Security and privacy challenges in industrial Internet of Things

Proceedings - Design Automation Conference

Volumn 2015-July, Issue , 2015, Pages

  Sadeghi, Ahmad Reza ^a   Wachsmann, Christian ^a   Waidner, Michael ^a,b  

^a DARMSTADT UNIVERSITY OF TECHNOLOGY   (Germany)

^b FRAUNHOFER INSTITUTE FOR SECURE INFORMATION TECHNOLOGY SIT   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER AIDED DESIGN; EMBEDDED SYSTEMS; MAN MACHINE SYSTEMS; SECURITY OF DATA; USER EXPERIENCE; COMPUTER PRIVACY; CRASHWORTHINESS; INTERNET;

CYBER PHYSICAL SYSTEMS (CPSS); INDUSTRIAL CONTROL SYSTEMS; INTERNET OF THINGS (IOT); POTENTIAL IMPACTS; SECURITY AND PRIVACY; SECURITY FRAMEWORKS; SECURITY-CRITICAL; STRONG CONNECTIVITY;

INDUSTRIAL INTERNET OF THINGS (IIOT); INTERNET OF THINGS;

EID: 84944088568     PISSN: 0738100X     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2744769.2747942     Document Type: Conference Paper

References (76)

1. SmartFactory | From Vision to Reality in Factory Technologies. International Federation of Automatic Control, 2008.
2. C. Alcaraz, R. Roman, P. Najera, and J. Lopez. Security of industrial sensor network-based remote substations in the context of the internet of things. Ad Hoc Netw., 11(3), 2013.
3. W. Arbaugh, D. Farber, and J. Smith. A secure and reliable bootstrap architecture. In IEEE Symposium on Security and Privacy (S&P), 1997.
4. F. Armknecht, A.-R. Sadeghi, S. Schulz, and C. Wachsmann. A security framework for the analysis and design of software attestation. In ACM Conference on Computer &Communications Security (CCS). ACM, 2013.
5. M. Blackstock and R. Lea. Toward interoperability in a web of things. In ACM Conference on Pervasive and Ubiquitous Computing Adjunct Publication (UbiComp). ACM, 2013.
6. F. Brasser, P. Koeberl, B. E. Mahjoub, A.-R. Sadeghi, and C. Wachsmann. TyTAN: Tiny trust anchor for tiny devices. In Design Automation Conference (DAC). ACM, 2015.
7. E. Byres and J. Lowe. The myths and facts behind cyber security risks for industrial control systems. Technical report, PA Consulting Group, 2004.
8. S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno. Comprehensive experimental analyses of automotive attack surfaces. In USENIX Conference on Security. USENIX Association, 2011.
9. D. J. Cook and S. K. Das. How smart are our environments? An updated look at the state of the art. Pervasive Mob. Comput., 3(2), 2007.
10. A. Costin, J. Zaddach, A. Francillon, and D. Balzarotti. A large-scale analysis of the security of embedded firmwares. In USENIX Conference on Security Symposium. USENIX Association, 2014.
11. A. Cui and S. J. Stolfo. A quantitative analysis of the insecurity of embedded network devices: Results of a wide-area scan. In Annual Computer Security Applications Conference (ACSAC). ACM, 2010.
12. D. Dzung, M. Naedele, T. von Hó, and M. Crevatin. Security for industrial communication systems. Proceedings of the IEEE, 93(6), 2005.
13. K. Eldefrawy, A. Francillon, D. Perito, and G. Tsudik. SMART: Secure and minimal architecture for (establishing a dynamic) root of trust. In Network and Distributed System Security Symposium (NDSS), 2012.
14. K. Eldefrawy, G. Tsudik, A. Francillon, and D. Perito. SMART: Secure and minimal architecture for (establishing a dynamic) root of trust. In Network and Distributed System Security Symposium (NDSS). Internet Society, 2012.
15. A. Francillon, Q. Nguyen, K. B. Rasmussen, and G. Tsudik. A minimalist approach to remote attestation. In Conference on Design, Automation &Test in Europe (DATE). European Design and Automation Association, 2014.
16. R. W. Gardner, S. Garera, and A. D. Rubin. Detecting code alteration by creating a temporary memory bottleneck. Trans. Info. For. Sec., 4(4), 2009.
17. E. Grosse and M. Upadhyay. Authentication at scale. IEEE Security Privacy, 11(1), 2013.
18. T. Heer, O. Garcia-Morchon, R. Hummen, S. L. Keoh, S. S. Kumar, and K. Wehrle. Security challenges in the IP-based internet of things. Wirel. Pers. Commun., 61(3), 2011.
19. G. HerNANDez, O. Arias, D. Buentello, and Y. Jin. Smart Nest thermostat | A smart spy in your home. In BlackHat USA, 2014.
20. M. Hoekstra, R. Lal, P. Pappachan, V. Phegade, and J. Del Cuvillo. Using innovative instructions to create trustworthy software solutions. In Hardware and Architectural Support for Security and Privacy (HASP). ACM, 2013.
21. A. G. Illera and J. V. Vidal. Lights off The darkness of the smart meters. In BlackHat Europe, 2014.
22. M. Kabay. Attacks on power systems: Hackers, malware, 2010.
23. H. Kagermann, W. Wahlster, and J. Helbig. Securing the future of German manufacturing industry | Recommendations for implementing the strategic initiative Industrie 4.0, 2013.
24. R. Kennell and L. H. Jamieson. Establishing the genuinity of remote computer systems. In USENIX Security. USENIX Association, 2003.
25. P. Koeberl, S. Schulz, A.-R. Sadeghi, and V. Varadharajan. TrustLite: A security architecture for tiny embedded devices. In European Conference on Computer Systems (EuroSys). ACM, 2014.
26. J. Kong, F. Koushanfar, P. K. Pendyala, A.-R. Sadeghi, and C. Wachsmann. PUFatt: Embedded platform attestation based on novel processor-based PUFs. In Design Automation Conference (DAC). ACM, 2014.
27. K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage. Experimental security analysis of a modern automobile. In IEEE Symposium on Security and Privacy (S&P), 2010.
28. F. Koushanfar, A.-R. Sadeghi, and H. Seudie. Eda for secure and dependable cybercars: Challenges and opportunities. In Proceedings of the 49th Annual Design Automation Conference. ACM, 2012.
29. X. Kovah, C. Kallenberg, C. Weathers, A. Herzog, M. Albin, and J. Butterworth. New results for timing-based attestation. In IEEE Symposium on Security and Privacy (S&P), 2012.
30. J. S. Kumar and D. R. Patel. A survey on internet of things: Security and privacy issues. International Journal of Computer Applications, 90(11), 2014.
31. E. Levy. Crossover: Online pests plaguing the off line world. IEEE Security Privacy, 1(6), 2003.
32. Y. Li, J. M. McCune, and A. Perrig. VIPER: Verifying the integrity of perIPherals' firmware. In ACM Conference on Computer and Communications Security (CCS). ACM, 2011.
33. J. Liu, Y. Xiao, S. Li, W. Liang, and C. L. P. Chen. Cyber security and privacy issues in smart grids. IEEE Communications Surveys Tutorials, 14(4), 2012.
34. Y. Liu and G. Zhou. Key technologies and applications of internet of things. In 5th International Conference on Intelligent Computation Technology and Automation (ICICTA), 2012.
35. J. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig. TrustVisor: Efficient TCB reduction and attestation. In IEEE Symposium on Security and Privacy (S&P), 2010.
36. F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shá, V. Shanbhogue, and U. R. Savagaonkar. Innovative instructions and software model for isolated execution. In Hardware and Architectural Support for Security and Privacy (HASP). ACM, 2013.
37. C. Medaglia and A. Serbanati. An overview of privacy and security issues in the internet of things. In The Internet of Things. Springer, 2010.
38. M. Miettinen, N. Asokan, F. Koushanfar, T. D. Nguyen, J. Rios, A.-R. Sadeghi, M. Sobhani, and S. Yellapantula. I know where you are: Proofs of presence resilient to malicious provers. In ACM Symposium on Information, Computer and Communications Security (ASIACCS). ACM, 2015.
39. M. Miettinen, N. Asokan, T. D. Nguyen, A.-R. Sadeghi, and M. Sobhani. Context-based zero-interaction pairing and key evolution for advanced personal devices. In Conference on Computer and Communications Security (CCS). ACM, 2014.
40. B. Miller and D. Rowe. A survey SCADA of and critical infrastructure incidents. In Research in Information Technology (RIIT). ACM, 2012.
41. C. Miller and C. Valasek. A survey of remote automotive attack surfaces. In BlackHat USA, 2014.
42. D. Miorandi, S. Sicari, F. De Pellegrini, and I. Chlamtac. Survey internet of things: Vision, applications and research challenges. Ad Hoc Netw., 10(7), 2012.
43. D. M. Nicol. Hacking the lights out. Scientific American, 305, 2011.
44. P. Nixon, W. Wagealla, C. English, and S. Terzis. Security, privacy and trust issues in smart environments, 2004.
45. J. Noorman, P. Agten, W. Daniels, R. Strackx, A. Van Herrewege, C. Huygens, B. Preneel, I. Verbauwhede, and F. Piessens. Sancus: Low-cost trustworthy extensible networked devices with a zero-software trusted computing base. In USENIX Conference on Security. USENIX Association, 2013.
46. E. Owusu, J. Guajardo, J. McCune, J. Newsome, A. Perrig, and A. Vasudevan. OASIS: On achieving a sanctuary for integrity and secrecy on untrusted platforms. In ACM Conference on Computer &Communications Security (CCS). ACM, 2013.
47. H. Park, D. Seo, H. Lee, and A. Perrig. SMATT: Smart meter attestation using multIPle target selection and copy-proof memory. In Computer Science and its Applications. Springer, 2012.
