Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

System development and maintenance: an international standard for

advertisement 
TECHNOLOGICAL EDUCATIONAL INSTITUTE OF PIRAEUS
System development and maintenance: an international
standard for information technology security
G. Pavlis, G. Besseris and C. Stergiou
MSc Program in Advanced Industrial and Manufacturing Systems
Mechanical Engineering Department
TEI of Piraeus, Greece and Kingston University, London, UK.
Abstract
Authentication and cryptography are two things that they used in order to protect and verify
information. System development and maintenance is a chapter of ISO 17799 that it refers in
cryptography and authentication and is very useful in SCADA projects. SCADA (Supervisor Control
And Data Acquisition) is a system which use in industry and its information has to be protected from
malicious attack. That is done using another integrity system named AGA 12. Some of the
requirements of the ISO 17799 are implemented by SCADA itself, so the AGA 12 is only for
encryption ad authentication.
INTRODUCTION
ISO 17799 is an internationally recognized Information Security Management
Standard, first published by the International Organization for Standardization, or ISO
in December 2000. It can be applied across multiple types of enterprises and
applications. Organizations daily face threats to their information assets. At the same
time, they are becoming dependent on these assets. Most information systems are not
inherently secure. Establishing information security requirements is essential, but to do
so, organizations must understand their own unique threat environment. Appropriate
controls may be selected to mitigate these identified risk factors.
ISO 17799 consists of 10 security controls, which are:
1. Security Policy
2. Organizational Security
3. Asset Classification and Control
4. Personnel Security
5. Physical and Environmental Security
6. Communications and Operations Management
7. Access Control
8. System Development and Maintenance
9. Business Continuity Management
10. Compliance
System Development and Maintenance control addresses an organization’s ability to
ensure that appropriate information system security controls are both incorporated and
maintained. Security requirements should be identified and agreed prior to the
development of information systems. This control includes:
System security requirements – prevent loss, modification or misuse of user
data in application systems.
Application security requirements – incorporates information security considerations
in the specification of any application development or procurement.
Cryptography – policies, standards, and procedures governing the usage and
maintenance of cryptographic controls.
System Integrity – mechanisms to control access to, and verify integrity of, operational
software and data, including a process to track, evaluate, and incorporate asset
upgrades and patches.
Development security – maintain the security of application system software and
information.
CRYPTOGRAPHY
Cryptography is a science that is used to protect information. Cryptographic tools are
classified basically in two categories:
1. Symmetric or secret-key systems. Symmetric cryptography is the classical genre of
cryptography in which the sender and the recipient both have, a priori, a common
secret quantity. With secret-key systems, two users wanting to exchange cryptographic
information must share common secret key(s) to do so. In such systems the users must
be able to exchange such keys over some secure channel prior to communicating. This
can be done through various key distribution mechanisms, but it requires adequate
secrecy controls. An advantage of secret key systems is that they can be implemented
efficiently in hardware.
2. Asymmetric or public-key systems Asymmetric cryptography uses two
mathematically paired keys; whatever one key encrypts the other key decrypts. In
Public-key systems each party selects a pair of related cryptographic keys, one of
which it keeps to itself as its private key, while the other is advertised as its public
key. Public key systems draw their name from the fact that the latter key, which must
be shared, is public information.
Encryption provides message confidentiality by rendering information unreadable to
anyone but the intended recipient(s). Authentication, seeks to ensure that a message
has been sent by a known party or device. Integrity checking can also be applied to
the contents of a message where encryption is used to ensure any alteration of the
contents of a message.
Plaintext is text presumed understandable to anyone who should view it. Encryption
changes plaintext to ciphertext, text that is not interpretable by any unauthorized
person who should happen to see it. A cryptographic algorithm is the set of rules used
to transform the plain text into ciphertext. In an elementary way, the three ingredients
are needed to operate a cryptographic system:
 the cryptographic algorithm,
 the keying variable, and
 The plaintext from the sender.
With these it is possible to generate the ciphertext for the recipient.
AUTHENTICATION MECHANISMS
The oldest technique for providing one-way authentication is based on passwords.
Aside from the fact that one-way authentication is no longer judged sufficient,
passwords are the least safe technique to implement it because they suffer from
numerous problems:
1. Passwords are exposed when they are typed
2. Passwords may be exposed by displaying or printing on the terminal
3. Passwords need to be stored in the computer. To protect them, many systems
used to store them in public files Unfortunately, users have a natural tendency
to choose passwords that are dictionary words, names, or numbers meaningful
to them, so that many intruders manage to obtain passwords by using the
computer itself to find matches
4. One can of course let the machine generate passwords.. To this end machinegenerated passwords must be carefully selected since they tend to be hard to
remember for the users, who end up writing them down on paper, opening in
that way the door to loss or theft of the paper
Other one way authentications are: Face recognition, Fingerprints, Hand geometry,
Iris scan, DNA. Such techniques are generally expensive to support and somewhat
unreliable in the sense that while an illegitimate user will rarely be identified as
legitimate, a legitimate user may sometimes be rejected as illegitimate.
