Abstract
Avionics has seen a greatest shift in technology over the last two decades. The severity of the consequences resulting from a lack of risk management in avionics can be seen from recent incidents of unmanned aerial vehicles being hacked or in the hacking of vendor-controlled systems installed in commercial aircrafts. Over a million incidents related to security breaches at cyber layer have been recorded over the last decade, among which 350,000 cyber-attacks alone have taken place in the year 2018. Unfortunately, only a limited set of studies have been conducted on security risk management, particularly specific to avionics. In this article, we aim to identify, analyze and mitigate the security risks of 6 Degree of Freedom Flight Simulator. As a result, we identify 8 risks of level 3–4 as per the IEC 61508 standard. Further analysis of the identified risks yields in another 34 risks. We then mitigate the severity of the identified risks from level 4 to level 2 as per the IEC 61508 standard. The cryptosystem used for risk mitigation performed relatively faster as compared to some of the most recently proposed encryption schemes.
This work has been partially supported by the Austrian Ministry for Transport, Innovation and Technology, the Federal Ministry of Science, Research and Economy, and the State of Upper Austria in the frame of the COMET center SCCH, and the LIT Secure and Correct Systems Lab funded by the State of Upper Austria.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
References
Santini, R., Panzieri, S.: A graph-based evidence theory for assessing risk. In: 18th International Conference, Information Fusion, pp. 1467–1474 (2015)
Smith, D., Simpson, K.: Functional Safety: A Straightforward Guide to Applying IEC 61508 and Related Standards, 2nd edn. Elsevier Butterwirth-Heinemann, Oxford (2004)
Rierson, L.: Developing Safety-Critical Software: A Practical Guide for Aviation Software and DO-178C Compliance, 1st edn. CRC Press, Boca Raton (2013)
Hird, J., Hawley, M., Machin, C.: Air traffic management security research in SESAR. In: Proceedings - 11th International Conference on Availability, Reliability and Security (ARES), pp. 486–492 (2016)
Gong, L., Zhang, L., Zhang, W., Li, X., Wang, X., Pan, W.: The application of data encryption technology in computer network communication security. In: American Institute of Physics, vol. 1834 (2017)
Ab Rahman, N.H., Glisson, W.B., Yang, Y., Choo, K.-K.R.: Forensic-by-design framework for cyber-physical cloud systems. IEEE Cloud Comput. 3(1), 50–59 (2016)
Peng, Y., Lu, T., Liu, J., Gao, Y., Guo, X., Xie, F.: Cyber-physical system risk assessment. In: 9th International Conference Proceedings on Intelligent Information Hiding and Multimedia Signal, pp. 442–447 (2013)
Humayed, A., Lin, J., Li, F., Luo, B.: Cyber-physical systems security – a survey. IEEE Internet Things J. 4(6), 1802–1831 (2017)
Best, J.: “‘Wake up baby’: Man HACKS into 10-month-old’s baby monitor to watch sleeping infant.” Mirror Online, April 2014
Polemi, N., Papastergiou, S.: Current efforts in ports and supply chains risk assessment. In: 2015 10th International Conference for Internet Technology and Secured Transactions, ICITST 2015, pp. 349–354 (2015)
Wu, G., Sun, J., Chen, J.: A survey on the security of cyber-physical systems. Control Theory Technol. 14(1), 2–10 (2016)
Manshaei, M.H., Zhu, Q., Alpcan, T., Bacşar, T., Hubaux, J.-P.: Game theory meets network security and privacy. ACM Comput. Surv. 45(3), 1–39 (2013)
Cárenas, A.A., Amin, S., Sinopoli, B., Giani, A., Perrig, A., Sastry, S.: Challenges for securing cyber physical systems. In: Workshop on Future Directions in Cyber-Physical Systems Security (2009)
Yoneda, S., Tanimoto, S., Konosu, T.: Risk assessment in cyber-physical system in office environment. In: 18th International Conference on Network-Based Information Systems, pp. 412–417 (2015)
Axelrod, C.W.: Managing the risks of cyber-physical systems. In: 2013 IEEE Long Island Systems, Applications and Technology Conference (LISAT), pp. 1–6 (2013)
Kim, Y., Kolesnikov, V., Thottan, M.: Resilient end-to-end message protection for cyber-physical system communications. IEEE Trans. Smart Grid 9(4), 2478–2487 (2016)
Rajbhandari, L., Snekkenes, E.A.: Mapping between classical risk management and game theoretical approaches. In: De Decker, B., Lapon, J., Naessens, V., Uhl, A. (eds.) CMS 2011. LNCS, vol. 7025, pp. 147–154. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24712-5_12
Zhou, L., Guo, H., Li, D., Zhou, J., Wong, J.: A scheme for lightweight SCADA packet authentication. In: 23rd Asia-Pacific Conference on Communications (APCC) (2017)
Karati, A., Amin, R., Islam, S.K.H., Choo, K.R.: Provably secure and lightweight identity-based authenticated data sharing protocol for cyber-physical cloud environment. IEEE Trans. Cloud Comput. 7161(c), 1–14 (2018)
Fovino, I.N.: SCADA system cyber security. In: Markantonakis, K., Mayes, K. (eds.) Secure Smart Embedded Devices, Platforms and Applications, pp. 451–471. Springer, New York (2014). https://doi.org/10.1007/978-1-4614-7915-4_20
Biro, M., Mashkoor, A., Sametinger, J., Seker, R.: Software safety and security risk mitigation in cyber-physical systems. IEEE Softw. 35(1), 24–29 (2017)
Fletcher, K.K., Liu, X.: Security requirements analysis, specification, prioritization and policy development in cyber-physical systems. In: 2011 5th International Conference on Secure Software Integration and Reliability Improvement - Companion, SSIRI-C 2011, pp. 106–113 (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Zahid, M., Inayat, I., Mashkoor, A., Mehmood, Z. (2019). Security Risk Mitigation of Cyber Physical Systems: A Case Study of a Flight Simulator. In: Anderst-Kotsis, G., et al. Database and Expert Systems Applications. DEXA 2019. Communications in Computer and Information Science, vol 1062. Springer, Cham. https://doi.org/10.1007/978-3-030-27684-3_17
Download citation
DOI: https://doi.org/10.1007/978-3-030-27684-3_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-27683-6
Online ISBN: 978-3-030-27684-3
eBook Packages: Computer ScienceComputer Science (R0)