SCADA, Telematics & GPS Technologies

It’s a fun new activity to do, along with new killer applications keep on submerging on the web…

source: MAKE

Well here we go again. I just read some editorials in the latest issue of CONTROL magazine. Greed and ego are proving to trump logic and reason once again. Users need a standard, a single open protocol standard for Wireless communications. In existence today with products being marketed offering this capability are Wireless HART…. that’s it. The Honeywell wireless is a proprietary protocol that Honeywell is batting to shove down the throats of the ISA100 committee that have been gathered for three years now trying to develop a standard. While the battle has been quietly, and sometimes not so quietly, been raging in the ISA100 committee, Wireless HART has been working hard and growing its installed base. By the end of 2008 there will be even more products offering it, including the measurement instrumentation giant Endress & Hauser and Emerson Process. I’m with them, Wireless HART is the way to go… and so is wireless in general.

Source: Monitor Technologies

It’s an old issue but still got a kind of relations to our days of life.

Another highlight for us at CCC was [Karsten Nohl] and [Henryk Plötz] presenting how they reversed Philips crypto-1 “classic” Mifare RFID chips which are used in car keys, among other things. They analyzed both the silicon and the actual handshaking over RF. Looking at the silicon they found about 10K gates. Analyzing with Matlab turned up 70 unique functions. Then they started looking “crypto-like” parts: long strings of flip-flops used for registers, XORs, things near the edge that were heavily interconnected. Only 10% of the gates ended up being crypto. They now know the crypto algorithm based on this analysis and will be releasing later in the year.

The random number generator ended up being only 16-bit. It generates this number based on how long since the card has been powered up. They controlled the reader (an OpenPCD) which lets them generate the same “random” seed number over and over again. This was actually happening on accident before they discovered the flaw.

One more broken security-through-obscurity system to add to the list. For more fun, watch the video of the presentation.

Source: Hackaday

Coral reefs, nature’s most lively architecture, could come tumbling down and it could take millions of years for them to return, if carbon dioxide emissions aren’t cut quickly, scientists warned today.

The world’s oceans have absorbed 40 percent of the carbon dioxide emissions produced by humans in the industrial age, but that buffering is changing the chemistry of the oceans. Already, the acidity of ocean waters, which are generally basic, has shifted about 0.1 on the pH scale, or 10 percent, since pre-industrial times, and could get far more acidic by mid-century.

In a editorial in the journal Science, the researchers also noted that unlike CO2’s climate impacts, which vary between models to some extent, ocean acidification is based on basic chemistry and is nearly sure to occur if we continue burning fossil fuels, with disastrous consequences for some marine life.

“What we’re doing in the next decade could mean that for the next two million years, there are no coral reefs in the ocean,” said Ken Caldeira, a Stanford professor, and recent Wired profilee.

While most of the attention on the impacts of carbon dioxide emissions has focused on its ability to act as a greenhouse gas, that warms the earth’s climate, the changes CO2 emissions will bring to the world’s oceans are receiving increasing attention. The more CO2 in the atmosphere, the more of it that dissolves into surface ocean water. That small chemistry change could cause huge changes in marine biology.

Marine organisms, like coral, that build skeletons out of calcium could find themselves unable to do so. If current emissions trends continue over the next decade, the world’s marine creatures will be dealing with what’s essentially an alien ocean. The last time ocean conditions like those predicted for mid-century existed was long before humans walked the earth.

“I think in order to find something that is as extreme as what we continue to do this century, you have to go back to when the dinosaurs became extinct, 65 million years ago,” Caldeira said.

After the last acidification, it took two million years for coral reefs to recover. The Science paper called for lower CO2 emissions caps and for them to come quickly. Otherwise, he warned, the Great Barrier Reef and other structures like it will be destroyed and will take millions of years to return.

“Where a doubling of CO2 might seem like a realistic target from a climate perspective, but from an ocean chemistry perspective, it means changes that haven’t been seen in tens of millions of years.”

Unlike climate change, which Caldeira thinks could be partially counteracted through geoengineering, ocean acidification is a problem of a completely different scale. In the physics of climate change, he said, sulfur particles can have an outsized effect in counteracting the greenhouse effect induced by carbon dioxide. But ocean acidification, and the chemistry that underlies it, is fundamentally different.

“There’s no way around having a molecule-to-molecule response, so the scale of the solution ends up being the scale of the problem,” said Caldeira.

While some individual reefs could be preserved by various means, the broader problem appears difficult to geoengineer.

“At the scale of the whole ocean, I don’t think is anything simpler than transforming our entire energy system,” he concluded.

