Secure Cyber-Physical Systems: Current trends, tools and open research problems

To understand and identify the attack surfaces of a Cyber-Physical System (CPS) is an essential step towards ensuring its security. The growing complexity of the cybernetics and the interaction of independent domains such as avionics, robotics and automotive is a major hindrance against a holistic view CPS. Furthermore, proliferation of communication networks have extended the reach of CPS from a user-centric single platform to a widely distributed network, often connecting to critical infrastructure, e.g., through smart energy initiative. In this manuscript, we reflect on this perspective and provide a review of current security trends and tools for secure CPS. We emphasize on both the design and execution flows and particularly highlight the necessity of efficient attack surface detection. We provide a detailed characterization of attacks reported on different cyber-physical systems, grouped according to their application domains, attack complexity, attack source and impact. Finally, we review the current tools, point out their inadequacies and present a roadmap of future research.

[1]  Neal Leavitt,et al.  Researchers Fight to Keep Implanted Medical Devices Safe from Hackers , 2010, Computer.

[2]  Arvind Easwaran,et al.  A systematic security analysis of real-time cyber-physical systems , 2017, 2017 22nd Asia and South Pacific Design Automation Conference (ASP-DAC).

[3]  Katherine R. Davis,et al.  Power flow cyber attacks and perturbation-based defense , 2012, 2012 IEEE Third International Conference on Smart Grid Communications (SmartGridComm).

[4]  Yunwei Dong,et al.  Hybrid annex: an AADL extension for continuous behavior and cyber-physical interaction modeling , 2014, HILT '14.

[5]  Edward A. Lee,et al.  Modeling Cyber–Physical Systems , 2012, Proceedings of the IEEE.

[6]  Laurent Ciarletta,et al.  Multi-agent Multi-Model Simulation of Smart Grids in the MS4SG Project , 2015, PAAMS.

[7]  H.-S. Philip Wong,et al.  TPAD: Hardware Trojan Prevention and Detection for Trusted Integrated Circuits , 2015, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[8]  Bruno Sinopoli,et al.  Challenges for Securing Cyber Physical Systems , 2009 .

[9]  Siu-Ming Yiu,et al.  Security Issues and Challenges for Cyber Physical System , 2010, 2010 IEEE/ACM Int'l Conference on Green Computing and Communications & Int'l Conference on Cyber, Physical and Social Computing.

[10]  Paulo Tabuada,et al.  Sound and complete state estimation for linear dynamical systems under sensor attacks using Satisfiability Modulo Theory solving , 2015, 2015 American Control Conference (ACC).

[11]  Florian Dörfler,et al.  Attack Detection and Identification in Cyber-Physical Systems -- Part II: Centralized and Distributed Monitor Design , 2012, ArXiv.

[12]  Paulo Tabuada,et al.  Non-invasive Spoofing Attacks for Anti-lock Braking Systems , 2013, CHES.

[13]  Heng Yin,et al.  Panorama: capturing system-wide information flow for malware detection and analysis , 2007, CCS '07.

[14]  Bruce Schneier,et al.  Toward a secure system engineering methodolgy , 1998, NSPW '98.

[15]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[16]  Ronald S. Ross,et al.  Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems [including updates as of 3-21-2018] , 2018 .

[17]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[18]  Edward A. Lee,et al.  Modeling and simulating cyber-physical systems using CyPhySim , 2015, 2015 International Conference on Embedded Software (EMSOFT).

[19]  Wei He,et al.  Bypassing Parity Protected Cryptography using Laser Fault Injection in Cyber-Physical System , 2016, CPSS@AsiaCCS.

[20]  Swarup Bhunia,et al.  Security Against Hardware Trojan Attacks Using Key-Based Design Obfuscation , 2011, J. Electron. Test..

[21]  Henrik Sandberg,et al.  Survey and New Directions for Physics-Based Attack Detection in Control Systems , 2016 .

[22]  Qi Zhu,et al.  Design and Operation of Secure Cyber-Physical Systems , 2015, IEEE Embedded Systems Letters.

[23]  Shuang Huang,et al.  Cyber-physical system security for networked industrial processes , 2015, Int. J. Autom. Comput..

[24]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[25]  Mark Mohammad Tehranipoor,et al.  A low-cost solution for protecting IPs against scan-based side-channel attacks , 2006, 24th IEEE VLSI Test Symposium.

[26]  David M. Nicol,et al.  Designed-in Security for Cyber-Physical Systems , 2014, IEEE Secur. Priv..

[27]  Zhuo Lu,et al.  Cyber security in the Smart Grid: Survey and challenges , 2013, Comput. Networks.

[28]  Arquimedes Canedo,et al.  Acoustic Side-Channel Attacks on Additive Manufacturing Systems , 2016, 2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS).

[29]  Prabhat Mishra,et al.  Trace Buffer Attack: Security versus observability study in post-silicon debug , 2015, 2015 IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC).

[30]  David Broman,et al.  Viewpoints, formalisms, languages, and tools for cyber-physical systems , 2012, MPM '12.

[31]  Kevin Fu,et al.  Design challenges for secure implantable medical devices , 2012, DAC Design Automation Conference 2012.

[32]  Dieter Gollmann,et al.  Cyber-Physical Systems Security: Experimental Analysis of a Vinyl Acetate Monomer Plant , 2015, CPSS@ASIACSS.

[33]  Todd E. Humphreys,et al.  Attackers can spoof navigation signals without our knowledge. Here's how to fight back GPS lies , 2016, IEEE Spectrum.

[34]  Manfred Pinkal,et al.  Acoustic Side-Channel Attacks on Printers , 2010, USENIX Security Symposium.

[35]  Roman L. Lysecky,et al.  Security challenges for medical devices , 2015, Commun. ACM.

[36]  Michael X. Delli Carpini In the Matter of exemption to prohibition on circumvention of copyright protection systems for access control technologies , 2008 .

[37]  Todd E. Humphreys,et al.  Unmanned Aircraft Capture and Control Via GPS Spoofing , 2014, J. Field Robotics.

[38]  S. Shankar Sastry,et al.  A Taxonomy of Cyber Attacks on SCADA Systems , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.