nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

Design and Realization of Testbeds for Security Research in the Industrial Internet of Things

verfasst von : Nils Ole Tippenhauer

Erschienen in: Security and Privacy Trends in the Industrial Internet of Things

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Research on the (cyber) security of industrial control systems requires holistic understanding of practical systems in the field. In particular, important differences to IT security scenarios are related to industrial networking protocols and programming languages such as ladder logic. Arguably, access to realistic testbeds with physical process and related controls would enable researchers to understand the scenarios better, to develop attacks, and test countermeasures. While the implementation of such testbeds presents significant investments and efforts, the implementation process itself is often not discussed in literature. In this chapter, we discuss the design and realization of such industrial control system testbeds for security research. In particular, we discuss a process in which testbeds are designed by security researchers to resemble existing (and future) plants, and are then implemented by commercial system integrators using industry’s best practises. As use cases, we provide details on design decisions, cost, and outcomes for three testbeds established at the Singapore University of Technology and Design.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel IIoT in the Hospital Scenario: Hospital 4.0, Blockchain and Robust Data Management

The author was employed at SUTD during most work for this chapter, and involved in design and use of all three testbeds.

See the swat-assault-crawler source at [40].

Available online at [25].

Available online, at [31].

Available online at [23].

Adepu S, Mathur A (2016) Distributed detection of single-stage multipoint cyber attacks in a water treatment plant. In: Proceedings of the ACM ASIA Conference on Computer and Communications Security (ASIACCS). ACM, pp 449–460

Ahmed CM, Palleti VR, Mathur A (2017) WADI: a water distribution testbed for research in the design of secure cyber physical systems. In: Proceedings of the Workshop on Cyber-Physical Systems for Smart Water Networks (CySWATER), Apr 2017. ACM, pp 25–28

Antón SD, Fraunholz D, Lipps C, Pohl F, Zimmermann M, Schotten HD (2017) Two decades of scada exploitation: a brief history. In: Proceedings of the IEEE Conference on Application, Information and Network Security (AINS), Nov 2017, pp 98–104

Antonioli D, Tippenhauer NO (2015) MiniCPS: a toolkit for security research on CPS networks. In: Proceedings of Workshop on Cyber-Physical Systems Security & Privacy (SPC-CPS), co-located with CCS, Oct 2015

Antonioli D, Ghaeini HR, Adepu S, Ochoa M, Tippenhauer NO (2017) Gamifying ICS security training and research: design, implementation, and results of S3. In: Proceedings of Workshop on Cyber-Physical Systems Security & Privacy (SPC-CPS), co-located with CCS, Nov 2017

Candell R, Stouffer K, Anand D (2014) A cybersecurity testbed for industrial control systems. In: Process Control and Safety Symposium, International Society of Automation, Houston

Checkoway S, McCoy D, Kantor B, Anderson D, Shacham H, Savage S, Koscher K, Czeskis A, Roesner F, Kohno T (2011) Comprehensive experimental analyses of automotive attack surfaces. In: Proceedings of the USENIX Security Symposium

Chen B, Schmittner C, Ma Z, Temple WG, Dong X, Jones DL, Sanders WH (2015) Security analysis of urban railway systems: the need for a cyber-physical perspective. In: Koornneef F, van Gulijk C (eds) Computer safety, reliability, and security. Springer, Cham, pp 277–290CrossRef

Chen Y, Poskitt CM, Sun J (2018) Learning from mutants: using code mutation to learn and monitor invariants of a cyber-physical system. arXiv preprint arXiv:1801.00903

10.

Dong X, Lin H, Tan R, Iyer RK, Kalbarczyk Z (2015) Software-defined networking for smart grid resilience: opportunities and challenges. In: Proceedings of the 1st ACM Workshop on Cyber-Physical System Security. ACM, pp 61–68

11.

Downs JJ, Vogel EF (1993) A plant-wide industrial process control problem. Comput Chem Eng 17(3):245–255CrossRef

12.

