Security and privacy challenges in industrial Internet of Things

Today, embedded, mobile, and cyberphysical systems are ubiquitous and used in many applications, from industrial control systems, modern vehicles, to critical infrastructure. Current trends and initiatives, such as “Industrie 4.0” and Internet of Things (IoT), promise innovative business models and novel user experiences through strong connectivity and effective use of next generation of embedded devices. These systems generate, process, and exchange vast amounts of security-critical and privacy-sensitive data, which makes them attractive targets of attacks. Cyberattacks on IoT systems are very critical since they may cause physical damage and even threaten human lives. The complexity of these systems and the potential impact of cyberattacks bring upon new threats. This paper gives an introduction to Industrial IoT systems, the related security and privacy challenges, and an outlook on possible solutions towards a holistic security framework for Industrial IoT systems.

[1]  Frank Piessens,et al.  Efficient Isolation of Trusted Subsystems in Embedded Systems , 2010, SecureComm.

[2]  Johannes Winter,et al.  Trusted computing building blocks for embedded linux-based ARM trustzone platforms , 2008, STC '08.

[3]  Thomas P. von Hoff,et al.  Security for Industrial Communication Systems , 2005, Proceedings of the IEEE.

[4]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[5]  Salvatore J. Stolfo,et al.  A quantitative analysis of the insecurity of embedded network devices: results of a wide-area scan , 2010, ACSAC '10.

[6]  Jonathan M. McCune,et al.  Efficient TCB Reduction and Attestation , 2009 .

[7]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[8]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003, ICS.

[9]  Ahmad-Reza Sadeghi,et al.  EDA for secure and dependable cybercars: Challenges and opportunities , 2012, DAC Design Automation Conference 2012.

[10]  Grant Hernandez,et al.  Smart Nest Thermostat A Smart Spy in Your Home , 2014 .

[11]  Yang Xiao,et al.  Cyber Security and Privacy Issues in Smart Grids , 2012, IEEE Communications Surveys & Tutorials.

[12]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[13]  Ryan W. Gardner,et al.  Detecting Code Alteration by Creating a Temporary Memory Bottleneck , 2009, IEEE Transactions on Information Forensics and Security.

[14]  Carlo Maria Medaglia,et al.  An Overview of Privacy and Security Issues in the Internet of Things , 2010 .

[15]  Petteri Nurmi,et al.  Using contextual co-presence to strengthen Zero-Interaction Authentication:Design, integration and usability , 2015 .

[16]  Jeyavijayan Rajendran,et al.  Shielding and securing integrated circuits with sensors , 2014, 2014 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[17]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[18]  Xeno Kovah,et al.  New Results for Timing-Based Attestation , 2012, 2012 IEEE Symposium on Security and Privacy.

[19]  Saman A. Zonouz,et al.  Detecting Industrial Control Malware Using Automated PLC Code Analytics , 2014, IEEE Security & Privacy.

[20]  Mayank Upadhyay,et al.  Authentication at Scale , 2013, IEEE Security & Privacy.

[21]  Ahmad-Reza Sadeghi,et al.  Short paper: lightweight remote attestation using physical functions , 2011, WiSec '11.

[22]  Ahmad-Reza Sadeghi,et al.  PUFatt: Embedded platform attestation based on novel processor-based PUFs , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[23]  Juan del Cuvillo,et al.  Using innovative instructions to create trustworthy software solutions , 2013, HASP '13.

[24]  Detlef Zühlke,et al.  SmartFactory - Towards a factory-of-things , 2010, Annu. Rev. Control..

[25]  Jiafu Wan,et al.  Security in the Internet of Things: A Review , 2012, 2012 International Conference on Computer Science and Electronics Engineering.

[26]  Gene Tsudik,et al.  A minimalist approach to Remote Attestation , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[27]  Adrian Perrig,et al.  SAKE: Software attestation for key establishment in sensor networks , 2011, Ad Hoc Networks.

[28]  E. Byres,et al.  The Myths and Facts behind Cyber Security Risks for Industrial Control Systems , 2004 .

[29]  David M. Nicol Hacking the lights out , 2011 .

[30]  Klaus Wehrle,et al.  Security Challenges in the IP-based Internet of Things , 2011, Wirel. Pers. Commun..

[31]  Frank Piessens,et al.  Sancus: Low-cost Trustworthy Extensible Networked Devices with a Zero-software Trusted Computing Base , 2013, USENIX Security Symposium.

[32]  Elaine Shi,et al.  Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems , 2005, SOSP '05.

[33]  Peter Friess,et al.  Internet of Things Applications - From Research and Innovation to Market Deployment , 2014 .

[34]  Adrian Perrig,et al.  SMATT: Smart Meter ATTestation Using Multiple Target Selection and Copy-Proof Memory , 2012, CSA 2012.

[35]  Yuxi Liu,et al.  Key Technologies and Applications of Internet of Things , 2012, 2012 Fifth International Conference on Intelligent Computation Technology and Automation.

[36]  Ahmad-Reza Sadeghi,et al.  Context-Based Zero-Interaction Pairing and Key Evolution for Advanced Personal Devices , 2014, CCS.

[37]  Adrian Perrig,et al.  Bootstrapping Trust in Commodity Computers , 2010, 2010 IEEE Symposium on Security and Privacy.

[38]  Jonathan M. McCune,et al.  OASIS: on achieving a sanctuary for integrity and secrecy on untrusted platforms , 2013, CCS.

[39]  Elias Levy Crossover: Online Pests Plaguing the Offline World , 2003, IEEE Secur. Priv..

[40]  Vijay Varadharajan,et al.  TrustLite: a security architecture for tiny embedded devices , 2014, EuroSys '14.

[41]  Sotirios Terzis,et al.  Security, Privacy and Trust Issues in Smart Environments , 2005 .

[42]  Dale C. Rowe,et al.  A survey SCADA of and critical infrastructure incidents , 2012, RIIT '12.

[43]  James Newsome,et al.  CARMA: a hardware tamper-resistant isolated execution environment on commodity x86 platforms , 2012, ASIACCS '12.

[44]  Ahmad-Reza Sadeghi,et al.  I Know Where You are: Proofs of Presence Resilient to Malicious Provers , 2015, AsiaCCS.

[45]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[46]  Aurélien Francillon,et al.  A Large-Scale Analysis of the Security of Embedded Firmwares , 2014, USENIX Security Symposium.

[47]  Ramesh Karri,et al.  A Primer on Hardware Security: Models, Methods, and Metrics , 2014, Proceedings of the IEEE.

[48]  Detlef Zuehlke,et al.  SmartFactory – from Vision to Reality in Factory Technologies , 2008 .

[49]  Farinaz Koushanfar,et al.  Heart-to-heart (H2H): authentication for implanted medical devices , 2013, CCS.

[50]  Leah H. Jamieson,et al.  Establishing the Genuinity of Remote Computer Systems , 2003, USENIX Security Symposium.

[51]  Michael Blackstock,et al.  Toward interoperability in a web of things , 2013, UbiComp.

[52]  Ahmad-Reza Sadeghi,et al.  TyTAN: Tiny trust anchor for tiny devices , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[53]  Gene Tsudik,et al.  SMART: Secure and Minimal Architecture for (Establishing Dynamic) Root of Trust , 2012, NDSS.

[54]  Dhiren Patel,et al.  A Survey on Internet of Things: Security and Privacy Issues , 2014 .

[55]  Jeremy Rifkin,et al.  The Third Industrial Revolution , 2011 .

[56]  Diane J. Cook,et al.  How smart are our environments? An updated look at the state of the art , 2007, Pervasive Mob. Comput..

[57]  Imrich Chlamtac,et al.  Internet of things: Vision, applications and research challenges , 2012, Ad Hoc Networks.

[58]  S. Shankar Sastry,et al.  A Taxonomy of Cyber Attacks on SCADA Systems , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[59]  Adrian Perrig,et al.  VIPER: verifying the integrity of PERipherals' firmware , 2011, CCS '11.

[60]  Cristina Alcaraz,et al.  Security of industrial sensor network-based remote substations in the context of the Internet of Things , 2013, Ad Hoc Networks.

[61]  Frederik Armknecht,et al.  A security framework for the analysis and design of software attestation , 2013, CCS.

[62]  Jeremy Rifkin,et al.  The third industrial revolution : how lateral power is transforming energy, the economy, and the world , 2011 .

[63]  L. V. Doorn,et al.  SCUBA: Secure Code Update By Attestation in sensor networks , 2006, WiSe '06.

[64]  William A. Arbaugh,et al.  Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor , 2004, USENIX Security Symposium.

[65]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[66]  Kai Zhao,et al.  A Survey on the Internet of Things Security , 2013, 2013 Ninth International Conference on Computational Intelligence and Security.