09/10/2018

With the rapid expansion of the Internet of Things (IoT), one thing on everyone's mind is network security. With more reports of attacks on control systems, making network security a top priority for controls engineers. To add to the concern there is a lot of fear and even misinformation surrounding network security. The best defense for controls engineers is to have a thorough grasp on how network security works. And a key element of network security is a "special type" of encryption: public key encryption.

Whether it is protecting industrial equipment or business networks, network security relies heavily on public key encryption, sometimes also referred to as asymmetric cryptography. Public key encryption is used for internet security and is being used increasingly in industrial automation applications, especially those related to the Industrial Internet of Things (IIoT), remote access, mobile apps, alarm notification, and cloud computing.

Understanding network security and how it relates to the future of industrial automation requires a basic understanding of public key encryption. Controls engineers today also are frequently working with security in the form of certificates and signatures and an understanding of public key encryption can help when setting up these security features.

When it comes to data, the best way to secure it is to encrypt it. Most people are familiar with encryption, which essentially involves scrambling data and making meaningful data appear as a random sequence of bits, bytes, or characters. When someone needs to access this data, it is then decrypted by converting the encoded data back to useable information. Instrumental in this process is the use of a cryptographic key. Once information is encrypted properly it is essentially meaningless unless someone has this key. Likewise, if someone tries to tamper with encrypted information, this can be detected by using the cryptographic key.

**Private key encryption**

Figure 1 illustrates a simple process by which data is encrypted, transmitted, and then decrypted using a shared private key. Because the same key is used to both encrypt and decrypt the data, this is referred to as symmetric key cryptography. Also, since the key is kept hidden from the public it is also known as private key encryption.

This method seems both simple and secure. So why not just use this? Because there is a problem with this model. Both the sender and receiver must share a copy of the key. If the sender and receiver are near to each other, they could simply meet, exchange copies of the key, and then start sending data. However, if they are far apart, say half way around the world, exchanging keys will be difficult. Of course, the sender could "mail" the receiver a copy of the key, but then someone could always intercept that key, make a copy for themselves and start "spying" on the conversation. This is where public key encryption comes into play.

**Public key encryption **

To explain public key encryption, consider the example of a letter and a safe.

Let's pretend that Alice wants to send Bob a secure letter. She could simply lock the letter in a safe (yes, this is an expensive way to send a letter) and send the locked safe to Bob. Bob could then unlock the safe and read the letter. This is essentially symmetric (private key) encryption, as both Alice and Bob have a copy of the same key. How can Alice and Bob securely share a copy of the key?

Is there a way that Alice can securely send her letter to Bob without exchanging a copy of the key? Sort of. The solution involves creating two keys, a public key which is used only to lock the safe and a private key used to unlock the safe (see Figure 2). In our example Bob takes the unlocked safe and creates two keys, a private key (that he keeps) and a public key (which he gives to Alice). Bob next takes the public key and the empty, unlocked safe and sends them both to Alice. Alice puts her letter in the safe and then uses the public key, that Bob sent, to lock the safe. Alice mails the safe back to Bob and Bob uses his private key to unlock the safe and read the letter. Suppose someone, say Charlie, makes a copy of the public key that Bob sent to Alice. Even if he does, he cannot unlock the safe and read the letter. The public key that Bob gives to Alice can only be used to lock the safe, not unlock it.

**Authentication alternatives **

In this way, Alice can securely send her letter to Bob regardless of who has access to the public key. What if Charlie intercepts the public key and unlocked safe and pretends to be Alice so that he can send Bob counterfeit information? This is where another benefit of public key encryption comes into play, authentication.

In our example, it was Bob who created the private and public keys. However, to illustrate how authentication works, let's take this to the next level. In our new example Bob still creates a private key and a public key, and Alice creates her own private key and public key. Next, Bob and Alice exchange their public keys. Alice sends her public key to Bob, who sends his public key to Alice. As before, Bob sends the unlocked safe to Alice. Alice places her letter in the safe and locks it using the public key that Bob provided.

However, this time, Alice does something else. She also takes her own lock, applies it to the safe and locks it using a private key that she created. Alice then mails the safe back to Bob. This time before Bob unlocks the safe with his private key, he first takes the public key that Alice sent to him and tries to remove the lock that Alice applied. If Bob can use the public key to remove the lock, which Alice applied and locked using her private key, then Bob knows the letter came from Alice. This process is called authentication. The lock that Alice applies to the safe can be thought of as the signature (see Figure 3).

