Pre-requisites: CPS
A cyber-physical system is a combination of closely integrated physical processes, networking, and computation. The physical process is monitored and controlled by embedded (cyber) subsystems via networked systems with a feedback loop to change their behavior when needed, and these subsystems work independently of each other with the ability to interact with the external environment.
CPS Security
The security of the CPS is classified into two areas:
- Information Security: It involves securing information during data aggregation, processing, and large-scale sharing in the network environment, especially in open, loosely coupled networks. Information security focuses on data protection, for example by using encryption, whereas control security focuses on protecting the dynamics of control systems against cyber-attacks.
- Control security: It encompasses resolving any control issues in the network environment and mitigating the control system from any attacks on system estimation and control algorithms.
For determining the security of the CPS, Availability comes first, then integrity, confidentiality, and authenticity. For example, if an unauthorized (e.g., malicious) party successfully accessed the system, confidential information will be released, and integrity will not be satisfied since such a party can manipulate information. A security attack happens without a failure incident in the system. Hence, the prime security challenge is the need to consider interactions among CPS components.
Stages for Securing the CPS Systems
- Securing Access to Devices: Securing access to CPS devices becomes the first challenge. If authentication is not or is poorly supported, unauthorized objects will gain access and manipulate the system.
- Securing Data Transmissions: Data transmission security is required to detect imposters and malicious activities in CPS communication networks and block unauthorized access. For example, attackers try to intercept the physical properties of system power consumption and timing behaviors to analyze the data being sent and received. Some attackers aim to disrupt the network by launching DoS attacks or interrupting the routing topology.
- Securing Applications: The application layer combines different applications and security challenges. Here, the private information of users can be analyzed by attackers, leading to private data leakage and privacy loss. In this layer, data might contain the past and present locations that the user visited; the user’s social life, therefore, needs to be protected.
- Securing Data Storage: Protecting stored secret data on CPS devices is important. Various cryptographic techniques to encrypt data in such devices, too, are not sufficient due to the constraints of memory and the weak processing capabilities of these devices. As a result, lightweight security mechanisms are required.
- Securing Actuation: This means that actuation actions must be issued from authorized sources. This will ensure that the provided feedback and control commands are correct and protected against adversaries.
So, we can say that security should be implemented for the entire system as one end-to-end security scheme rather than for only the operating security mechanism at each layer. Each layer of CPS is susceptible to passive or active attacks. So, attacks on CPS could result in severe damage to the physical environment.
Attacks can happen at the perception layer, for example, including attacks on nodes such as sensors and actuators; transmission layer attacks, including data leakage or damage and security issues during data transmission; and application layer attacks, including unauthorized access leading to a loss of user privacy.
Although each layer is susceptible to different attacks, some attacks could target all layers, and examples of these attacks include denial of service (DoS) attacks, man-in-the-middle (MITM) attacks, eavesdropping attacks, spoofing attacks, replay (playback) attacks, compromised keys, etc.
There are different kinds of risks at each level of the CPS, and based on the CPS architecture, common attacks for each layer can be classified as follows:
Attacks at the Perception Layer
Common attacks at the perception layer include equipment failure, line failure, tampering, sensing information leakage, physical destruction, and energy-exhausted attacks they are:
- Node Capture: In this attack, the attacker takes over the node and obtains and leaks information that could involve encryption keys, which is then used to threaten the security of the entire system. This kind of attack violates confidentiality, availability, integrity, and authenticity.
- False Node: In this attack, the attacker adds another node to the network, attacking data integrity by sending targets malicious data. This, in turn, might lead to a DoS attack by consuming the energy of the node in the system.
- Node Outage: In this attack, the attacker stops nodes’ services, making it difficult to read and gather information from these nodes, as well as launches a variety of other attacks which affect the availability and integrity.
- Path-Based DOS: In this attack, the attacker sends a large number of packets, flooding packets, along the routing path to the base station, leading to battery exhaustion at the node and network disruption, consequently reducing the availability of the nodes.
Attack on the Transmission Layer
An attack occurs in the transmission layer due to the openness of the transmission medium, especially in wireless communication. Such attacks capture a transmitted message through an HTTP audio interface, modify and retransmit it, or exchange information between heterogeneous networks, hence impersonating the legitimate user.
- Routing: It creates routing loops that may result in resistant network transmission, increased transmitting delay, or an extended source path.
- Wormhole: the In this attack, the attacker creates information holes in the network by announcing the false path through which all the packets are routed.
- Jamming: In this attack, the attacker jams the wireless channel between the sensor nodes and the remote base station to introduce noise or a signal with the same frequency. This attack could lead to DoS by creating intentional network interference.
- Selective Forwarding: In this attack, the attacker uses a compromised node to drop and discard packets and forward selected packets. In some cases, the compromised node stops forwarding the packets to the intended destination.
Attack on the Application Layer
In this layer, large amounts of data are gathered due to data damage, privacy loss (such as user habits and health conditions), and unauthorized access to devices. Common examples of attacks on this include:
- Buffer Overflow: In this attack, the attacker takes advantage of any vulnerabilities in the software that leads to buffer overflow vulnerabilities and exploits them to launch an attack.
- Malicious Code: In this attack, the attacker attacks the user application by launching various malicious codes, such as viruses and worms, that can result causing the network to slow down or cause damage.
Risk Assessment
The CPS risk assessment mode can be divided into three steps, they are i)Defining what will happen to the system; ii) Evaluating the probability of the event; and iii) Estimating the consequences. It has three elements they are: asset (value), threat, and vulnerability identifications.
- Asset Identification: This is the first step in the risk assessment. An asset can be a tangible presence, for example, in medical devices, business facilities, equipment activities, educational facilities, operations, or information, or an intangible presence, such as information about the company or the reputation of an association.
- Threat Identification: This step is used to help identify risks that are a high-priority concern in the field of CPS. In threat identification, data can be used to quantify the frequency of the threat while sampling records and logs in the Intrusion Detection System(IDS) that can be used to determine the frequency of the risk, logs, and many other methods.
- Vulnerability Identification: It is an analysis process of a system and its functions, identifying weaknesses and determining appropriate corrective actions or mitigations that could be designed and implemented to reduce or eliminate any vulnerabilities.