From dbb94996bafeb41a3b8a3857ace566b0f27cd520 Mon Sep 17 00:00:00 2001 From: jaseg Date: Tue, 26 May 2020 14:01:28 +0200 Subject: ma: Add illustrations on key generation and improve figure layout --- ma/resources/signature key chain.drawio | 1 + ma/resources/signature_key_chain.pdf | Bin 0 -> 42183 bytes .../transmitter scope key illustration.drawio | 1 + .../transmitter scope key illustration.svg | 790 +++++++++++++++++++++ .../transmitter_scope_key_illustration.pdf | Bin 0 -> 26512 bytes ma/safety_reset.tex | 84 ++- 6 files changed, 859 insertions(+), 17 deletions(-) create mode 100755 ma/resources/signature key chain.drawio create mode 100755 ma/resources/signature_key_chain.pdf create mode 100755 ma/resources/transmitter scope key illustration.drawio create mode 100755 ma/resources/transmitter scope key illustration.svg create mode 100755 ma/resources/transmitter_scope_key_illustration.pdf diff --git a/ma/resources/signature key chain.drawio b/ma/resources/signature key chain.drawio new file mode 100755 index 0000000..4a04d84 --- /dev/null +++ b/ma/resources/signature key chain.drawio @@ -0,0 +1 @@ +7VtZc6M4EP41fgzFDX6M7XgytVdqMlUz+7Qlg2xrwuGV8bW/fiWQAAmw8YUzE7tSKWhEy/TXx9dC7hnDcPsJg8X8j9iHQU9X/W3PGPV0ve/o5D8V7DKBptpWJplh5DNZIXhF/0E+kElXyIdLYWASx0GCFqLQi6MIeokgAxjHG3HYNA7EWRdgBiuCVw8EVek35CfzTOpaaiF/hmg25zNrKrsSAj6YqVjOgR9vMlE6xnjqGUMcx0l2FG6HMKDG43bJFI0bruZfDMMoaXPD5OHHJFxMPj+FDwvv++OXz8BQH5iWNQhW7IF7uh0QfQMfrcnhjB5+xSBahihJIOZXyTSlATX3vEIPw4So/g3u+OUJlm+Q1aR2Snbc+MRkC3roAUweYrCZowS+LoBHZRvib0Q2T8KAnGnkcJk5DzGDMZiiIBjGQYxTRYYPoDv16JgEx2+wdMX2XDiZ5pOvIU7gttHCWo4bcXgYhzDB5OlUdoPRZ77NnF3nvrApPCf3j3nJa2wmA8xZZ7nqAk9ywCA9Al6rEd5pHFF0ppkxifTfFXXEwTMM1jBBHihEBTwm+Qv/0bKDEoaZsgYQcbyKfEi/pXoYQ6ppDEIUUBMO4xVG1OfUP+GmCupwOB4/2XWgqupwaNuXAdVURVANrQqqW4OpdS1M7QOYZjB8gUsafu0gItZJpFgSTBrFEZTsz0QgQLOInOLswQfU1MR5gkcmD5Hv01lqcRc9IwATGAyA9zZL5fLcZcconPQycWuJEJu6VYHYrIFYvxbEzjXCVn8nYTt1PejV5uKJa5mWep2wNW8dtm4NppLJqeMvGp+dMRww4cPVo21imopriyXKrppFVTSjX3xc27A7tJN+2E4w8h8ptaPMIADLJfJEb8xugH6F2RWGaoaoar2Saaw9HoNhABK0FuesMw+b4SVGaSzzIUsSNh5k0jKP4wO3B+DZ1SOTADyDSUVvCk7+lKfjZbRhkFnqea5koH3kj+L3O60JIri84ngES5Jk9pQcDAkjZOFCs8qCmiA1ijXoWaODJeesSGz27cbwfFAVvW/pApjaeb7F2zBF7Ys+omh94SNqjKfTlD1c3lu0uoaj8zQoMbp3lwO1GyZBrcF49yy4F7F7GmyfBrV7HtTMRn85g+L3nEFEiowzeidUv7MOXeH25LjWpPRO2b5W16UfmcHJ4+Pdd4qKYvHTvxlI6cloK5zt2FmLzM9XUtOkeNBNOy8GDYXaMiS42hYLokgh+OcfTVSrdVwr6lrBmlpxmXSgHU4HrerQz78eICcJ++ZJot8JzbsNoSutOTh6iaiJIW3Lsdc+pOlaRqlyS3rlJfUrxzTnPnf+14b/9T88/9OrffAILQEOK/jf1+YFxIxbr83zHH1H7kjkLOfWyDX36Pc3Z5fB2L45xs1vvEtFdgTXiJiz7V6Gl9UkILxL2Mvwa+9ccGqocbc7F/QLNNC9d8+NSVuqlrixI4JwOje2FMMssRpJb9fcuPl19p0b1/v9h+bGxnFtMYPCB8t5WhG1PUsR5fJHb3gBdFNblA7VVT1Ps3yrn/6TZBF5+VOur8dkDlmX2m22MOtY2kH0KwSMI7jXBZpWWPPV1+uvsDo3dh0Ba7N/qt9Iyzqm27HT1L1OuZLTvPt8YEh9lxzArUGVt8V1DWodl/+4oFYSs3k6rgcLxpWhdY9j95Mg9t6+zlF0Mr4COyCax4h+4aOS+a2gz99lntsWyIosp2PQq30A+2UBad3iiFz5C/v0PVH3LP/4NZKTCb67n+Criqlq1nmOw/d2OkrfEG+6Hml3W+xvvUd0fSAaHPBzIzqv2F1FdLVT+wQjiIlxPk48N+wavnw8P1wooMlp8auzbHjx2z3j6X8= \ No newline at end of file diff --git a/ma/resources/signature_key_chain.pdf b/ma/resources/signature_key_chain.pdf new file mode 100755 index 0000000..1c87308 Binary files /dev/null and b/ma/resources/signature_key_chain.pdf differ diff --git a/ma/resources/transmitter scope key illustration.drawio b/ma/resources/transmitter scope key illustration.drawio new file mode 100755 index 0000000..d39c3e0 --- /dev/null +++ b/ma/resources/transmitter scope key illustration.drawio @@ -0,0 +1 @@ +7Vtdc5s4FP01fkyGb/Cj4yTbbZtttt6ZTR4FCKyNjDyy/NVfvxJIgIDETmMHO63byXCvpEvQPefoWigDezzb/EHBfHpHYogHlhFvBvb1wLIc3+A/hWNbOFzTLRwpRXHhMivHBP2A0inHpUsUw4XWkRGCGZrrzohkGYyY5gOUkrXeLSFYv+scpLDlmEQAt73/ophNC2/gGpX/E0TpVN3ZNGTLDKjO0rGYgpisNRfcsFuSMfkrXt9x1x3JyMC9mTImHnA0sG75/0R0ukwJSTEEc7S4jMiMu6MF73KbgBnCYnbF+Kt8PA9u3wzsMSWEFVezzRhikRg16cVvcPtMa/nUFGZsnwGL6J+H+8/On1+Q7z9mEfx78tfnC9PwijgrgJdyPuVcsK2aYJjFI5EnbmUk486rGCymUMQ1uTFlMywvF4ySpzILwpMgjMcEE5qHsmMAgyQqe9ZavCiAYcJb5LzHraRXD2qW08cxDckMMrrlXdZV9lXyp7XEKx+FGDC00sMDmeG0DFfe4Z4gfmPLkHyxPRlH0iWwDT3EgixpBOWoekJ2BLL8RiAGaApZKxC/qD125crz/YrcW8OO1HuYz9ZVyC9ScXEHGaS8z0i18DuVjS2gcP7MxWW0DAVK1lPE4GQOIuFbc+3RwRKSZRbD+GtYOkD0lFLh/bZkGAmk5f4Y0KdvPAxiYqaMS8PVnVbu7UBb4op/nWjLP2IE523NX3zKZ1tByuDmtTiUA1xfz6+jgFLDqel0ANVsIqoOSg0Fr025ClwnNyfaRJr8wfh0fs/5QbKbquWKFrkSE80tQtmUpCQD+Cshc5ml/yBjW7k6gCUjerLhBrGH2vVjnjNXWtcbGTk3tsrI+DM/1I3HulENyi0xyi7Ne0jRLAdv0UdXJqtDmVwYxE4XVgIrtHOs7KtMfH5zCXhJdx25UOYU30nSNsb2FrG34cU7T7xcGoalYebS8cwXcPPzsEmSxIo6F7TYCz33wLBRi/Opw8ZvrSxqIfnQi4bwK26YR1hBvBNYQYLTUgR/T0m4EJoQ6Jpgue5RNOFEl5KClb1pwvA8gSNwYzfWkuCXWkv6xY13XiUIN5p516Dk6FDyhj+DpNd/qW5j75BIOo9i1vM/DJIuOqDkVzJ1zlgKzkKV1KJbq3BH+agYrlAEF89XuYDGu6tcUUjeqk3DTxCvIEMRUBVmATNTzDzAKM1EWD7RIqUvlBzPFilFOMs4zK6Hbeg1q+101KxGR83qHKtkVdvZL25x1oUAh2Rd53/u4A1TQtEPngCA9Wzp+nDIXYtDlon2nsQqoN0XsRT/OzYlY7RSO48TPk+CZMa4ti9Zaz8d+pWq+azO1ug3IysQYvUNlkLeVrcJA6xmxxDDug1jVDfl65aa5wjs9ntnt9Xeazhzdu8uo9R38H05v0d+3/pSxGy9FOEVSvWx9IDPvCI51JsNt634pWL81ob30gbP610bPtzKv1MbFPRPSBus5i6m2ac2WO3KvdSG0W9teCdtcIPetcH+5bRBQf+UtMFt4MLtVRusFibuQLZMQMSWdNfrq/dWiNgfhkbHDk6SQC9qKsQxKGz0TmGzla4PT2H1hKdDYXPYOObi90lhs32erUHhE1rk+6awY/VNYfPDfXs/7t6c90YKvy1ZXSVT48Dgd3Ge1TK+wO3rTgwelnqNAxqFEO1FyTBwHbeLkkEEj0HJoFX/9M1Io4uSrR3Y+2WIUaRnOqRVnvfaleXTxgYdB4jVvMvTxvVUSJdKJIaJiCBSwJGAR9I9Q3Gcy0MXoHRJKM98CyPFQBzYLl6MHfgwj91ItTXcM9XW8VLd3myfwIjCksEHzxctHussElZy7B0Sxs3qLwGKWqj6Ww375n8= \ No newline at end of file diff --git a/ma/resources/transmitter scope key illustration.svg b/ma/resources/transmitter scope key illustration.svg new file mode 100755 index 0000000..c8c49da --- /dev/null +++ b/ma/resources/transmitter scope key illustration.svg @@ -0,0 +1,790 @@ + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + Meter A + + + + + + Meter A + + + + + + + + + + + + + + + + + Meter B + + + + Meter B + + + + + + + + + + + + + + + + + All devices + + + + All devices + + + + + + + + + + + + Series C + + + + + Series C + + + + + + + + + + + + Series B + + + + Series B + + + + + + + + + + Series A + + + + Series A + + + + + + + + + + + Manufacturer B + + + + Manufacturer B + + + + + + + + + + + Manufacturer A + + + + Manufacturer A + + + + + + + + + + + + Root Key + + + + + + Root Key + + + + + + + + + + + Public Key + + + + + + Public Key + + + + + + + + + Secret Key + + + + Secret Key + + + + + + + + + + + H n + + + diff --git a/ma/resources/transmitter_scope_key_illustration.pdf b/ma/resources/transmitter_scope_key_illustration.pdf new file mode 100755 index 0000000..25d9940 Binary files /dev/null and b/ma/resources/transmitter_scope_key_illustration.pdf differ diff --git a/ma/safety_reset.tex b/ma/safety_reset.tex index c50865f..3ac83e2 100644 --- a/ma/safety_reset.tex +++ b/ma/safety_reset.tex @@ -1674,8 +1674,54 @@ least significant bit of $n$ in our $H^n$ construction. In the chain of valid si disarm signature. Reset and disarm signatures would alternate in this scheme. By skipping a disarm signature two resets can still be triggered directly after one another. -% FIXME diagram -% FIXME include domain mechanism +In practice it may be useful to have some control over which particular meters reset. An attack exploiting a particular +network protocol implementation flaw might only affect one series of meters made by one manufacturer. Resetting +\emph{all} meters may be too much in this case. A simple solution for this is to define adressable subsets of meters. +``All meters'' along with ``meters made by manufacturer $x$'' and ``meters of model $y$'' are good choices for such +scopes. On the cryptographic level the protocol state is simply duplicated for each scope. This incurs memory and +computation overhead linear in the number of scopes. Device memory requirements are small at a few bytes only and +computation is of no concern due to the very slow channel so this simple solution is adequate. The transmitter has to +either store copies of all scope's keys or derive these keys from a root key using the scope's identifier. Keys are +small and the transmitter would be using a regular server or hardware security module so either easily feasible. + +A diagram of the key structure in this key management scheme is shown in Figure \ref{fig:sig_key_chain}. The +transmitter key management is shown in Figure \ref{fig:tx_scope_key_illu}. This scheme is simplistic but suffices for +our prototype in Section \ref{sec-prototype} and may even be useful in a practical implementation. During +standardization of a safety reset system the key management system would most likely have to be customized to the +particular application's requirements. Developing an universal solution is outside the scope of this work. +\begin{figure} + \centering + \begin{minipage}[c]{0.5\textwidth} + \includegraphics{resources/signature_key_chain} + \end{minipage} + \begin{minipage}[c]{0.45\textwidth} + \caption{ + The hash chain between secret transmitter key and public device key. Each step represents one invocation of the + hash function. To generate a new chain a random transmitter key is generated, then hashed $n$ times to + generate the corresponding device key. A new trigger message can be generated by generating the key at depth + $m-1$ where $m$ is the height of the last used trigger, or $n$ initially. Every second trigger message is a + disarm message and every second one a reset message. Depending on which is needed the other one may be skipped. + } + \label{fig:sig_key_chain} + \end{minipage} +\end{figure} + +\begin{figure} + \centering + \includegraphics{resources/transmitter_scope_key_illustration} + \caption{ + An illustration of a key management system using a shared master key. The transmitter derives one secret key for + each adressable group from the master key. Then public device keys are generated like in Figure + \ref{fig:sig_key_chain}. Finally for each device the manufacturer picks the group public keys matching the + device. In this example one device is a series A meter made by manufacturer B so it gets provisioned with the + keys for the ``all devices'', ``manufacturer B'' and ``series A'' keys. The other device is also made by + manufacturer B but is a series C device so it gets provisioned with the ``all devices'', ``manufacturer B'' and + ``series C'' public device keys. In this example the transmitter stores (or is able to derive) all six shown + group keys, but each device only needs to store the three applying to it for the three scopes ``all devices'', + ``manufacturer'' and ``series''. + } + \label{fig:tx_scope_key_illu} +\end{figure} \chapter{Practical implementation} @@ -1702,12 +1748,11 @@ transmission networks to characterize the operational state of the network. From a superficial viewpoint measuring mains frequency might seem like a simple problem. Take the mains voltage waveform, measure time between two rising-edge (or falling-edge) zero-crossings and take the inverse $f = t^{-1}$. In -practice, phasor measurement units are significantly more complex than this. This discrepancy is due to the unhealthy -% FIXME is this pun ok? -combination of both high precision and quick response that is demanded from these units. High precision is necessary -since variations of mains frequency under normal operating conditions are quite small--in the range of -\SIrange{5}{10}{\milli\hertz} over short intervals of time. Relative to the nominal \SI{50}{\hertz} this is a derivation of -less than \SI{100}{ppm} Relative to the corresponding \SI{20}{\milli\second} period that means a time derivation of +practice, phasor measurement units are significantly more complex than this. This discrepancy is due to the combination +of both high precision and quick response that is demanded from these units. High precision is necessary since +variations of mains frequency under normal operating conditions are quite small--in the range of +\SIrange{5}{10}{\milli\hertz} over short intervals of time. Relative to the nominal \SI{50}{\hertz} this is a derivation +of less than \SI{100}{ppm} Relative to the corresponding \SI{20}{\milli\second} period that means a time derivation of about $2 \mu\text{s}$ from cycle to cycle. From this it is already obvious why a simplistic measurement cannot yield the required precision for manageable averaging times--we would need either a ADC sampling rate in the order of megabits or for a reconstruction through interpolated readings an impractically high ADC resolution. @@ -2077,7 +2122,7 @@ gold code looks to yield good enough performance at manageable data rates. \begin{figure} \centering - \includegraphics{../lab-windows/fig_out/dsss_gold_nbits_overview} + \includegraphics[width=0.6\textwidth]{../lab-windows/fig_out/dsss_gold_nbits_overview} \caption{ Symbol Error Rate (SER) as a function of transmission amplitude. The line represents the mean of several measurements for each parameter set. The shaded areas indicate one standard deviation from the mean. Background @@ -2095,14 +2140,18 @@ gold code looks to yield good enough performance at manageable data rates. \begin{figure} \centering - \includegraphics{../lab-windows/fig_out/dsss_gold_nbits_sensitivity} - \caption{ - Amplitude at a SER of 0.5\ in mHz depending on symbol length. Here we can observe an increase of sensitivity - with increasing symbol length, but we can clearly see diminishing returns above 6 bit (63 chips). Considering - that each bit roughly doubles overall transmission time for a given data length it seems lower bit counts are - preferrable if the necessary transmitter power can be realized. - } - \label{dsss_gold_nbits_sensitivity} + \begin{minipage}[c]{0.5\textwidth} + \includegraphics{../lab-windows/fig_out/dsss_gold_nbits_sensitivity} + \end{minipage} + \begin{minipage}[c]{0.45\textwidth} + \caption{ + Amplitude at a SER of 0.5\ in mHz depending on symbol length. Here we can observe an increase of sensitivity + with increasing symbol length, but we can clearly see diminishing returns above 6 bit (63 chips). Considering + that each bit roughly doubles overall transmission time for a given data length it seems lower bit counts are + preferrable if the necessary transmitter power can be realized. + } + \label{dsss_gold_nbits_sensitivity} + \end{minipage} \end{figure} \subsection{Sensitivity versus peak detection threshold factor} @@ -2239,6 +2288,7 @@ the results for both are very close in absolute value. \end{figure} \section{Implementation of a demonstrator unit} +\label{sec-prototype} To demonstrate the viability of our reset architecture we decided to implement a demonstrator system. In this demonstrator we use JTAG to reset part of a commodity smart meter from an externally-connected reset controller. The -- cgit