A self Adaptive Security Framework for Networked Control Systems

Term Paper PresentationCS 788 Fall 2015

Instructor: Professor Daniel A. Menasce

ByEniye Tebekaemi

November 30, 2015

OUTLINE

Introduction Security Requirements

Solutions Adaptive Framework

Conclusion/Future Work

INTRODUCTION

What?

ANetworkedcontrolsystemsNCSisacontrolsystemwhereinthecontrolloopsareclosedthroughacommunica9onnetwork

NCSrelyonacommunica9onnetworktofacilitatetheexchangeofcontrolandfeedbacksignalsbetweenitscomponents.

Communica9onhelpsthephysicalsystemscollaborateinordertocarryouttheirtaskmoreeffec9vely,efficientlyandintelligently.

Control,Op9mizeandAutomatephysicalsystemobjec9vefunc9ons

Industrialcontrolsystems(ICS)

Distributedcontrolsystems(DCS)

Cyber-physicalsystem(CPS)

UsedinIndustrialandmanufacturingfacili9es,healthsector,powersystems,nuclearplants,trafficmanagementsystems,Avia9onIndustriesandothercri9calinfrastructuresystems.

Where?

PowerManagementSystems-SmartGrid

TransportManagementSystem-IntelligentTransporta9onSystems

Produc9on/ManufacturingPlants-IndustrialControlSystems,SCADA

UnmannedAircraPSystems-UAVs,Drones

SmartBuildings,HomeManagementSystems

HealthSystems-HumanAreaNetwork,HealthMonitoringSystems

SmartCars

SmartCi9es

How?

System 1 System 2 System 3 System 4

Communication Network

Controller

Peer-to-PeerBasedController(AgentBasedController).

CentralController(Master/Slave)

HybridControllers

Sensor/Actuator

Sensor/Actuator

Sensor/Actuator

Sensor/Actuator

SECURITY REQUIREMENTS

NCSmustrespondappropriatelytodisturbancecausedbymalfunc9oningphysicalcomponentsormanipula9onfromcyberspace.

A"ackandThreats

SoPwareandFirmwarebugs

PhysicalAUackonSensorsandNCSComponents

AUackontheCommunica9onChannel

DataFalsifica9onandManipula9onThreats

MalwareandAdvancePersistentThreat(APT)

InsiderThreats

CascadingFailuresandEscala9ngAUacks

Cyber Attacks

SomeReportedCyberA"ackIncidenceonCyber-PhysicalSystems

Security Needs

InordertodesignandimplementappropriatesecuritycontrolsforNCS,weneedtocarefullyiden9fytheirsecurityrequirements.

EachNCShasvaryingsecurityrequirements,somewithmoreemphasisonintegrityandothersonavailability.

PrimaryNeeds

Availability(Con9nuityofOpera9on)

Integrity

Authen9ca9onandAccessControl

Confiden9ality

AuditandLogManagement

SOLUTION

Thebase-levelsubsystemincorporatesvarioussecuritymechanisms,suchasauthen9ca9on,encryp9on,etc.Itisonlythatthedecisionofwhenandhowthosesecuritymechanismsareemployedthatrestswiththemeta-levelsubsystem

Self-Protec>onreferencearchitecture

SOLUTION - Security LevelMonitorandDetect

IntrusionDetec9onsystems(IDS)NetworkMonitorsVulnerabilityScanners

RespondandProtectIntrusionPreven9onSystemsFirewallsAn9virus

PlanandPreventKnowledgeofsystemtobeprotectedSystemsEngineering/ControlTheory/CyberSecurityTakeadvantageofthephysicalproper9esofthesystem

Properties

Integratethesystem’sphysicalproper9esandcybersecuritycontrolsintoamorerobustsecuritysolu9on

Cybersecuritysystemlearnsofsystemviola9onthroughthesystemcontroller,iden9fiestheguiltypacketandupdatesignature

SystemcontrollersystemlearnsofaUacks(successfulorunsuccessful)fromthecybersecuritysystemandchangessystemsse\ngstohardenthephysicalsystem

IncaseswheresensorreadingsistransmiUedoverthenetwork,thereisneedforapredic9vebackupcontrollerbasedofpastbehaviorofthesystem

OperateresilientlyundercyberorphysicalaUacks

DetectpreviouslyunknownaUacks(Zeroday)

Reconfigurephysicalsystemtomi9gatemaliciousbehaviors

Operateinreal-9me

Needstobefastandefficient

Adaptive Security Framework

IDS/IPSController

Signature Database

Fire

wal

l

System Model

Master Controller

State Predictor

Historical Data

Sensors/Actuators

Adap>veSecurityControllerFrameworkforNCS

Component Description

FirewallIsolatesthesystemfromexternalnetworkPreservestheintegrityofthelocalmastercontroller

