Abstract
This chapter addresses security issues in cyber-physical industrial systems. Attacks against these systems shall be handled both in terms of safety and security. Networked control technologies imposed by industrial standards already cover the safety dimension. From a security standpoint, the literature has shown that using only cyber information to handle the security of cyber-physical systems is not sufficient, since physical malicious actions, that can threaten the correct performance of the systems, are ignored. For this reason, cyber-physical systems should be protected from threats to their cyber and physical layers. Some authors handle the attacks by using physical attestations of the underlying processes. For instance, the use of physical watermarking can complement the protection techniques at the cyber layer, in order to ensure the truthfulness of the process. These detectors work properly if the adversaries do not have enough knowledge to mislead cross-layer (e.g., cyber and physical) data. Nevertheless, adversaries able to acquire enough knowledge from both layers may evade detection.
The solutions listed in this chapter handle those aforementioned limitations. The chapter starts by showing shortcomings of classical stationary watermark-based fault detectors, extended to detect, in addition to failures, malicious actions. It is shown that classical stationary watermark-based detectors are unable to identify cyber-physical adversaries. Specifically, they may only detect adversaries that do not attempt to get additional knowledge about the system dynamics. An analysis about the performance of a specific stationary watermark-based fault detector is presented. A new threat model is assumed, in which adversaries may now infer system dynamics by correlating both cyber and physical data. The goal of such adversaries is to evade detection. Under this new threat model, adversaries can now evade detection with high probability. To handle the issue, an extended strategy is presented. The idea is to transform the classical (stationary) approach into a non-stationary watermark-based detector. The new design is shown to handle the extended threat model. It is also shown new ways to combine control and communication strategies, to boost the detection performance. The new solutions are validated using both numeric simulations and cyber-physical testbeds. Ideas for future work are also presented.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Notice that we expressly use the term alarms to point out towards suspicious events; and alerts to point out to events likely to be associated with malicious attacks.
References
J. Åkerberg, M. Björkman, Exploring network security in PROFIsafe, in Computer Safety, Reliability, and Security: 28th International Conference, SAFECOMP 2009, Hamburg, Germany, September 15–18, 2009. Proceedings (Springer, Berlin, Heidelberg, 2009), pp. 67–80
A. Arvani, V.S. Rao, Detection and protection against intrusions on smart grid systems. Int. J. Cyber Secur. Digit. Forensics (IJCSDF) 3(1), 38–48 (2014)
R. Baheti, H. Gill, Cyber-physical systems. Impact Control Technol. 12, 161–166 (2011)
P. Barbosa, A. Brito, H. Almeida, S. Clauß, Lightweight privacy for smart metering data by adding noise, in Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC ’14 (ACM, New York, NY, USA, 2014), pp. 531–538
M. Barenthin Syberg, Complexity Issues, Validation and Input Design for Control in System Identification. PhD thesis, KTH School of Electrical Engineering, Stockholm, Sweden, 2008
S. Brown, Functional safety of electrical/electronic/programmable electronic safety related systems. Comput. Control Eng. J. 11(11), 14 (2000)
B. Brumback, M. Srinath, A chi-square test for fault-detection in Kalman filters. IEEE Trans. Autom. Control 32(6), 552–554 (1987)
A.A. Cardenas, S. Amin, S. Sastry, Secure control: Towards survivable cyber-physical systems, in The 28th International Conference on Distributed Computing Systems Workshops (IEEE, 2008), pp. 495–500
A.A. Cardenas, S. Amin, B. Sinopoli, A. Giani, A. Perrig, S. Sastry, Challenges for securing cyber physical systems, in Workshop on Future Directions in Cyber-Physical Systems Security (DHS, 2009), p. 7
R. Chabukswar, Secure Detection in Cyberphysical Control Systems. PhD thesis, Department of Electrical and Computer Engineering, Carnegie Mellon University, Pittsburgh, PA, May 2014
