Vulnerabilities of cyber-physical systems to stale data-Determining the optimal time to launch attacks

International Journal of Critical Infrastructure Protection

Volumn 7, Issue 4, 2014, Pages 213-232

  Krotofil, Marina ^a   Cárdenas, Alvaro ^b   Larsen, Jason ^c   Gollmann, Dieter ^a  

^a HAMBURG UNIVERSITY OF TECHNOLOGY   (Germany)

^b The University of Texas at Dallas   (United States)

^c IOActive Inc   (United States)

Author keywords

Best choice problem; Cyber physical systems; Secretary problem; Timing attacks

Indexed keywords

CONTROLLERS; CYBER PHYSICAL SYSTEM; DIGITAL STORAGE; EMBEDDED SYSTEMS; OPTIMAL SYSTEMS; SIDE CHANNEL ATTACK;

BEST CHOICE; OPTIMAL STOPPING PROBLEM; QUICKEST CHANGE DETECTIONS; RESPONSE STRATEGIES; SECRETARY PROBLEM; STATISTICAL PROCESS; TENNESSEE EASTMAN CHALLENGE; VULNERABILITY ASSESSMENTS;

DENIAL-OF-SERVICE ATTACK;

EID: 84918570655     PISSN: 18745482     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.ijcip.2014.10.003     Document Type: Article

References (43)