Galloway B, Hancke GP et al (2013) Introduction to industrial control networks. IEEE Commun Surv Tutor 15(2):860–880CrossRef

13.

Gao H, Peng Y, Jia K, Dai Z, Wang T (2013) The design of ICS testbed based on emulation, physical, and simulation (EPS-ICS testbed). In: Proceedings of the Conference on Intelligent Information Hiding and Multimedia Signal Processing, pp 420–423, Oct 2013

14.

Garcia L, Brasser F, Cintuglu MH, Sadeghi A-R, Mohammed O, Zonouz SA (2017) Hey, my malware knows physics! attacking PLCs with physical model aware rootkit. In: Proceedings of the Annual Network & Distributed System Security Symposium (NDSS), Feb 2017

15.

Genge B, Siaterlis C, Fovino IN, Masera M (2012) A cyber-physical experimentation environment for the security analysis of networked industrial control systems. Comput Electr Eng 38(5):1146–1161CrossRef

16.

Ghaeini H, Tippenhauer NO (2016) HAMIDS: hierarchical monitoring intrusion detection system for industrial control systems. In: Proceedings of Workshop on Cyber-Physical Systems Security & Privacy (SPC-CPS), Co-located with CCS, Oct 2016

17.

Giraldo J, Sarkar E, Cardenas AA, Maniatakos M, Kantarcioglu M (2017) Security and privacy in cyber-physical systems: a survey of surveys. IEEE Design Test 34(4):7–17CrossRef

18.

Goh J, Adepu S, Junejo KN, Mathur A (2016) A dataset to support research in the design of secure water treatment systems. In: International Conference on Critical Information Infrastructures Security (CRITIS). Springer, pp 88–99

19.

Gollmann D, Gurikov P, Isakov A, Krotofil M, Larsen J, Winnicki A (2015) Cyber-physical systems security: experimental analysis of a vinyl acetate monomer plant. In: Proceedings of the ACM Workshop on Cyber-Physical System Security. ACM, pp 1–12

20.

Green B, Lee A, Antrobus R, Roedig U, Hutchison D, Rashid A (2017) Pains, gains and PLCs: ten lessons from building an industrial control systems testbed for security research. In: Proceedings of the USENIX Workshop on Cyber Security Experimentation and Test (CSET). USENIX Association

21.

Hahn A, Ashok A, Sridhar S, Govindarasu M (2013) Cyber-physical security testbeds: architecture, application, and evaluation for smart grid. IEEE Trans Smart Grid 4(2):847–855CrossRef

22.

Holm H, Karresand M, Vidström A, Westring E (2015) A survey of industrial control system testbeds. In: Proceedings of Nordic Conference (NordSec), pp 11–26CrossRef

23.

Isakov A. Damn vulnerable chemical process – Tennessee eastman. https://github.com/satejnik/DVCP-TE

24.

iTrust. Centre for research in cyber security. https://itrust.sutd.edu.sg/

25.

iTrust. ICS testbed datasets. https://itrust.sutd.edu.sg/research/dataset/

26.

Jardine W, Frey S, Green B, Rashid A (2016) SENAMI: selective non-invasive active monitoring for ICS intrusion detection. In: Proceedings of the ACM Workshop on Cyber-Physical Systems Security and Privacy (CPS-SPC), New York. ACM, pp 23–34CrossRef

27.

Koscher K, Czeskis A, Roesner F, Patel S, Kohno T, Checkoway S, McCoy D, Kantor B, Anderson D, Shacham H et al (2010) Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy (SP). IEEE, pp 447–462

28.

Liu Y, Ning P, Reiter MK (2011) False data injection attacks against state estimation in electric power grids. ACM Trans Inf Syst Secur (TISSEC) 14(1):13CrossRef

29.

Mathur A, Tippenhauer NO (2016) SWaT: a water treatment testbed for research and training on ICS security. In: Proceedings of Workshop on Cyber-Physical Systems for Smart Water Networks (CySWater), Apr 2016

30.