D. Corman, V. Pillitteri, S. Tousley, M. Tehranipoor, U. Lindqvist, NITRD cyber-physical security panel, in 35th IEEE Symposium on Security and Privacy, IEEE SP 2014, San Jose, CA, USA, May 18–21
K. Curtis, A DNP3 protocol primer. A basic technical overview of the protocol (2005). http://www.dnp.org/AboutUs/DNP3%20Primer%20Rev%20A.pdf, Last access: October 2016
V.L. Do, L. Fillatre, I. Nikiforov, A statistical method for detecting cyber/physical attacks on SCADA systems, in 2014 IEEE Conference on Control Applications (CCA) (Juan Les Antibes, France, 2014), pp. 364–369
N. Falliere, L.O. Murchu, E. Chien, W32. Stuxnet Dossier. White Paper Symantec Corp. Secur. Res. 5, 6 (2011)
P. Griffioen, S. Weerakkody, B. Sinopoli, A moving target defense for securing cyber-physical systems. IEEE Trans. Autom. Control 66(5), 2016–2031 (2021)
Group REI-cyber, La Cybersécurité des Réseaux Electriques Intelligents. White book. La Revue de l’Electricité et de l’Electronique (REE), February 2016
D. Han, Y. Mo, J. Wu, S. Weerakkody, B. Sinopoli, L. Shi, Stochastic event-triggered sensor schedule for remote state estimation. IEEE Trans. Autom. Control 60(10), 2661–2675 (2015)
W. Heemels, M. Donkers, A.R. Teel, Periodic event-triggered control for linear systems. IEEE Trans. Autom. Control 58(4), 847–861 (2013)
J. Lee, B. Bagheri, H.-A. Kao, A cyber-physical systems architecture for Industry 4.0-based manufacturing systems. Manufacturing Letters 3, 18–23 (2015)
L. Ljung, Perspectives on system identification. Annu. Rev. Control 34(1), 1–12 (2010)
Y. Mo, B. Sinopoli, Secure control against replay attacks, in 47th Annual Allerton Conference on Communication, Control, and Computing (IEEE, Monticello, IL, USA, 2009), pp. 911–918
Y. Mo, T. H.-J. Kim, K. Brancik, D. Dickinson, H. Lee, A. Perrig, B. Sinopoli, Cyber-physical security of a smart grid infrastructure. Proc. IEEE 100(1), 195–209 (2012)
Y. Mo, R. Chabukswar, B. Sinopoli, Detecting integrity attacks on SCADA systems. IEEE Trans. Control Syst. Technol. 22(4), 1396–1407 (2014)
Y. Mo, S. Weerakkody, B. Sinopoli, Physical authentication of control systems: designing watermarked control inputs to detect counterfeit sensor outputs. IEEE Control Syst. 35(1), 93–109 (2015)
Modbus Organization, Official Modbus Specifications (2016). http://www.modbus.org/specs.php, Last access: October 2016
S.Y. Nam, D. Kim, J. Kim, et al., Enhanced ARP: preventing ARP poisoning-based man-in-the-middle attacks. IEEE Commun. Lett. 14(2), 187–189 (2010)
H. Natke, System identification: Torsten Söderström and Petre Stoica. Automatica 28(5), 1069–1071 (1992)
T. Roth, B. McMillin, Physical attestation in the smart grid for distributed state verification. IEEE Trans. Dependable Secure Comput., PP(99) (2016)
J. Rubio-Hernan, L. De Cicco, J. Garcia-Alfaro, On the use of watermark-based schemes to detect cyber-physical attacks. EURASIP J. Inf. Secur. 2017(1), 8 (2017)
J. Salt, V. Casanova, A. Cuenca, R. Pizá, Sistemas de Control Basados en Red Modelado y Diseño de Estructuras de Control. Revista Iberoamericana de Automática e Informática Industrial RIAI 5(3), 5–20 (2008)
S. Tripathi, M.A. Ikbal, Step size optimization of LMS algorithm using aunt colony optimization & its comparison with particle swarm optimization algorithm in system identification. Int. Res. J. Eng. Technol. (IRJET) 2, 599–605 (2015)
S. Weyer, M. Schmitt, M. Ohmer, D. Gorecky, Towards industry 4.0 - standardization as the crucial challenge for highly modular, multi-vendor production systems. IFAC-PapersOnLine 48(3), 579–584 (2015)
Y. Zhang, F. Xie, Y. Dong, G. Yang, X. Zhou, High fidelity virtualization of cyber-physical systems. Int. J. Model. Simul. Sci. Comput. 4(2), 1340005 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Rubio-Hernan, J., De Cicco, L., Garcia-Alfaro, J. (2023). Non-stationary Watermark-Based Attack Detection to Protect Cyber-Physical Control Systems. In: Daimi, K., Alsadoon, A., Peoples, C., El Madhoun, N. (eds) Emerging Trends in Cybersecurity Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-09640-2_16
Download citation
DOI: https://doi.org/10.1007/978-3-031-09640-2_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-09639-6
Online ISBN: 978-3-031-09640-2
eBook Packages: Computer ScienceComputer Science (R0)