An impact-aware defense against Stuxnet

The Stuxnet worm is a sophisticated malware designed to sabotage industrial control systems (ICSs). It exploits vulnerabilities in removable drives, local area communication networks, and programmable logic controllers (PLCs) to penetrate the process control network (PCN) and the control system network (CSN). Stuxnet was successful in penetrating the control system network and sabotaging industrial control processes since the targeted control systems lacked security mechanisms for verifying message integrity and source authentication. In this work, we propose a novel proactive defense system framework, in which commands from the system operator to the PLC are authenticated using a randomized set of cryptographic keys. The framework leverages cryptographic analysis and control-and game-theoretic methods to quantify the impact of malicious commands on the performance of the physical plant. We derive the worst-case optimal randomization strategy as a saddle-point equilibrium of a game between an adversary attempting to insert commands and the system operator, and show that the proposed scheme can achieve arbitrarily low adversary success probability for a sufficiently large number of keys. We evaluate our proposed scheme, using a linear-quadratic regulator (LQR) as a case study, through theoretical and numerical analysis.

[1]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.

[2]  Quanyan Zhu,et al.  Robust and resilient control design for cyber-physical systems with an application to power systems , 2011, IEEE Conference on Decision and Control and European Control Conference.

[3]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[4]  Quanyan Zhu,et al.  Towards a unifying security framework for cyber-physical systems , 2011 .

[5]  Angelos D. Keromytis,et al.  Smashing the Gadgets: Hindering Return-Oriented Programming Using In-place Code Randomization , 2012, 2012 IEEE Symposium on Security and Privacy.

[6]  David M. Nicol,et al.  An event buffer flooding attack in DNP3 controlled SCADA systems , 2011, Proceedings of the 2011 Winter Simulation Conference (WSC).

[7]  T. Başar,et al.  Dynamic Noncooperative Game Theory , 1982 .

[8]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[9]  Rakesh Bobba,et al.  PBES: a policy based encryption system with application to data sharing in the power grid , 2009, ASIACCS '09.

[10]  Roberto Tempo,et al.  Probabilistic robust design with linear quadratic regulators , 2001, Syst. Control. Lett..

[11]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[12]  Quanyan Zhu,et al.  A hierarchical security architecture for cyber-physical systems , 2011, 2011 4th International Symposium on Resilient Control Systems.

[13]  Robert Avag,et al.  Did Stuxnet Take Out 1,000 Centrifuges at the Natanz Enrichment Plant? | Institute for Science and International Security , 2010 .

[14]  Karl Henrik Johansson,et al.  Cyber security analysis of state estimators in electric power systems , 2010, 49th IEEE Conference on Decision and Control (CDC).

[15]  Helge Janicke,et al.  SCADA security in the light of Cyber-Warfare , 2012, Comput. Secur..