Top

Published in:

2023 | OriginalPaper | Chapter

Non-stationary Watermark-Based Attack Detection to Protect Cyber-Physical Control Systems

Authors : Jose Rubio-Hernan, Luca De Cicco, Joaquin Garcia-Alfaro

Published in: Emerging Trends in Cybersecurity Applications

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

This chapter addresses security issues in cyber-physical industrial systems. Attacks against these systems shall be handled both in terms of safety and security. Networked control technologies imposed by industrial standards already cover the safety dimension. From a security standpoint, the literature has shown that using only cyber information to handle the security of cyber-physical systems is not sufficient, since physical malicious actions, that can threaten the correct performance of the systems, are ignored. For this reason, cyber-physical systems should be protected from threats to their cyber and physical layers. Some authors handle the attacks by using physical attestations of the underlying processes. For instance, the use of physical watermarking can complement the protection techniques at the cyber layer, in order to ensure the truthfulness of the process. These detectors work properly if the adversaries do not have enough knowledge to mislead cross-layer (e.g., cyber and physical) data. Nevertheless, adversaries able to acquire enough knowledge from both layers may evade detection.

The solutions listed in this chapter handle those aforementioned limitations. The chapter starts by showing shortcomings of classical stationary watermark-based fault detectors, extended to detect, in addition to failures, malicious actions. It is shown that classical stationary watermark-based detectors are unable to identify cyber-physical adversaries. Specifically, they may only detect adversaries that do not attempt to get additional knowledge about the system dynamics. An analysis about the performance of a specific stationary watermark-based fault detector is presented. A new threat model is assumed, in which adversaries may now infer system dynamics by correlating both cyber and physical data. The goal of such adversaries is to evade detection. Under this new threat model, adversaries can now evade detection with high probability. To handle the issue, an extended strategy is presented. The idea is to transform the classical (stationary) approach into a non-stationary watermark-based detector. The new design is shown to handle the extended threat model. It is also shown new ways to combine control and communication strategies, to boost the detection performance. The new solutions are validated using both numeric simulations and cyber-physical testbeds. Ideas for future work are also presented.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Preserving the Privacy and Cybersecurity of Home Energy Data

next chapter Cybersecurity Applications in Software: Data-Driven Software Vulnerability Assessment and Management

Notice that we expressly use the term alarms to point out towards suspicious events; and alerts to point out to events likely to be associated with malicious attacks.

J. Åkerberg, M. Björkman, Exploring network security in PROFIsafe, in Computer Safety, Reliability, and Security: 28th International Conference, SAFECOMP 2009, Hamburg, Germany, September 15–18, 2009. Proceedings (Springer, Berlin, Heidelberg, 2009), pp. 67–80

A. Arvani, V.S. Rao, Detection and protection against intrusions on smart grid systems. Int. J. Cyber Secur. Digit. Forensics (IJCSDF) 3(1), 38–48 (2014)

R. Baheti, H. Gill, Cyber-physical systems. Impact Control Technol. 12, 161–166 (2011)

P. Barbosa, A. Brito, H. Almeida, S. Clauß, Lightweight privacy for smart metering data by adding noise, in Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC ’14 (ACM, New York, NY, USA, 2014), pp. 531–538

M. Barenthin Syberg, Complexity Issues, Validation and Input Design for Control in System Identification. PhD thesis, KTH School of Electrical Engineering, Stockholm, Sweden, 2008

S. Brown, Functional safety of electrical/electronic/programmable electronic safety related systems. Comput. Control Eng. J. 11(11), 14 (2000)

B. Brumback, M. Srinath, A chi-square test for fault-detection in Kalman filters. IEEE Trans. Autom. Control 32(6), 552–554 (1987)CrossRefMATH

A.A. Cardenas, S. Amin, S. Sastry, Secure control: Towards survivable cyber-physical systems, in The 28th International Conference on Distributed Computing Systems Workshops (IEEE, 2008), pp. 495–500

A.A. Cardenas, S. Amin, B. Sinopoli, A. Giani, A. Perrig, S. Sastry, Challenges for securing cyber physical systems, in Workshop on Future Directions in Cyber-Physical Systems Security (DHS, 2009), p. 7

10.

R. Chabukswar, Secure Detection in Cyberphysical Control Systems. PhD thesis, Department of Electrical and Computer Engineering, Carnegie Mellon University, Pittsburgh, PA, May 2014

11.

D. Corman, V. Pillitteri, S. Tousley, M. Tehranipoor, U. Lindqvist, NITRD cyber-physical security panel, in 35th IEEE Symposium on Security and Privacy, IEEE SP 2014, San Jose, CA, USA, May 18–21

12.

K. Curtis, A DNP3 protocol primer. A basic technical overview of the protocol (2005). http://www.dnp.org/AboutUs/DNP3%20Primer%20Rev%20A.pdf, Last access: October 2016

13.