How does public key encryption relate to industrial automation? More industrial automation equipment is incorporating public key encryption. This includes both software and hardware such as industrial routers, supervisory control and data acquisition (SCADA) systems, and even programmable logic controllers (PLCs). Remote access often relies on technologies such as virtual private networks (VPNs) and remote desktop software, all of which use public key encryption. Additionally, many web browser-based SCADA systems are starting to incorporate HTTPS web page support, which also is based on public key encryption. [subhed]

**Selecting equipment **

When selecting equipment or software, manufacturers may use terms related to public key encryption. For example, Transport Layer Security (TLS) is a series of protocols based on public key encryption. Signatures and certificates are being used on industrial devices. Signatures, as noted in the example, are a way to authenticate that the sender is really who they say they are. Certificates and certification authorities relate to a trusted third party which certifies the ownership of a public key. This helps to prevent human-in-the-middle attacks, as in the example with Charlie trying to impersonate Bob or Alice. Many controls engineers have already had to work with signatures and certificates when setting up controls systems and it is expected there will be more of this.

Up to this point, examples have referred to using "safes" and "keys." How, in the real world how can public key cryptography be created? One method is related closely to an interesting and very difficult problem in mathematics, factoring large numbers into prime numbers.

As an example, consider the following simple encryption algorithm: *m ^{e} mod N = c*

In this equation m is the message to be encrypted, e is the public key used to encrypt the message, N is the product of two prime numbers (N = P_{1} * P_{2}), and c is the encrypted message. In our example Bob selects prime integers P_{1} and P_{2}, multiplies these to calculate N. He also selects the public key e. Bob then sends e and N to Alice, although he keeps P_{1} and P_{2} to himself. Alice plugs in her message m as well as the numbers Bob sent, e and N, into the above equations to generate her encrypted message c, which she sends back to Bob. Once Bob receives the encrypted message c from Alice he just needs to decrypt it using the following equation: *c ^{d} mod N = m* to get the original message back.

In this equation, instead of using the public key e that he sent to Alice he uses his private key d to decrypt the message. If Bob, and only Bob, can figure out what d is, then this will work. It just so happens that d can be computed using Euler's totient function φ(N), where d * e ≡ kφ(N) + 1 ^{(2)} The important property of Euler's totient function φ(N) is that it's what is called a trap door function. What this means for our example is that it is easy to calculate (P_{1} * P_{2}) provided P_{1} and P_{2} are known, but it is very difficult to calculate φ(N), if P_{1} and P_{2} are not known, but N is. ^{(3)}

Someone seeking to decrypt the message may consider taking N (since N is public information that Bob already sent to Alice), factoring N into the two prime numbers P_{1} and P_{2}, and then decrypt the message. However, here is the real trick. It's very time-consuming to factor a large number N into prime numbers. In fact, it's so difficult that it is not even practical to solve using super computers. This is where the real power behind public key cryptography lies. Bob can multiple P_{1} * P_{2} to generate the number N which Alice can use to encrypt the message. But it doesn't matter if N is known publicly. Decrypting the message also requires knowledge of P1 and P2. Bob kept those numbers private.

**Stay secure **

Network security is a top priority for controls engineers today. Most control systems are in some way connected to an Ethernet network. Demand for technologies like remote access, data collection, and mobile apps, along with IoT will continue to grow.

As a result, controls engineers are working more and more with technologies based on public key encryption. While it may not be necessary to know the math behind it, a general understanding of public key encryption helps one understand how the technology relates to best security practices.

An understanding of public key encryption also helps when it comes to selecting secure devices and configuring them. Understanding security helps separate out unnecessary fear. Instead, a more proactive approach can be taken to network security.

**Nate Kay** is a project manager with MartinCSI. Edited by Kevin Parker, *IIoT for Engineers* content manager, kparker(at)cfemedia.com.

**ONLINE extra**

**Footnotes:**

^{(1)} *mod* N is the modulus operator. It returns the remainder when dividing a positive number by N.

^{ (2) }Euler’s totient theorem can be used to determine the private key. It states that α^{φ(n)} provided that and N are coprime positive integers. Euler’s totient function φ(N) counts the positive integers up to N that are relatively prime to N.

^{(3)} In this example φ(N) = φ(P_{1} * P_{2}) = (P_{1}-1)*( P_{2}-1). For example, if P_{1}=3 and P_{2}=7 then N=7*3=21 and φ(N)=(3-1)*(7-1)=12. There are 12 totatives (coprime integers) of 21, which are: 1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, and 20.