McLaughlin S, Konstantinou C, Wang X, Davi L, Sadeghi AR, Maniatakos M, Karri R (2016) The cybersecurity landscape in industrial control systems. Proc IEEE 104(5):1039–1057CrossRef

31.

Morris TH. Industrial control system (ICS) cyber attack datasets. https://sites.google.com/a/uah.edu/tommy-morris-uah/ics-data-sets

32.

Morris T, Srivastava A, Reaves B, Gao W, Pavurapu K, Reddi R (2011) A control system testbed to validate critical infrastructure protection concepts. Int J Crit Infrastruct Prot 4(2):88–103CrossRef

33.

pfSense. open source firewall. https://www.pfsense.org/

34.

Real time digital simulator. www.rtds.com/index/index.html

35.

Reaves B, Morris T (2012) An open virtual testbed for industrial control system security research. Int J Inf Secur 11(4):215–229CrossRef

36.

Siaterlis C, Garcia AP, Genge B (2013) On the use of emulab testbeds for scientifically rigorous experiments. IEEE Commun Surv Tutor 15(2):929–942CrossRef

37.

Siddiqi A, Tippenhauer NO, Mashima D, Chen B (2018) On practical threat scenario testing in an electric power ICS testbed. In: Proceedings of the Cyber-Physical System Security Workshop (CPSS), Co-located with ASIACCS, June 2018

38.

Slay J, Miller M (2007) Lessons learned from the maroochy water breach. Springer, BostonCrossRef

39.

Taormina R, Galelli S, Tippenhauer NO, Salomons E, Ostfeld A, Eliades DG, Aghashahi M, Sundararajan R, Pourahmadi M, Banks MK, Brentan BM, Campbell E, Lima G, Manzi D, Ayala-Cabrera D, Herrera M, Montalvo I, Izquierdo J, Luvizotto E Jr, Chandy SE, Rasekh A, Barker ZA, Campbell B, Shafiee ME, Giacomoni M, Gatsis N, Taha A, Abokifa AA, Haddad K, Lo CS, Biswas P, Pasha M, Fayzul K, Kc B, Somasundaram SL, Housh M, Ohar Z (2018) The battle of the attack detection algorithms: disclosing cyber attacks on water distribution networks. J Water Res Plann Manag 144(8):04018048CrossRef

40.

Urbina D. The swat assault crawler. https://github.com/scy-phy/swat

41.

Urbina D, Giraldo J, Cardenas AA, Tippenhauer NO, Valente J, Faisal M, Ruths J, Candell R, Sandberg H (2016) Limiting the impact of stealthy attacks on industrial control systems. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS), Oct 2016

42.

Urbina D, Giraldo J, Tippenhauer NO, Cárdenas A (2016) Attacking fieldbus communications in ICS: applications to the SWaT testbed. In: Proceedings of Singapore Cyber Security Conference (SG-CRC), Jan 2016

43.

Weinberger S (2011) Computer security: is this the start of cyberwarfare? Nature 174:142–145CrossRef

44.

Williams TJ (1992) The Purdue enterprise reference architecture, a technical guide for CIM planning and implementation. Isa, Research Triangle Park

45.

Zeller M (2011) Myth or reality—does the aurora vulnerability pose a risk to my generator? In: Proceedings of Conference for Protective Relay Engineers. IEEE, pp 130–136

46.

Zhu B, Sastry S (2010) SCADA-specific intrusion detection/prevention systems: a survey and taxonomy. In: Proceedings of the Workshop on Secure Control Systems (SCS), vol 11

Titel: Design and Realization of Testbeds for Security Research in the Industrial Internet of Things
verfasst von: Nils Ole Tippenhauer
Verlag: Springer International Publishing
Buch: Security and Privacy Trends in the Industrial Internet of Things
Print ISBN: 978-3-030-12329-1

Electronic ISBN: 978-3-030-12330-7

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-12330-7_14

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"