Sandia Anonymous, Authenticated Protocol for Information Sharing

From SCADApedia

Jump to: navigation, search

One hypothesis on why efforts to share information on control system cyber incidents has repeatedly failed is asset owners are concerned the information will make them infamous like the Maroochy sewage incident in Australia. This potentially could affect public confidence, stock price and otherwise negatively affect the company reporting the incident.

Sandia, as part of the I3P Project and with the assistance of MITRE, developed an anonymous, authenticated communication protocol for information sharing as a means to addressing these concerns. The communication protocol prevents other parties in the information sharing group from knowing the author of the incident while authenticating the author is a member of the information sharing group.

Contents

[edit]

Types of Anonymity

True anonymity in an information sharing environment is a multi-faceted issue.

  1. Anonymity of the message author - The user and company affiliation that provided information on the incident cannot be determined by other members. This is accomplished by the Sandia protocol by providing the same crypto keys to all members of the group, and the protocol provides a method for creating, distributing and a daily change these shared keys. Having the shared key is implicit authentication that the author is part of the group.
  1. Anonymity of message detail - There may be information in the message that would provide clues to the author of the cyber incident message. For example, information about a pipeline incident in a town or state is likely to identify the affected organization. The protocol does not provide message anonymity and relies on the message author to remove any identifying information from the message.
  1. Anonymity of the communication path - The identify of affected organization may be determined by tracking back the communication path to its source. The protocol does not handle this directly, but Sandia provides guidance on using remailers and onion routers.

The Sandia anonymous, authenticated protocol focuses on the anonymity of message author.

[edit]

Protocol Features

The Sandia protocol has a number of security features including:

  • All valid users in the information sharing group receive a Random Number CD that allows them to calculate the key token of the day.
  • Any user with the key token of the day is considered authenticated and authorized and can send a message without any information about their individual ID.
  • The protocol will encrypt and authenticate the message in transit to prevent eavesdropping or alterations. Each message has unique keys.
  • A mode that allows message revocation by the author without reveling their identity is available.
[edit]

Status and Availability

A working prototype exists but the protocol has not been deployed.

Information sharing organizations may be able to use the technology at no charge.

[edit]

External Links

Anonymous, Authenticated Communication Protocol Project Page

I3P Process Control Systems Project

Sandia Center for SCADA Security

Sandia Paper in S4 Proceedings

Retrieved from "http://www.digitalbond.com/wiki/index.php/Sandia_Anonymous%2C_Authenticated_Protocol_for_Information_Sharing"
Personal tools