Simulaciones software para el estudio de amenazas contra sistemas SCADA

El objetivo de las tecnologías SCADA (acrónimo de Supervisory Control And Data Acquisition), es proporcionar control remoto para la supervisión de infraestructuras críticas. Ataques contra tales sistemas suponen un riesgo importante. Nuestro interés en la temática es poder investigar mejoras en la seguridad de los sistemas SCADA, usando abstracciones a nivel de software, herramientas de simulación, dispositivos físicos y trazas de datos a partir de sistemas reales. Este artículo presenta, de manera general, algunas construcciones básicas de lo que son las tecnologías SCADA y sus componentes. Introduce, también, características generales de algunos simuladores open source disponibles. Por último, detalla limitaciones y mejoras potenciales, orientadas a completar el estudio de técnicas de detección de anomalías a nivel de señales físicas entre los componentes de sistemas SCADA

Science Hackathons for Cyberphysical System Security Research: Putting CPS testbed platforms to good use

A challenge is to develop cyber-physical system scenarios that reflect the diversity and complexity of real-life cyber-physical systems in the research questions that they address. Time-bounded collaborative events, such as hackathons, jams and sprints, are increasingly used as a means of bringing groups of individuals together, in order to explore challenges and develop solutions. This paper describes our experiences, using a science hackathon to bring individual researchers together, in order to develop a common use-case implemented on a shared CPS testbed platform that embodies the diversity in their own security research questions. A qualitative study of the event was conducted, in order to evaluate the success of the process, with a view to improving future similar events

Cyber-physical architecture assisted by programmable networking

Cyber-physical technologies are prone to attacks, in addition to faults and failures. The issue of protecting cyber-physical systems should be tackled by jointly addressing security at both cyber and physical domains, in order to promptly detect and mitigate cyber-physical threats. Towards this end, this letter proposes a new architecture combining control-theoretic solutions together with programmable networking techniques to jointly handle crucial threats to cyber-physical systems. The architecture paves the way for new interesting techniques, research directions, and challenges which we discuss in our work.Comment: 8 pages, 3 figures, pre-prin

Détection des attaques contre les systèmes cyber-physiques industriels

We address security issues in cyber-physical industrial systems. Attacks against these systems shall be handled both in terms of safety and security. Control technologies imposed by industrial standards already cover the safety dimension. From a security standpoint, the literature has shown that using only cyber information to handle the security of cyber-physical systems is not enough, since physical malicious actions are ignored. For this reason, cyber-physical systems have to be protected from threats to their cyber and physical layers. Some authors handle the attacks by using physical attestations of the underlying processes, f.i., physical watermarking to ensure the truthfulness of the process. However, these detectors work properly only if the adversaries do not have enough knowledge to mislead crosslayer data. This thesis focuses on the aforementioned limitations. It starts by testing the effectiveness of a stationary watermark-based fault detector, to detect, as well, malicious actions produced by adversaries. We show that the stationary watermark-based detector is unable to identify cyber-physical adversaries. We show that the approach only detects adversaries that do not attempt to get any knowledge about the system dynamics. We analyze the detection performance of the original design under the presence of adversaries that infer the system dynamics to evade detection. We revisit the original design, using a non-stationary watermark-based design, to handle those adversaries. We also propose a novel approach that combines control and communication strategies. We validate our solutions using numeric simulations and training cyber-physical testbedsNous abordons des problèmes de sécurité dans des systèmes cyber-physiques industriels. Les attaques contre ces systèmes doivent être traitées à la fois en matière de sûreté et de sécurité. Les technologies de contrôles imposés par les normes industrielles, couvrent déjà la sûreté. Cependant, du point de vue de la sécurité, la littérature a prouvé que l’utilisation de techniques cyber pour traiter la sécurité de ces systèmes n’est pas suffisante, car les actions physiques malveillantes seront ignorées. Pour cette raison, on a besoin de mécanismes pour protéger les deux couches à la fois. Certains auteurs ont traité des attaques de rejeu et d’intégrité en utilisant une attestation physique, p. ex., le tatouage des paramètres physiques du système. Néanmoins, ces détecteurs fonctionnent correctement uniquement si les adversaires n’ont pas assez de connaissances pour tromper les deux couches. Cette thèse porte sur les limites mentionnées ci-dessus. Nous commençons en testant l’efficacité d’un détecteur qui utilise une signature stationnaire afin de détecter des actions malveillantes. Nous montrons que ce détecteur est incapable d’identifier les adversaires cyber-physiques qui tentent de connaître la dynamique du système. Nous analysons son ratio de détection sous la présence de nouveaux adversaires capables de déduire la dynamique du système. Nous revisitons le design original, en utilisant une signature non stationnaire, afin de gérer les adversaires visant à échapper à la détection. Nous proposons également une nouvelle approche qui combine des stratégies de contrôle et de communication. Toutes les solutions son validées à l’aide de simulations et maquettes d’entraînemen