V.L. Do, L. Fillatre, I. Nikiforov, A statistical method for detecting cyber/physical attacks on SCADA systems, in 2014 IEEE Conference on Control Applications (CCA) (Juan Les Antibes, France, 2014), pp. 364–369

14.

N. Falliere, L.O. Murchu, E. Chien, W32. Stuxnet Dossier. White Paper Symantec Corp. Secur. Res. 5, 6 (2011)

15.

P. Griffioen, S. Weerakkody, B. Sinopoli, A moving target defense for securing cyber-physical systems. IEEE Trans. Autom. Control 66(5), 2016–2031 (2021)MathSciNetCrossRefMATH

16.

Group REI-cyber, La Cybersécurité des Réseaux Electriques Intelligents. White book. La Revue de l’Electricité et de l’Electronique (REE), February 2016

17.

D. Han, Y. Mo, J. Wu, S. Weerakkody, B. Sinopoli, L. Shi, Stochastic event-triggered sensor schedule for remote state estimation. IEEE Trans. Autom. Control 60(10), 2661–2675 (2015)MathSciNetCrossRefMATH

18.

W. Heemels, M. Donkers, A.R. Teel, Periodic event-triggered control for linear systems. IEEE Trans. Autom. Control 58(4), 847–861 (2013)MathSciNetCrossRefMATH

19.

J. Lee, B. Bagheri, H.-A. Kao, A cyber-physical systems architecture for Industry 4.0-based manufacturing systems. Manufacturing Letters 3, 18–23 (2015)

20.

L. Ljung, Perspectives on system identification. Annu. Rev. Control 34(1), 1–12 (2010)CrossRef

21.

Y. Mo, B. Sinopoli, Secure control against replay attacks, in 47th Annual Allerton Conference on Communication, Control, and Computing (IEEE, Monticello, IL, USA, 2009), pp. 911–918

22.

Y. Mo, T. H.-J. Kim, K. Brancik, D. Dickinson, H. Lee, A. Perrig, B. Sinopoli, Cyber-physical security of a smart grid infrastructure. Proc. IEEE 100(1), 195–209 (2012)CrossRef

23.

Y. Mo, R. Chabukswar, B. Sinopoli, Detecting integrity attacks on SCADA systems. IEEE Trans. Control Syst. Technol. 22(4), 1396–1407 (2014)CrossRef

24.

Y. Mo, S. Weerakkody, B. Sinopoli, Physical authentication of control systems: designing watermarked control inputs to detect counterfeit sensor outputs. IEEE Control Syst. 35(1), 93–109 (2015)MathSciNetCrossRef

25.

Modbus Organization, Official Modbus Specifications (2016). http://www.modbus.org/specs.php, Last access: October 2016

26.

S.Y. Nam, D. Kim, J. Kim, et al., Enhanced ARP: preventing ARP poisoning-based man-in-the-middle attacks. IEEE Commun. Lett. 14(2), 187–189 (2010)CrossRef

27.

H. Natke, System identification: Torsten Söderström and Petre Stoica. Automatica 28(5), 1069–1071 (1992)CrossRef

28.

T. Roth, B. McMillin, Physical attestation in the smart grid for distributed state verification. IEEE Trans. Dependable Secure Comput., PP(99) (2016)

29.

J. Rubio-Hernan, L. De Cicco, J. Garcia-Alfaro, On the use of watermark-based schemes to detect cyber-physical attacks. EURASIP J. Inf. Secur. 2017(1), 8 (2017)

30.

J. Salt, V. Casanova, A. Cuenca, R. Pizá, Sistemas de Control Basados en Red Modelado y Diseño de Estructuras de Control. Revista Iberoamericana de Automática e Informática Industrial RIAI 5(3), 5–20 (2008)CrossRef

31.

S. Tripathi, M.A. Ikbal, Step size optimization of LMS algorithm using aunt colony optimization & its comparison with particle swarm optimization algorithm in system identification. Int. Res. J. Eng. Technol. (IRJET) 2, 599–605 (2015)

32.

S. Weyer, M. Schmitt, M. Ohmer, D. Gorecky, Towards industry 4.0 - standardization as the crucial challenge for highly modular, multi-vendor production systems. IFAC-PapersOnLine 48(3), 579–584 (2015)

33.

Y. Zhang, F. Xie, Y. Dong, G. Yang, X. Zhou, High fidelity virtualization of cyber-physical systems. Int. J. Model. Simul. Sci. Comput. 4(2), 1340005 (2013)

Title: Non-stationary Watermark-Based Attack Detection to Protect Cyber-Physical Control Systems
Authors: Jose Rubio-Hernan
Luca De Cicco
Joaquin Garcia-Alfaro
Publisher: Springer International Publishing
Book: Emerging Trends in Cybersecurity Applications
Print ISBN: 978-3-031-09639-6

Electronic ISBN: 978-3-031-09640-2

Copyright Year: 2023
DOI: https://doi.org/10.1007/978-3-031-09640-2_16

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"