Security threats and measures for the cyber-physical systems

The Journal of China Universities of Posts and Telecommunications August 2013, 20(Suppl. 1): 25–29 www.sciencedirect.com/science/journal/10058885

http://jcupt.xsw.bupt.cn

Security threats and measures for the cyber-physical systems ZHANG Li, WANG Qing (), TIAN Bin Department of System Evaluation, China Information Technology Security Evaluation Center, Beijing 100085, China

Abstract Governments, companies and research institutions are pressuring research and development of the cyber-physical systems. However, the development of cyber-physical systems is constrained by security and privacy threats. This paper summarizes security threats to cyber-physical systems to provide a theoretical reference for study of cyber-physical systems as well as useful security measures. The architecture of cyber-physical systems is used to classify threats for the perception-execution layer, transport layer and application-control layer. The perception-execution layer threats include security threats for the nodes such as sensors and actuators. Transport layer threats include data leakage or damage and security issues during massive data integration. Application-control layer threats include the loss of user privacy, incorrect access control policies and inadequate security standards. Finally, this paper gives security measures and recommendations for all types of security threats. Keywords

cyber-physical systems, security threats, privacy, measures

1 Introduction The development of computer technology and network technology have brought great convenience to people's lives in recent years. With the rise of the computer data processing capabilities and the rapid development of data communications technology, demand for a variety of computing systems and engineering equipment is not limited to the expansion of the function. Integration of information systems and physical equipment, rational allocation of system resources as well as the performance of system performance optimization, these factors have also been taken into consideration. Guide by this demand, cyber-physical systems (CPS) emerged, attaching great importance to governments, academia and industry. CPS is the multidimensional complex system of an integrated computing, network and physical environment. It improves the capacity of the system in many aspects, such as: information processing, real-time communication, precise remote control, component independent coordination unit and physical objects in highly integrated Received date: 29-07-2013 Corresponding author: WANG Qing, E-mail: [email protected] DOI: 10.1016/S1005-8885(13)60254-X

and interactive network environment through a series of calculations. It is the space-time multi-dimensional heterogeneous hybrid autonomous system [1–2]. The function of TCP mainly considers performance optimization, CPS is a set of computing, communications and control the computation, communication, control (3C) [3] in one of the smart technologies. Combined organic by 3C technology, it achieves real-time perception of large engineering systems, dynamic control, and information services. By calculating communication with the integration of the physical system, the system has a real-time, secure, reliable, high-performance characteristics. CPS focuses closely on integrated computing resources and physical resources as well as coordination. It aims to achieving real-time perception and dynamic monitoring of large-scale complex systems and wide-area environment. Furthermore, CPS could provide a more flexible, intelligent, efficient network information services. It has become an important direction of academic research at home and abroad, and is also the industry given priority to the development of industries. In this paper, definition of CPS, which is the three-tier system of physical systems from the information, summarizes layers of security issues.

26

The Journal of China Universities of Posts and Telecommunications

It gives safety measures for its security issues considered from all aspects of the three-tier architecture. Finally, this paper gives information security outlook of CPS.

2 Overview of the cyber-physical systems 2.1 The definition of the cyber-physical systems The concept of CPS was first proposed by the American Natural Fund Committee. This idea was put forward; they get the world's attention to its in-depth research scholars from various countries at different levels from CPS theory, system design, and operation environment. CPS with higher complexity, integration of the development of different technologies has brought more and more attentions. For instance, in a number of disciplines and different researchers in the field of information, who have different understanding of physical system. Lee thinks CPS is a series of calculation process. He believes that it is the tight integration of physical process components by calculating the core to monitor the operation of physical entity. And it is also the perception of the environment by means of network and computing components and control [1]. Baheti and some people think that CPS is a highly reliable system between a wide variety of computing and physical elements of the system, which is closely integrated and coordinated with each other in dynamic uncertain events under [2–4] . Looking at the level of computational science and information storage processing, Sastry believes that CPS integration of computing, communications and storage capacity, in a real-time, reliable, secure, stable and efficient operation, is able to monitor networked computer systems of the various entities in the physical world. Branicky and Krogh, from the point of view of the embedded systems and device development, think ‘Cyber’ is involved in the calculation of the physical processes and biological characteristics. It is the integration of communications and control technology as well as a reliable computing, communications and the ability to control the intelligent robot systems [5–6]. Ma Wenfang believes that CPS on the basis of environmental perception and depth fusion can calculate the physical equipment system of scalable network communication. It also has the ability to control the credible and mutual influence of the feedback loop through the calculation process and physical process.

