Integrating redundancy, diversity, and hardening to improve security of industrial internet of things

ABSTRACT As the Industrial Internet of Things (IIoT) becomes more ubiquitous in critical application domains, such as smart water-distribution and transportation systems, providing security and resilience against cyber-attacks grows into an issue of utmost importance. Cyber-attacks against critical infrastructure pose significant threats to public health and safety. To alleviate the severity of these threats, various security techniques are available, including redundancy, diversity, and hardening. However, no single technique can address the whole spectrum of cyber-attacks that may be launched by a determined and resourceful attacker. In light of this, we consider a multi-pronged approach that integrates redundancy (deploying additional components and devices), diversity (using multiple implementation variants), and hardening (reinforcing individual components) techniques for designing secure and resilient IIoT systems. We introduce a framework for quantifying cyber-security risks and optimizing IIoT design. We show that finding optimal designs is an NP-hard problem, and then present an efficient meta-heuristic algorithm that finds near optimal designs in practice. To demonstrate the applicability of our framework, we present two case studies in water-distribution and transportation systems. Our numerical evaluation shows that integrating redundancy, diversity, and hardening can lead to reduced security risks at the same cost.

[1]  Yuval Tassa,et al.  Continuous control with deep reinforcement learning , 2015, ICLR.

[2]  Zhen Ni,et al.  A Multistage Game in Smart Grid Security: A Reinforcement Learning Solution , 2019, IEEE Transactions on Neural Networks and Learning Systems.

[3]  Peng Liu,et al.  Secure Information Aggregation for Smart Grids Using Homomorphic Encryption , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[4]  Saurabh Amin,et al.  A network interdiction model for analyzing the vulnerability of water distribution systems , 2014, HiCoNS.

[5]  William W. Streilein,et al.  Finding Focus in the Blur of Moving-Target Techniques , 2014, IEEE Security & Privacy.

[6]  Xi Fang,et al.  3. Full Four-channel 6.3-gb/s 60-ghz Cmos Transceiver with Low-power Analog and Digital Baseband Circuitry 7. Smart Grid — the New and Improved Power Grid: a Survey , 2022 .

[7]  Tyler Moore,et al.  The Economics of Information Security , 2006, Science.

[8]  Wu He,et al.  Internet of Things in Industries: A Survey , 2014, IEEE Transactions on Industrial Informatics.

[9]  Alagan Anpalagan,et al.  Network Challenges for Cyber Physical Systems with Tiny Wireless Devices: A Case Study on Reliable Pipeline Condition Monitoring , 2015, Sensors.

[10]  George Suciu,et al.  Unified Intelligent Water Management Using Cyberinfrastructures Based on Cloud Computing and IoT , 2017, 2017 21st International Conference on Control Systems and Computer Science (CSCS).

[11]  Mourad Debbabi,et al.  An aspect-oriented approach for the systematic security hardening of code , 2008, Comput. Secur..

[12]  Saurabh Amin,et al.  Sensor placement for fault location identification in water networks: A minimum test cover approach , 2015, Autom..

[13]  Michael M. May,et al.  How much is enough? A risk management approach to computer security , 2000 .

[14]  Furong Li,et al.  Battling the Extreme: A Study on the Power System Resilience , 2017, Proceedings of the IEEE.

[15]  Ross Anderson,et al.  Who Controls the off Switch? , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[16]  Yogesh L. Simmhan,et al.  An Analysis of Security and Privacy Issues in Smart Grid Software Architectures on Clouds , 2011, 2011 IEEE 4th International Conference on Cloud Computing.

[17]  Adriano Valenzano,et al.  Review of Security Issues in Industrial Networks , 2013, IEEE Transactions on Industrial Informatics.

[18]  Okyay Kaynak,et al.  Industrial Cyberphysical Systems: A Backbone of the Fourth Industrial Revolution , 2017, IEEE Industrial Electronics Magazine.

[19]  Jill Slay,et al.  Lessons Learned from the Maroochy Water Breach , 2007, Critical Infrastructure Protection.

[20]  Shreyas Sundaram,et al.  Resilient Asymptotic Consensus in Robust Networks , 2013, IEEE Journal on Selected Areas in Communications.

[21]  Alan J. Michaels,et al.  Framework for Evaluating the Severity of Cybervulnerability of a Traffic Cabinet , 2017 .

