Networked Control Systems 2015

 

 
SoS Logo

Networked Control Systems

2015

 

Network control systems (NCS) offer a relatively inexpensive way for communications networks to provide diagnostics, flexibility, and robustness. To the Science of Security community, NCS research is relevant to the hard problems of resiliency, composability, and predictive metrics. The research work cited here was presented in 2015.



K. Sawada, T. Sasaki, S. Shin, and S. Hosokawa, “A Fallback Control Study of Networked Control Systems for Cybersecurity,” Control Conference (ASCC), 2015 10th Asian, Kota Kinabalu, 2015, pp. 1-6. doi:10.1109/ASCC.2015.7244676
Abstract: Recent control systems of critical infrastructures are networked systems, which are exposed to the infection of the computer malwares. This paper considers a cybersecurity technology of networked control systems in terms of availability. Architecture of fallback control is proposed, which consists of the remote controller and the local controller. The former achieves the high control performance and the latter guarantees the minimum required control performance. If the malicious behavior of the remote controller is detected by the local controller, the local controller breaks the network communication between the plant and the remote controller and takes over the plant control. This framework aims to prevent the spread of the damage caused by the infection of the computer malwares. As a first step of the research, a prototype fallback control system is applied to a simple automation system simulating the defective discriminator.
Keywords: control engineering computing; critical infrastructures; invasive software; networked control systems; telecontrol; computer malware infection;  cybersecurity technology; fallback control architecture; local controller; minimum required control performance; network communication; networked control systems; prototype fallback control system; remote controller; Computer architecture; Computer security; Control systems; Logic gates; Observers; Sorting; Availability; Cybersecurity; Fallback control; Networked control system (ID#: 16-10369)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7244676&isnumber=7244373

 

A. Cioraca, I. Voloh, and M. Adamiak, “What Protection Engineers Need to Know About Networking,” Protective Relay Engineers, 2015 68th Annual Conference for, College Station, TX, 2015, pp. 597-607. doi:10.1109/CPRE.2015.7102197
Abstract: The communications infrastructure of the electric grid has been evolving rapidly in the last decades due to the need for transporting ever more sophisticated information, both data and control. More recently Ethernet based networks have been added into the picture, as modern relays need to communicate with control and dispatch centers and centralized management systems over local and wide area networks. Notably, the need to support IEC 61850 standards encouraged relay vendors into speeding up the development of Ethernet as a preferred method of communication. The benefits of Ethernet networking are huge. Flexibility and easy deployment are only two of them. However Ethernet networking comes with features that protection engineers need to be aware of, if they wish to take full advantage of its capabilities. It also comes with new challenges that protection engineers need to be aware of. Network latency and availability must be carefully considered for. Cybersecurity must be planned, the risk of cyberattacks evaluated and protection measures implemented. This paper explores the network architecture of the modern protection and control (P&C) systems including protective relays themselves. It discusses aspects such as the use and benefits of routing, the need and solutions for maximum availability and real time response, as well as security measures that can be taken to reduce the risk of cyberattacks inherent when connecting over Ethernet. The paper also highlights some of the best practices when using Ethernet networking in the grid, providing examples drawn from the protective relaying and cybersecurity practice. It offers simple solutions to typical security challenges possibly encountered during the commissioning phase and in the daily operations of relay devices.
Keywords: local area networks; power engineering computing; power grids; power system security; relay protection; Ethernet networking; commissioning phase; cyber attacks; cybersecurity practice; network architecture; network routing; power grid; protection and control systems; protection engineer; protective relays; IP networks; Network topology; Protocols; Redundancy; Relays; Routing; Switches; AAA = Authentication, Authorization, Accounting; GOOSE = Generic Object Oriented Substation Events; HSR = High-availability Seamless Redundancy; IEC = International Electrotechnical Commission; IP = Internet Protocol; IT = Information Technology; LDAP = Lightweight Directory Access Protocol; P&C = Protection and Control; PDC = Phasor Data Concentrator; PMU = Phasor Measurement Unit; PRP = Parallel Redundancy Protocol; RADIUS = Remote Authentication Dial In User Service; RBAC = Role Based Access Control; SEM = Security Event Management; TCP/IP = Transmission Control Protocol/Internet Protocol (ID#: 16-10370)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7102197&isnumber=7102153

 

E. Pricop and S. F. Mihalache, “Fuzzy Approach on Modelling Cyber Attacks Patterns on Data Transfer in Industrial Control Systems,” Electronics, Computers and Artificial Intelligence (ECAI), 2015 7th International Conference on, Bucharest, 2015, pp. SSS-23-SSS-28. doi:10.1109/ECAI.2015.7301200
Abstract: Cybersecurity of industrial control system is a very complex and challenging research topic, due to the integration of these systems in national critical infrastructures. The control systems are now interconnected in industrial networks and frequently to the Internet. In this context they are becoming targets of various cyber attacks conducted by malicious people such as hackers, script kiddies, industrial spies and even foreign armies and intelligence agencies. In this paper the authors propose a way to model the most frequent attacker profiles and to estimate the success rate of an attack conducted in given conditions. The authors use a fuzzy approach for generating attacker profiles based on attacker attributes such as knowledge, technical resources and motivation. The attack success rate is obtained by using another fuzzy inference system that analyzes the attacker profile and system intrinsic characteristics.
Keywords: electronic data interchange; fuzzy reasoning; industrial control; security of data; Internet; attack success rate; cyber attack; data transfer; fuzzy inference system; industrial control systems; industrial networks; national critical infrastructures; Computer hacking; Control systems; Fuzzy logic; Industrial control; Mathematical model; Shape; Terrorism; attack success rate; attacker profile; cyberattack modeling; fuzzy system (ID#: 16-10371)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7301200&isnumber=7301133

 

J. Spring, S. Kern, and A. Summers, “Global Adversarial Capability Modeling,” Electronic Crime Research (eCrime), 2015 APWG Symposium on, Barcelona, 2015, pp. 1-21. doi:10.1109/ECRIME.2015.7120797
Abstract: Intro: Computer network defense has models for attacks and incidents comprised of multiple attacks after the fact. However, we lack an evidence-based model the likelihood and intensity of attacks and incidents. Purpose: We propose a model of global capability advancement, the adversarial capability chain (ACC), to fit this need. The model enables cyber risk analysis to better understand the costs for an adversary to attack a system, which directly influences the cost to defend it. Method: The model is based on four historical studies of adversarial capabilities: capability to exploit Windows XP, to exploit the Android API, to exploit Apache, and to administer compromised industrial control systems. Result: We propose the ACC with five phases: Discovery, Validation, Escalation, Democratization, and Ubiquity. We use the four case studies as examples as to how the ACC can be applied and used to predict attack likelihood and intensity.
Keywords: Android (operating system); application program interfaces; computer network security; risk analysis; ACC; Android API; Apache; Windows XP; adversarial capability chain; attack likelihood prediction; compromised industrial control systems; computer network defense; cyber risk analysis; evidence-based model; global adversarial capability modeling; Analytical models; Androids; Biological system modeling; Computational modeling; Humanoid robots; Integrated circuit modeling; Software systems; CND; cybersecurity; incident response; intelligence; intrusion detection; modeling; security (ID#: 16-10372)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7120797&isnumber=7120794

