The Transport Layer Security (TLS) protocol is one of the most widely used security protocols on internet. Yet do implementations TLS keep suffering from bugs and vulnerabilities. In large part this due to protocol's complexity which makes implementing testing notoriously difficult. paper, we present our work using differential as effective means detect issues in black-box handshake protocol. We introduce a novel fuzzing algorithm for generating diverse corpuses mostly-valid messages....

The Transport Layer Security (TLS) protocol is a well-established standard for securing communication over insecure links, offering layer-4 VPN functionality. In the classical Internet TLS widely used. With advances of Things (IoT) there an increasing need to secure on resource-constrained embedded devices. On these devices, computation complex cryptographic algorithms difficult. Additionally, sensor nodes are physically exposed attackers. Cryptographic acceleration and hardware security...

Real-Time Ethernet has become the major communication technology for modern automation and industrial control systems. On one hand, this trend increases need an automation-friendly security solution, as such networks can no longer be considered sufficiently isolated. other it shows that, despite diverging requirements, domain of Operational Technology (OT) derive advantage from high-volume Information (IT) domain. Based on these two sides same coin, we study challenges prospects approaches...

Driven by the Industry 4.0 paradigm and resulting demand for connectivity in industrial networking, there is a convergence of formerly isolated operational technology information networks. This leads to attack surfaces on Therefore, holistic approach countermeasures needed protect against cyber attacks. One element these use certificate-based authentication components communicating field level. turn requires management certificates, private keys, trust anchors communication endpoints. The...

The Transport Layer Security (TLS) protocol is a cornerstone of secure network communication, not only for online banking, e-commerce, and social media, but also industrial communication cyber-physical systems. Unfortunately, implementing TLS correctly very challenging, as becomes evident by considering the high frequency bugfixes filed many implementations. Given significance TLS, advancing quality implementations sustained pursuit. We strive to support these efforts presenting novel,...

We provide a brief overview of the cryptographic security extensions for PROFINET, as defined and specified by PROFIBUS & PROFINET International (PI). These come in three hierarchically Security Classes, called Class 1,2 3. 1 provides basic improvements with moderate implementation impact on components. Classes 2 3, contrast, introduce an integrated protection communication. first highlight discuss features that specification offers future products. Then, our main focus, we take closer look...

The CAN bus still is an important fieldbus in various domains, e.g. for in-car communication or automation applications. To counter security threats and concerns such scenarios we design, implement, evaluate the use of end-to-end concept based on Transport Layer Security protocol. It used to establish authenticated, integrity-checked, confidential channels between field devices connected via CAN. Our performance measurements show that it possible TLS at least non time-critical applications,...

The specification of the Transport Layer Security (TLS) protocol defines its own presentation language used for purpose semi-formally describing structure and on-the-wire format TLS messages. This Presentation Language (TPL) is more expressive concise than natural or tabular descriptions, but as a result limited objective has number deficiencies. We present eTPL, an enhanced version TPL that improves expressiveness, flexibility, applicability to non-TLS scenarios. first define generic model...

In this paper, we study the runtime performance of symmetric cryptographic algorithms on an embedded ARM Cortex-M4 platform. Symmetric can serve to protect integrity and optionally, if supported by algorithm, confidentiality data. A broad range well-established exists, where different typically have properties come with computational complexity. On deeply systems, overhead imposed operations may be significant. We execute AES-GCM, ChaCha20-Poly1305, HMAC-SHA256, KMAC, SipHash STM32...

Cryptographic protection of messages requires frequent updates the symmetric cipher key used for encryption and decryption, respectively. Protocols legacy IT security, like TLS, SSH, or MACsec implement rekeying under assumption that, first, application data exchange is allowed to stall occasionally and, second, dedicated control orchestrate process can be exchanged. In real-time automation applications, first generally prohibitive, while second may induce problematic traffic patterns on...

It seems to be a widespread impression that the use of strong cryptography inevitably imposes prohibitive burden on industrial communication systems, at least inasmuch as real-time requirements in cyclic fieldbus communications are concerned. AES-GCM is leading cryptographic algorithm for authenticated encryption, which protects data against disclosure and manipulations. We study both hardware software-based implementations AES-GCM. By simulations well measurements an FPGA-based prototype...

This paper makes two contributions to the verification of communication protocols by transition systems. Firstly, presents a modeling cyclic protocol using synchronized network enables seamless cryptographic rekeying embedded into messages. Secondly, we test model checking technique.

The Datagram Transport Layer Security (DTLS) protocol has been designed to provide end-to-end security over unreliable communication links. Where its connection establishment is concerned, DTLS copes with potential loss of messages by implementing own detection and retransmission scheme. However, the default scheme turns out be suboptimal for links high transmission error rates low data rates, such as wireless in electromagnetically harsh industrial environments. Therefore, this paper, a...

Das PROFINET Protokoll wurde in der aktuellen Version um Security-Funktionen erweitert. Damit können für flexible Netzwerkarchitekturen mit Security entworfen werden, die durch bisher erforderliche Netzwerksegmentierung nicht möglich waren. Neben den Herstellern Protokollstacks sind nachfolgend auch Komponentenhersteller gefordert, eine sichere Implementierung ihren Geräten umzusetzen. Die erforderlichen Maßnahmen gehen dabei über Nutzung eines sicheren hinaus. Der Beitrag zeigt am Beispiel...

As cyber-attacks and functional safety requirements increase in Operational Technology (OT), implementing security measures becomes crucial. The IEC/IEEE 60802 draft standard addresses the convergence Time-Sensitive Networks (TSN) for industrial automation.We present standard's architecture its goals to establish end-to-end with resource access authorization OT systems. We compare our abstract technology-independent model management of cryptographic credentials during lifecycles...