[22]  Heejo Lee,et al.  This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination. INVITED PAPER Cyber–Physical Security of a Smart Grid Infrastructure , 2022 .

[23]  Yi Xu,et al.  A survey on the communication architectures in smart grid , 2011, Comput. Networks.

[24]  Sehwan Kim,et al.  Remote structural health monitoring systems for next generation SCADA , 2013 .

[25]  Xinyu Yang,et al.  On Optimal PMU Placement-Based Defense Against Data Integrity Attacks in Smart Grid , 2017, IEEE Transactions on Information Forensics and Security.

[26]  Kun Yang,et al.  A Random Road Network Model for Mobility Modeling in Mobile Delay-Tolerant Networks , 2012, 2012 8th International Conference on Mobile Ad-hoc and Sensor Networks (MSN).

[27]  Athanasios K. Ziliaskopoulos,et al.  A Linear Programming Model for the Single Destination System Optimum Dynamic Traffic Assignment Problem , 2000, Transp. Sci..

[28]  C. Daganzo THE CELL TRANSMISSION MODEL.. , 1994 .

[29]  Gary McGraw,et al.  Software Penetration Testing , 2005, IEEE Secur. Priv..

[30]  Bo Fu,et al.  SCADA communication and security issues , 2014, Secur. Commun. Networks.

[31]  Chao Gao,et al.  Security Vulnerabilities of Internet of Things: A Case Study of the Smart Plug System , 2017, IEEE Internet of Things Journal.

[32]  Thomas P. von Hoff,et al.  Security for Industrial Communication Systems , 2005, Proceedings of the IEEE.

[33]  Carlos F. Daganzo,et al.  THE CELL TRANSMISSION MODEL, PART II: NETWORK TRAFFIC , 1995 .

[34]  Xavier Litrico,et al.  Cyber Security of Water SCADA Systems—Part I: Analysis and Experimentation of Stealthy Deception Attacks , 2013, IEEE Transactions on Control Systems Technology.

[35]  Aditya P. Mathur,et al.  WADI: a water distribution testbed for research in the design of secure cyber physical systems , 2017, CySWATER@CPSWeek.

[36]  橋本 卓也 留学体験記 (Imperial College London) , 2012 .

[37]  Haibo He,et al.  Q-Learning-Based Vulnerability Analysis of Smart Grid Against Sequential Topology Attacks , 2017, IEEE Transactions on Information Forensics and Security.

[38]  Gabor Karsai,et al.  SURE: A Modeling and Simulation Integration Platform for Evaluation of Secure and Resilient Cyber–Physical Systems , 2018, Proceedings of the IEEE.

[39]  Kevin Jones,et al.  A review of cyber security risk assessment methods for SCADA systems , 2016, Comput. Secur..

[40]  B. Don Russell,et al.  Intelligent Systems for Improved Reliability and Failure Diagnosis in Distribution Systems , 2010, IEEE Transactions on Smart Grid.

[41]  Nils Ole Tippenhauer,et al.  Taking Control: Design and Implementation of Botnets for Cyber-Physical Attacks with CPSBot , 2018, ArXiv.

[42]  Robert C. Green,et al.  Intrusion Detection System in A Multi-Layer Network Architecture of Smart Grids by Yichi , 2015 .

[43]  Lawrence A. Gordon,et al.  The economics of information security investment , 2002, TSEC.

[44]  Ivan Stoianov,et al.  SENSOR NETWORKS FOR MONITORING WATER SUPPLY AND SEWER SYSTEMS: LESSONS FROM BOSTON , 2008 .

[45]  Fatiha Nejjari,et al.  Leak Localization in Water Networks: A Model-Based Methodology Using Pressure Sensors Applied to a Real Network in Barcelona [Applications of Control] , 2014, IEEE Control Systems.

[46]  Patrick D. McDaniel,et al.  Security and Privacy Challenges in the Smart Grid , 2009, IEEE Security & Privacy.

[47]  Adam Hahn,et al.  A Diversity-Based Substation Cyber Defense Strategy Utilizing Coloring Games , 2018, IEEE Transactions on Smart Grid.

[48]  Aron Laszka,et al.  Should Cyber-Insurance Providers Invest in Software Security? , 2015, ESORICS.