 

V. Neumann, C. Lyra Gomes, C. Unsihuay-Vila, K. V. Fonseca, and P. Rodrigues Torres, “Parameterization of IPSec Framework for Security in the Smart Grid Interoperability,” Innovative Smart Grid Technologies Latin America (ISGT LATAM), 2015 IEEE PES, Montevideo, 2015, pp. 780-785. doi:10.1109/ISGT-LA.2015.7381254
Abstract: The infrastructure of the Smart Grid communication will require the use of security protocols based on standards of the state-of-the-art. This work proposes a method of parameterization of the IPsec protocol framework, aimed at security of data interoperability in Smart Grid, according to the requirement levels for the security services: Integrity, Confidentiality and Availability, recommended by the SGIRM (Smart Grid Interoperability Reference Model [1]). The methodology can be used for VPN IPsec Site-to-Site implementations between any pair of the seven domains of the SGIRM: Generation, Transmission, Distribution, Service Providers, Markets, Control / Operations and Customers. The methodology proposed for the VPN Ipsec implementation was applied as step-by-step tasks and implemented in a test bed network. Each test was repeated twenty times aimed at data analysis and statistical evaluation of the results. The field tests allowed us to measure jitter (latency variation) and data flow throughput resulting from the parameterization of IPsec to compare the results with the limits set out in SGIRM, aiming to validate the methodology.
Keywords: power system security; protocols; security of data; smart power grids; IPsec protocol framework; data analysis; data flow throughput; security of data interoperability; security protocols; smart grid communication; smart grid interoperability; Encryption; Logic gates; Network topology; Protocols; Smart grids; Virtual private networks; Confidentiality; Cybersecurity; IPsec protocol; Integrity; Latency; Programming CLI (Command Line Interface); SGIRM; Security Services; Smart Grid; Throughput (ID#: 16-10373)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7381254&isnumber=7381114

 

P. Jafary, S. Repo, M. Salmenpera, and H. Koivisto, “OPC UA Security for Protecting Substation and Control Center Data Communication in the Distribution Domain of the Smart Grid,” Industrial Informatics (INDIN), 2015 IEEE 13th International Conference on, Cambridge, 2015, pp. 645-651. doi:10.1109/INDIN.2015.7281811
Abstract: The distribution domain of the smart grid incorporates advantages of the newest substation automation standards in order to enhance distribution network automation. State-of-the-art distribution automation solutions use the public Internet for exchanging data between substation and control center. This presents challenges for cybersecurity, particularly for critical data determining distribution network operation. Therefore, Internet communication between substation and control center should be carried out via a secure communication protocol. OPC Unified Architecture (UA) is an interoperable communication standard supports Internet protocols from one hand and obtains benefits from mature built-in security mechanisms from other hand. This paper describes a solution for secure data transmission between modern substation and control center over the Internet. In this approach, circuit breaker position data is chosen as the data example that is defined in respect to the IEC 61850 data model and securely transmitted to OPC UA client application at remote control center by employing the OPC UA security architecture functions.
Keywords: IEC standards; Internet; circuit breakers; power distribution protection; power engineering computing; power system security; security of data; smart power grids; substation automation; substation protection; telecontrol; IEC 61850 data model; Internet communication; Internet protocol; OPC UA security; OPC unified architecture; circuit breaker position data; control center data communication; cybersecurity; distribution network automation enhancement; interoperable communication standard; remote control center; secure communication protocol; secure data transmission; smart grid distribution domain; substation automation standard; substation protection; IEC Standards; Internet; Logic gates; Protocols; Security; Substation automation; IEC 61850; OPC UA security model; distribution automation; smart grid; substation automation (ID#: 16-10374)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7281811&isnumber=7281697

 

A. Patrascu and V. V. Patriciu, “Cyber Protection of Critical Infrastructures Using Supervised Learning,” Control Systems and Computer Science (CSCS), 2015 20th International Conference on, Bucharest, 2015, pp. 461-468. doi:10.1109/CSCS.2015.34
Abstract: Interconnected computing units are used more and more in our daily lives, starting from the transportation systems and ending with gas and electricity distribution, together with tenths or hundreds of systems and sensors, called critical infrastructures. In this context, cyber protection is vital because they represent one of the most important parts of a country's economy thus making them very attractive to cyber criminals or malware attacks. Even though the detection technologies for new threats have improved over time, modern malware still manage to pass even the most secure and well organized computer networks, firewalls and intrusion detection equipments, making all systems vulnerable. This is the main reason that automatic learning is used more often than any other detection algorithms as it can learn from existing attacks and prevent newer ones. In this paper we discuss the issues threatening critical infrastructures systems and propose a framework based on machine learning algorithms and game theory decision models that can be used to protect such systems. We present the results taken after implementing it using three distinct classifiers - k nearest neighbors, decision trees and support vector machines.
Keywords: decision trees; game theory; learning (artificial intelligence); pattern classification; security of data; support vector machines; computer networks; critical infrastructure; cyber criminals; cyber protection; firewalls; game theory decision models; interconnected computing units; intrusion detection equipments; k nearest neighbors; machine learning algorithms; malware attacks; supervised learning; support vector machines; Biological system modeling; Game theory; Security; Sensors; Support vector machines; Testing; Training; critical infrastructure protection; cybersecurity framework; game theory decision engine; machine learning (ID#: 16-10375)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7168469&isnumber=7168393

 

H. Gao, Y. Peng, K. Jia, Z. Wen, and H. Li, “Cyber-Physical Systems Testbed Based on Cloud Computing and Software Defined Network,” 2015 International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP), Adelaide, Australia, 2015, pp. 337-340. doi:10.1109/IIH-MSP.2015.50
Abstract: More standardized, networked and intelligentized nature of industry 4.0 has intensified critical infrastructures cyberthreats. According to cyber-physical systems (CPS) layered architecture and security requirements in industry 4.0, a cyber-physical systems testbed based on cloud computing and software defined network (SDN), or CPSTCS is proposed. The CPSTCS uses a network testbed based on cloud computing and SDN to recreate the cyber elements of cyber-physical systems and real-world physical devices for the physical components. The CPSTCS helps assess cyberthreats against the cyber and physical dimensions of critical infrastructures.
Keywords: Cloud computing; Control systems; Cyber-physical systems; Industries; Production; Protocols; Security; Cloud Computing; Critical infrastructures; Cyber-physical systems; Industry 4.0;Testbed (ID#: 16-10376)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7415825&isnumber=7415733

