Binary Transparency for OT

The increasing number of attacks targeting software supply chains pose a significant threat to software reliant systems.

Operational technologies (OT) are also impacted by this trend, given their significant dependence on software for correct

operation. Within the vast landscape of supply chain attacks, one noteworthy instance is the circumvention of code-signing,

which is employed to verify the authorship of software. By utilizing stolen signing keys, attackers can generate seemingly

legitimate code signatures or exploit trusted keys to launch targeted attacks against selected victims. Binary transparency (BT)

serves as a mechanism to detect and deter such attacks by mandating that every signed binary is stored in a trusted append-only

log. As of now, this technology, closely related to certificate transparency, has not seen application in OT.

This thesis introduces an architecture that aims to facilitate the adoption of BT in OT environments. The architecture is specifically

designed to tackle the unique challenges that are commonly encountered in OT. The approach includes well-defined verification

levels that can be chosen based on device capabilities, which can be highly variable in OT. Furthermore, it introduces conceptual

approaches that leverage assisting infrastructure to provide support for less capable devices. This approach serves to mitigate attacks

on devices with limited verification capabilities, and smooth transitional periods when more robust mechanisms are being retrofitted

onto legacy devices. Furthermore, it presents a federated gossiping protocol that prevents logs from presenting inconsistent views to

different observers, without it being detectable. The architecture is implemented and tested with low-power microcontrollers, showcasing

the practicability of the proposal.