Week 9 Flashcards
CPS Security Requirements
Securing CPS is complex; key requirements include:
Privacy,
Resiliency,
Dependability,
Interaction and coordination,
Operational security (OpSec),
System hardening;
CPS Security Challenges
Adoption of security measures has benefits but may impact CPS.
Reduced performance, higher power consumption, transmission delay, higher cost, compatibility issues, operational security delay.
CPS Security Solution
CPS systems are categorized based on criticality:
Safety Critical, Mission Critical, Business Critical, and Security Critical.
Main security solutions encompass cryptographic and non-cryptographic approaches.
Confidentiality - Cryptographic
Security measures include encompression to reduce overhead, ultra-lightweight block ciphers for hardware efficiency, and solutions like bump-in-the-wire (BITW) for legacy devices.
Various integrity solutions, such as SIEM, TAIGA, SSU, and watermarking, are also implemented.
Integrity - Cryptographic
Security measures, including SIEM, TAIGA, SSU, and watermarking, focus on preventing physical or logical modifications of real-time data.
Authentication - Cryptographic
Homomorphic Encryption is employed to prevent unauthorized access.
Intrusion Detection - Non-cryptographic
Intrusion Detection Systems (IDS) play a crucial role in detecting abnormal behavior in the network.
They can be physical or cyber-based, employing signature-based or anomaly-based approaches.
Honeypots & Deception - Non-cryptographic
Honeypots and deception techniques are utilized as decoys to hide and protect systems.
MITM and DOS attack defenses are implemented, and anomaly detection leverages digital twin models.
Physical Security
Rudimentary steps for physical security include measures such as remote site protection, access control, monitoring, locks, deterrence, and detection.
Attack Detection
Watermarking,
false data injection (fuzzing),
anomaly detection (digital twin models).
Anomaly Detection
Anomaly detection relies on a simplified digital twin model to identify deviations in the expected behavior of a physical system, serving as an indicator of potential attacks on sensor data or actuators.
However, accurate modeling can be challenging, leading to occasional false alarms.
Watermarking
Multiplicative Watermarking: Modifies sensor outputs with a watermark, allowing tamper detection and data integrity verification.
Additive Watermarking: Introduces a watermark to sensor outputs, facilitating tamper detection and ensuring data integrity during transmission.
False Data Injection
Fault Injection (Fuzzing): Stress-tests emulated PLCs for non-destructive vulnerability detection, utilizing AI for automated test data generation.
Industrial Control Protocol Fuzzing: Addresses the complexity of proprietary communication protocols using AI to automatically generate test data, as seen in tools like ICPFuzzer.