[49]  Yevgeniy Vorobeychik,et al.  Synergistic Security for the Industrial Internet of Things: Integrating Redundancy, Diversity, and Hardening , 2018, 2018 IEEE International Conference on Industrial Internet (ICII).

[50]  Athanasios V. Vasilakos,et al.  Security of the Internet of Things: perspectives and challenges , 2014, Wireless Networks.

[51]  Giancarlo Fortino,et al.  Evaluating Critical Security Issues of the IoT World: Present and Future Challenges , 2018, IEEE Internet of Things Journal.

[52]  Pierluigi Mancarella,et al.  Power Systems Resilience Assessment: Hardening and Smart Operational Enhancement Strategies , 2017, Proceedings of the IEEE.

[53]  Pierluigi Mancarella,et al.  The Grid: Stronger, Bigger, Smarter?: Presenting a Conceptual Framework of Power System Resilience , 2015, IEEE Power and Energy Magazine.

[54]  Ahmad-Reza Sadeghi,et al.  Security and privacy challenges in industrial Internet of Things , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[55]  David P. Varodayan,et al.  Redundant Metering for Integrity with Information-Theoretic Confidentiality , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[56]  Jay Lee,et al.  A Cyber-Physical Systems architecture for Industry 4.0-based manufacturing systems , 2015 .

[57]  Ivana Tomić,et al.  A Survey of Potential Security Issues in Existing Wireless Sensor Network Protocols , 2017, IEEE Internet of Things Journal.

[58]  Vivek Agarwal,et al.  A Novel Reconfigurable Microgrid Architecture With Renewable Energy Sources and Storage , 2015, IEEE Transactions on Industry Applications.

[59]  Antonio Pescapè,et al.  Integration of Cloud computing and Internet of Things: A survey , 2016, Future Gener. Comput. Syst..

[60]  Tobias Jeske Floating Car Data from Smartphones : What Google and Waze Know About You and How Hackers Can Control Traffic , 2013 .

[61]  Ning Lu,et al.  Smart-grid security issues , 2010, IEEE Security & Privacy.

[62]  Alexandre M. Bayen,et al.  Creating complex congestion patterns via multi-objective optimal freeway traffic control with application to cyber-security , 2016 .

[63]  D. John Morrow,et al.  Securing the Industrial Internet of Things for Critical Infrastructure (IIoT-CI) , 2019, 2019 IEEE 5th World Forum on Internet of Things (WF-IoT).

[64]  Avi Ostfeld,et al.  Characterizing Cyber-Physical Attacks on Water Distribution Systems , 2017 .

[65]  Kenneth P. Birman,et al.  The Monoculture Risk Put into Context , 2009, IEEE Security & Privacy Magazine.

[66]  Yang Xiao,et al.  Cyber Security and Privacy Issues in Smart Grids , 2012, IEEE Communications Surveys & Tutorials.

[67]  Jiafu Wan,et al.  Security in the Internet of Things: A Review , 2012, 2012 International Conference on Computer Science and Electronics Engineering.

[68]  Katherine A. Klise,et al.  Detecting Changes in Water Quality Data , 2008 .

[69]  Siddharth Sridhar,et al.  Cyber–Physical System Security for the Electric Power Grid , 2012, Proceedings of the IEEE.

[70]  Manfred Kochen,et al.  On the economics of information , 1972, J. Am. Soc. Inf. Sci..

[71]  Göran N Ericsson,et al.  Cyber Security and Power System Communication—Essential Parts of a Smart Grid Infrastructure , 2010, IEEE Transactions on Power Delivery.

[72]  M. Storey,et al.  Advances in on-line drinking water quality monitoring and early warning systems. , 2011, Water research.

[73]  Yasin Kabalci,et al.  A survey on smart metering and smart grid communication , 2016 .

[74]  Sanjay E. Sarma,et al.  The Future Internet of Things: Secure, Efficient, and Model-Based , 2017, IEEE Internet of Things Journal.

[75]  Peng Ning,et al.  A Resilient Real-Time System Design for a Secure and Reconfigurable Power Grid , 2011, IEEE Transactions on Smart Grid.

[76]  John S. Heidemann,et al.  SWATS: Wireless sensor networks for steamflood and waterflood pipeline monitoring , 2011, IEEE Network.

[77]  Yang Xiao,et al.  A survey of communication/networking in Smart Grids , 2012, Future Gener. Comput. Syst..

