MiniCPS: A toolkit for security research on CPS Networks

In recent years, tremendous effort has been spent to modernizing communication infrastructure in Cyber-Physical Systems (CPS) such as Industrial Control Systems (ICS) and related Supervisory Control and Data Acquisition (SCADA) systems. While a great amount of research has been conducted on network security of office and home networks, recently the security of CPS and related systems has gained a lot of attention. Unfortunately, real-world CPS are often not open to security researchers, and as a result very few reference systems and topologies are available. In this work, we present MiniCPS, a CPS simulation toolbox intended to alleviate this problem. The goal of MiniCPS is to create an extensible, reproducible research environment targeted to communications and physical-layer interactions in CPS. MiniCPS builds on Mininet to provide lightweight real-time network emulation, and extends Mininet with tools to simulate typical CPS components such as programmable logic controllers, which use industrial protocols (Ethernet/IP, Modbus/TCP). In addition, MiniCPS defines a simple API to enable physical-layer interaction simulation. In this work, we demonstrate applications of MiniCPS in two example scenarios, and show how MiniCPS can be used to develop attacks and defenses that are directly applicable to real systems.Comment: 8 pages, 6 figures, 1 code listin

When Should I Use Network Emulation?

The design and development of a complex system requires an adequate methodology and efficient instrumental support in order to early detect and correct anomalies in the functional and non-functional properties of the tested protocols. Among the various tools used to provide experimental support for such developments, network emulation relies on real-time production of impairments on real traffic according to a communication model, either realistically or not. This paper aims at simply presenting to newcomers in network emulation (students, engineers, ...) basic principles and practices illustrated with a few commonly used tools. The motivation behind is to fill a gap in terms of introductory and pragmatic papers in this domain. The study particularly considers centralized approaches, allowing cheap and easy implementation in the context of research labs or industrial developments. In addition, an architectural model for emulation systems is proposed, defining three complementary levels, namely hardware, impairment and model levels. With the help of this architectural framework, various existing tools are situated and described. Various approaches for modeling the emulation actions are studied, such as impairment-based scenarios and virtual architectures, real-time discrete simulation and trace-based systems. Those modeling approaches are described and compared in terms of services and we study their ability to respond to various designer needs to assess when emulation is needed

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

When should I use network emulation ?

The design and development of a complex system requires an adequate methodology and efficient instrumental support in order to early detect and correct anomalies in the functional and non-functional properties of the tested protocols. Among the various tools used to provide experimental support for such developments, network emulation relies on real-time production of impairments on real traffic according to a communication model, either realistically or not. This paper aims at simply presenting to newcomers in network emulation (students, engineers, ...) basic principles and practices illustrated with a few commonly used tools. The motivation behind is to fill a gap in terms of introductory and pragmatic papers in this domain. The study particularly considers centralized approaches, allowing cheap and easy implementation in the context of research labs or industrial developments. In addition, an architectural model for emulation systems is proposed, defining three complementary levels, namely hardware, impairment and model levels. With the help of this architectural framework, various existing tools are situated and described. Various approaches for modeling the emulation actions are studied, such as impairment-based scenarios and virtual architectures, real-time discrete simulation and trace-based systems. Those modeling approaches are described and compared in terms of services and we study their ability to respond to various designer needs to assess when emulation is needed

Load Modeling and Evaluation of LEDs for Hardware Test Bed Application

The lighting industry was revolutionized with the emergence of LED lighting. Over the last 15 years, LED lighting device sales and utilization have grown immensely. The growth and popularity of LEDs is due to improved operation of the device when compared to previous lighting technologies. Efficient performance of the device is critical due to the growth of global energy consumption. As nonrenewable generation fuel is finite, utilities have begun the transition to renewable energy generation. Generation and distribution systems become inherently complex to comprehend and maintain with incorporation of emerging supply and load technologies. With the unprecedented growth of LED bulbs, there are concerns regarding the impact of their integration on power systems. In determination of the effects, which LED bulb adoption posed within the power grid, investigation of this device as a grid-load was pursued. This thesis reviews existing studies pertaining to LEDs and power grid load modeling methodologies. Load modeling aids in establishing a balance between energy generation and consumption, comprehensively characterizing relationships between electrical generation, transmission, distribution, and loads. Due to the complexities of large networked systems, device load models are constructed and aggregated in emulation of the interactive relationships throughout the power grid. This thesis includes a study of preestablished LED bulb ZIP load models and formulation of a component-based load model for improved characterization of a conventional LED lighting device. Load modeling was conducted with reference to the UTK HTB, for future integration and improved grid emulation. Factors, such as shape, size, illumination, and the power rating of popular LED bulbs is examined. Through investigation of typical LED bulb topologies, a model is formulated, in representation of device behavior as a load. The established load model’s characteristics are tested with comparison to physical device operation in a laboratory environment. The LED bulb component-based model is simulated under dynamic conditions in portrayal of device behavior under fault scenarios. An interactive interface is formulated for simulation of load behavior throughout grid level events. Detailed analysis of data and methods of implementation is provided, in characterization of the LED bulb’s load profile

What makes an industrial control system security testbed credible and acceptable? Towards a design consideration framework

The convergence of Industrial Control System (ICS) with Information Technologies (IT) coupled with the resulting and widely publicized cyber security incidents have made ICS security and resilience issues of critical concern to operators and governments. The inability to apply traditional IT security practice to ICSs further complicates the challenges of effectively securing critical industrial systems. To investigate these challenges without impacting upon live system operations, testbeds are being widely used as viable options to explore, develop and assess security risks and controls. However, how an ICS testbed is designed, and its attributes, can directly impact not only on its viability but also its credibility and acceptance for use as a whole. Through a systematic review and analysis of ICS security testbed design factors, a novel outline conceptual mapping of design factors for building credibility and acceptance is proposed. These design considerations include: design objectives, implementation approach, architectural component coverage, core operational characteristics, and evaluation approach

A review of cyber-ranges and test-beds:current and future trends

Cyber situational awareness has been proven to be of value in forming a comprehensive understanding of threats and vulnerabilities within organisations, as the degree of exposure is governed by the prevailing levels of cyber-hygiene and established processes. A more accurate assessment of the security provision informs on the most vulnerable environments that necessitate more diligent management. The rapid proliferation in the automation of cyber-attacks is reducing the gap between information and operational technologies and the need to review the current levels of robustness against new sophisticated cyber-attacks, trends, technologies and mitigation countermeasures has become pressing. A deeper characterisation is also the basis with which to predict future vulnerabilities in turn guiding the most appropriate deployment technologies. Thus, refreshing established practices and the scope of the training to support the decision making of users and operators. The foundation of the training provision is the use of Cyber-Ranges (CRs) and Test-Beds (TBs), platforms/tools that help inculcate a deeper understanding of the evolution of an attack and the methodology to deploy the most impactful countermeasures to arrest breaches. In this paper, an evaluation of documented CR and TB platforms is evaluated. CRs and TBs are segmented by type, technology, threat scenarios, applications and the scope of attainable training. To enrich the analysis of documented CR and TB research and cap the study, a taxonomy is developed to provide a broader comprehension of the future of CRs and TBs. The taxonomy elaborates on the CRs/TBs dimensions, as well as, highlighting a diminishing differentiation between application areas