 

K. G. Lyn, L. W. Lerner, C. J. McCarty, and C. D. Patterson, “The Trustworthy Autonomic Interface Guardian Architecture for Cyber-Physical Systems,” Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on, Liverpool, 2015, pp. 1803-1810. doi:10.1109/CIT/IUCC/DASC/PICOM.2015.263 
Abstract: The growing connectivity of cyber-physical systems (CPSes) has led to an increased concern over the ability of cyber-attacks to inflict physical damage. Current cyber-security measures focus on preventing attacks from penetrating control supervisory networks. These reactive techniques, however, are often plagued with vulnerabilities and zero-day exploits. Embedded processors in CPS field devices often possess little security of their own, and are easily exploited once the network is penetrated. We identify four possible outcomes of a cyber-attack on a CPS embedded processor. We then discuss five trust requirements that a device must satisfy to guarantee correct behavior through the device's lifecycle. Next, we examine the Trustworthy Autonomic Interface Guardian Architecture (TAIGA) which monitors communication between the embedded controller and physical process. This autonomic architecture provides the physical process with a last line of defense against cyber-attacks. TAIGA switches process control to a trusted backup controller if an attack causes a system specification violation. We conclude with experimental results of an implementation of TAIGA on a hazardous cargo-carrying robot.
Keywords: cyber-physical systems; trusted computing; CPS embedded processor; TAIGA; cyber-attacks; cyber-security measures; embedded controller; physical process; reactive techniques; trusted backup controller; trustworthy autonomic interface guardian architecture; Control systems; Process control; Program processors; Sensors; Trojan horses; Cyber-physical systems; autonomic control; embedded device security; resilience; trust (ID#: 16-10377)  
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7363316&isnumber=7362962

 

E. Penera and D. Chasaki, “Packet Scheduling Attacks on Shipboard Networked Control Systems,” Resilience Week (RWS), 2015, Philadelphia, PA, 2015, pp. 1-6. doi:10.1109/RWEEK.2015.7287421
Abstract: Shipboard networked control systems are based on a distributed control system architecture that provides remote and local control monitoring. In order to allow the network to scale a hierarchical communication network is composed of high speed Ethernet based network switches. Ethernet is the prevalent medium to transfer control data, such as control signals, alarm signal, and sensor measurements on the network. However, communication capabilities bring new security vulnerabilities and make communication links a potential target for various kinds of cyber/physical attacks. The goal of this work is to implement and demonstrate a network layer attack against networked control systems, by tampering with temporal characteristics of the network, leading to time varying delays and packet scheduling abnormalities.
Keywords: computer network security; delay systems; local area networks; networked control systems; scheduling; ships; telecommunication control; time-varying systems; alarm signal; communication capability; communication link; control data; control signal; cyber attack; distributed control system architecture; hierarchical communication network; high speed Ethernet based network switch; network layer attack; packet scheduling abnormality; packet scheduling attack; physical attack; remote and local control monitoring; security vulnerability; sensor measurement; shipboard networked control system; temporal characteristics; time varying delay; Delays; IP networks; Network topology; Networked control systems; Security; Topology (ID#: 16-10378)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7287421&isnumber=7287407

 

Z. Xu and Q. Zhu, “A Cyber-Physical Game Framework for Secure and Resilient Multi-Agent Autonomous Systems,” Decision and Control (CDC), 2015 IEEE 54th Annual Conference on, Osaka, Japan, 2015, pp. 5156-5161. doi:10.1109/CDC.2015.7403026
Abstract: The increasing integration of autonomous systems with publicly available networks exposes them to cyber attackers. An adversary can launch a man-in-the-middle attack to gain control of the system and inflict maximum damages with collision and suicidal attacks. To address this issue, this work establishes an integrative game and control framework to incorporate security into the automatic designs, and take into account the cyber-physical nature and the real-time requirements of the system. We establish a cyber-physical signaling game to develop an impact-aware cyber defense mechanism and leverage model-predictive control methods to design cyber-aware control strategies. The integrative framework enables the co-design of cyber-physical systems to minimize the inflicted systems, leading to online updating the cyber defense and physical layer control decisions. We use unmanned aerial vehicles (UAVs) to illustrate the algorithm, and corroborate the analytical results in two case studies.
Keywords: Control systems; Games; Physical layer; Predictive control; Real-time systems; Receivers; Security (ID#: 16-10379)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7403026&isnumber=7402066

 

Xingyu Shi, Yong Li, Yijia Cao, Yi Tan, Zhisheng Xu, and Min Wen, “Model Predictive Control Considering Cyber-Physical System to Dampen Low Frequency Oscillation of Interconnected Power Systems,” Power and Energy Engineering Conference (APPEEC), 2015 IEEE PES Asia-Pacific, Brisbane, QLD, 2015, pp. 1-5. doi:10.1109/APPEEC.2015.7380996
Abstract: With the infusion of information communication technology (ICT) and power infrastructures, the power systems is becoming a large and complex cyber physical system (CPS). In the CPS, a crucial problem for the evaluation of control systems to face disturbances/faults is transmission time delay in the communication network. In this paper, a hybrid simulation model is established to simulate the operation of CPS, and the time delay is considered in the design process of model predictive control (MPC) based low-frequency oscillation (LFO) damping controller. In the proposed model, the IEEE benchmark two areas interconnected power system with a flexible ac transmission system (FACTS) device is established in the MATLAB/Simulink environment, and the information systems with advanced cyber control center is established in the Microsoft Visual Studio environment. The utility communication network of 3G and fiber optic access is adopted to transmit operation and control data between the aforementioned environments, and the communication time delay is considered sufficiently. In this way, a CPS closed- loop control is formed. Finally, a case study is used to validate the established hybrid simulation model as well as the performance of cyber control center.
Keywords: 3G mobile communication; cyber-physical systems; flexible AC transmission systems; information technology; power system interconnection; power system reliability; power system security; power system stability; power transmission control; power transmission faults; predictive control; 3G; CPS; FACTS device; ICT; LFO; MATLAB/Simulink environment; MPC; Microsoft Visual Studio environment; closed- loop control; cyber control center; cyber-physical system; fiber optic access; flexible ac transmission system; information communication technology; interconnected power systems; low frequency oscillation model predictive control; power infrastructures; transmission time delay; Benchmark testing; Communication networks; Computers; Delay effects; Mathematical model; Power system stability (ID#: 16-10380)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7380996&isnumber=7380859

 