[78]  Amanda D. Lothes,et al.  Research Database of Water Distribution System Models , 2014 .

[79]  Naima Kaabouch,et al.  Cyber security in the Smart Grid: Survey and challenges , 2013, Comput. Networks.

[80]  Zheng Liu,et al.  Computational Intelligence for Urban Infrastructure Condition Assessment: Water Transmission and Distribution Systems , 2014, IEEE Sensors Journal.

[81]  Ehab Al-Shaer,et al.  Moving Target Defense for Hardening the Security of the Power System State Estimation , 2014, MTD '14.

[82]  David Evans,et al.  N-Variant Systems: A Secretless Framework for Security through Diversity , 2006, USENIX Security Symposium.

[83]  Abhinav Rastogi,et al.  Secure Coding: Building Security into the Software Development Life Cycle , 2004, Inf. Secur. J. A Glob. Perspect..

[84]  Jun Sun,et al.  An Adaptive Markov Strategy for Defending Smart Grid False Data Injection From Malicious Attackers , 2018, IEEE Transactions on Smart Grid.

[85]  Sudip Misra,et al.  Cloud Computing Applications for Smart Grid: A Survey , 2015, IEEE Transactions on Parallel and Distributed Systems.

[86]  Branislav Bosanský,et al.  Optimal Network Security Hardening Using Attack Graph Games , 2015, IJCAI.

[87]  Ehab Al-Shaer,et al.  Modeling and Management of Firewall Policies , 2004, IEEE Transactions on Network and Service Management.

[88]  Zhuo Lu,et al.  Cyber security in the Smart Grid: Survey and challenges , 2013, Comput. Networks.

[89]  Kun Yang,et al.  A Random Road Network Model and Its Effects on Topological Characteristics of Mobile Delay-Tolerant Networks , 2014, IEEE Transactions on Mobile Computing.

[90]  Shihong Huang,et al.  Vulnerability of Traffic Control System Under Cyberattacks with Falsified Data , 2018 .

[91]  Aron Laszka,et al.  Banishing Misaligned Incentives for Validating Reports in Bug-Bounty Platforms , 2016, ESORICS.

[92]  Saurabh Amin,et al.  Vulnerability of Transportation Networks to Traffic-Signal Tampering , 2016, 2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS).

[93]  Fengjun Li,et al.  Cyber-Physical Systems Security—A Survey , 2017, IEEE Internet of Things Journal.

[94]  Seri Park,et al.  Vulnerabilities of Control Systems in Internet of Things Applications , 2018, IEEE Internet of Things Journal.

[95]  Prathyush P. Menon,et al.  Analysis of Automotive Cyber-Attacks on Highways Using Partial Differential Equation Models , 2018, IEEE Transactions on Control of Network Systems.

[96]  Prashant Anantharaman,et al.  Building Hardened Internet-of-Things Clients with Language-Theoretic Security , 2017, 2017 IEEE Security and Privacy Workshops (SPW).

[97]  Dawn M. Tilbury,et al.  The Emergence of Industrial Control Networks for Manufacturing Control, Diagnostics, and Safety Data , 2007, Proceedings of the IEEE.

[98]  S. Shankar Sastry,et al.  A Taxonomy of Cyber Attacks on SCADA Systems , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[99]  Sushil Jajodia,et al.  Network Diversity: A Security Metric for Evaluating the Resilience of Networks Against Zero-Day Attacks , 2016, IEEE Transactions on Information Forensics and Security.

[100]  L. Nachman,et al.  PIPENET: A Wireless Sensor Network for Pipeline Monitoring , 2007, 2007 6th International Symposium on Information Processing in Sensor Networks.

[101]  Jack W. Davidson,et al.  Security through redundant data diversity , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[102]  K. Schneider,et al.  GridLAB-D: An open-source power systems modeling and simulation environment , 2008, 2008 IEEE/PES Transmission and Distribution Conference and Exposition.

[103]  J. Alex Halderman,et al.  Green Lights Forever: Analyzing the Security of Traffic Infrastructure , 2014, WOOT.

[104]  Sokratis Kartakis Next generation cyber-physical water distribution systems , 2016 .

[105]  Peng Liu,et al.  An Empirical Study of Web Vulnerability Discovery Ecosystems , 2015, CCS.