Avishai Wool (Tel-Aviv University)
Wednesday, 22.12.2021, 11:30
Many important networking systems were designed decades ago, with a "closed environment" as a fundamental invariant: the networking infrastructure in a moving car, a flying aircraft, or a fenced power plant, were implicitly assumed to be isolated. As a result, the communication bus protocols were designed to function well despite natural phenomena such as noise, interference, radiation and so forth. No defenses against malicious adversaries were designed in.
Once these isolated systems are connected to the Internet, the old design choices are exposed, and become easy attack surfaces. And then we find that the legacy networks are victims of their own success: Replacing the networking technology with secure alternatives is extremely expensive and slow. Power plants, cars and aircraft are not cellphones: they continue to function for 25-50 years! So there is a need to retrofit security mechanisms into the old insecure designs.
In this talk I will survey the leading communication bus protocols, with a focus on their inherent security vulnerabilities: Modbus and the Siemens protocols in industrial control systems, CAN bus in automotive in-vehicle networks, and ARINC429 in civilian aircraft networks. I will then highlight what can be done in the areas of anomaly detection and intrusion prevention. Somewhat surprisingly, these specialized networks sometimes have unique features that can be repurposed to achieve defensive goals.