K. Pochiraju and S. Narain, “Cyber Physical System Integration and Configuration Guided by Satisfiability Modulo Theories,” Information Reuse and Integration (IRI), 2015 IEEE International Conference on, San Francisco, CA, 2015, pp. 589-592. doi:10.1109/IRI.2015.93
Abstract: Cyber Physical Systems (CPS) are increasingly required to address sophisticated and complex set of stakeholder, security, regulatory policy and physical requirements. CPS employ numerous and interacting software, hardware, control and communication sub-systems that collectively address the system requirements. This paper describes a methodology that applies Satisfiability (SAT) or Satisfiability Modulo Theory (SMT) solvers to guide system architects during the integration, diagnosis, reconfiguration and/or redesign of sub-systems. The system integration problem is posed as search for a feasible configuration in a constraint-based representation. Physical, software and control behaviors of the system and the governing physical laws are translated into a network of interconnected parametric models and as algebraic and symbolic constraints. The methodology entails solving the complete set of constraints for feasible configurations. In the absence of feasible configurations, either the conflicting requirements are renegotiated or a maximally satisfiable subset of constraints is found, that then drives a redesign of sub-systems.
Keywords: algebra; computability; constraint handling; security of data; systems analysis; CPS; SAT; SMT; algebraic constraints; constraint-based representation; cyber physical system configuration; cyber physical system integration; interconnected parametric models; physical requirements; regulatory policy; satisfiability modulo theories; security; stakeholder; symbolic constraints; Batteries; Hardware; Modeling; Rotors; Software; Stakeholders; System integration; Configuration; Constraint-based Representation; Redesign; Satisfiability Solvers; System Requirements (ID#: 16-10381)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7301031&isnumber=7300933

 

S. M. Djouadi, A. M. Melin, E. M. Ferragut, J. A. Laska, Jin Dong, and A. Drira, “Finite Energy and Bounded Actuator Attacks on Cyber-Physical Systems,” Control Conference (ECC), 2015 European, Linz, 2015, pp. 3659-3664. doi:10.1109/ECC.2015.7331099
Abstract: As control system networks are being connected to enterprise level networks for remote monitoring, operation, and system-wide performance optimization, these same connections are providing vulnerabilities that can be exploited by malicious actors for attack, financial gain, and theft of intellectual property. Much effort in cyber-physical system (CPS) protection has focused on protecting the borders of the system through traditional information security techniques. Less effort has been applied to the protection of cyber-physical systems from intelligent attacks launched after an attacker has defeated the information security protections to gain access to the control system. In this paper, attacks on actuator signals are analyzed from a system theoretic context. The threat surface is classified into finite energy and bounded attacks. These two broad classes encompass a large range of potential attacks. The effect of theses attacks on a linear quadratic (LQ) control are analyzed, and the optimal actuator attacks for both finite and infinite horizon LQ control are derived, therefore the worst case attack signals are obtained. The closed-loop system under the optimal attack signals is given and a numerical example illustrating the effect of an optimal bounded attack is provided.
Keywords: actuators; closed loop systems; infinite horizon; linear quadratic control; networked control systems; security of data; signal processing; CPS protection; actuator signals; bounded actuator attacks; closed-loop system; control system networks; cyber-physical system protection; enterprise level networks; finite energy actuator attacks; infinite horizon LQ control; information security protections; information security techniques; intelligent attacks; linear quadratic control; optimal actuator attacks; optimal attack signals; remote monitoring; system theoretic context; system-wide performance optimization; Actuators; Closed loop systems; Computer science; Cyber-physical systems; Information security; Sensors (ID#: 16-10382)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7331099&isnumber=7330515

 

J. O. Malchow, D. Marzin, J. Klick, R. Kovacs, and V. Roth, “PLC Guard: A Practical Defense Against Attacks on Cyber-Physical Systems,” Communications and Network Security (CNS), 2015 IEEE Conference on, Florence, 2015, pp. 326-334. doi:10.1109/CNS.2015.7346843
Abstract: Modern societies critically depend on cyberphysical systems that control most production processes and utility distribution networks. Unfortunately, many of these systems are vulnerable to attacks, particularly advanced ones. While researchers are investigating sophisticated techniques in order to counter these risks, there is a need for solutions that are practical and readily deployable. In this paper, we adapt the classic ACCAT Guard concept to the protection of programmable logic controllers (PLCs), which are an essential ingredient of existing cyber-physical systems. A PLC Guard intercepts traffic between a, potentially compromised, engineering workstation and a PLC. Whenever code is transferred to a PLC, the guard intercepts the transfer and gives the engineer an opportunity to compare that code with a previous version. The guard supports the comparison through various levels of graphical abstraction and summarization. By operating a simple and familiar interface, engineers can approve or reject the transfer using a trusted device that is significantly harder to subvert by attackers. We developed a PLC Guard prototype in order to reify our ideas on how it should be designed. In this paper, we describe the guard's design and its implementation. In order to arrive at realistic PLC code examples, we implemented a miniature packaging plant as well as attacks on it.
Keywords: cyber-physical systems; engineering workstations; programmable controllers; security of data; trusted computing; PLC Guard intercept traffic; PLC Guard prototype; classic ACCAT Guard; cyber-physical system; engineering workstation; graphical abstraction; graphical summarization; miniature packaging plant; programmable logic controller protection; trusted device; utility distribution network; Conferences; Malware; Production; Software; Visualization; Workstations (ID#: 16-10383)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7346843&isnumber=7346791

 

G. Mois, S. Folea, T. Sanislav, and L. Miclea, “Communication in Cyber-Physical Systems,” System Theory, Control and Computing (ICSTCC), 2015 19th International Conference on, Cheile Gradistei, 2015, pp. 303-307. doi:10.1109/ICSTCC.2015.7321310
Abstract: This paper discusses the aspects concerning the communication between the components of cyber-physical systems (CPSs). The characteristics and the requirements concerning the transfer of information within CPSs and the related open issues are presented. In this context, a CPS solution for environmental monitoring (temperature and relative humidity), based on the IEEE 802.11 b/g standards, was developed and is presented as a case study. This consists in the use of Wi-Fi sensors that have the ability of connecting to an existent Wireless LAN and of a server that provides access to data which can be recorded at any place where IEEE 802.11 b/g network coverage exists, from any device connected to the Internet.
Keywords: wireless LAN; CPS; IEEE 802.11 b/g standards; Internet; Wi-Fi sensors; Wireless LAN; cyber-physical system communication; environmental monitoring; network coverage; relative humidity; temperature humidity; Communication system security; IEEE 802.11 Standard; Protocols; Sensors; Wireless communication; Wireless sensor networks; Cyber-Physical Systems; IEEE 802.11 Standards; Sensor systems; Wireless communication (ID#: 16-10384)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7321310&isnumber=7321255

 

M. Elattar and J. Jasperneite, “Using LTE as an Access Network for Internet-Based Cyber-Physical Systems,” Factory Communication Systems (WFCS), 2015 IEEE World Conference on, Palma de Mallorca, 2015, pp. 1-7. doi:10.1109/WFCS.2015.7160560
Abstract: Cyber-physical systems (CPSs) represent a new generation of control systems where distributed local control systems are connected not only physically, but also computationally by means of communication networks. CPSs target introducing intelligence beside traditional monitoring and control functionalities in a way that optimize the performance of the overall system. However, the realization of many CPS applications requires reliable communication systems that provide quality of service (QoS) control. In this domain, Long Term Evolution (LTE) standard offers a comprehensive QoS frame work. Nevertheless, commercial implementations of the standard provide only best effort type of service. In this paper, we demonstrated the benefits of using LTE networks with QoS support for CPSs by comparing the performance of a CPS application over LTE network with and without QoS support. The results clearly indicate the benefit to enable the QoS features in commercial implementations of LTE in order to realize reliable CPS applications.
Keywords: Internet; Long Term Evolution; computer network security; control engineering computing; distributed control; quality of service; CPS applications; Internet-based cyber physical system; LTE communication system reliability; QoS; access network; distributed local control system; quality of service control; Delay effects; Delays; IP networks; Phasor measurement units; Quality of service (ID#: 16-10385)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7160560&isnumber=7160536

 

S. Z. Yong, M. Zhu, and E. Frazzoli, “Resilient State Estimation Against Switching Attacks on Stochastic Cyber-Physical Systems,” Decision and Control (CDC), 2015 IEEE 54th Annual Conference on, Osaka, Japan, 2015, pp. 5162-5169. doi:10.1109/CDC.2015.7403027
Abstract: In this paper, we address the resilient state estimation problem for some relatively unexplored security issues for cyber-physical systems, namely switching attacks and the presence of stochastic process and measurement noise signals, in addition to attacks on actuator and sensor signals. We model the systems under attack as hidden mode stochastic switched linear systems with unknown inputs and propose the use of the multiple model inference algorithm developed in [1] to tackle these issues. We also furnish the algorithm with the lacking asymptotic analysis. Moreover, we characterize fundamental limitations to resilient estimation (e.g., upper bound on the number of tolerable attacks) and discuss the issue of attack detection under this framework. Simulation examples of switching attacks on benchmark and power systems show the efficacy of our approach to recover unbiased state estimates.
Keywords: Actuators; Circuit breakers; Inference algorithms; Network topology; State estimation; Stochastic processes; Switches (ID#: 16-10386)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7403027&isnumber=7402066

 

G. Lontorfos, K. D. Fairbanks, L. Watkins, and W. H. Robinson, “Remotely Inferring Device Manipulation of Industrial Control Systems via Network Behavior,” Local Computer Networks Conference Workshops (LCN Workshops), 2015 IEEE 40th, Clearwater Beach, FL, 2015, pp. 603-610. doi:10.1109/LCNW.2015.7365904
Abstract: This paper presents preliminary findings on a novel method to remotely fingerprint a network of Cyber Physical Systems and demonstrates the ability to remotely infer the functionality of an Industrial Control System device. A monitoring node measures the target device's response to network requests and statistically analyzes the collected data to build and classify a profile of the device's functionality via machine learning. As ICSs are used to control critical infrastructure processes such as power generation and distribution, it is vital to develop methods to detect tampering. A system employing our measurement technique could discover if an insider has made unauthorized changes to a device's logic. Our architecture also has advantages because the monitoring node is separate from the measured device. Our results indicate the ability to accurately infer (i.e., using a tunable threshold value) discrete ranges of task cycle periods (i.e., CPU loads) that could correspond to different functions.
Keywords: learning (artificial intelligence); process control; production engineering computing; statistical analysis; ICSs; critical infrastructure process control; cyber physical systems; industrial control system device; industrial control systems; machine learning; measurement technique; monitoring node; network behavior; power distribution; power generation; profile classification; remote network fingerprinting; remotely inferring device manipulation; statistical analysis; tampering detection; Central Processing Unit; Delays; Feature extraction; Fingerprint recognition; Monitoring; Telecommunication traffic; Time factors; cyber-physical systems; device fingerprinting machine learning; network traffic analysis; processor workload; security; tampering (ID#: 16-10387)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7365904&isnumber=7365758

 

Tuan Phan Vuong, G. Loukas, D. Gan, and A. Bezemskij, “Decision Tree-Based Detection of Denial of Service and Command Injection Attacks on Robotic Vehicles,” Information Forensics and Security (WIFS), 2015 IEEE International Workshop on, Rome, 2015, pp. 1-6. doi:10.1109/WIFS.2015.7368559
Abstract: Mobile cyber-physical systems, such as automobiles, drones and robotic vehicles, are gradually becoming attractive targets for cyber attacks. This is a challenge because intrusion detection systems built for conventional computer systems tend to be unsuitable. They can be too demanding for resource-restricted cyber-physical systems or too inaccurate due to the lack of real-world data on actual attack behaviours. Here, we focus on the security of a small remote-controlled robotic vehicle. Having observed that certain types of cyber attacks against it exhibit physical impact, we have developed an intrusion detection system that takes into account not only cyber input features, such as network traffic and disk data, but also physical input features, such as speed, physical jittering and power consumption. As the system is resource-restricted, we have opted for a decision tree-based approach for generating simple detection rules, which we evaluate against denial of service and command injection attacks. We observe that the addition of physical input features can markedly reduce the false positive rate and increase the overall accuracy of the detection.
Keywords: control engineering computing; cyber-physical systems; decision trees; mobile robots; security of data; telerobotics; vehicles; attack behaviours; automobiles; command injection attacks; computer systems; cyber attacks; decision tree-based detection; denial of service attacks; detection rules; disk data; drones; false positive rate; intrusion detection systems; mobile cyber-physical systems; network traffic; physical input features; physical jittering; power consumption; security; small remote-controlled robotic vehicle; Computer crime; Decision trees; Feature extraction; Intrusion detection; Robot kinematics; Vehicles; Command injection; Cyber-physical attack; Cyber-physical systems; Decision tree; Denial of service (DoS); Intrusion detection; Mobile robots; Network security (ID#: 16-10388)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7368559&isnumber=7368550

 

E. E. Miciolino, G. Bernieri, F. Pascucci, and R. Setola, “Communications Network Analysis in a SCADA System Testbed Under Cyber-Attacks,” Telecommunications Forum Telfor (TELFOR), 2015 23rd, Belgrade, 2015, pp. 341-344. doi:10.1109/TELFOR.2015.7377479
Abstract: Cyber-Physical Systems become more and more complex due to the technological evolution of components and interconnections. The network assessment of these systems becomes complicated due to the significant consequences of possible incidents, as Critical Infrastructure represent remarkable systems. Thus, despite the large literature on cyber-attacks, few works address the network unavailability in industrial control systems. In this paper, the results of several cyber-attacks against a Cyber-Physical testbed, in terms of communications, are investigated.
Keywords: SCADA systems; critical infrastructures; cyber-physical systems; industrial control; security of data; SCADA system testbed; communications network analysis; critical infrastructure; cyber-attack; cyber-physical system; cyber-physical testbed; industrial control system; network assessment; network unavailability; technological evolution; Monitoring; Protocols; Security; Sensors; Standards; Valves; Automation Protocols; Critical Infrastructures; Cyber-Attacks; Cyber-Physical Systems; Industrial Communications; Man-In-The-Middle; Testbed (ID#: 16-10389)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7377479&isnumber=7377376

 

Chao Yang, Xiaoqiang Ren, Wen Yang, Hongbo Shi, and Ling Shi, “Jamming Attack in Centralized State Estimation,” Control Conference (CCC), 2015 34th Chinese, Hangzhou, 2015, pp. 6530-6535. doi:10.1109/ChiCC.2015.7260666
Abstract: To understand the behavior of potential network invaders, this paper considers a system attack problem from the perspective of an invader. The invader intends to attack a system, where a group of sensors measure a process state and send the measurements to a remote estimator for state estimation, by launching Denial-of-Service (DoS) attacks to block the communication channels. As the invader has a power budget and cannot block all the channels, he needs to decide which sensors to attack so that the estimation performance can be mostly affected, which is studied in this paper. In the scenario where the sensing abilities of the sensors have a full order, an explicit solution is provided. When the order does not exist, the problem is transformed into a convex optimization problem and is solved using efficient numerical algorithms.
Keywords: computer network security; convex programming; estimation theory; jamming; numerical analysis; Denial-of-Service; DoS attacks; centralized state estimation; communication channels; convex optimization problem; jamming attack; numerical algorithms; potential network invaders; power budget; process state; remote estimator; state estimation; Channel estimation; Estimation; Jamming; Sensor systems; Time measurement; Tin; Networked control systems; convex optimization; jamming attack; security in cyber-physical systems (ID#: 16-10390)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7260666&isnumber=7259602

 

Song Tan, Wen-Zhan Song, S. Yothment, Junjie Yang, and Lang Tong, “ScorePlus: An Integrated Scalable Cyber-Physical Experiment Environment for Smart Grid,” Sensing, Communication, and Networking (SECON), 2015 12th Annual IEEE International Conference on, Seattle, WA, 2015, pp. 381-389. doi:10.1109/SAHCN.2015.7338338
Abstract: Smart Grid is a complex cyber-physical system that modernizes the traditional electric power infrastructure by sensing, control, computation and communication. Validating the functionality, security and reliability of Smart Grid applications within such a system requires the modeling and emulation of both power networks and communication networks, as well as the interactions between them. In this paper, we present the design, implementation and evaluation of an integrated scalable cyber-physical experiment environment for Smart Grid, called ScorePlus. Compared with previous related works, ScorePlus fills the gap by: 1) Creating and integrating both software emulator and hardware testbed, such that they all follow the same architecture and interface, and the same Smart Grid application program can be tested on either of them without any modification; 2) Providing remote access to the hardware testbed such that users can configure physical devices of the hardware testbed through Internet; 3) Supporting scalable distributed experiments such that multiple software emulators and hardware testbeds running at different locations are able to connect and form a larger Smart Grid system.
Keywords: power engineering computing; smart power grids; Internet; ScorePlus; electric power infrastructure; hardware testbed; integrated scalable cyber-physical experiment environment; smart grid; software emulator; Analytical models; Emulation; Hardware; Linux; Mathematical model; Smart grids; Software; Cyber-Physical System; Smart Grid; Testbed (ID#: 16-10391)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7338338&isnumber=7338280

 

YooJin Kwon, Huy Kang Kim, Yong Hun Lim, and Jong In Lim, “A Behavior-Based Intrusion Detection Technique for Smart Grid Infrastructure,” PowerTech, 2015 IEEE Eindhoven, Eindhoven, 2015, pp. 1-6. doi:10.1109/PTC.2015.7232339
Abstract: A smart grid is a fully automated electricity network, which monitors and controls all its physical environments of electricity infrastructure being able to supply energy in an efficient and reliable way. As the importance of cyber-physical system (CPS) security is growing, various intrusion detection algorithms to protect SCADA system and generation sector have been suggested, whereas there were less consideration on distribution sector. Thus, this paper first highlights the significance of CPS security, especially the availability as the most important factor in smart grid environment. Then this paper classifies various modern intrusion detection system (IDS) techniques for securing smart grid network. In our approach, we propose a novel behavior-based IDS for IEC 61850 protocol using both statistical analysis of traditional network features and specification-based metrics. Finally, we present the attack scenarios and detection methods applicable for IEC 61850-based digital substation in Korean environment.
Keywords: IEC standards; SCADA systems; power engineering computing; power system security; security of data; smart power grids; statistical analysis; substation protection; CPS security; IEC 61850 protocol; Korean environment; SCADA system protection; behavior-based IDS; behavior-based intrusion detection technique; cyber physical system security; digital substation; electricity infrastructure physical environment; fully automated electricity network reliability; smart grid infrastructure; Clustering algorithms; Indexes; Inductors; Measurement; Security; Cyber-physical system; IEC 61850; anomaly detection; intrusion detection; smart grid (ID#: 16-10392)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232339&isnumber=7232233

 

P. Lee, A. Clark, B. Alomair, L. Bushnell, and R. Poovendran, “Jamming-Based Adversarial Control of Network Flow Allocation: A Passivity Approach,” American Control Conference (ACC), 2015, Chicago, IL, 2015, pp. 4710-4716. doi:10.1109/ACC.2015.7172071
Abstract: Wireless cyber-physical systems are vulnerable to jamming attacks, in which an adversary broadcasts an interfering signal in the vicinity of a receiver, causing packet decoding errors and reducing the throughput of the communication. Reduced throughput and increased delay could violate the real-time constraints of cyber-physical systems. In a flow redirection attack, an adversary jams a set of network links in order to cause network sources to divert traffic to links that are controlled by the adversary, enabling higher-layer attacks. In this paper, we introduce a passivity approach for modeling the flow redirection attack. Using our approach, we identify a class of dynamic jamming strategies for flow redirection, in which the adversary updates the probability of jamming based on the rate of flow traversing the link. We provide sufficient conditions for feasibility of the jamming strategies for energy-constrained adversaries, and develop an efficient algorithm for deriving an optimal jamming strategy for a given network and desired flow allocation. Our results are illustrated via a numerical study.
Keywords: decoding; jamming; radio networks; radio receivers; telecommunication security; adversary jams; communication throughput reduction; dynamic jamming strategies; energy-constrained adversaries; flow redirection attack modeling; higher-layer attacks; interfering signal; jamming attacks; jamming-based adversarial control; network flow allocation; optimal jamming strategy; packet decoding errors; passivity approach; receiver; wireless cyber-physical systems; Convergence; Cyber-physical systems; Delays; Dynamic scheduling; Jamming; Resource management; Throughput (ID#: 16-10393)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7172071&isnumber=7170700

 

D. Senejohnny, P. Tesi, and C. De Persis, “Self-Triggered Coordination over a Shared Network Under Denial-of-Service,” Decision and Control (CDC), 2015 IEEE 54th Annual Conference on, Osaka, Japan, 2015, pp. 3469-3474. doi:10.1109/CDC.2015.7402756
Abstract: The issue of security has become ever more prevalent in the analysis and design of cyber-physical systems. In this paper, we analyze a consensus network in the presence of Denial-of-Service (DoS) attacks, namely attacks that prevent communication among the network agents. By introducing a notion of Persistency-of-Communication (PoC), we provide a characterization of DoS frequency and duration such that consensus is not destroyed. An example is given to substantiate the analysis.
Keywords: Clocks; Computer crime; Cyber-physical systems; Jamming; Time-frequency analysis; Topology (ID#: 16-10394)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7402756&isnumber=7402066

 

R. K. Abercrombie and F. T. Sheldon, “Security Analysis of Smart Grid Cyber Physical Infrastructures Using Game Theoretic Simulation,” Computational Intelligence, 2015 IEEE Symposium Series on, Cape Town, 2015, pp. 455-462. doi:10.1109/SSCI.2015.74
Abstract: Cyber physical computing infrastructures typically consist of a number of interconnected sites including both cyber and physical components. In this analysis we studied the various types and frequency of attacks that may be levied on smart grid cyber physical systems. Our information security analysis utilized a dynamic Agent Based Game Theoretic (ABGT) simulation. Such simulations can be verified using a closed form game theory analytic approach to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. We concentrated our study on the electric sector failure scenarios from the NESCOR Working Group Study. We extracted four generic failure scenarios and grouped them into three specific threat categories (confidentiality, integrity, and availability) to the system. These specific failure scenarios serve as a demonstration of our simulation. The analysis using our ABGT simulation demonstrates how to model the electric sector functional domain using a set of rationalized game theoretic rules decomposed from the failure scenarios in terms of how those scenarios might impact the cyber physical infrastructure network with respect to CIA.
Keywords: cyber-physical systems; game theory; power engineering computing; power system security; security of data; smart power grids; ABGT simulation; agent based game theoretic simulation; closed form game theory analytic approach; electric sector failure; electric sector functional domain; information assets; information security analysis; rationalized game theoretic rules; security analysis; smart grid cyber physical computing infrastructures; Analytical models; Computer security; Control systems; Games; Government; Smart grids (ID#: 16-10395)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7376647&isnumber=7376572

 

P. Singh, S. Garg, V. Kumar, and Z. Saquib, “A Testbed for SCADA Cyber Security and Intrusion Detection,” Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, Shanghai, 2015, pp. 1-6. doi:10.1109/SSIC.2015.7245683
Abstract: Power grid is an important element of the cyber physical systems. Attacks on such infrastructure may have catastrophic impact and hence the mitigation solutions for the attacks are necessary. It is impractical to test attacks and mitigation strategies on real networks. A testbed as a platform bridges the cyber-physical divide by bringing in the physical system inside the cyber domain, and test the attack scenarios. We are proposing such a testbed here that can simulate power systems Supervisory Control and Data Acquisition (SCADA). The testbed consists of traffic generator, simulated devices like Remote Terminal Units (RTUs), Master Terminal Unit (MTU), Human Machine Interface (HMI) etc. and the communication channel wrapped around industrial communication protocols such as IEC-60870-5-101 and DNP3. The proposed testbed includes with a comparator module which helps in detecting potential intrusions at RTU. A compromised RTU can be manipulated to send fabricated commands in the grid or to send polled responses from the grid. Detecting compromised systems at early stages helps in reducing damage to Industrial Control System (ICS) and providing higher security measures.
Keywords: SCADA systems; human computer interaction; power grids; security of data; HMI; ICS; MTU; RTU; SCADA; SCADA cyber security; cyber physical systems; cyber-physical divide; human machine interface; industrial control system; intrusion detection; master terminal unit; power grid; remote terminal units; supervisory control and data acquisition; Computer security; Generators; Process control; Protocols; Industrial Control Systems; Intrusion Detection; Power System Simulation; SCADA Security; Test-bed (ID#: 16-10396)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245683&isnumber=7245317

 

J. Smith, B. Krikeles, D. K. Wittenberg, and M. Taveniku, “Applied Vulnerability Detection System,” Technologies for Homeland Security (HST), 2015 IEEE International Symposium on, Waltham, MA, 2015, pp. 1-6. doi:10.1109/THS.2015.7225296
Abstract: In [1], we presented a Vulnerability Detection System (VDS) that can detect emergent vulnerabilities in complex Cyber Physical Systems (CPS). It used the attacker's point of view by collecting a target system's vulnerability information from varied sources, and populating a Attack Point (AP) database. From these APs, a Hierarchical Task Network generated the set of composite device-level attack scenarios. The VDS used Alloy [2] to reduce the cardinality of the generated space by evaluating the feasibility of each attack. This paper specializes prior research by submitting the generated prioritized list to an automotive-specific Attack Evaluation Process (AAEP). With a combination of simulation and vehicle instrumented real-time execution, the AAEP confirms each candidate attack. The AAEPs output is used as feedback to refine the Alloy model. VDS is designed to support short product release cycles. The AAEP separates domain-specific from domain-independent aspects so the VDS can be rapidly retargeted.
Keywords: automobiles; control engineering computing; security of data; AAEP; AP; Alloy model; CPS; VDS; applied vulnerability detection system; attack point database; automotive-specific attack evaluation process; complex cyber physical systems; composite device-level attack scenarios; domain-independent aspects; domain-specific aspects; emergent vulnerabilities; hierarchical task network; short product release cycles; vulnerability information; Automotive engineering; Irrigation; Semantics (ID#: 16-10397)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7225296&isnumber=7190491

 

