Cybersecurity Architectural Analysis for Complex Cyber-Physical Systems

In the modern military’s highly interconnected and technology-reliant operational environment, cybersecurity is rapidly growing in importance. Moreover, as a number of highly publicized attacks have occurred against complex cyber-physical systems such as automobiles and airplanes, cybersecurity is no longer limited to traditional computer systems and IT networks. While architectural analysis approaches are critical to improving cybersecurity, these approaches are often poorly understood and applied in ad hoc fashion. This work addresses these gaps by answering the questions: 1. “What is cybersecurity architectural analysis?” and 2. “How can architectural analysis be used to more effectively support cybersecurity decision making for complex cyber-physical systems?” First, a readily understandable description of key architectural concepts and definitions is provided which culminates in a working definition of “cybersecurity architectural analysis,” since none is available in the literature. Next, we survey several architectural analysis approaches to provide the reader with an understanding of the various approaches being used across government and industry. Based on our proposed definition, the previously introduced key concepts, and our survey results, we establish desirable characteristics for evaluating cybersecurity architectural analysis approaches. Lastly, each of the surveyed approaches is assessed against the characteristics and areas of future work are identified

Modeling Quantum Optical Components, Pulses and Fiber Channels Using OMNeT++

Quantum Key Distribution (QKD) is an innovative technology which exploits the laws of quantum mechanics to generate and distribute unconditionally secure cryptographic keys. While QKD offers the promise of unconditionally secure key distribution, real world systems are built from non-ideal components which necessitates the need to model and understand the impact these non-idealities have on system performance and security. OMNeT++ has been used as a basis to develop a simulation framework to support this endeavor. This framework, referred to as "qkdX" extends OMNeT++'s module and message abstractions to efficiently model optical components, optical pulses, operating protocols and processes. This paper presents the design of this framework including how OMNeT++'s abstractions have been utilized to model quantum optical components, optical pulses, fiber and free space channels. Furthermore, from our toolbox of created components, we present various notional and real QKD systems, which have been studied and analyzed.Comment: Published in: A. F\"orster, C. Minkenberg, G. R. Herrera, M. Kirsche (Eds.), Proc. of the 2nd OMNeT++ Community Summit, IBM Research - Zurich, Switzerland, September 3-4, 201

Quantification of the Impact of Photon Distinguishability on Measurement-Device- Independent Quantum Key Distribution

Measurement-Device-Independent Quantum Key Distribution (MDI-QKD) is a two-photon protocol devised to eliminate eavesdropping attacks that interrogate or control the detector in realized quantum key distribution systems. In MDI-QKD, the measurements are carried out by an untrusted third party, and the measurement results are announced openly. Knowledge or control of the measurement results gives the third party no information about the secret key. Error-free implementation of the MDI-QKD protocol requires the crypto-communicating parties, Alice and Bob, to independently prepare and transmit single photons that are physically indistinguishable, with the possible exception of their polarization states. In this paper, we apply the formalism of quantum optics and Monte Carlo simulations to quantify the impact of small errors in wavelength, bandwidth, polarization and timing between Alice’s photons and Bob’s photons on the MDI-QKD quantum bit error rate (QBER). Using published single-photon source characteristics from two-photon interference experiments as a test case, our simulations predict that the finite tolerances of these sources contribute (4.04±20/√Nsifted )% to the QBER in an MDI-QKD implementation generating an Nsifted-bit sifted key

Quantum Key Distribution: Boon or Bust

Quantum Key Distribution (QKD) is an emerging cybersecurity technology which provides the means for two geographically separated parties to grow “unconditionally secure” symmetric cryptographic keying material. Unlike traditional key distribution techniques, the security of QKD rests on the laws of quantum mechanics and not computational complexity. This unique aspect of QKD is due to the fact that any unauthorized eavesdropping on the key distribution channel necessarily introduces detectable errors (Gisin, Ribordy, Tittel, & Zbinden, 2002). This attribute makes QKD desirable for high-security environments such as banking, government, and military applications. However, QKD is a nascent technology where implementation non-idealities can negatively impact system performance and security (Mailloux, Grimaila, Hodson, Baumgartner, & McLaughlin, 2015). While the QKD community is making progress towards the viability of QKD solutions, it is clear that more work is required to quantify the impact of such non-idealities in real-world QKD systems (Scarani & Kurtsiefer, 2009)

The Z-Wave Routing Protocol and Its Security Implications

Z-Wave is a proprietary technology used to integrate sensors and actuators over RF and perform smart home and office automation services. Lacking implementation details, consumers are under-informed on the security aptitude of their installed distributed sensing and actuating systems. While the Physical (PHY) and Medium Access Control (MAC) layers of the protocol have been made public, details regarding the network layer are not available for analysis. Using a real-world Z-Wave network, the frame forwarding and topology management aspects of the Z-Wave routing protocol are reverse engineered. A security analysis is also performed on the network under study to identify source and data integrity vulnerabilities of the routing protocol. It is discovered that the topology and routes may be modified by an outsider through the exploitation of the blind trust inherent to the routing nodes of the network. A Black Hole attack is conducted on a real-world Z-Wave network to demonstrate a well-known routing attack that exploits the exposed vulnerabilities. As a result of the discoveries, several recommendations are made to enhance the security of the routing protocol