2013

Therefore it can achieve the depth of fusion and real-time interaction. As a result, CPS will increase or extend a functional, safe, reliable, efficient, and real-time detection or control of a physical entity [7]. Wang Zhongjie pointed out that CPS emphasizes on ‘Cyber-physical’ interaction. It involves vast amounts of heterogeneous data fusion future network environment and uncertain information which is reliable on real-time signal processing and communications. It also involves dynamic resources and capabilities of organic coordination and adaptive controls to have a high degree of self-awareness, self-judgment, self-regulation and self-governing ability. Therefore, next generation of intelligent systems are able to realize the virtual world and the physical world interconnected with synergistic [8]. 2.2 The architecture of CPS CPS typically have three important characteristics: 1) Environmental coupling : Each CPS is tightly coupled with environment (which is the physical process). Any change of environmental behavior will cause behavior change in the CPS, and vice versa. The ICD medical device is a typical case of CPS. 2) Variety of features and performance: Cyber-physical system is usually composed of different entities with different functional performance. Function and performance of the sensors embedded in the physical processes used for listening purposes are limited. But sensor management entity has strong function and performance. For example, a strong availability health monitoring system is composed of many small medical sensors, but the base station management of these sensors is typically a handheld computer. The diversity of function and performance is the potential bottlenecks in the work stream data processing, communication and storage of the CPS. 3) Network: Cyber-physical system is different from the traditional independent embedded system. Whether or not embedded in physical processes between various parts, both of them need a communication channel to provide service (typically in the form of the cooperation of various parts). An international Cyber-physical system is generally divided into three levels: aware execution level, data transport layer and application control layer. These are shown in Fig. 1.

Supplement 1

ZHANG Li, et al. / Security threats and measures for the cyber-physical systems

27

3 Security threat for cyber-physical system 3.1 Security threat for the aware execution layer

Fig. 1

Three-tier architecture of the CPS

Aware execution layer : Aware execution layer contains sensors, actuators, radio frequency identification (RFID) tags, RFID readers, mobile intelligent terminals, and other physical equipment. It is mainly responsible for the perception of access to the physical environment of the data as well as the implementation of system control commands. Data transport layer: Data transport layer is provided by real-time communication and information exchange supported by the next-generation network. It is mainly supported through the Internet, (such as private network, local area networks, and communication networks) and other existing network of data transmission and interaction. Data transmission layer also needs to have the ability of intelligent processing and management of massive information. Application control layer: Application control layer is the core part of the information on the physical system interacts. It will obtain the information from the data transfer layer and abstract processing. After preset rules and judgment of the high-level control semantics specification, implementation of control command is generated. And it will provide feedbacks for implementation of control commands and the underlying physical unit of Perception of the implementation layer through the data transport layer. The Executive is responsible for the related operations. Application control layer also combines CPS with industry professional applications. It enables the collection with a wider range and intelligent solutions become possible, such as intelligent transportation and smart grid and so on.

The Aware execution layer is one of the important perceived sources of data and control command execution venues in the three-tier architecture of CPS. Most network nodes of the Aware execution layer are deployed in unattended environment, and they can easily be the target of an attacker. Processing capabilities, communication capabilities and storage capacity of the node data are limited, which make the traditional security mechanisms are difficult to be applied directly in the network-aware execution layer. The major security threats of the Aware execution layer are shown as follows. 1) Physical attacks: are mainly about physical destruction for the perception of the node itself, leading to information disclosure, lack of information and so on. 2) Equipment failure: equipment reduction or loss performance due to the external force, environment or aging. And it cannot operate normally. 3) Line fault: the line failure means the failure node power lines. 4) Electromagnetic Leakage: Equipment radiates out the electromagnetic signal at work through the ground, power lines, signal lines, and lines. 5) Electromagnetic interference: By unnecessary electromagnetic signals or electromagnetic disturbances, the receiver of useful electromagnetic signals encounters adverse effects, which leads to deterioration of a device, a transmission channel or a system performance. 6) Denial of service attacks: is the attacker by network bandwidth consumption. It can cause the target system to stop providing services. 3.2

