This chapter addresses security issues in cyber-physical industrial systems. Attacks against these systems shall be handled both in terms of safety and security. Networked control technologies imposed by industrial standards already cover the safety dimension. From a security standpoint, the literature has shown that using only cyber information to handle the security of cyber-physical systems is not sufficient, since physical malicious actions, that can threaten the correct performance of the systems, are ignored. For this reason, cyber-physical systems should be protected from threats to their cyber and physical layers. Some authors handle the attacks by using physical attestations of the underlying processes. For instance, the use of physical watermarking can complement the protection techniques at the cyber layer, in order to ensure the truthfulness of the process. These detectors work properly if the adversaries do not have enough knowledge to mislead cross-layer (e.g., cyber and physical) data. Nevertheless, adversaries able to acquire enough knowledge from both layers may evade detection. The solutions listed in this chapter handle those aforementioned limitations. The chapter starts by showing shortcomings of classical stationary watermark-based fault detectors, extended to detect, in addition to failures, malicious actions. It is shown that classical stationary watermark-based detectors are unable to identify cyber-physical adversaries. Specifically, they may only detect adversaries that do not attempt to get additional knowledge about the system dynamics. An analysis about the performance of a specific stationary watermark-based fault detector is presented. A new threat model is assumed, in which adversaries may now infer system dynamics by correlating both cyber and physical data. The goal of such adversaries is to evade detection. Under this new threat model, adversaries can now evade detection with high probability. To handle the issue, an extended strategy is presented. The idea is to transform the classical (stationary) approach into a non-stationary watermark-based detector. The new design is shown to handle the extended threat model. It is also shown new ways to combine control and communication strategies, to boost the detection performance. The new solutions are validated using both numeric simulations and cyber-physical testbeds. Ideas for future work are also presented.

Non-stationary Watermark-Based Attack Detection to Protect Cyber-Physical Control Systems / Rubio-Hernan, Jose; De Cicco, Luca; Garcia-Alfaro, Joaquin - In: Emerging Trends in Cybersecurity Applications / [a cura di] Kevin Daimi, Abeer Alsadoon, Cathryn Peoples, Nour El Madhoun. - STAMPA. - Cham, CH : Springer, 2023. - ISBN 978-3-031-09639-6. - pp. 347-370 [10.1007/978-3-031-09640-2_16]

Non-stationary Watermark-Based Attack Detection to Protect Cyber-Physical Control Systems

De Cicco, Luca;
2023-01-01

Abstract

This chapter addresses security issues in cyber-physical industrial systems. Attacks against these systems shall be handled both in terms of safety and security. Networked control technologies imposed by industrial standards already cover the safety dimension. From a security standpoint, the literature has shown that using only cyber information to handle the security of cyber-physical systems is not sufficient, since physical malicious actions, that can threaten the correct performance of the systems, are ignored. For this reason, cyber-physical systems should be protected from threats to their cyber and physical layers. Some authors handle the attacks by using physical attestations of the underlying processes. For instance, the use of physical watermarking can complement the protection techniques at the cyber layer, in order to ensure the truthfulness of the process. These detectors work properly if the adversaries do not have enough knowledge to mislead cross-layer (e.g., cyber and physical) data. Nevertheless, adversaries able to acquire enough knowledge from both layers may evade detection. The solutions listed in this chapter handle those aforementioned limitations. The chapter starts by showing shortcomings of classical stationary watermark-based fault detectors, extended to detect, in addition to failures, malicious actions. It is shown that classical stationary watermark-based detectors are unable to identify cyber-physical adversaries. Specifically, they may only detect adversaries that do not attempt to get additional knowledge about the system dynamics. An analysis about the performance of a specific stationary watermark-based fault detector is presented. A new threat model is assumed, in which adversaries may now infer system dynamics by correlating both cyber and physical data. The goal of such adversaries is to evade detection. Under this new threat model, adversaries can now evade detection with high probability. To handle the issue, an extended strategy is presented. The idea is to transform the classical (stationary) approach into a non-stationary watermark-based detector. The new design is shown to handle the extended threat model. It is also shown new ways to combine control and communication strategies, to boost the detection performance. The new solutions are validated using both numeric simulations and cyber-physical testbeds. Ideas for future work are also presented.
2023
Emerging Trends in Cybersecurity Applications
978-3-031-09639-6
Springer
Non-stationary Watermark-Based Attack Detection to Protect Cyber-Physical Control Systems / Rubio-Hernan, Jose; De Cicco, Luca; Garcia-Alfaro, Joaquin - In: Emerging Trends in Cybersecurity Applications / [a cura di] Kevin Daimi, Abeer Alsadoon, Cathryn Peoples, Nour El Madhoun. - STAMPA. - Cham, CH : Springer, 2023. - ISBN 978-3-031-09639-6. - pp. 347-370 [10.1007/978-3-031-09640-2_16]
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11589/248942
Citazioni
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact