NAME Product cybersecurity assessment laboratory
Cybersecurity testbed oriented to: - Verification, validation and assessment of industrial components. - Pre-homologation and support throughout the product certification. - Industrial cybersecurity showrooms. This specialised equipment supports different test methods which are oriented to meet the requirements of the reference industrial cybersecurity standards: - Penetration tests. - Communication robustness tests. - Functional security assessment. - Implementation tests.
FIELDS OF APPLICATION
Asset protection
Attack detection
Identification of threats and risks
MOST OUTSTANDING EQUIPMENT AND COMPONENTS
-
Equipment for communication robustness tests (Achilles)
Achilles is the reference platform to perform communication robustness tests to any of the devices to the node will be oriented to: embedded systems, network components, host systems or applications. It supports a wide range of protocols covering the needs identified in the industry, as well as it provides the mechanisms to implement custom tests over protocols not considered by default. This tests platform is supplied by Würldtech (owned by GE) and it has the international recognition from standards and certification authorities. Therefore, besides its technical features, it offers a differential service and it allows using the test results as evidences in a certification process.
-
Equipment for implementation tests (Riscure)
Riscure SCA (Side Channel Analysis) station includes the necessary hardware and software to collect, process and analyse devices and algorithms information. It allows testing and analysing the vulnerabilities of the cryptographic implementations against to side channel attacks through power consumption and electromagnetic compatibility (EMC). SCA station is extended with supplementary highly specialised equipment (micropobing station, precision probes and pattern based trigger devices.
-
IoT Lab and Blockchain
Infrastructure of servers that allow deploying the following services:
• Cybersecurity tools that allow performing the penetration test service (i.e. Nessus, Accunetix, etc).
• Necessary computational capacity to implement solution over blockchain technology.
• Penetration tests performed over data centres and web developments with the appropriate cybersecurity measures. -
PKI infrastructure over Hardware Security Module (HSM)
This equipment allows deploying a public key infrastructure (PKI) accomplishing security guarantee in a similar way as a certification authority (CA). At the same time, this infrastructure allows managing and deploying keys of IoT devices in a secure manner, offering this service both in the development and in the operation phase.
SERVICES OFFERED BY THE ASSET
Communications robustness testing
These tests are meant to saturate the product’s communication interfaces with incorrect and/or poorly formed messages in order to check their robustness. These injected messages are generated through different techniques (fuzzing, grammars, storms) that allow to cover a wide spectrum of all possible combinations to form frames of different industrial communication protocols. In addition to checking the robustness of the products’ communications, these tests also allow to detect new, unknown vulnerabilities as a result of the analysis of the behaviour observed. The support tool for these tests is Achilles, created by GE Digital. This tool is recognised by the ISASecure certification program and supports numerous industrial communication protocols (Ethernet, TCP/IP, UDP, Foundation Fielbus (FF-HSE), MMS (IEC 61850/ICCP), Modbus TCP/IP, OPC UA, PROFINET IO, DNP3, SES-92, ZigBee SE (802.15.4), ICMP, ARP, Link State, OPC (via VCS), Heartbeat).
Functional security testing
The purpose of these tests is to verify that cybersecurity requirements have been correctly met and to evaluate the measures implemented against the threats detected in the cybersecurity risk analysis. In short, they allow to verify the performance, correctness and robustness of the cybersecurity measures implemented. The tests can be set up as an audit to verify the correct implementation of cybersecurity requirements in accordance with the IEC 62443-4-2 standard.
Implementation testing
Implementation testing consists mainly of performing reverse engineering of electronic components using different techniques, among which we can find: - Side channel: consists of analysing information through interfaces derived from the physical implementation of the component (consumption, electromagnetic radiation, sound, etc.). - Fault injection: consists of manipulating the device to divert it from its normal operation (voltage, clock signal, electromagnetic pulses, etc.). Information obtained by these techniques is processed using specialised equipment, and the result allows to collect sensitive information from the device (e.g. cryptographic keys) and detect potential vulnerabilities derived from implementation. The support tool for these tests is the SCA (Side Channel Analysis) channel from the manufacturer Riscure.
PKI: Digital certificate management
A PKI (Public Key Infrastructure) enables the life cycle management of digital certificates used to establish cybersecure communications between two parties. These certificates can be used, among other things, to ensure the identification and authentication of the users involved or to guarantee the integrity of the information exchanged, and are particularly useful when communication takes place between parties who do not know each other in advance. To deploy this service in accordance with currently recognised best practices, a dedicated HSM (Hardware Security Module), from the manufacturer nCipher, is available. This module is used to generate the root of trust, using the cryptographic techniques that currently offer the most guarantees and enabling the highest levels of cybersecurity in line with the IEC 62443 standard.
Product certification
Comprehensive service for the development, validation and certification of products or systems with cybersecurity requirements, according to emerging standards (IEC 62443). The knowledge of our researchers and the equipment of our laboratory allows us to carry out the cybersecurity development of industrial products and their subsequent validation through different types of tests (vulnerability and penetration tests, communications robustness tests, implementation tests, functional security tests). These activities allow to carry out the pre-homologation of products, and they are used as a reference for assisting companies in the certification process with accredited entities.
Vulnerability and penetration testing
Vulnerability testing consists of running tests aimed at identifying vulnerabilities in the products or systems assessed. It can be approached as black-box testing, in which external interfaces with no knowledge of the design and implementation details of the product are used to discover known product vulnerabilities (ports and services that are insecure by design, versions or configurations of insecure protocols, etc.). Nmap and Nessus are support tools for these tests. Penetration testing consists of conducting an ethical attack on the component or system in order to find weaknesses that could be exploited to compromise its confidentiality, integrity and/or availability. The purpose of these tests is to break the cybersecurity measures implemented. They are considered black-box tests that assume the role of the attacker, who would take advantage of all the public information of the device to try to exploit one or several vulnerabilities. Nessus and Metasploit are the support tools for these tests.
ENTITY MANAGING THE ASSET
Contact person:
Jose Luis Montero Bouza
jlmontero@ikerlan.es