Security threats for the data transport layer

Data transport layer of yber-physical systems considers ‘next generation network’ as its core bearer network. ‘Next generation network’ itself architecture, which is access method and network equipment, will bring some security threats. And in data transmission layer there are a large number of nodes and mass data, and these may cause network congestion, making it vulnerable to DoS\/DDoS attacks. Data exchange among heterogeneous networks, gateway authentication and security agreement will also provide interface within physical system data transport

28

The Journal of China Universities of Posts and Telecommunications

layer to bring about new security issues. Major security threats of the data transport layer are shown as follows. 1) Denial of service attacks: The attacker through a buffer force the server to ne full, not accepting new requests or use IP spoofing. 2) Routing attacks: Routing attack means that an attacker forges routing to send forged routing information, producing wrong route interference and routing process normal. 3) Control network DoS attacks: Control network DoS attack is one where the attacker through the consumption of network bandwidth attack causes the target system to cease providing service attacks. 4) Aggregation node attacks: The sink node is the core node in data transmission layer network. 5) Direction misleading attacks: After receiving packet malicious nodes, by modifying the source and destination address, malicious nodes choose a wrong path to send, resulting in network routing confusion. 6) Black hole attack: Malicious node adds the false available channel information to the received route request packet. 7) Flood attacks: By the way of Smurf and DDoS, the data transport layer network server resources are exhausted, unable to provide normal services. 8) Trap doors: In the system of data transport laye,r network attacker sets "authorities". 9) Sybil attack: Sybil attack is a malicious node illegally appears as multiple, and can damage the system network. 10) Wormhole attack: Two or more malicious nodes jointly attack and the number of hops among malicious nodes. Thus it is easy to obtain a right way and then tap the subsequent data packet or block of data transmission. 3.3

Security threat for the application control layer

Some application in the Application control layer will collect a large number of user privacy data, such as user's health status, spending habits and so on. As a result it is necessary to consider the issues of privacy in CPS. Major security threats of the Application Control layer are shown as follows. 1) Leakage of user privacy: Because of secure data transmission, storage and presentation, user's personal information, accessing records and other private data are obtained by privacy collectors and this situation will lead

2013

to leakage. 2) Unauthorized access: Attacker in the case of unauthorized illegal access to the network data in the system. 3) Malicious code: The malicious code is the code that has security risks. In the broad definition of unnecessary code in the system, it can be seen as malicious code. 4) Distributed Denial of Service: large numbers of DoS attacking sources attract a server network. At the same time in the system network, this will format a Distributed Denial of Service DDoS attacks by overloading the network to interfere or even block the normal network communications. 5) Privacy in data mining: System of the Application control layer mines vast amounts of user data. 6) The control command forged attack: The attacker forges control commands in the system of the Application control layer to achieve the goal of maliciously using system or undermining purpose of the system.

4

Security measures for CPS

4.1 Security measures for aware execution layer The Aware execution layer of CPS is mainly related to physical security of the infrastructure of each node. It can sense data acquisition and control the execution of the command. The needs to protect the equipment, such as sensors, actuators, RFID devices, image capture device, are the basis of the CPS. The following are some of the security measures for the perceived security threats of The Aware execution layer. 1) Management and protection of the identity of the node. This will extend node certification time to a certain extent. Partially in the practical applications this can weigh the safety and efficiency of the system, and can develop a more balanced node authentication policy. 2) With the help of the technology of biometrics and near field communication, it is better to protect the data of node perception. 3) To strengthen legislation on users who threat to the safety of the CPS or system behavior. Therefore violations and costs can be cleared. 4) It is better to be read in conjunction with the physical system, and to study deeply on password and key technologies [9]. Privacy protection technology, secure routing technology, safety data fusion technology and

Supplement 1

ZHANG Li, et al. / Security threats and measures for the cyber-physical systems

29

secure positioning technology are also important.

