturally, the more key groups there are, the more difficult it will be to manage the keys. An appropriate mechanism for recovering from the compromise of Recovery from Andre Brisson Whitenoise Laboratories Inc. Executive Vice President Business Development (Co-founder) Phone: 604-724-5094 Fax: 604-873-2467 Email: brisson@lightspeed.ca 3 Key Compromise one or more keys is necessary. The method must not involve travel to the customer site. So far, the methods considered include using multiple levels of keys as discussed above, or using a finite number of keys preloaded in the thermostat. Andre Brisson Whitenoise Laboratories Inc. Executive Vice President Business Development (Co-founder) Phone: 604-724-5094 Fax: 604-873-2467 Email: brisson@lightspeed.ca 4 Cryptographic Approaches Considered The task force has considered the following general categories of cryptographic security solutions. The first two fall in the category of “traditional cryptography”. Details of the actual solution will vary, but this description should give the main ideas of each approach. Option 1: Symmetric Session Keys with Asymmetric Update This approach follows current best practices without consideration of the amount of processing power or memory footprint required by asymmetric cryptography calculations. a. Authentication and integrity are provided via an HMAC on each message. Alternatively, this could be done by encrypting the entire message. b. The HMAC is calculated using a symmetric Session Key and appropriately changing data to protect against replay. c. The Session Key is periodically changed and the new value broadcast at intervals, encrypted using an Update Key. d. The Update Key is asymmetric. e. The Public Update Key is encoded in the thermostat when it is manufactured. This will avoid concerns about the security of the Update Key in transit between the sender and the manufacturer. f. The Private Update Key is held by the sender. g. There may be multiple sets of Update Keys, with the set used by any thermostat chosen randomly when it is manufactured. To affect all thermostats, the sender must transmit multiple messages. h. There may be another level of asymmetric keys, the System Keys, used to change Update Keys if they become compromised. Option 2: Symmetric Key Combination This approach uses only symmetric operations and would be based on methods commonly used in military applications. a. The manufacturer chooses a random number and codes it into the thermostat before shipping. Call this value “A”. b. The manufacturer also encodes a well-known fixed value “D”. Andre Brisson Whitenoise Laboratories Inc. Executive Vice President Business Development (Co-founder) Phone: 604-724-5094 Fax: 604-873-2467 Email: brisson@lightspeed.ca 5 c. The manufacturer supplies a set of serial numbers and corresponding A values to the sender. d. The sender chooses a second random value for that thermostat. Call this value “B”. There could be a different B value for each thermostat, or the thermostats could be grouped so that many of them have the same “B”. e. The installer phones the sender and provides a serial number. f. The sender provides the installer with a “B” value to be entered into the thermostat. g. The sender combines A and B to produce C. Any number of functions could be used to perform the combination, the simplest being an XOR. h. The sender authenticates each message using an HMAC (or similar mechanism) of the message concatenated with D, using C as a key. i. The sender must transmit a different message for each A/B/D combination. Grouping can be achieved by varying any of the three values. j. A possible variation would be to “force” B to achieve the same C for various groups. This would potentially reduce the number of messages that must be broadcast. Option 3: TESLA or Variation Research has indicated that authentication in broadcast networks can be achieved with low processing requirements using one-way chains of symmetric keys and periodic, secure time synchronization (“Timed Efficient Stream Loss-tolerant Authentication” or TESLA) A method using some variation of this scheme would be the third option. Andre Brisson Whitenoise Laboratories Inc. Executive Vice President Business Development (Co-founder) Phone: 604-724-5094 Fax: 604-873-2467 Email: brisson@lightspeed.ca 6
