EtherNet/IP Security: Encryption Basics

Encryption Basics

If you thought that Encryption was a product of the twentieth century, you’d be wrong. It turns out that encryption is actually ancient. The Samarians encrypted military messages several thousand years ago. Their key was a log of a certain size. They would wrap leather tightly around the “key” and then write a message vertically on the leather. When you unwrapped the leather, it was meaningless. If you wrapped the leather around the wrong sized long it was meaningless. But, if you wrapped the leather around the correct size log (the “key”), the message could be decoded. Ingenious!

CIP Security is based on less ancient practices than that. In fact, it uses very well-known and well-used IT security concepts used in home and business networks worldwide. This article explains the essential technologies used in CIP Secure Transport and other industrial security protocols like secure Modbus TCP and PROFINET IO with Security.

Cryptography – A method of using a mathematical encryption algorithm to transmit messages in a form so that only the intended recipients can read and process it. An encryption algorithm is a mathematical formula for transforming the clear text into a set of coded text not recognizable as being related to the original text.

An essential part of an encryption algorithm is a unique series of bits – the key– that is input to the algorithm that controls the coded text. The longer the key, the harder it is to convert the coded text to the original clear text.

Cryptography is thousands of years old. Simple message encryption most likely began shortly after the invention of paper. It wasn’t until the twentieth century with the invention of electro-mechanical machines that mathematical formulas were developed to enhance the encryption process.

Symmetric Encryption – An encryption standard in which two devices share a key that is used to both encrypt and decrypt messages. The random string of bits known as the key is, as you might guess, kept secret. Both devices use the identical key to encrypt outgoing messages and decrypt incoming messages. There are many popular algorithms used for Symmetric Encryption. You’ve probably heard of things like AES, RC4, DCS, AES-128, and AES-256. The trick with Symmetric Encryption is sharing the key that will be used in the message without it being intercepted by any other party.

Asymmetric Encryption – An encryption standard that uses a key process called Public Key Infrastructure (PKI) or Public Key Cryptography. In PKI, each device has both a Private Key and a Public Key. The Private Key is kept private and never shared with anyone while the Public key is freely shared with anyone and everyone.

The Public Key can only be used to encrypt messages. Devices encrypt a message with the Public Key of the intended receiver. The Private key is used by the receiver to decrypt the messages previously encoded with its Public Key by a sender.

The Private key in some applications can also be used to encrypt messages. Any receiver with the widely available Public Key can decode messages encoded with your Private Key.

Certificates – A certificate is a set of data in a well-defined format that provides information to a recipient regarding the identity of the sender, the authority blessing the validity of the certificate, the user’s email address, the length of time that the certificate is valid and much more. The X.509 certificate is one of the most widely used standards for certificates.

The certificate is typically how a device sends its public key to intended receivers.

The next article in the series details the essential security protocols TLS and DTLS.