5 Conclusions

4.2

A CPS is a very promising exploration area of research, and it is just getting started at home and abroad. Research of CPS needs to combine these fields together: computer technology, network technology, control technology, communication technology and physics, life sciences, sociology and other related fields of knowledge on the basis of the existing science and technology. Therefore, we can improve the physical system theory and carry out research on real-time information on the physical system, security, autonomy, and high-performance. This paper provides an overview of the definition of information on CPS and studies security issues that CPS design should considers. Detailed analysis the security threats of layers on the CPS are discussed and we also propose corresponding solutions. On one hand, development of CPS can bring about huge economic development opportunities; on the other hand, it will bring up many new aspects of information security issues at the same time. Therefore, academia and industry needs collaboration and study the CPS issue deeply. It is necessary to promote the development of CPS jointly.

Security measures for the data transport layer

The purpose of security measures for data transport layer is to protect the communication data security systems. This includes data integrity, confidentiality, and consistency and so on. Data transport layer security mechanisms can be comprehensive utilization of point-to-point encryption mechanism and end-to-end encryption mechanisms. 1) Point-to-point encryption mechanisms ensure security of the data on a case-by-hop transmission process. However, since each node can get the plaintext data, there are higher dependability requirements for the nodes. Security mechanisms include node certification, hop-by-hop encryption and inter-network authentication. 2) End-to-end encryption mechanism is mainly about to achieve end-to-end confidentiality data, and can provide different levels of flexible security policy security. However, the end-to-end encryption can not hide source and purpose of data. As a result, there are security risks that can be used by attacker. The security mechanisms include end-to-end authentication, key negotiation, and key management and so on. 4.3

Security measures for the application control layer

Application control layer is the core part of the decision-making in CPS. Huge amounts of data in the system require application of the control layer has strong intelligent processing power. Data security and user privacy data must be protected at the same time. Security measures for the application control layer of CPS, including: 1) To enhance system access control policy. 2) Strengthen different scenarios identity authentication and encryption mechanisms. 3) Perfect the mechanism of network forensics; strengthen network forensics ability. 4) Do not affect applications, and at the same time, establish a unified and efficient security management platform for CPS.

References 1. Lee E. Computing foundations and practice for cyber-physical systems: a preliminary report, Technical Report UCB/EECS-2007-72. USA: University of California, 2007 2. Baheti R, Gill H. Cyber-physical systems. IEEE. The Impact of Control Technology. Washington D. C., USA: IEEE, 2011: 161−166 3. CPS Steering Group. Cyber-physical systems executive summary. (March 6, 2008). http://precise.seas.upenn.edu/events/iccps11/doc/CPS-ExecutiveSummary.pdf. 4. Lin J, Sedigh S, Miller A. A general framework for quantitative modeling of dependability in cyber-physical systems: a proposal for doctoral research. Proceedings of the 33rd Annual IEEE International Computer Software and Applications Conference. Seattle, USA: IEEE, 2009: 668−671 5. Branicky M. CPS initiative overview. Proceedings of the IEEE/RSJ International Conference on Robotics and Cyber-Physical Systems. Washington D. C., USA: IEEE, 2008 6. Krogh B, Ilic M D, Sastry S S. Networked Embedded Control for Cyber-Physical Systems: Research Strategies and Roadmap, Technical Report. USA: Team for Research in Ubiquitous Secure Technology, 2007 7. MA Wenfang. CPS: sensor-net to sensor-acuator-net. China Information World, 2010, 25 (in Chinese) 8. WANG Z J, XIE L L. Cyber-physical Systems: a survey. ACTA AUTOMATICA SINICA, 2011, 37(10): 1157−1166 (in Chinese) 9. Eschenauer L, Gligor V. A key-management scheme for distributed sensor networks. Proceedings of the 9th ACM Conference on Computer and Communications Security. New York, USA: Association for Computing Machinery, 2002: 41−47