48. B. Parno, J. McCune, and A. Perrig. Bootstrapping trust in commodity computers. In IEEE Symposium on Security and Privacy (S&P), 2010.
49. N. L. Petroni, Jr., T. Fraser, J. Molina, and W. A. Arbaugh. Copilot | A coprocessor-based kernel runtime integrity monitor. In USENIX Security Symposium. USENIX Association, 2004.
50. J. Pollet and J. Cummins. Electricity for free | The dirty underbelly of SCADA and smart meters. In BlackHat USA, 2010.
51. K. Poulsen. Slammer worm crashed Ohio nuke plant network, 2003.
52. PR Newswire. Computer virus strikes CSX transportation computers, 2003.
53. J. Rifkin. The Third Industrial Revolution: How Lateral Power is Transforming Energy, the Economy, and the World. Palgrave MacMillan, 2011.
54. M. Rostami, A. Juels, and F. Koushanfar. Heart-to-heart (h2h): authentication for implanted medical devices. In Proceedings of the 2013 ACM SIGSAC conference on Computer communications security. ACM, 2013.
55. M. Rostami, F. Koushanfar, and R. Karri. A primer on hardware security: Models, methods, and metrics. Proceedings of the IEEE, 2014.
56. S. Schulz, A.-R. Sadeghi, and C. Wachsmann. Short paper: Lightweight remote attestation using physical functions. In ACM Conference on Wireless Network Security (WiSec). ACM, 2011.
57. A. Seshadri, M. Luk, and A. Perrig. SAKE: Software attestation for key establishment in sensor networks. In Distributed Computing in Sensor Systems. Springer, 2008.
58. A. Seshadri, M. Luk, A. Perrig, L. van Doorn, and P. Khosla. SCUBA: Secure code update by attestation in sensor networks. In ACM Workshop on Wireless Security (WiSe). ACM, 2006.
59. A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doorn, and P. Khosla. Pioneer: Verifying code integrity and enforcing untampered code execution on legacy systems. In ACM Symposium on Operating Systems PrincIPles (SOSP). ACM, 2005.
60. A. Seshadri, A. Perrig, L. van Doorn, and P. Khosla. SWATT: Software-based attestation for embedded devices. In IEEE Symposium on Security and Privacy (S&P), 2004.
61. D. Shahrjerdi, J. Rajendran, S. Garg, F. Koushanfar, and R. Karri. Shielding and securing integrated circuits with sensors. In Computer-Aided Design (ICCAD), 2014 IEEE/ACM International Conference on. IEEE, 2014.
62. A. Soullie. Industrial control systems: Pentesting PLCs 101. In BlackHat Europe, 2014.
63. R. Strackx, F. Piessens, and B. Preneel. Efficient isolation of trusted subsystems in embedded systems. In Security and Privacy in Communication Networks. Springer, 2010.
64. G. E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas. AEGIS: Architecture for tamper-evident and tamper-resistant processing. In Annual International Conference on Supercomputing (CIS). ACM, 2003.
65. H. Suo, J. Wan, C. Zou, and J. Liu. Security in the internet of things: A review. In International Conference on Computer Science and Electronics Engineering (ICCSEE), 2012.
66. H. T. T. Truong, X. Gao, B. Shresthab, N. Saxena, N. Asokan, and P. Nurmi. Using contextual co-presence to strengthen zero-interaction authentication: Design, integration and usability. Pervasive and Mobile Computing, 2014.
67. Trusted Computing Group (TCG). Website, 2011.
68. A. Vasudevan, J. McCune, J. Newsome, A. Perrig, and L. van Doorn. CARMA: A hardware tamper-resistant isolated execution environment on commodity x86 platforms. In ACM Symposium on Information, Computer and Communications Security (ASIACCS). ACM, 2012.
69. O. Vermesan and P. Friess. Internet of Things | From Research and Innovation to Market Deployment. River Publishers, 2014.
70. J. Vijayan. Stuxnet renews power grid security concerns, 2010.
71. M. Waidner, M. Kasper, T. Henkel, C. Rudolph, and O. Küch. Eberbacher Gespräch zu "Sicherheit in der Industrie 4.0", 2013.
72. J. Winter. Trusted computing building blocks for embedded linux-based ARM Trustzone platforms. In ACM Workshop on Scalable Trusted Computing (STC). ACM, 2008.
73. K. Zhao and L. Ge. A survey on the internet of things security. In Computational Intelligence and Security (CIS), 2013.
74. B. Zhu, A. Joseph, and S. Sastry. A taxonomy of cyber attacks on SCADA systems. In International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing. IEEE, 2011.
75. S. Zonouz, J. Rrushi, and S. McLaughlin. Detecting industrial control malware using automated PLC code analytics. IEEE Security and Privacy, 12(6), 2014.
76. D. Zuehlke. Smartfactory | towards a factory of things. Annual Reviews in Control, 34(1), 2010.