Gamifying Education and Research on ICS Security: Design, Implementation and Results of S3

In this work, we consider challenges relating to security for Industrial Control Systems (ICS) in the context of ICS security education and research targeted both to academia and industry. We propose to address those challenges through gamified attack training and countermeasure evaluation. We tested our proposed ICS security gamification idea in the context of the (to the best of our knowledge) first Capture-The-Flag (CTF) event targeted to ICS security called SWaT Security Showdown (S3). Six teams acted as attackers in a security competition leveraging an ICS testbed, with several academic defense systems attempting to detect the ongoing attacks. The event was conducted in two phases. The online phase (a jeopardy-style CTF) served as a training session. The live phase was structured as an attack-defense CTF. We acted as judges and we assigned points to the attacker teams according to a scoring system that we developed internally based on multiple factors, including realistic attacker models. We conclude the paper with an evaluation and discussion of the S3, including statistics derived from the data collected in each phase of S3.

[1]  Nils Ole Tippenhauer,et al.  MiniCPS: A Toolkit for Security Research on CPS Networks , 2015, CPS-SPC@CCS.

[2]  Karl M. Kapp,et al.  A Gamified Approach on Learning Logic Gates to Improve Student’s Engagement , 2012, IOP Conference Series: Materials Science and Engineering.

[3]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.

[4]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2009, CCS.

[5]  Giovanni Vigna,et al.  Organizing Large Scale Hacking Competitions , 2010, DIMVA.

[6]  John Viega,et al.  Defcon Capture the Flag: defending vulnerable code from intense attack , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[7]  Peter Kuper,et al.  The State of Security , 2005, IEEE Secur. Priv..

[8]  Gerhard P Hancke,et al.  Introduction to Industrial Control Networks , 2013, IEEE Communications Surveys & Tutorials.

[9]  Derek Harp,et al.  The State of Security in Control Systems Today , 2015 .

[10]  Floris. A. Schoenmakers Contradicting paradigms of control systems security: how fundamental differences cause conflicts , 2013 .

[11]  Andrew Ruef,et al.  Build It, Break It, Fix It: Contesting Secure Development , 2016, CCS.

[12]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[13]  H.A.M. Luiijf,et al.  Cyber Security of Industrial Control Systems , 2015 .

[14]  Sridhar Adepu,et al.  An Investigation into the Response of a Water Treatment System to Cyber Attacks , 2016, 2016 IEEE 17th International Symposium on High Assurance Systems Engineering (HASE).

[15]  Sridhar Adepu,et al.  Detecting Multi-Point Attacks in a Water Treatment System Using Intermittent Control Actions , 2016, SG-CRC.

[16]  Bruno Sinopoli,et al.  Detecting integrity attacks on control systems using robust physical watermarking , 2014, 53rd IEEE Conference on Decision and Control.

[17]  Ahmad-Reza Sadeghi,et al.  Security and privacy challenges in industrial Internet of Things , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[18]  Martin Mink,et al.  Evaluation of the Offensive Approach in Information Security Education , 2010, SEC.

[19]  Alvaro A. Cárdenas,et al.  Attacking Fieldbus Communications in ICS: Applications to the SWaT Testbed , 2016, SG-CRC.

[20]  Eric A. M. Luiijf Cyber (In-)security of Industrial Control Systems: A Societal Challenge , 2015, SAFECOMP.

[21]  Naixue Xiong,et al.  Real Time MODBUS Transmissions and Cryptography Security Designs and Enhancements of Protocol Sensitive Information , 2015, Symmetry.

[22]  Nils Ole Tippenhauer,et al.  On Attacker Models and Profiles for Cyber-Physical Systems , 2016, ESORICS.

[23]  Dan Boneh,et al.  Webseclab Security Education Workbench , 2010, CSET.

[24]  Nils Ole Tippenhauer,et al.  Towards High-Interaction Virtual ICS Honeypots-in-a-Box , 2016, CPS-SPC '16.

[25]  Nickolai Zeldovich,et al.  Experiences in Cyber Security Education: The MIT Lincoln Laboratory Capture-the-Flag Exercise , 2011, CSET.

[26]  Giovanni Vigna Teaching Network Security Through Live Exercises , 2003, World Conference on Information Security Education.

[27]  John L. Clark,et al.  Capture-the-Flag: Learning Computer Security Under Fire , 2004 .

[28]  Jill Slay,et al.  Lessons Learned from the Maroochy Water Breach , 2007, Critical Infrastructure Protection.

[29]  Daniel Jackson,et al.  Model-Based Security Analysis of a Water Treatment System , 2016, 2016 IEEE/ACM 2nd International Workshop on Software Engineering for Smart Cyber-Physical Systems (SEsCPS).

[30]  John W. Rice,et al.  The Gamification of Learning and Instruction: Game-Based Methods and Strategies for Training and Education , 2012, Int. J. Gaming Comput. Mediat. Simulations.