Source: Wired

Certain types of radio frequency identification tags can cause electromagnetic interference with medical equipment, according to a report in the Journal of the American Medical Association. The report cautions facilities to check for interference from an RFID system before deploying it.

The study examined the impact of 125-kHz and 868-MHz frequencies on medical equipment. The 125-kHz is the technology used in proximity cards while the 868-MHz is a long-range RFID tag. Contactless smart cards, which use the 13.56 MHz, were not mentioned in the report.

In 123 tests, RFID induced 34 incidents of interference: 22 were classified as hazardous, two as significant, and ten as light. The 868-MHz RFID signal induced a higher number of incidents, 26 incidents in 41 EMI tests. Compared with the 125-kHz RFID signal which cause eight incidents in 41 tests. The median distance between the RFID reader and the medical device in all EMI incidents was 30 centimeters.

Read a summary of the report here.

The Chinese Olympic Committee has offered more details about the RFID-enabled tickets being issued for the Beijing Olympics this summer. All tickets to the opening and closing ceremonies will include RFID tags containing personal information about the ticket holder, including passport information and home and e-mail addresses.

The information is included in an attempt to thwart counterfeiting of the tickets, which have a face value of $720. But the tickets raise concern among security experts, who theorize that an extremely secure RFID system to handle the tickets could cause serious tie-ups at the gates, while a lax security system would make ticket holders’ personal data easy prey to hackers. Officials say the Games’ security team will employ an IT team of at least 4,000 experts with 1,000 servers at their disposal, testing the system for the next two months.

Officials originally planned to embed RFID tags in all 6.8 million tickets issued for Olympics events. These plans apparently went by the wayside, along with a plan to include place a photo of each ticket holder on their ticket. The RFID tags will only be in tickets for the opening and closing events, and photos of the tickets released to the press show no photos on them.

Source: RFID News

The issues of privacy and security, although interrelated, are different. With respect to RFID, we define these issues as follows:

Privacy: the ability of the RFID system to keep the meaning of the information transmitted between the tag and the reader secure from non-intended recipients.

Security: the ability of the RFID system to keep the information transmitted between the tag and the reader secure from non-intended recipients.

The issues have very different repercussions and different solutions. In a given environment, an RFID solution may pose security risks without affecting the issue of privacy. An example of this scenario is when a tag broadcasts its unique identification number in a consistent and unencrypted manner. This enables the tag to be detected by any reader that can decode the RF signal. If all that is read is the tag’s unique identifier – and no association can be made to what that identifier means without access to the backend database that maintains the relationship between the tag IDs and the objects that they represent – there is no privacy issue. However, issues of traceability and inventorying may remain.

Traceability and inventorying relate to the ability of an unauthorized entity to read the identifiers sent by RFID tags without necessarily being concerned as to what the tag is affixed to or who/what is carrying it. In other words just by capturing the signals emitted by an RFID tag, a third party could trace where the tag is or has been (traceability) as well as to what tags have been detected (inventorying).

A standard EPC tag conveys information associated with a particular item, its model or product class and its manufacturer. Anyone with a standard EPC reader could get close enough to a shopper leaving a store to determine what products and what quantities were purchased. Furthermore, the unauthorized reader could track the shopper from a distance utilizing a high-powered reader.

The issue of privacy

RFID is an excellent technology for object tracking. In this case, we can define an object as a physical asset that occupies 3-dimensional space. This means that the whereabouts of any physical object (including animals and humans) can potentially be tracked within the scope of the RFID infrastructure. As RFID technology development progresses, this scope can become larger and larger.

This fact has raised many questions and concerns from people because of the potential invasion of privacy that can be attributed to RFID technology. But, before we get deeper into the privacy issues and their repercussions, let’s look at a few examples of what privacy advocates and the concerned public claim can go wrong with the use of RFID technology.

(more…)

The yet unsolved kidnapping of kids have brought much fear to parents with young kids in the country. Despite the intense police and public search nationwide and on-going media coverage, the six-year-old is still nowhere to be found.

As long as the culprits are still at large, the chances of other kids being kidnapped remain high. For the time being, maybe it’s time the authority starts thinking of the possible unconventional measures that can be taken to prevent this heinous crime.

One thing or rather technology that may sound possible to be implemented is radio frequency identification, or commonly known as RFID.

Although its usage currently is very much concentrated on information tracking functions, including inventory management, movement of shipping containers, library books, credit cards, etc, there is a possibility that this technology can be used for tracking humans.

For those who are not familiar with RFID, it’s a tiny rice-sized chip that has an antenna. When the chip hears a specific radio signal, it responds with information, usually a long identification number to allow it to be tracked.