System Safety Engineering for Social and Ethical ML Risks: A Case Study

Governments, industry, and academia have undertaken efforts to identify and mitigate harms in ML-driven systems, with a particular focus on social and ethical risks of ML components in complex sociotechnical systems. However, existing approaches are largely disjointed, ad-hoc and of unknown effectiveness. Systems safety engineering is a well established discipline with a track record of identifying and managing risks in many complex sociotechnical domains. We adopt the natural hypothesis that tools from this domain could serve to enhance risk analyses of ML in its context of use. To test this hypothesis, we apply a "best of breed" systems safety analysis, Systems Theoretic Process Analysis (STPA), to a specific high-consequence system with an important ML-driven component, namely the Prescription Drug Monitoring Programs (PDMPs) operated by many US States, several of which rely on an ML-derived risk score. We focus in particular on how this analysis can extend to identifying social and ethical risks and developing concrete design-level controls to mitigate them.Comment: 14 pages, 5 figures, 3 tables. Accepted to 36th Conference on Neural Information Processing Systems, Workshop on ML Safety (NeurIPS 2022

Modeling, Simulation, and Performance Analysis of Decoy State Enabled Quantum Key Distribution Systems

Quantum Key Distribution (QKD) systems exploit the laws of quantum mechanics to generate secure keying material for cryptographic purposes. To date, several commercially viable decoy state enabled QKD systems have been successfully demonstrated and show promise for high-security applications such as banking, government, and military environments. In this work, a detailed performance analysis of decoy state enabled QKD systems is conducted through model and simulation of several common decoy state configurations. The results of this study uniquely demonstrate that the decoy state protocol can ensure Photon Number Splitting (PNS) attacks are detected with high confidence, while maximizing the system’s quantum throughput at no additional cost. Additionally, implementation security guidance is provided for QKD system developers and users

Optimizing Decoy State Enabled Quantum Key Distribution Systems to Maximize Quantum Throughput and Detect Photon Number Splitting Attacks with High Confidence

Quantum Key Distribution (QKD) is an innovative quantum communications protocol which exploits the laws of quantum mechanics to generate unconditionally secure cryptographic keying material between two geographically separated parties. The unique nature of QKD shows promise for high-security applications such as those found in banking, government, and military environments. However, QKD systems contain implementation non-idealities which can negatively impact their performance and security.In particular, QKD systems often employ the decoy state protocol to improve system throughput and mitigate the threat of Photon Number Splitting (PNS) attacks. In this work, a detailed analysis of the decoy state protocol is conducted which optimizes both performance in terms of quantum throughput and security with respect to detecting PNS attacks. The results of this study uniquely demonstrate that the decoy state protocol can ensure PNS attacks are detected with high confidence, while maximizing the secure key generation rate at no additional cost. Additionally, implementation security guidance is provided for QKD system developers and users

System-Agnostic Security Domains for Understanding and Prioritizing Systems Security Engineering Efforts

As modern systems continue to increase in size and complexity, current systems security practices lack an effective approach to prioritize and tailor systems security efforts to successfully develop and field systems in challenging operational environments. This paper uniquely proposes seven system-agnostic security domains, which assist in understanding and prioritizing systems security engineering (SSE) efforts. To familiarize the reader with the state-of-the-art in SSE practices, we first provide a comprehensive discussion of foundational SSE concepts, methodologies, and frameworks. Next, the seven system-agnostic security domains are presented for consideration by researchers and practitioners. The domains are intended to be representative of a holistic SSE approach, which is universally applicable to multiple systems classes and not just a single-system implementation. Finally, three examples are explored to illustrate the utility of the system-agnostic domains for understanding and prioritizing SSE efforts in information technology systems, Department of Defense weapon systems, and cyber-physical systems

A Customizable Framework for Prioritizing Systems Security Engineering Processes, Activities, and Tasks

As modern systems become increasingly complex, current security practices lack effective methodologies to adequately address the system security. This paper proposes a repeatable and tailorable framework to assist in the application of systems security engineering (SSE) processes, activities, and tasks as defined in the recently released National Institute of Standards and Technology (NIST) Special Publication 800-160. First, a brief survey of systems-oriented security methodologies is provided. Next, an examination of the relationships between the NIST-defined SSE processes is conducted to provide context for the engineering problem space. These findings inform a mapping of the NIST SSE processes to seven system-agnostic security domains which enable prioritization for three types of systems (conventional IT, cyber-physical, and defense). These concrete examples provide further understanding for applying and prioritizing the SSE effort. The goal of this paper is assist practitioners by informing the efficient application of the 30 processes, 111 activities, and 428 tasks defined in NIST SP 800-160. The customizable framework tool is available online for developers to employ, modify, and tailor to meet their needs