Skip to main content
SpringerLink
Log in

Non-stationary Watermark-Based Attack Detection to Protect Cyber-Physical Control Systems

  • Chapter
  • First Online:
Emerging Trends in Cybersecurity Applications

  • 618 Accesses

Abstract

This chapter addresses security issues in cyber-physical industrial systems. Attacks against these systems shall be handled both in terms of safety and security. Networked control technologies imposed by industrial standards already cover the safety dimension. From a security standpoint, the literature has shown that using only cyber information to handle the security of cyber-physical systems is not sufficient, since physical malicious actions, that can threaten the correct performance of the systems, are ignored. For this reason, cyber-physical systems should be protected from threats to their cyber and physical layers. Some authors handle the attacks by using physical attestations of the underlying processes. For instance, the use of physical watermarking can complement the protection techniques at the cyber layer, in order to ensure the truthfulness of the process. These detectors work properly if the adversaries do not have enough knowledge to mislead cross-layer (e.g., cyber and physical) data. Nevertheless, adversaries able to acquire enough knowledge from both layers may evade detection.

The solutions listed in this chapter handle those aforementioned limitations. The chapter starts by showing shortcomings of classical stationary watermark-based fault detectors, extended to detect, in addition to failures, malicious actions. It is shown that classical stationary watermark-based detectors are unable to identify cyber-physical adversaries. Specifically, they may only detect adversaries that do not attempt to get additional knowledge about the system dynamics. An analysis about the performance of a specific stationary watermark-based fault detector is presented. A new threat model is assumed, in which adversaries may now infer system dynamics by correlating both cyber and physical data. The goal of such adversaries is to evade detection. Under this new threat model, adversaries can now evade detection with high probability. To handle the issue, an extended strategy is presented. The idea is to transform the classical (stationary) approach into a non-stationary watermark-based detector. The new design is shown to handle the extended threat model. It is also shown new ways to combine control and communication strategies, to boost the detection performance. The new solutions are validated using both numeric simulations and cyber-physical testbeds. Ideas for future work are also presented.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Notice that we expressly use the term alarms to point out towards suspicious events; and alerts to point out to events likely to be associated with malicious attacks.

References

  1. J. Åkerberg, M. Björkman, Exploring network security in PROFIsafe, in Computer Safety, Reliability, and Security: 28th International Conference, SAFECOMP 2009, Hamburg, Germany, September 15–18, 2009. Proceedings (Springer, Berlin, Heidelberg, 2009), pp. 67–80

    Google Scholar 

  2. A. Arvani, V.S. Rao, Detection and protection against intrusions on smart grid systems. Int. J. Cyber Secur. Digit. Forensics (IJCSDF) 3(1), 38–48 (2014)

    Google Scholar 

  3. R. Baheti, H. Gill, Cyber-physical systems. Impact Control Technol. 12, 161–166 (2011)

    Google Scholar 

  4. P. Barbosa, A. Brito, H. Almeida, S. Clauß, Lightweight privacy for smart metering data by adding noise, in Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC ’14 (ACM, New York, NY, USA, 2014), pp. 531–538

    Google Scholar 

  5. M. Barenthin Syberg, Complexity Issues, Validation and Input Design for Control in System Identification. PhD thesis, KTH School of Electrical Engineering, Stockholm, Sweden, 2008

    Google Scholar 

  6. S. Brown, Functional safety of electrical/electronic/programmable electronic safety related systems. Comput. Control Eng. J. 11(11), 14 (2000)

    Google Scholar 

  7. B. Brumback, M. Srinath, A chi-square test for fault-detection in Kalman filters. IEEE Trans. Autom. Control 32(6), 552–554 (1987)

    Article  MATH  Google Scholar 

  8. A.A. Cardenas, S. Amin, S. Sastry, Secure control: Towards survivable cyber-physical systems, in The 28th International Conference on Distributed Computing Systems Workshops (IEEE, 2008), pp. 495–500

    Google Scholar 

  9. A.A. Cardenas, S. Amin, B. Sinopoli, A. Giani, A. Perrig, S. Sastry, Challenges for securing cyber physical systems, in Workshop on Future Directions in Cyber-Physical Systems Security (DHS, 2009), p. 7

    Google Scholar 

  10. R. Chabukswar, Secure Detection in Cyberphysical Control Systems. PhD thesis, Department of Electrical and Computer Engineering, Carnegie Mellon University, Pittsburgh, PA, May 2014

    Google Scholar 

  11. D. Corman, V. Pillitteri, S. Tousley, M. Tehranipoor, U. Lindqvist, NITRD cyber-physical security panel, in 35th IEEE Symposium on Security and Privacy, IEEE SP 2014, San Jose, CA, USA, May 18–21

    Google Scholar 

  12. K. Curtis, A DNP3 protocol primer. A basic technical overview of the protocol (2005). http://www.dnp.org/AboutUs/DNP3%20Primer%20Rev%20A.pdf, Last access: October 2016

  13. V.L. Do, L. Fillatre, I. Nikiforov, A statistical method for detecting cyber/physical attacks on SCADA systems, in 2014 IEEE Conference on Control Applications (CCA) (Juan Les Antibes, France, 2014), pp. 364–369

    Google Scholar 

  14. N. Falliere, L.O. Murchu, E. Chien, W32. Stuxnet Dossier. White Paper Symantec Corp. Secur. Res. 5, 6 (2011)

    Google Scholar 

  15. P. Griffioen, S. Weerakkody, B. Sinopoli, A moving target defense for securing cyber-physical systems. IEEE Trans. Autom. Control 66(5), 2016–2031 (2021)

    Article  MathSciNet  MATH  Google Scholar 

  16. Group REI-cyber, La Cybersécurité des Réseaux Electriques Intelligents. White book. La Revue de l’Electricité et de l’Electronique (REE), February 2016

    Google Scholar 

  17. D. Han, Y. Mo, J. Wu, S. Weerakkody, B. Sinopoli, L. Shi, Stochastic event-triggered sensor schedule for remote state estimation. IEEE Trans. Autom. Control 60(10), 2661–2675 (2015)

    Article  MathSciNet  MATH  Google Scholar 

  18. W. Heemels, M. Donkers, A.R. Teel, Periodic event-triggered control for linear systems. IEEE Trans. Autom. Control 58(4), 847–861 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  19. J. Lee, B. Bagheri, H.-A. Kao, A cyber-physical systems architecture for Industry 4.0-based manufacturing systems. Manufacturing Letters 3, 18–23 (2015)

    Google Scholar 

  20. L. Ljung, Perspectives on system identification. Annu. Rev. Control 34(1), 1–12 (2010)

    Article  Google Scholar 

  21. Y. Mo, B. Sinopoli, Secure control against replay attacks, in 47th Annual Allerton Conference on Communication, Control, and Computing (IEEE, Monticello, IL, USA, 2009), pp. 911–918

    Google Scholar 

  22. Y. Mo, T. H.-J. Kim, K. Brancik, D. Dickinson, H. Lee, A. Perrig, B. Sinopoli, Cyber-physical security of a smart grid infrastructure. Proc. IEEE 100(1), 195–209 (2012)

    Article  Google Scholar 

  23. Y. Mo, R. Chabukswar, B. Sinopoli, Detecting integrity attacks on SCADA systems. IEEE Trans. Control Syst. Technol. 22(4), 1396–1407 (2014)

    Article  Google Scholar 

  24. Y. Mo, S. Weerakkody, B. Sinopoli, Physical authentication of control systems: designing watermarked control inputs to detect counterfeit sensor outputs. IEEE Control Syst. 35(1), 93–109 (2015)

    Article  MathSciNet  Google Scholar 

  25. Modbus Organization, Official Modbus Specifications (2016). http://www.modbus.org/specs.php, Last access: October 2016

  26. S.Y. Nam, D. Kim, J. Kim, et al., Enhanced ARP: preventing ARP poisoning-based man-in-the-middle attacks. IEEE Commun. Lett. 14(2), 187–189 (2010)

    Article  Google Scholar 

  27. H. Natke, System identification: Torsten Söderström and Petre Stoica. Automatica 28(5), 1069–1071 (1992)

    Article  Google Scholar 

  28. T. Roth, B. McMillin, Physical attestation in the smart grid for distributed state verification. IEEE Trans. Dependable Secure Comput., PP(99) (2016)

    Google Scholar 

  29. J. Rubio-Hernan, L. De Cicco, J. Garcia-Alfaro, On the use of watermark-based schemes to detect cyber-physical attacks. EURASIP J. Inf. Secur. 2017(1), 8 (2017)

    Google Scholar 

  30. J. Salt, V. Casanova, A. Cuenca, R. Pizá, Sistemas de Control Basados en Red Modelado y Diseño de Estructuras de Control. Revista Iberoamericana de Automática e Informática Industrial RIAI 5(3), 5–20 (2008)

    Article  Google Scholar 

  31. S. Tripathi, M.A. Ikbal, Step size optimization of LMS algorithm using aunt colony optimization & its comparison with particle swarm optimization algorithm in system identification. Int. Res. J. Eng. Technol. (IRJET) 2, 599–605 (2015)

    Google Scholar 

  32. S. Weyer, M. Schmitt, M. Ohmer, D. Gorecky, Towards industry 4.0 - standardization as the crucial challenge for highly modular, multi-vendor production systems. IFAC-PapersOnLine 48(3), 579–584 (2015)

    Google Scholar 

  33. Y. Zhang, F. Xie, Y. Dong, G. Yang, X. Zhou, High fidelity virtualization of cyber-physical systems. Int. J. Model. Simul. Sci. Comput. 4(2), 1340005 (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Télécom SudParis, SAMOVAR, Institut Polytechnique de Paris, Palaiseau, France

    Jose Rubio-Hernan & Joaquin Garcia-Alfaro

  2. Dipartimento di Ingegneria Elettrica e dell’Informazione, Bari, Italy

    Luca De Cicco

Authors
  1. Jose Rubio-Hernan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Luca De Cicco
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Joaquin Garcia-Alfaro
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jose Rubio-Hernan .

Editor information

Editors and Affiliations

  1. University of Detroit Mercy, Detroit, MI, USA

    Kevin Daimi

  2. Kent Institute Australia, Sydney, NSW, Australia

    Abeer Alsadoon

  3. Ulster University, Ulster, UK

    Cathryn Peoples

  4. EPITA Engineering School, Paris, France

    Nour El Madhoun

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Rubio-Hernan, J., De Cicco, L., Garcia-Alfaro, J. (2023). Non-stationary Watermark-Based Attack Detection to Protect Cyber-Physical Control Systems. In: Daimi, K., Alsadoon, A., Peoples, C., El Madhoun, N. (eds) Emerging Trends in Cybersecurity Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-09640-2_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-09640-2_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-09639-6

  • Online ISBN: 978-3-031-09640-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation