论文信息 - Formal Security Verification of Industry 4.0 Applications

Formal Security Verification of Industry 4.0 Applications

Without appropriate counter-measures, cyber-attacks can exploit the increased system connectivity provided by Industry 4.0 (I4.0) to cause catastrophic events, by, e.g., injecting or tampering with messages. The solution supported by standards, such as, OPC-UA, is to sign or encrypt messages. However, given the limited resources of devices, instead of encrypting all messages in the network, it is better to encrypt only the messages that if tampered with or injected, could lead to undesired configurations. This paper describes the use of formal verification to analyse the security of I4.0 applications. We formalize in Rewriting Logic, I4.0 applications and systems, i.e., networked sets of devices, and a symbolic intruder model. Our formalization can be executed by the tool Maude to automate such security analysis, e.g., determine which messages are sufficient to sign in order avoid injection and tampering attacks.

Carolyn Talcott | Vivek Nigam | C. Talcott | Vivek Nigam

[1] Gavin Lowe,et al. Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[2] K. Pattabiraman,et al. IOT : Formal Security Analysis of Smart Embedded Systems , 2016 .

[3] John A. Clark,et al. A Survey of Authentication Protocol Literature , 2010 .

[4] John A. Clark,et al. A survey of authentication protocol literature: Version 1.0 , 1997 .

[5] Narciso Martí-Oliet,et al. All About Maude - A High-Performance Logical Framework, How to Specify, Program and Verify Systems in Rewriting Logic , 2007, All About Maude.

[6] José Meseguer,et al. Conditioned Rewriting Logic as a United Model of Concurrency , 1992, Theor. Comput. Sci..

[7] José Meseguer,et al. Twenty years of rewriting logic , 2010, J. Log. Algebraic Methods Program..

[8] Danny Dolev,et al. On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[9] Armin Biere,et al. Bounded model checking , 2003, Adv. Comput..

[10] Patrick D. McDaniel,et al. Soteria: Automated IoT Safety and Security Analysis , 2018, USENIX Annual Technical Conference.

[11] Riccardo Muradore,et al. A Formal Approach to Cyber-Physical Attacks , 2016, 2017 IEEE 30th Computer Security Foundations Symposium (CSF).

[12] Sebastian Mödersheim,et al. OFMC: A Symbolic Model-Checker for Security Protocols , 2004 .