IDS/IPSControllerAuthen9ca9onDataIntegrityDeeppacketinspec9onSignature/Anomalybaseddetec9onUpdatesignaturedatabase

SignatureDatabaseSignaturesofknownmalicioustrafficPreinstalledandlearned

Component Description

SystemModelSystemhighlevelgoalsSystembehaviorGuardcondi9ons

LocalSecurityControllerEvaluateSystemStateControlsensors/actuatorsDropbadpacketNo9fySystemsecuritycontrollerObtaindatafrompredic9vemodel

StatePredictorCon9nuouslycomputetheexpectedsystemstateUsesystemmodel,systemcurrentstateandhistoricaldata

Terms and Definition

isthetypeofaUackwherenisthetotalnumberoftype,andisthefrequencyofaUackoftypei

1 <= i <= n

fi

istheprobabilityofcorrectclassifica9onofaUacktype

istheseverityofanaUacktype, k 2 {0, 1, 2, 3, 4, 5}0representleastsevereand5representmostsevere

isthesetofallsecuritycontrolsforavailability

Ti

Pr(Ti)

STi,k

isthesetofallsecuritycontrolsforintegrityisthesetofallsecuritycontrolsforconfiden9ality

Eachsecuritycontrolhasacorrespondingimpactlevel,definedas,andforavailability,integrityandconfiden9alitycontrolsrespec9vely.

l

A = {a1, a2, . . . , am}G = {g1, g2, . . . , gm}C = {c1, c2, . . . , cm}

lailgi lci

isascalingfunc9onthattakesasinputtheaUacktype,frequency,probabilityofcorrectnessandtoproduceappropriatescalingfactorsforavailability,integrityorconfiden9ality.

F (Ti, fi, P r(Ti), STi,k) = {↵A,↵G,↵C}

{0 ↵ 1}

System Operation

Malicious

State Predictor

Implement

START

IDS/IPS

Master Controller

Good

IDS/IPSFailstodetecta"ackIDS/IPSControllermonitorstrafficformaliciouspackets.Failstoiden9fymaliciouspacket(ZeroDay)andpassespackettomastercontrollerMastercontrollerevaluatesdataand/orcontrolinforma9oninpacketagainstthecurrentsystemstateifsystemguardcondi9onsandwouldbeviolated.Good?YES-implementGood?NO:Obtaines9matedbehaviorfromstatepredictorEvaluateandimplementNo9fyIDS/IPSControllerIDS/IPSextractsignatureofproblempacket,andupdatesignaturedatabaseClassifydetectedaUacktonearestaUacktype

NO

NO

YES

System Operation

Malicious

State PredictorImplement

START

IDS/IPS

Master Controller

YES

Obtain New Security Configuration

IDS/IPSdetectsa"ackIDS/IPSControllermonitorstrafficformaliciouspackets.Iden9fymaliciouspacketandinformsmastercontrollerMastercontrollerobtainses9matedbehaviorfromstatepredictorandimplements

Mastercontrollercomputesnewsecurityconfigura9ontomi9gatetheaUackMastercontrollerreconfiguresecuritycontrolsbasedonnewconfigura9on

Whereisthemaximumpossibleimpactleveldeterminedbydomainexperts

System Operation

A0 ⇢ A,G

0 ⇢ G,C0 ⇢ C

< = {A0, G

0, C

0} l< = lA0 + lG0 + lC0

lA

0 = minx<mX

x=1

la

x

TheIDS/IPScontroldetectsanaUack,classifiestheaUackandcomputesandno9fiesthemastercontroller.Themastercontrollerselectssecuritycontrolshavingimpact

↵A,↵G,↵C

lG0 = miny<mX

y=1

lgy lC0 = minz<mX

z=1

lcz

SuchThat

lA0 � ↵AlA

lC0 � ↵C lC

lG0 � ↵GlG

lA, lG, lC

Isthenewthesecurityconfigura9onwithimpact

CONCLUSION

Theincreaseintegra9onofinforma9onandcommunica9ontechnologyintophysicalsystemsespeciallycri9calinfrastructures,exposessuchsystemstocyberaUackswhichcouldresultineconomiclosses,and/orlossoflivesandproper9es

Currentsolu9onsarenotwellequippedtohandlethenewkindsofaUackspeculiartocyberphysicalsystems.

Othersfocusoneitherthecyberpart(IDS/IPS)orthephysicalpart(Backupcontroller)oftheproblem

Thisworkintegratesthecyberandphysicalpartsintooneelaboratesolu9on.

