Description
The increasing digitalization and interconnection of Industrial Automation and Control
Systems (IACS) have significantly expanded the attack surface and heightened the
risk of cyber attacks in Operational Technology (OT) environments. To address these
evolving threats, IACS operators have started to adopt established Information Technology
(IT) security measures within their infrastructure. Public Key Infrastructure (PKI)
is one of the key authentication mechanisms in the internet today, providing server
authentication for billions of websites. As a result, PKI has also been introduced into
IACS environments to fulfill critical authentication requirements for OT components.
However, operating a PKI proves to be challenging in the complex and heterogeneous
landscape of IACS, leading some operators to rely on external service providers for
PKI operation. Externalizing the authentication trust anchor results in a loss of direct
control over critical security components and introduces new dependencies. In the
WebPKI, Certificate Transparency (CT) was developed to monitor the certificate issuance
activities of publicly trusted Certificate Authorities (CAs) and regain insight into their
operations.
This thesis explores the adaptation of CT for a private PKI infrastructure operated by
a service provider but targeted specifically for IACS environments. While CT in the
WebPKI addresses trust issues through open and multi party ecosystems, its design and
trust assumptions do not align with the private and tightly controlled structure of IACS
environments. To bridge this gap, a private CT infrastructure setup is proposed where
all CT components are fully controlled by the IACS operator. Necessary modifications
to CT processes and architecture are identified, addressing the different trust relations
and capabilities of OT devices. Furthermore, a layered approach for integrating CT
into the IACS environment is developed to align with industrial standards such as
ISA/IEC 62443.
A proof-of-concept implementation demonstrates the feasibility of this approach,
including the development of custom tooling to address missing functionality in existing
open-source CT software. The thesis concludes that CT can be successfully adapted
for private ecosystems, although broader support is currently lacking, especially in
cryptographic libraries intended for OT devices.
|
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching