Cybersecurity of Industrial Cyber-Physical Systems: A Review

Industrial cyber-physical systems (ICPSs) manage critical infrastructures by controlling the processes based on the "physics" data gathered by edge sensor networks. Recent innovations in ubiquitous computing and communication technologies have prompted the rapid integration of highly interconnected systems to ICPSs. Hence, the "security by obscurity" principle provided by air-gapping is no longer followed. As the interconnectivity in ICPSs increases, so does the attack surface. Industrial vulnerability assessment reports have shown that a variety of new vulnerabilities have occurred due to this transition while the most common ones are related to weak boundary protection. Although there are existing surveys in this context, very little is mentioned regarding these reports. This paper bridges this gap by defining and reviewing ICPSs from a cybersecurity perspective. In particular, multi-dimensional adaptive attack taxonomy is presented and utilized for evaluating real-life ICPS cyber incidents. We also identify the general shortcomings and highlight the points that cause a gap in existing literature while defining future research directions.Comment: 32 pages, 10 figure

Untraceable Authentication Protocol for IEEE802.11s Standard

In the current paper, a new handover authentication protocol for IEEE802.11s Wireless mesh networks is presented. The new protocol divides the network into a number of cells, each cell contains a number of access points and based on the concept of ticket authentication, the mesh user takes a new ticket when enters the region of a new cell which decreases the handover latency. Moreover, in the current paper, a new idea for ticket generation is proposed, called Chain Ticket Derivation Function (CTDF), which uses the concept of a chain. Using CTDF in our proposed protocol raises the level of privacy for the users. The security analysis presented in the paper showed more strengths in our proposed scheme. Two formal verification tools, AVISPA and BAN logic are used to test the proposed protocol

A Context-Aware Architecture for Smart Applications with Enabled Adaptation and Reasoning Capabilities

The term ''smart city'' refers to an instrumented, interconnected, and intelligent city built by leveraging Information and Communication Technologies (ICT). In such a city, a combination of embedded hardware and software involving sensors, actuators, and a host of mobile devices and wearables that are connected to the Internet of Things (IoT) networks will sense data in different contexts and automatically drive desired adaptations through actuators. Through adaptations, city planners, professionals, and researchers aim to optimize resource consumption and cost of providing services while improving the quality of life for the ever increasing urban population. To fully realize this goal, a context-aware and data-centric inference is a necessity. A system is said to be context-aware if it is able to adapt its operations to the current context without explicit user intervention. This thesis proposes a generic context-aware system architecture for development of smart city applications. The proposed architecture puts special emphasis on privacy and security, incorporating mechanisms to protect the system and sensitive information at each layer of the architecture. Furthermore, this architecture integrates with a reasoning component, whose inference engine can be driven by logic or other formalisms. A prototype implementation and a case study done in this thesis indicate the practical merits of the proposed architecture and provide a proof of concept

Dynamic Secrets and Secret Keys Based Scheme for Securing Last Mile Smart Grid Wireless Communication

An integrated and optimized smart grid cannot be achieved without a secure communication network. Due to the large-scale nature of the power system, the variety of technologies used, and limitations of communication bandwidth, supervisory applications for smart grid still use weak security in many deployments. Adversaries can potentially modify measurement values or inject bad commands over the network. In this paper, we propose a novel scheme based on dynamic secrets and encryption with secret keys. The scheme generates a series of dynamic secrets over the communication network, which are used to generate secret keys for data encryption. The generation of dynamic secret is frequent and no adversary can compromise the network for a longer period, even if he/she knows a secret key. The scheme is secure against eavesdropping, malicious communication injection, man-in-the-middle attack, replay attack, impersonation attack, and chosen-plaintext attack. The security analysis and performance evaluation show that our scheme is feasible to be used in the communication between supervisory and control nodes of various smart grid applications

Smart Factories, Dumb Policy? Managing Cybersecurity and Data Privacy Risks in the Industrial Internet of Things

Interest is booming in the so-called Internet of Things (IoT). The Industrial Internet of Things (IIoT) is one application of this trend and involves the use of smart technologies in a manufac- turing context. Even though these applications hold the promise to revolutionize manufacturing, there are a number of outstand- ing cybersecurity and data privacy issues impacting the realiza- tion of the myriad benefits promised by IIoT proponents. This ar- ticle analyzes some of these pressing issues, focusing on: (1) critical infrastructure protection and cybersecurity due diligence, (2) trends in transatlantic data privacy protections, and (3) the regulation of new technologies like artificial intelligence (AI) and blockchain. The aticle concludes with a list of recommendations for state and federal policymakers to consider in an effort to harden the IIoT along with the supply chains critical to the con- tinued development of smart factories