Over the past couple of years, trials have been done in countries such as the US, UK and Mexico on its potential to prevent kidnapping. These include planting the RFID device in children’s clothing or injecting it beneath the skin. The idea is viable because RFID chip does not use battery, and since it is small enough, it can be attached to practically anything.

The issue today is that people don’t like the idea of having something attached to them for the purpose of tracking. The idea of planting the chip in one’s body is still unacceptable to many as it’s a kind of privacy intrusion. But using it on clothing or school bags does seem to make more sense.

Applying this to school kids aged 12 and below may be acceptable because these kids are still not mature enough to protect themselves.

The whole idea of having a trackable device is to make it possible to track a missing child in the first few critical hours of the kidnapping incident, and with the RFID chip transmitting the much-needed data, it may make the search of the missing child easier and faster.

Initiatives like these would need all parties to be involved, especially the Government with the help of telecommunications companies and the relevant technology vendors.

If this technology can be implemented in the near future, as the technology mature and becomes cheaper, the chances of tracking a kidnapped child are probably higher.

Historically, “sensitive” networks have traditionally enjoyed a sense of security due to their total, and complete separation from publicly accessible networks.

In fact, most of us old-school “security wonks” have always joked about the fact that the “…only real security is a pair of wire cutters…” to humorously illustrate the fact that nothing is really secure that is exposed to uncertainty, or untrusted access.

This has always been true in my personal background, having worked in U.S. Military COMSEC disciplines over many years. And given the fact that I have also worked in the Internet security arena for almost 20 years, I figure this gives me some unique insight into some of these issues.

The same security postures which can be applied to COMSEC can, and should, be true of SCADA (Supervisory Control And Data Acquisition) systems.

When you think “SCADA”, think power, water, etc. The systems that allow civilization to function.

First and foremost, these systems should never — never — be connected in any way, shape, or form to the public Internet. Not even as VPNs, or overlay networks. This is simply wrong-headed.

Unfortunately, some business decisions over the course of the past 15 years have allowed the “public” and “private” networks to become dangerously close in proximity, due to “cost savings” and “operational efficiency” business decisions — by companies that control the very systems which deliver these life-sustaining services to the world’s population.

It’s one thing to steal passwords, perpetrate fraud, and other financial theft-based cyber crimes — but it is ominously more dangerous to shut down the electricity to a complete region of a power grid.

If there is anyone out there who thinks that this is only the storyline of blockbuster movies, think again.

There are certainly forces “out there” who wish to wreak havoc, cause damage, and claim victory.

And they are using the exact same methods to infiltrate SCADA infrastructure that they are using to steal unwitting victim’s checking account information.

Source

“The Tragedy of the Commons is a type of social trap, often economic, that involves a conflict over finite resources between individual interests and the common good.”

- Wikipedia

In a perfect world, we all understand that certain situations should not exist which put our critical infrastructure at risk — we all like to be able to have electricity, water, and other common utilities which we normally take for granted.

But we do not live in a perfect world, of course.

First, let’s look at the issue of “convergence”, or rather, “premature convergence” which seems to be a better definition:

“…premature convergence means that a population for an optimization problem converged too early, resulting in being suboptimal.”

- Wikipedia

This is similar to — what I believe to be — the situation wherein some unknown portion of the SCADA controls & operations community has strategically moved itself into: using the same platforms, operating systems, and software, which are now susceptible to the vulnerabilities that we all know too well. Buffer overflows, remote exploitation, denial of service vulnerabilities, and so forth and so on.

Now, this wouldn’t be a problem if these system were, in no uncertain terms, not connected to the Internet in any way, shape, or form.

But that is increasingly not the case.

Due to operational “optimization” (meaning: it is cheaper to use publicly available connectivity to manage these systems), the SCADA threat landscape now begins to look a lot like the network security landscape that we all know and respect — one of constant vigilance and constant defensive threat posture.

Within the past couple of days, there have been a couple of SCADA systems management platform vulnerabilities announced which could result in some rather serious exploitation. The SANS ISC reported yesterday a situation in which one software suite which “…provides unauthorized access, allows partial confidentiality, integrity, and availability violation, allows unauthorized disclosure of information, allows disruption of service.”

This seems rather serious. And I have been informed that there is at least one more similar vulnerability which has not been publicly disclosed yet.

As utility companies make operational decisions based on economic business savings (using the Internet, or an Internet VPN, to manage their client-control base to save money), the unintended consequences can be severe. When they occur. If they occur.

Throw the dice.

Let’s keep our fingers crossed that the SCADA community quickly comes to grips with the nature of network security.

Source: TrendsLab Malmware Blog