On the adaptation of physical-layer failure detection mechanisms to handle attacks against SCADA systems

International audienceSupervisory Control and Data Acquisition (SCADA), is a technology to monitor industrial and critical infrastructures. The SCADA technology was conceived for centralized and isolation processes. Nowadays, it is more distributed and vulnerable to cyber attacks. SCADA systems are typically composed of three well-defined types of field devices: 1) Master Terminal Units (MTUs) and Human Machine Interfaces (HMIs), located in top and managing all communications; 2) Remote Terminal Units (RTUs) and Programmable Logic Controllers (PLCs), which control and acquire data from remote equipment and connect with the master station; and 3) sensors and actuators, which act as the input and output functions of the system. Threats to SCADA systems can target the lower layers. For instance, replay and integrity attacks to alter the state estimation conducted by PLCs, actuators and sensors. Given the difficulty of handling such threats at the upper layers, detection and protection against malicious activities must be conducted at the lower layers themselves. Several approaches in the literature propose the adaptation of physical-layer failure detection mechanisms (e.g., systems for the detection of faults and accidents) to handle malicious attacks (e.g., replay and integrity attacks conducted by malicious adversaries). The talk elaborates on such approaches, and will discuss about some of their limitations. Some conclusions and perspectives for future work will be presente

Adaptive control-theoretic detection of integrity attacks against cyber-physical industrial systems

International audienceThe use of control-theoretic solutions to detect attacks against cyber-physical industrial systems is a growing area of research. Traditional literature proposes the use of control strategies to retain, eg, satisfactory close-loop performance, as well as safety properties, when a communication network connects the distributed components of a physical system (eg, sensors, actuators, and controllers). However, the adaptation of these strategies to handle security incidents is an ongoing challenge. In this paper, we survey the advantages of a watermark-based detector against some integrity attacks as well as the weaknesses against other attacks. To cover these weaknesses, we propose a new control and security strategy that complements the watermark-based detector. We validate the detection efficiency of the new strategy via numeric simulation. Experimental results are also presented by using a laboratory testbed based on supervisory control and data acquisition industrial protocol

On the use of watermark-based schemes to detect cyber-physical attacks

Abstract We address security issues in cyber-physical systems (CPSs). We focus on the detection of attacks against cyber-physical systems. Attacks against these systems shall be handled both in terms of safety and security. Networked-control technologies imposed by industrial standards already cover the safety dimension. However, from a security standpoint, using only cyber information to analyze the security of a cyber-physical system is not enough, since the physical malicious actions that can threaten the correct behavior of the systems are ignored. For this reason, the systems have to be protected from threats to their cyber and physical layers. Some authors have handled replay and integrity attacks using, for example, physical attestation to validate the cyber process and to detect the attacks, or watermark-based detectors which uses also physical parameters to ensure the cyber layers. We reexamine the effectiveness of a stationary watermark-based detector. We show that this approach only detects adversaries that do not attempt to get any knowledge about the system dynamics. We analyze the detection ratio of the original design under the presence of new adversaries that are able to infer the system dynamics and are able to evade the detector with high frequency. We propose a new detection scheme which employs several non-stationary watermarks. We validate the detection efficiency of the new strategy via numeric simulations and via running experiments on a laboratory testbed. Results show that the proposed strategy is able to detect adversaries using non-parametric methods, but it is not equally effective against adversaries using parametric identification methods

Advanced Smartphone-Based Identification of Transport Modes: Resilience under GNSS-Based Attacks

One of the main challenges for ticketing in Mobility as a Service is the integration of the public and individual transport modes into a unified ticketing service. To realize this concept, a trustworthy identification of transport modes that is resilient to possible attacks is required. In this work, we propose two smartphone-based methods to seamlessly identify the use of trams, buses, subways, walking and bicycles, which are able to detect GNSS-based attacks and continue to provide a trustworthy identification of transport modes. We have recorded real-world measurements with commercial smartphones using the transport network in Munich and Paris. Our results show that it is possible to provide trustworthy identification of transport modes even when the system is under attack. In conclusion, in this work we demonstrate the vulnerability of smartphone-based ticketing to GNSS-based attacks, propose two methods to overcome this vulnerability and demonstrate the validity of our methods with real-world measurements

Security of cyber-physical systems : from theory to testbeds and validation

International audienceTraditional control environments connected to physical systems are being upgraded with novel information and communication technologies. The resulting systems need to be adequately protected. Experimental testbeds are crucial for the study and analysis of ongoing threats against those resulting cyber-physical systems. The research presented in this paper discusses some actions towards the development of a replicable and affordable cyber-physical testbed for training and research. The architecture of the testbed is based on real-world components, and emulates cyber-physical scenarios commanded by SCADA (Supervisory Control And Data Acquisition) technologies. We focus on two representative protocols, Modbus and DNP3. The paper reports as well the development of some adversarial scenarios, in order to evaluate the testbed under cyber-physical threat situations. Some detection strategies are evaluated using our proposed testbe