December 19, 2012 By Larry Karisny
Paul “Prem” Sobel is a Cal Tech master of science in electrical engineering and has dedicated a 40-year career to protecting mission-critical systems.
He worked with IBM, NASA, Northrop and Intel before launching MerlinCryption LLC. He developed an exponentially stronger encryption with variable key length called the Smart-World’s Smart-Encryption.
In this edited interview, Sobel discusses encryption and other security technologies and critical infrastructure vulnerabilities.
Where are we today in encryption methodologies architecture?
Paul "Prem" Sobel, Cal Tech master of science in electrical engineering
Since World War II, increasingly sophisticated encryption algorithms have been developed with early keys sizes starting at 16 bits and growing to 512 bits. Computer speed, with use of statistical analysis, cryptanalysis, mathematical and brute force techniques have broken, and will continue to break, these encryption algorithms.
Where do you see current major legacy encryption architectures in supporting future requirements?
DES, RSA, SSL and AES algorithms produce simple key strands, which continually repeat in cyphertext.
Current encryption methods also require that keys are transmitted by known mechanisms between end points, which are easily intercepted or spoofed. These two inherent weaknesses explain why a criminal’s attack of choice is against the key. The next generation of encryption must eliminate these two major risks. The new Anti-Statistical Block Encryption (ASBE) utilizes variable-length keys that scale between 2008 bits and 2 GB, which are reinforced by variable-length passwords up to 64KB.
The ASBE method uses a random data generator that generates-destroys-recreates keys and passwords on demand, making key/password transfer between end points unnecessary. The communication and storage of encryption keys and passwords are also not needed, which circumvents criminal interception.
Future requirements will also dictate a more simple and inexpensive key management system. Today’s Public Key Infrastructure (PKI) is economically and operationally an albatross. Research shows that organizations spend between $47 and $5,921 for the creation, distribution and maintenance of each PKI key in use. PKI management involves certificates, registration authority, directory management, central key deposit, external validation and protocol. Future encryption methods must find alternatives to secure key communication and management.
Can Intrusion Prevention System (IPS) security put us on a catastrophic path of the whole security architecture collapsing?
IPS architects must secure against external attacks and insider attacks. The approach is different for each threat. External attacks can be thwarted with strong whitelisting and using advanced authentication. Two- and three-factor authentication is not enough. Airtight multi-factor requires validating both people and machines over and above the “something known,” “something physically possessed,” and “something unique” that the industry typically uses today. MerlinCryption also employs “something temporary,” which increases authentication to 10 and more factors. All authentication data (both inbound and outbound) needs to be strongly encrypted.
Sophisticated internal espionage may overcome typical two-factor authentication. Again, the use of additional factors and something temporary fortifies prevention. A stealthy security system against insider attacks must encompass data-at-rest, data-in-motion, data-in-use and data-in-change. Real-time data change can be protected with an encrypted in-memory solution. Monitoring and recording activity helps identify the source of foul play. Using strong encryption, with larger variable-length keys, derails system compromise.
What characteristics would you suggest to look for when selecting a solid IPS security solution?
An airtight security process must not only deny access, but also secure data integrity while alerting operators of foul play. Instead of requiring every smart grid node to be capable of detecting intrusion, it is recommended to use multi-factor time-varying authentication and strong encryption with larger, variable-length keys. Keys that require no transfer are most advantageous. Additionally, it is an optimal strategy to have a separate system, which monitors for and reports intrusions on the smart grid networks
Built-in whitelisting can enable which code is allowed to communicate or cause critical actions. This security measure not only prevents but also alerts of an attempted violation of the whitelist.
We are putting billions of networked applications out with little concern for security. Where is the vendor disconnect in these security needs?
Before the recent outcry, security was often regarded as merely a nice feature. However, with the $388 billion cybercrime business now as large as the international illegal drug trade, and threats of foreign espionage, encryption is no longer a choice. Today’s environment requires that developers and OEMs strategically address the use of strong encryption and multi-factor time-varying authentication in the design phase of any project. A good security system must encompass data-at-rest, data-in-motion, data-in-use and data-in-change.
Are compliance, mandates and executive orders helping cyber security?
Compliance and security are not the same. Compliance sets a minimum standard. A system can be in full compliance and still be totally at risk. The concept of “minimum standard" is an open-ended problem, which evolves along with the evolving sophistication of the attacks. Mandates and executive orders are often “too little, too late.” Systems and their architecture must be proactively designed to address future attacks.
What needs to be done today to expedite readied security technologies in support of sensitive areas such as critical infrastructure?
Protecting access to status, states, reports, machine software updates, commands and controls is paramount to critical infrastructure security. These systems have unique high-risk challenges in different network zones, automated processes and device networks, including servers, human-machine interface (HMI), intelligent electronic devices (IED), controller logic, and industrial network protocols. Adequately securing critical infrastructure requires a dynamic encryption engine, which works in tandem with strong authentication.
As example, a man-in-the-middle strives to intercept messages, change updates, block alerts, or other false data injection between meters and the utility company. This type of attack against the grid would require authentication and encryption to securely, dynamically and flexibly transmit status messages, alarms and alerts between operators, security intelligence and machines in a sub-second response. The smart-grid operator needs the flexibility to continually change all key, password and authentication parameters, on command.
Protection of our critical infrastructure is a serious and immediate challenge for security leaders, striving to thwart potential incidents. Fortunately, the new ASBE encryption technology overcomes the obstacles of older encryptions and supports a national move to dependable security.
How can manufacturers prepare for new security requirements?
It is imperative that all systems, old and new, have more memory than currently needed, both RAM and Flash. This is needed for new functionality, evolving security threats, monitoring and alerts, and perhaps things yet to be thought of.
Two simple last questions: Why is security being breached today and has your solution ever been breached?
In today’s power-grid environment, we are connecting things that were never connected before, and they were never meant to be connected to the Internet. We are also working with old security architectures that can’t scale to today’s needs. These archaic systems do not address the complexity of SCADA control systems, and many were not built for network conductivity. The old ways won’t work. Critical infrastructure security needs a fresh look.
To answer your second question, the MerlinCryption solution has been pen-tested by the best -- including some noted hackers in Ukraine and Russia. ASBE encryption has never been broken. Encryption keys that disappear after they are used can’t be compromised. It doesn't have to be complicated. It is a matter of using common sense.
DES | Data Encryption Standard
RSA | a public-key encryption technology developed by RSA Data Security, Inc.
SSL | Secure Socket Layer
AES | Advanced Encryption Standard
OEM | Original Equipment Manufacturer
Cyphertext is encrypted text
Larry Karisny is the director of Project Safety.org, a smart-grid security consultant, writer and industry speaker focusing on security solutions for the smart grid and critical infrastructure.
This Digital Communities white paper highlights discussions with IT officials in four counties that have adopted shared services models. Our aim was to learn about the obstacles these governments have faced when it comes to shared services and what it takes to overcome those roadblocks. We also spoke with several members of the IT industry who have thought long and hard about these issues. The paper offers some best practices for shared government-to-government services, but also points out challenges that government and industry still must overcome before this model gains widespread adoption.