Described below is a method within network technology for ensuring, inter alia, integrity protection and confidentiality protection of data and, in particular, a method for the secure transmission of data. Also described below is a corresponding device for the secure transmission of data, a computer program product which initiates the performance of the method for secure transmission of data and a data store which stores the computer program product.
In modern communications technology, confidential data are often transmitted worldwide by data connections via heterogeneous networks. It is of particular importance that the data are protected with respect to the completeness and the content thereof. It is also to be ensured that the data are transmitted securely, that is, that on the transmitting side, receipt of the data by the correct receiver and, on the receiving side, transmission of the data by the correct sender is ensured.
For this purpose, known methods provide a variety of authentication possibilities. The process of authentication is generally the process of proving an identity. During this process, typically messages are exchanged between a checking unit and a device that is to be authenticated. If the exchanged messages are intercepted by a hacker, the hacker can feign a false identity using the intercepted messages. The authentication can serve, for example, for the reliable recognition of a device, for example, a sensor or a battery. In the case of client-server communication, also, checking the identity of the client or of the server may be necessary.
In known methods, authentication is often carried out using a challenge-response process. A “challenge message”, which is formed, for example, dependent upon a random number, is transmitted to the device. Using a secret cryptographic key, the device then calculates a second value, which is designated a “response message”. The response message is sent back to the sender of the challenge, which then checks the response for correctness. Since only an original product or an original device can calculate a correct response message, an original product or an original device can thus be reliably distinguished from a counterfeit.
In known authentication processes, the necessity often exists for checking a device not only locally, but also remotely, via a communication site, for example via the internet, a mobile radio link or other data connection. This necessity exists particularly in the case of remote maintenance of the device. During remote checking of an identity, the problem often exists that an intermediate entity can read messages and use the measures to feign a false identity. This attack scenario is also known as man-in-the-middle attack.
For the transfer of real-time process data and control information between devices and applications, the manufacturing-message-specification protocol, also called MMS, is known. In the context of automation technology, particularly for use in the energy industry, MMS can be used for controlling field devices. MMS can be used via various further protocols, for example TCP/IP. On the application layer of the MMS stack, the ISO Association Control Service Element protocol, also called ACSE, is used. ACSE can be used, for example, for establishing application associations between the application entities and in order to determine the identity and the context of the associations. An Application Association is defined, in this context, as a cooperative relationship between two application entities. A relevant context may be an explicitly defined set of Application Service Elements or ASE.
In the fields of automation and energy technology, MMS can be used for transmitting commands directly between two end points, which is identified below as case 1. There are also scenarios in which MMS is not transmitted in a peer-to-peer connection, that is, where only one transport connection hop is present, but via a plurality of transport connection hops, which is identified below as case 2, in which, for example, a substation controller is linked in. The TCP/IP connection can be secured on the transport connection hops by, for example, TLS.
FIG. 1 shows the transmission of commands between two end points as in a known method. In the drawing, components 10 are arranged vertically. The components concerned are the control center 13, a substation controller 14, also known as a “substation control unit” and a field device 15. Also arranged vertically are the transport security mechanisms 11. These are, for example, certificates, which are shown vertically beneath the transport security mechanisms 11 in FIG. 1. An MMS message flow 12 is also shown in FIG. 1. The arrow 16 indicates case 1, in which commands are used directly between two end points. The arrow 17, on the other hand, indicates case 2, in which commands are transmitted via a plurality of hops, also designated “intermediate components”.
From a security standpoint, MMS offers the possibility of performing authentication at the start of a connection. However, this is subject to the limitation that authentication should only occur at the start of a communication connection, but that no secure application-layer session concept exists which ensures that the same peers communicate with one another from the start to the end of the session. This is of particular importance in case 2, as per arrow 17 since, in case 1, as per arrow 16, this requirement can only be ensured by using TLS. The security connections established on the transport layer should be matched to the security connections on the application layer.
Furthermore, Role-Based Access Control or RBAC can also be used. Certificates and private keys can be utilized in this context.