1. R. Bell, K. Åström, Dynamic Models for Boiler-Turbine Alternator Units: Data Logs and Parameter Estimation for a 160 MW Unit, LUTFDF2/(TFRT-3192)/1-137/(1987), Department of Automatic Control, Lund Institute of Technology, Lund, Sweden, 1987.
2. Broch J. Vibration and Shock Measurements 1984, Mechanical, Brüel and Kjær, Naerum, Denmark.
3. A. Carcano, I. Nai Fovino, M. Masera, A. Trombetta, SCADA malware: a proof of concept, in: Proceedings of the Third International Workshop on Critical Information Infrastructures Security, 2008, pp. 211-222.
4. A. Cárdenas, S. Amin, Z. Lin, Y. Huang, C. Huang, S. Sastry, Attacks against process control systems: Risk assessment, detection and response, in: Proceedings of the Sixth ACM Symposium on Information, Computer and Communications Security, 2011, pp. 355-366.
5. Chen R., Dave K., McAvoy T., Luyben M. A nonlinear dynamic model of a vinyl acetate process. Ind. Eng. Chem. Res. 2003, 42(20):4478-4487.
6. Control Systems Security Program, Common Cybersecurity Vulnerabilities in Industrial Control Systems, Department of Homeland Security, Washington, DC, 2011.
7. DNP3 Users Group, Further Information Regarding the Release of DNP3 Secure Authentication Version 5 (SAv5), Raleigh, North Carolina (url: 〈〉. http://www.dnp.org/DNP3Downloads/DNP3.
8. Downs J., Vogel E. A plant-wide industrial process control problem. Comput. Chem. Eng. 1993, 17(3):245-255.
9. Ferguson T. Who solved the Secretary Problem. Stat. Sci. 1989, 4(3):282-296.
10. Freeman P. The Secretary Problem and its extensions. A review. Revue Int. Stat. 1983, 51(2):189-206.
11. B. Genge, C. Siaterlis, An experimental study of the impact of network segmentation on the resilience of physical processes, in: Proceedings of the Eleventh International IFIP TC 6 Networking Conference, vol. 1, 2012, pp. 121-134.
12. Genge B., Siaterlis C., Hohenadel M. Impact of network infrastructure parameters on the effectiveness of cyber attacks against industrial control systems. Int. J. Comput. Commun. Control 2012, 7(4):673-686.
13. Gilbert J., Mosteller F. Recognizing the maximum of a sequence. J. Am. Stat. Assoc. 1966, 61(313):35-73.
14. Hadziosmanovic D., Bolzoni D., Hartel P. A log mining approach for process monitoring in SCADA. Int. J. Inf. Security 2012, 11(4):231-251.
15. Langner R. To Kill a Centrifuge: A Technical Analysis of What Stuxnet[U+05F3]s Creators Tried to Achieve 2013, The Langner Group, Arlington, Virginia.
16. J. Larsen, Breakage, presented at Black Hat Federal, 2008.
17. J. Larsen, Miniaturization, presented at Black Hat USA, 2014.
18. Larsson T., Hestetun K., Hovland E., Skogestad S. Self-optimizing control of a large-scale plant. The Tennessee Eastman process. Ind. Eng. Chem. Res. 2001, 40(22):4489-4901.
19. Leishear R. Fluid Mechanics, Water Hammer, Dynamic Stresses and Piping Design 2013, ASME, New York.
20. E. Leverett, R. Wightman, Vulnerability inheritance programmable logic controllers, in: presented at the Second International Symposium on Research in Gray Hat Hacking, 2013.
21. Y. Li-Baboud, J. Amelot, D. Anand, G. Stenbakken, T. Nelson, J. Moyne, Towards timely intelligence in the power grid, in: Proceedings of the Forty-Fourth Annual Precise Time and Time Interval Systems and Applications Meeting, 2012, pp. 399-412.
22. Luyben W., Tyreus B., Luyben M. Plantwide Process Control 1999, McGraw-Hill, New York.
23. M. Mahdian, R. McAfee, D. Pennock, The Secretary Problem with a hazard rate condition, in: Proceedings of the Fourth International Workshop on Internet and Network Economics, 2008, pp. 708-715.
24. S. Mannan, Lees[U+05F3] Loss Prevention in the Process Industries: Hazard Identification, Assessment and Control, vol. 1, Butterworth Heinemann, Oxford, United Kingdom, 2012.
25. McAvoy T., Ye N. Base control for the Tennessee Eastman problem. Comput. Chem. Eng. 1994, 18(5):383-413.
26. McEvoy T., Wolthusen S. Detecting sensor signal manipulations in non-linear chemical processes. Critical Infrastructure Protection IV 2010, 81-94. Springer, Heidelberg, Germany. T. Moore, S. Shenoi (Eds.).
27. McEvoy T., Wolthusen S. A plant-wide industrial process control security problem. Critical Infrastructure Protection V 2011, 47-56. Springer, Heidelberg, Germany. J. Butts, S. Shenoi (Eds.).
28. C. McIntyre, Using smart instrumentation, Control Engineering (url:〈〉), April 8, 2011. http://www.controleng.com/single-article/using-smart-instrumentation/a0ec350155bb86c8f65377ba66e59df8.html.
29. S. McLaughlin, CPS: Stateful policy enforcement for control system device usage, in: Proceedings of the Twenty-Ninth Annual Computer Security Applications Conference, 2013, pp. 109-118.
30. S. McLaughlin, S. Zonouz, D. Pohly, P. McDaniel, A trusted safety verifier for process controller code, in: Proceedings of the Network and Distributed Systems Security Symposium, 2014.
31. M. Naedele, An access control protocol for embedded devices, in: Proceedings of the IEEE International Conference on Industrial Informatics, 2006, pp. 565-569.
32. Nai Fovino I., Carcano A., Masera M., Trombetta A. Design and implementation of a secure Modbus protocol. Critical Infrastructure Protection III 2009, 83-96. Springer, Heidelberg, Germany. C. Palmer, S. Shenoi (Eds.).
33. Nai Fovino I., Masera M., Guglielmi M., Carcano A., Trombetta A. Distributed intrusion detection system for SCADA protocols. Critical Infrastructure Protection IV 2010, 95-110. Springer, Heidelberg, Germany. T. Moore, S. Shenoi (Eds.).
34. A. Pauna, K. Moulinos, M. Lakka, J. May, T. Tryfonas, Can We Learn from SCADA Security Incidents? White Paper, European Union Agency for Network and Information Security, Heraklion, Crete, Greece, 2013.
35. N. Ricker, Tennessee Eastman Challenge Archive, Department of Chemical Engineering, University of Washington, Seattle, Washington (url: 〈〉), 2014. http://depts.washington.edu/control/LARRY/TE/download.html.
36. Ricker N., Lee J. Nonlinear model predictive control of the Tennessee Eastman challenge process. Comput. Chem. Eng. 1995, 19(9):961-981.
37. Rrushi J. SCADA protocol vulnerabilities. Critical Infrastructure Protection Information Infrastructure - Models, Analysis and Defense 2012, 150-176. Springer, Heidelberg, Germany. J. Lopez, R. Setola, S. Wolthusen (Eds.).
38. R. Santamarta, Here be backdors: A journey into the secrets of industrial firmware, in: presented at Black Hat USA, 2012.
39. Schuett C., Butts J., Dunlap S. An evaluation of modification attacks on programmable logic controllers. Int. J. Crit. Infrastruct. Prot. 2014, 7(1):61-68.
40. J. Smuts, Process Control for Practitioners, OptiControls, League City, Texas, 2011.
41. U.S. Chemical Safety and Hazard Investigation Board, BP America Refinery Explosion: Final Investigation Report, Report No. 2005-04-I-TX, Washington, DC, 2007.
42. U.S. Chemical Safety and Hazard Investigation Board, T2 Laboratories Inc. Reactive Chemical Explosion: Final Investigation Report, Report No. 2008-3-I-FL, Washington, DC, 2009.
43. M. Yoon, G. Ciocarlie, Communication pattern monitoring: Improving the utility of anomaly detection for industrial control systems, in: Proceedings of the Security of Emerging Networking Technologies, 2014.