Providesanadap9vesecuritycontrolframeworkthatcanbeadaptedtoanycyberphysicaldomain

AutonomouslychangesthesecuritypostureofthesysteminresponsetoaUackpossibili9es

Futureworkwouldbetodeveloponthisideafocusingonaspecificcyber-physicaldomain,adaptandtestthisframework

REFERENCE1. K.Sawada,T.Sasaki,S.Shin,andS.Hosokawa,“Afallbackcontrolstudyofnetworkedcontrolsystemsforcybersecurity,”inControl

Conference(ASCC),201510thAsian,2015,pp.1–6.2. R.MitchellandI.-R.Chen,“Adap9veIntrusionDetec9onofMaliciousUnmannedAirVehiclesUsingBehaviorRuleSpecifica9ons,”IEEE

Trans.Syst.ManCybern.Syst.,vol.44,no.5,pp.593–604,May2014.3. G.Koutsandria,V.Muthukumar,M.Parvania,S.Peisert,C.McParland,andA.Scaglione,“AhybridnetworkIDSforprotec9vedigitalrelays

inthepowertransmissiongrid,”inSmartGridCommunicaCons(SmartGridComm),2014IEEEInternaConalConferenceon,2014,pp.908–913.

4. F.Pasquale\,F.Dorfler,andF.Bullo,“Control-Theore9cMethodsforCyberphysicalSecurity:GeometricPrinciplesforOp9malCross-LayerResilientControlSystems,”IEEEControlSyst.,vol.35,no.1,pp.110–127,Feb.2015.

5. F.Pasquale\,F.Dorfler,andF.Bullo,“AUackDetec9onandIden9fica9oninCyber-PhysicalSystems,”IEEETrans.Autom.Control,vol.58,no.11,pp.2715–2729,Nov.2013.

6. “Networkedcontrolsystem,”Wikipedia,thefreeencyclopedia.07-Oct-2015.7. Z.Drias,A.Serhrouchni,andO.Vogel,“Analysisofcybersecurityforindustrialcontrolsystems,”in2015InternaConalConferenceonCyber

SecurityofSmartCiCes,IndustrialControlSystemandCommunicaCons(SSIC),2015,pp.1–8.8. H.Sandberg,S.Amin,andK.Johansson,“CyberphysicalSecurityinNetworkedControlSystems:AnIntroduc9ontotheIssue,”IEEEControl

Syst.,vol.35,no.1,pp.20–23,Feb.2015.9. A.Teixeira,K.C.Sou,H.Sandberg,andK.H.Johansson,“Quan9fyingCyber-SecurityforNetworkedControlSystems,”inControlofCyber-

PhysicalSystems,vol.449,D.C.Tarraf,Ed.Heidelberg:SpringerInterna9onalPublishing,2013,pp.123–142.10. Z.Durumeric,M.Payer,V.Paxson,J.Kasten,D.Adrian,J.A.Halderman,M.Bailey,F.Li,N.Weaver,J.Amann,andJ.Beekman,“TheMaUer

ofHeartbleed,”2014,pp.475–488.11. A.Teixeira,G.Dán,H.Sandberg,andK.H.Johansson,“AcybersecuritystudyofaSCADAenergymanagementsystem:Stealthydecep9on

aUacksonthestatees9mator,”ArXivPrepr.ArXiv10111828,2010.12. D.Kushner,“TheRealStoryofStuxnet,”26-Feb-2013.[Online].Available:hUp://spectrum.ieee.org/telecom/security/the-real-story-of-

stuxnet.[Accessed:28-Sep-2015].13. L.Dueñas-OsorioandS.M.Vemuru,“Cascadingfailuresincomplexinfrastructuresystems,”Struct.Saf.,vol.31,no.2,pp.157–167,Mar.

2009.14. T.Lu,X.Guo,Y.Li,Y.Peng,X.Zhang,F.Xie,andY.Gao,“CyberphysicalSecurityforIndustrialControlSystemsBasedonWirelessSensor

Networks,”Int.J.Distrib.Sens.Netw.,vol.2014,p.e438350,Jun.2014.15. E.Yuan,N.Esfahani,andS.Malek,“ASystema9cSurveyofSelf-Protec9ngSoPwareSystems,”ACMTrans.Auton.Adapt.Syst.,vol.8,no.4,

pp.1–41,Jan.2014.16. O.A.Harshe,N.TejaChiluvuri,C.D.PaUerson,andW.T.Baumann,“Designandimplementa9onofasecurityframeworkforindustrial

controlsystems,”in2015InternaConalConferenceonIndustrialInstrumentaConandControl(ICIC),2015,pp.127–132.17. P.Lee,A.Clark,L.Bushnell,andR.Poovendran,“ModelingandDesigningNetworkDefenseagainstControlChannelJammingAUacks:A

Passivity-BasedApproach,”inControlofCyber-PhysicalSystems,D.C.Tarraf,Ed.SpringerInterna9onalPublishing,2013,pp.161–175.

THANK YOU