Federated Blockchain-Based Tracking and Liability Attribution Framework for Employees and Cyber-Physical Objects in a Smart Workplace

The systematic integration of the Internet of Things (IoT) and Cyber-Physical Systems (CPS) into the supply chain to increase operational efficiency and quality has also introduced new complexities to the threat landscape. The myriad of sensors could increase data collection capabilities for businesses to facilitate process automation aided by Artificial Intelligence (AI) but without adopting an appropriate Security-by-Design framework, threat detection and response are destined to fail. The emerging concept of Smart Workplace incorporates many CPS (e.g. Robots and Drones) to execute tasks alongside Employees both of which can be exploited as Insider Threats. We introduce and discuss forensic-readiness, liability attribution and the ability to track moving Smart SPS Objects to support modern Digital Forensics and Incident Response (DFIR) within a defence-in-depth strategy. We present a framework to facilitate the tracking of object behaviour within Smart Controlled Business Environments (SCBE) to support resilience by enabling proactive insider threat detection. Several components of the framework were piloted in a company to discuss a real-life case study and demonstrate anomaly detection and the emerging of behavioural patterns according to objects' movement with relation to their job role, workspace position and nearest entry or exit. The empirical data was collected from a Bluetooth-based Proximity Monitoring Solution. Furthermore, a key strength of the framework is a federated Blockchain (BC) model to achieve forensic-readiness by establishing a digital Chain-of-Custody (CoC) and a collaborative environment for CPS to qualify as Digital Witnesses (DW) to support post-incident investigations.

[1]  Michal Postránecký,et al.  Smart city near to 4.0 — an adoption of industry 4.0 conceptual model , 2017, 2017 Smart City Symposium Prague (SCSP).

[2]  Shiyan Hu,et al.  Introduction to Cyber-Physical System Security: A Cross-Layer Perspective , 2017, IEEE Transactions on Multi-Scale Computing Systems.

[3]  Donn B. Parker,et al.  Toward a New Framework for Information Security , 2015 .

[4]  Rodrigo Roman,et al.  Digital Witness: Safeguarding Digital Evidence by Using Secure Architectures in Personal Devices , 2016, IEEE Network.

[5]  Florian Skopik,et al.  A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing , 2016, Comput. Secur..

[6]  Dieter Gollmann,et al.  Cyber-Physical Systems Security , 2015, The New Codebreakers.

[7]  Colin Tankard,et al.  Advanced Persistent threats and how to monitor and deter them , 2011, Netw. Secur..

[8]  Rachelle Bosua,et al.  Towards Responsive Regulation of the Internet of Things: Australian Perspectives , 2017 .

[9]  Rok Sosic,et al.  Driver identification using automobile sensor data from a single turn , 2016, 2016 IEEE 19th International Conference on Intelligent Transportation Systems (ITSC).

[10]  Rui Kang,et al.  Risk assessment method for cyber security of cyber physical systems , 2015, 2015 First International Conference on Reliability Systems Engineering (ICRSE).

[11]  Qaisar Shafi,et al.  Cyber Physical Systems Security: A Brief Survey , 2012, 2012 12th International Conference on Computational Science and Its Applications.

[12]  Tom Austin,et al.  Top Strategic Predictions for 2016 and Beyond : The Future Is a Digital Thing , 2016 .

[13]  Gregory Epiphaniou,et al.  Proactive Threat Detection for Connected Cars Using Recursive Bayesian Estimation , 2018, IEEE Sensors Journal.

[14]  David A. Mundie,et al.  Toward an Ontology for Insider Threat Research: Varieties of Insider Threat Definitions , 2013, 2013 Third Workshop on Socio-Technical Aspects in Security and Trust.

[15]  P. K. Binu,et al.  An efficient indoor location tracking and navigation system using simple magnetic map matching , 2016, 2016 IEEE International Conference on Computational Intelligence and Computing Research (ICCIC).

[16]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[17]  Jay Lee,et al.  A Cyber-Physical Systems architecture for Industry 4.0-based manufacturing systems , 2015 .

[18]  L. Audah,et al.  Occupancy monitoring system for campus sports facilities using the Internet of Things (IoT) , 2016, 2016 IEEE Conference on Wireless Sensors (ICWiSE).

[19]  Huy Kang Kim,et al.  Know your master: Driver profiling-based anti-theft method , 2016, 2016 14th Annual Conference on Privacy, Security and Trust (PST).

[20]  Sanjay Jha,et al.  A Blockchain Based Liability Attribution Framework for Autonomous Vehicles , 2018, ArXiv.

[21]  Kemal Akkaya,et al.  Block4Forensic: An Integrated Lightweight Blockchain Framework for Forensics Applications of Connected Vehicles , 2018, IEEE Communications Magazine.

[22]  Janne Haverinen,et al.  A global self-localization technique utilizing local anomalies of the ambient magnetic field , 2009, 2009 IEEE International Conference on Robotics and Automation.

[23]  H. S. Teng,et al.  Adaptive real-time anomaly detection using inductively generated sequential patterns , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[24]  Joseph Barjis,et al.  Organizational and business impacts of RFID technology , 2010, Bus. Process. Manag. J..

[25]  Karl Waedt,et al.  Forensic readiness of smart buildings: Preconditions for subsequent cybersecurity tests , 2016, 2016 IEEE International Smart Cities Conference (ISC2).

[26]  Raffaele Giaffreda,et al.  A pragmatic approach to solving IoT interoperability and security problems in an eHealth context , 2016, 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT).

[27]  Dharma P. Agrawal,et al.  Fighting against phishing attacks: state of the art and future challenges , 2016, Neural Computing and Applications.

[28]  Gregory Epiphaniou,et al.  Anonymity networks and the fragile cyber ecosystem , 2016, Netw. Secur..

[29]  Craig Valli,et al.  Future challenges for smart cities: Cyber-security and digital forensics , 2017, Digit. Investig..

[30]  Edgar R. Weippl,et al.  Advanced social engineering attacks , 2015, J. Inf. Secur. Appl..

[31]  Tim Watson,et al.  Enabling intelligent cities through cyber security of building information and building systems , 2014 .

[32]  Javier López,et al.  IoT-Forensics Meets Privacy: Towards Cooperative Digital Investigations , 2018, Sensors.

[33]  Sandra Sendra,et al.  Integration of LoRaWAN and 4G/5G for the Industrial Internet of Things , 2018, IEEE Communications Magazine.