Digital signatures provide a solution of protecting the authenticity and integrity of
electronic documents. For example, they can be used in electronic commerce where
there is a need to verify who signed an electronic document and check whether the
contents of the signed document have been changed. Digital signatures can be applied
to any form of document which is being processed electronically. For example, they
can be used to sign electronic payments, funds transfers, contracts and agreements. In
addition digital signatures provide the following advantages:
No need to print out documents for signing
Reduce the storage of paper copies
Improve management and access (anytime/anywhere) of electronic, versus
paper documents
Eliminate the need for faxing or overnight mailing—reduction of cycle time
Improve security of document transmission
IMPLEMENTED ISO 17799 IN SCADA COMMUNICATIONS
The company in which the project refers is named A.ltd (the real name is not be used
in this project) and it sells industry organs such as PLC, inverters, HMI touch screens,
proximity sensors, SCADA, PID temperature controllers. It also develops automation
projects such as programming of PLC, SCADA and HMI touch screens. The SCADA
project, that it will be referred below, is about to a concrete production industry. The
owner of this industry wants to controls his units remotely and it is needful to embody
a cryptography mechanism in SCADA systems.
It will be described the desirable way of how the SCADA has to set up without AGA
12. The client wants to workstation part of above figure to set up in every concrete
plant. There it will be the SCADA project that it described earlier in this project. This
SCADA will be connected with PLCs in order to product concrete. In workstation it
will be another PC that is connected to SCADA master’s PC and it will be used only
for supervisory propose. The PC of SCADA master it will be operated by an operator
and he will be response of the concrete production. The manager of the plant uses the
SCADA client’s PC. This PC has not setup the SCADA software at all, only an
internet browser, such as Microsoft internet explorer or Netscape, and the manager
will be only supervising what the operator does.
Control room
SCADA
client
Workstation
SCADA
client
SCADA
master
SCADA
master
PSTN
modem
modem
SCADA
client
Internet
Without AGA12
In control room there is another SCADA master and SCADA client PCs but they will
have a different role in reference to workstation PCs. The SCADA master PC will
have the SCADA software setup, and it will communicate with the other SCADA
master PCs that are in every workstation. The project of that SCADA is simpler
because the only thing that it has to do is to take data from database from every
workstation. The other SCADA client’s PC will supervise and control the master PC
through an internet browser.
Each PC that have a SCADA software setup it will have a firewall, antivirus as well
as anti-spyware programs. All these programs are very well known in nowadays and
there is no need to describe them. Due to the internet connection that every PC has the
existence of those useful programs are necessary in order to prevent file infection and
intrusions. There is the risk of entering someone in SCADA project and modify,
change or delete useful files. This risk is not only from internet, but from an
unauthorized person. For this occasion additional measures have to be taken. First, the
operating system requires a password in order to allow the access on it. Second, the
data logger of the windows records much useful information. Finally, every person in
this company has responsibilities for something specific. So, when something goes
wrong the manager knows where to find explanations.
RTU
PLC
The SCADA saw the capability to limit the maximum and minimum value when
someone enters a value. So, the entered value will be not out of range. Additionally,
the kind of characters will be predefined and it will not be, for instance, impossible to
enter ASCII characters when numerical characters are asked for. However, there is
useful to be a check in case of invalid password. If someone tries to enter an invalid
password more than three times this action is record in log file and an e-mail is sent.
When there is a concrete production SCADA is not allowed to enter some values
which are going to alter the flow of production and change important information. In
case that something goes wrong, such a power corruption or some peripheral device
malfunction, and the values are change beyond of logical values, the production is
stopped and an alarm message is appeared in order to avoid any damages and
maintain the quality of the product. The SCADA project structure checks also the
output data. If the values are different than the operator expects to be, then a warning
message is appeared.
Control room
SCADA
client
SCADA
master
modem
Workstation
SCADA
client
modem
SCADA
master
PSTN
SCADA
client
SCM
Internet
SCM
Authentication
key
Admin
workstation
PLC
Authentication
key
Key
management
appliance
Key
management
appliance
Admin
workstation
With AGA12
When there is a concrete production SCADA is not allowed to enter some values
which are going to alter the flow of production and change important information. In
case that something goes wrong, such a power corruption or some peripheral device
malfunction, and the values are change beyond of logical values, the production is
stopped and an alarm message is appeared in order to avoid any damages and
maintain the quality of the product. The SCADA project structure checks also the
output data.
In order to make more secure the communication between the two SCADA masters’s
PCs, authentication and cryptography technique must be used. There is an integrated
system that it was developed by American Gas Association, the AGA 12. The only
that added is a SCM (SCADA Cryptographic Module) that is connected between the
SCADA and internet or modem. In the other side there is another SCM between
modem or internet and SCADA. The SCM, independently of its name, it is also
response for the authentication of the messages. An AGA 12 compliant administration
work station is also use in order to manage the cryptographic keys for the system. An
AGA 12 compliant key management appliance is used to distribute the keys to the
SCM and to other AGA 12 compliant devices.
The SCADA project is saved in D hard disk, a different disk from C. This is done in
order to protect the project in Windows failure. The database is also saved in D. Every
time that is needed to make a test of new version of project, the operator and the
project developer, corrupt the function of SCADA and save the new one in E disk.
Then, they run the new one and the tests are started. When the tests are done
successfully the older one is store in a different file in D disk and the new one takes
its place. The test file is erased immediately when the tests are done. If there is a new
version of SCADA software then it should take into account the project developer the
security capabilities and settings of new one in order to upgrade the software with
success. All these procedures must be logged in a hard copy after a procedure is done
Related documents
Ozan Cakmak
Ozan Cakmak
employment opportunity
employment opportunity
Slide PPT
Slide PPT
Instrumentation Engineer Resume
Instrumentation Engineer Resume
subject: utility plant operator
subject: utility plant operator
(1)
(1)
SCADA system has three layers
SCADA system has three layers
Assistant Plant Operator, Class 1 License CH851 12 hour, Rotating
Assistant Plant Operator, Class 1 License CH851 12 hour, Rotating
Download
advertisement