It is also known from conventional methods that MMS supports the possibility of authentication of peers through definitions in ISO-IEC 62351. The following is specified in part 4 of this standard as A-profile security:                Peer Entity Authentication        AARQ        AARE        
Peer entity authentication denotes authentication of communication components, AARQ stands for Application Association Request and AARE stands for Application Association Response. For authentication of the sender, for example, the following source text can be used within a peer entity authentication:
Authentication-value ::= CHOICE {charstring [0] IMPLICIT GraphicString,bitstring [1] IMPLICIT BIT STRING,external [2] IMPLICIT  EXTERNAL,other [3] IMPLICIT   SEQUENCE {other-mechanism-name MECHANISM-NAME.&id({ObjectSet}),other-mechanism-value MECHANISM-NAME.&Type}}STASE-MMS-Authentication-value {iso member-bodyusa(840) ansi-tl-259-1997(0)stase (1) stase-authentication-value(0) abstractSyntax(1) version(1)}DEFINITIONS IMPLICIT TAGS ::= BEGIN--EXPORTS everythingIMPORTSSenderId, ReceiverId, Signature, SignatureCertifi-cateFROM ST-CMIP-PCI {iso member-body usa(840)ansi-t1-259-1997(0) stase(1)stasepci(1) abstractSyntax(4)version1 (1)};MMS-Authentication-value ::= CHOICE{certificate-based [0] IMPLICIT SEQUENCE {authentication-Certificate [0] IMPLICIT&SignatureCertificate,time [1] IMPLICITGENERALIZED-TIME,signature [2] IMPLICIT&SignedValue},...}END
At the start of a connection, AARQ and AARE messages are exchanged between subscribers and, in the process, cryptographic data are transported. Among other things, a time stamp is added and it is checked in a time window of 10 minutes whether a corresponding time stamp has already been received. Not all the messages of the connection have their integrity protected at application layer.
Also known are various methods which enable authentication of a message or a plurality of messages, for example, http Digest Authentication.
In conventional methods, network security protocols are also used in order to protect IP-based communication cryptographically. In this process, authentication of the communication partners is carried out both one-sided and mutually. Often-used protocols that undertake authentication of a communication partner are known as SSL, TLS or IKE for IPsec. The authentication of a communication partner, in particular an http server via SSL or TLS is carried out by a digital certificate. This certificate contains, apart from the public key of the server, information on the server, in particular the designation thereof, such as a name, a DNS name or an IP address.
Also known from conventional methods is the Kerberos protocol, with the aid of which authentication and authorization can be realized via a third trustworthy party. Kerberos is based on the use of symmetrical keys.
FIG. 2 illustrates the authentication service Kerberos according to a conventional method. Kerberos is a distributed authentication service or network protocol which was developed for public and unsecured computer networks, such as the Internet. According to the Kerberos system, the authentication is undertaken by a trustworthy third party, for example, a Kerberos server.
According to the Kerberos method illustrated in FIG. 2, first a user N makes a request for a Ticket-Granting Ticket from a Kerberos server KS by a request message or a R-TG-T. A ticket is an authorizing message with which the respective owner of the message is given access to the server S. Subsequently, the Kerberos server KS transmits a ticket T and a Ticket-Granting Session Key TGSK to the user N. In order to transmit both the messages ticket T and Ticket-Granting Session Key TGSK, the Kerberos server KS has a Key Distribution Service KDS. The key distribution service KDS communicates by a data connection with a database DB.
Next, the user N requests a Service-Grant-Ticket SGT, for which purpose, the Kerberos server KS accesses a Ticket-Granting Server TGS. The ticket-granting server TGS then transmits a ticket message T and a Session Key SK to the user N. Dependent upon the received message, the user N creates a Request Service message RS and transmits the message to a further server S. Dependent upon a check of the Request Service message RS, the server S transmits a Server Authentication message to the user N.
A further example of a network protocol according to a conventional method is SAML, which is known as Security Assertion Markup Language. In contrast to Kerberos, in SAML, asymmetrical methods can also be used.
Generally, in conventional methods, for example, in the MMS mechanism, at the application layer, only one authentication takes place. Consequently, conventional methods do not provide any integrity protection and confidentiality protection for data at the application layer. Point-to-point connections are secured only at the transport layer. Conventional methods to not teach a definition of a session concept for information security at an application layer making use of already existing mechanisms.