I. Kiss, B. Genge, P. Haller, and G. Sebestyen, “A Framework for Testing Stealthy Attacks in Energy Grids,” Intelligent Computer Communication and Processing (ICCP), 2015 IEEE International Conference on, Cluj-Napoca, 2015, pp. 553-560. doi:10.1109/ICCP.2015.7312718
Abstract: The progressive integration of traditional Information and Communication Technologies (ICT) hardware and software into the supervisory control of modern Power Grids (PG) has given birth to a unique technological ecosystem. Modern ICT handles a wide variety of advantageous services in PG, but in turn exposes PG to significant cyber threats. To ensure security, PG use various anomaly detection modules to detect the malicious effects of cyber attacks. In many reported cases the newly appeared targeted cyber-physical attacks can remain stealthy even in presence of anomaly detection systems. In this paper we present a framework for elaborating stealthy attacks against the critical infrastructure of power grids. Using the proposed framework, experts can verify the effectiveness of the applied anomaly detection systems (ADS) either in real or simulated environments. The novelty of the technique relies in the fact that the developed “smart” power grid cyber attack (SPGCA) first reveals the devices which can be compromised causing only a limited effect observed by ADS and PG operators. Compromising low impact devices first conducts the PG to a more sensitive and near unstable state, which leads to high damages when the attacker at last compromises high impact devices, e.g. breaking high demand power lines to cause blackout. The presented technique should be used to strengthen the deployment of ADS and to define various security zones to defend PG against such intelligent cyber attacks. Experimental results based on the IEEE 14-bus electricity grid model demonstrate the effectiveness of the framework.
Keywords: computer network security; power engineering computing; power system control; power system reliability; power system simulation; smart power grids; ADS; ICT hardware; IEEE 14-bus electricity grid model; PG operators; SPGCA; anomaly detection modules; anomaly detection systems; cyber threats; cyber-physical attacks; energy grids; information and communication technologies; intelligent cyber attacks; power grids; power lines; smart power grid cyber attack; stealthy attacks; supervisory control; Actuators; Phasor measurement units; Power grids; Process control; Sensors; Voltage measurement; Yttrium; Anomaly Detection; Control Variable; Cyber Attack; Impact Assessment; Observed Variable; Power Grid (ID#: 16-10398)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7312718&isnumber=7312586

 

BooJoong Kang et al., “Investigating Cyber-Physical Attacks Against IEC 61850 Photovoltaic Inverter Installations,” Emerging Technologies & Factory Automation (ETFA), 2015 IEEE 20th Conference on, Luxembourg, 2015, pp. 1-8. doi:10.1109/ETFA.2015.7301457
Abstract: Cyber-attacks against Smart Grids have been found in the real world. Malware such as Havex and BlackEnergy have been found targeting industrial control systems (ICS) and researchers have shown that cyber-attacks can exploit vulnerabilities in widely used Smart Grid communication standards. This paper addresses a deep investigation of attacks against the manufacturing message specification of IEC 61850, which is expected to become one of the most widely used communication services in Smart Grids. We investigate how an attacker can build a custom tool to execute man-in-the-middle attacks, manipulate data, and affect the physical system. Attack capabilities are demonstrated based on NESCOR scenarios to make it possible to thoroughly test these scenarios in a real system. The goal is to help understand the potential for such attacks, and to aid the development and testing of cyber security solutions. An attack use-case is presented that focuses on the standard for power utility automation, IEC 61850 in the context of inverter-based distributed energy resource devices; especially photovoltaics (PV) generators.
Keywords: distributed power generation; invasive software; invertors; photovoltaic power systems; power system control; power system security; BlackEnergy; Havex; ICS; IEC 61850 photovoltaic inverter installations; NESCOR; cyber physical attacks; cyber security; industrial control systems; inverter based distributed energy resource devices; malware; man-in-the-middle attacks; photovoltaic generators; power utility automation; smart grid communication standards; Density estimation robust algorithm; IEC Standards; IP networks; Inverters; Object oriented modeling; Protocols; IEC 61850; Smart Grid security; man-in-the-middle attack; photovoltaics (ID#: 16-10399)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7301457&isnumber=7301399

 

D. Gantsou, “On the Use of Security Analytics for Attack Detection in Vehicular Ad Hoc Networks,” Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, Shanghai, 2015, pp. 1-6. doi:10.1109/SSIC.2015.7245674
Abstract: A vehicular ad hoc network (VANET) is a special kind of mobile ad hoc network built on top of the IEEE802.11p standard for a better adaptability to the wireless mobile environment. As it is used for both supporting vehicle-to-vehicle (V2V) as well as vehicle-to-infrastructure (V2I) communications, and connecting vehicles to external resources including cloud services, Internet, and user devices while improving the road traffic conditions, VANET is a Key component of intelligent transportation systems (ITS). As such, VANET can be exposed to cyber attacks related to the wireless environment, and those of traditional information technologies systems it is connected to. However, when looking at solutions that have been proposed to address VANET security issues, it emerges that guaranteeing security in VANET essentially amounts to resorting to cryptographic-centric mechanisms. Although the use of public key Infrastructure (PKI) fulfills most VANET' security requirements related to physical properties of the wireless transmissions, simply relying on cryptography does not secure a network. This is the case for vulnerabilities at layers above the MAC layer. Because of their capability to bypass security policy control, they can still expose VANET, and thus, the ITS to cyber attacks. Thereby, one needs security solutions that go beyond cryptographic mechanisms in order cover multiple threat vectors faced by VANET. In this paper focusing on attack detection, we show how using an implementation combining observation of events and incidents from multiple sources at different layers Sybil nodes can be detected regardless of the VANET architecture.
Keywords: intelligent transportation systems; telecommunication security; vehicular ad hoc networks; IEEE802.11p standard; VANET; attack detection; cryptographic-centric mechanisms; cyber attacks; intelligent transportation systems; mobile ad hoc network; security analytics; vehicular ad hoc networks; wireless mobile environment; Communication system security; Cryptography; IP networks; Vehicles; Vehicular ad hoc networks; Intelligent Transportation Systems (ITS); Vehicular ad hoc network (VANET) security; attack detection (ID#: 16-10400)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245674&isnumber=7245317

 

R. Czechowski, “Cyber-Physical Security for Low-Voltage Smart Grids HAN Security within Smart Grids,” Electric Power Engineering (EPE), 2015 16th International Scientific Conference on, Kouty nad Desnou, 2015, pp. 77-82. doi:10.1109/EPE.2015.7161077
Abstract: Smart Grid is both a concept and a way to mitigate infrastructural Deficiencies and counteract the effects of the growing demand for electrical energy. One of the ways ensuring an increase in power grid's management efficiency is utilization of the latest communication solutions that use of IT technologies. These technologies will help customers and prosumers in the future, in a more efficient management of electricity and the use compatible devices with smart grid technology with the ability to control these devices from a public network (often wireless), users of these devices can meet the same threats as in a typical IT network.
Keywords: power meters; power system management; power system security; smart meters; smart power grids; HAN security; IT technology; cyber-physical security; electrical energy; electricity management; low-voltage smart grids; power grid management efficiency; smart grid technology; Home automation; IP networks; Modems; Object recognition; Protocols; Security; Smart grids; digital security; home area network; security policy; smart metering; smart power grid (ID#: 16-10401)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7161077&isnumber=7161042
 


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.