dr. fei hu { [email protected] }[email protected] department of electrical and computer engineering...
TRANSCRIPT
Dr. Fei Hu { [email protected] }
Department of Electrical and Computer EngineeringUniversity of AlabamaTuscaloosa, Alabama
Introduction to CPS Security
11
MotivationMotivation
"Cyber-Physical Systems (CPS) is a critical part of the national "Cyber-Physical Systems (CPS) is a critical part of the national cyber infrastructure. cyber infrastructure. SecuritySecurity threats to CPS pose significant risk threats to CPS pose significant risk to the health and safety of human lives, threaten severe damage to the health and safety of human lives, threaten severe damage to the environment, and could impose an adverse impact on the to the environment, and could impose an adverse impact on the U.S. economy." U.S. economy."
- - Homeland Security, Dr. Nabil Adam, 2010Homeland Security, Dr. Nabil Adam, 2010. .
22
CPS Security: What?CPS Security: What?
33
Implantable devices
cyber objects
Smart grid
Sensors
Actuators
computing (HW/SW)
Physical objects
IMD
App 1: Healthcare
App 2: Renewable Energy
App 3: Industrial Control
Cyber-physical Interaction security
Physical → Cyber: Monitoring Security • Sensor data attacks • RFID tag attacks
• Memory reading attacks • Log attacks (forensics)
Cyber → Physical: Control Security
• Wireless charge attacks; • Close-loop control attacks; • Device coordination attack; • Command misleading, etc.
Fig.2 Cyber-Physical Systems (CPS): Security Perspective
CPS Security: Why?CPS Security: Why?
Cannot simply use conventional, Cannot simply use conventional, general cyber security schemes to general cyber security schemes to achieve all CPS protections. achieve all CPS protections.
This is because most CPS security This is because most CPS security solutions need to be closely solutions need to be closely integrated with the underlying integrated with the underlying physical process control features. physical process control features.
44
CPS Security: ExampleCPS Security: Example
IMD Wireless Powering securityIMD Wireless Powering security
55
Fig.3 Wireless IMD Power charge
Inductor
Pacemaker
Electromagnetic wave
Oscillator
Physical: Wireless Charge Circuit
Cyber: Two-Level, Chaos-based Resonance Frequency Tuning algorithms
Fig.4 CPS-oriented security solution
- It is meaningless to use conventional cryptographies to encrypt the power charge waves- Energy transfer is entirely different from data transfer
MotivationMotivation
““It is estimated that as much as 10% of all high-tech products It is estimated that as much as 10% of all high-tech products sold globally are counterfeit which leads to a conservative sold globally are counterfeit which leads to a conservative estimate of $100 billion of revenue loss.”estimate of $100 billion of revenue loss.”
[Guajardo et al, 2008][Guajardo et al, 2008]
Several invasive and semi-invasive physical Several invasive and semi-invasive physical
tampering methods have been developed,tampering methods have been developed,
which made it possible to learn the ROM-which made it possible to learn the ROM-
based keys through attacks and compromise based keys through attacks and compromise
systems by using counterfeit copies of thesystems by using counterfeit copies of the
secret information.secret information.
77
88
Layered Architecture and Layered Architecture and Modularized DesignModularized Design
99
1010
A Holistic ViewpointA Holistic Viewpoint
1111
A Possible Solution:A Possible Solution:Defense‐in‐DepthDefense‐in‐Depth
1212
1313
A Data Mining Approach to CPS Security
Use Historical Data for Anomaly Detection Use Historical Data for Anomaly Detection
1414
1515
1616
CPS Smart grid Interactions
ee
aa ccbb dd ee
aacc
bb dd ee
At this IEM, information obtained from the observable physical event yields information about the cyber
command (b)
SSTSST
PHEVPHEV LoadLoad PVPV
DGIDGI
SSTSST
PHEVPHEV LoadLoad WindWind
DGIDGI
SSTSST
BatteryBattery LoadLoad PVPV
DGIDGI
aabb
cc
dd
Read state of Physical systemaaIssue command to make a settingbbMessage exchange including partial state information
cc
Power draw or contribution on the shared power bus
dd
ee
Event due to physical flow on the shared power bus
ee
IEM1 IEM2 IEM3
Information flow usecase of a CPS
• Information Flow Security aims at guaranteeing that no high level (confidential) information is revealed to users at a low level, even in the presence of any possible cyber/physical process
• Potential information flow models for CPSs:– Non-Interference: Information does not flow from high to low if the high
behavior has no effect on what low level observer can observe– Non-Inference: leaves a low level observer in doubt about high level events.– Non-deducibility: Given a set of low-level outputs, no low-level subject
should be able to deduce anything about the high-level inputs [Sutherland].– Composition of deducibly secure systems: not composable [McCullough]– McCullough`s Generalized noninterference-secure property considers non-
determinism of real systems
PUFsPUFs
Physical Unclonable Functions(PUFs)Physical Unclonable Functions(PUFs) -a function which is an innovative circuit primitive that exploits the -a function which is an innovative circuit primitive that exploits the
unique intrinsic uncontrollable physical features which are introduced unique intrinsic uncontrollable physical features which are introduced by manufacturing process variations.by manufacturing process variations.
Physical Objects
Process Variations
Unpredictable Behavior
Easy to Evaluate
Hard to Clone
PUFPUFPUFPUF
Anti-counterfeiting marks for ICs
Thank you!Thank you!
Questions? Questions?
2121