Designing Security Defenses for Cyber-Physical Systems

dc.contributor.authorForuhandeh, Mahsaen
dc.contributor.committeechairStavrou, Angelosen
dc.contributor.committeechairGerdes, Ryan M.en
dc.contributor.committeememberChantem, Thidapaten
dc.contributor.committeememberHeaslip, Kevin Patricken
dc.contributor.committeememberWang, Yue J.en
dc.contributor.committeememberWang, Hainingen
dc.contributor.departmentElectrical Engineeringen
dc.date.accessioned2022-06-22T16:30:51Zen
dc.date.available2022-06-22T16:30:51Zen
dc.date.issued2022-05-04en
dc.description.abstractLegacy cyber-physical systems (CPSs) were designed without considering cybersecurity as a primary design tenet especially when considering their evolving operating environment. There are many examples of legacy systems including automotive control, navigation, transportation, and industrial control systems (ICSs), to name a few. To make matters worse, the cost of designing and deploying defenses in existing legacy infrastructure can be overwhelming as millions or even billions of legacy CPS systems are already in use. This economic angle, prevents the use of defenses that are not backward compatible. Moreover, any protection has to operate efficiently in resource constraint environments that are dynamic nature. Hence, the existing approaches that require ex- pensive additional hardware, propose a new protocol from scratch, or rely on complex numerical operations such as strong cryptographic solutions, are less likely to be deployed in practice. In this dissertation, we explore a variety of lightweight solutions for securing different existing CPSs without requiring any modifications to the original system design at hardware or protocol level. In particular, we use fingerprinting, crowdsourcing and deterministic models as alternative backwards- compatible defenses for securing vehicles, global positioning system (GPS) receivers, and a class of ICSs called supervisory control and data acquisition (SCADA) systems, respectively. We use fingerprinting to address the deficiencies in automobile cyber-security from the angle of controller area network (CAN) security. CAN protocol is the de-facto bus standard commonly used in the automotive industry for connecting electronic control units (ECUs) within a vehicle. The broadcast nature of this protocol, along with the lack of authentication or integrity guarantees, create a foothold for adversaries to perform arbitrary data injection or modification and impersonation attacks on the ECUs. We propose SIMPLE, a single-frame based physical layer identification for intrusion detection and prevention on such networks. Physical layer identification or fingerprinting is a method that takes advantage of the manufacturing inconsistencies in the hardware components that generate the analog signal for the CPS of our interest. It translates the manifestation of these inconsistencies, which appear in the analog signals, into unique features called fingerprints which can be used later on for authentication purposes. Our solution is resilient to ambient temperature, supply voltage value variations, or aging. Next, we use fingerprinting and crowdsourcing at two separate protection approaches leveraging two different perspectives for securing GPS receivers against spoofing attacks. GPS, is the most predominant non-authenticated navigation system. The security issues inherent into civilian GPS are exacerbated by the fact that its design and implementation are public knowledge. To address this problem, first we introduce Spotr, a GPS spoofing detection via device fingerprinting, that is able to determine the authenticity of signals based on their physical-layer similarity to the signals that are known to have originated from GPS satellites. More specifically, we are able to detect spoofing activities and track genuine signals over different times and locations and propagation effects related to environmental conditions. In a different approach at a higher level, we put forth Crowdsourcing GPS, a total solution for GPS spoofing detection, recovery and attacker localization. Crowdsourcing is a method where multiple entities share their observations of the environment and get together as a whole to make a more accurate or reliable decision on the status of the system. Crowdsourcing has the advantage of deployment with the less complexity and distributed cost, however its functionality is dependent on the adoption rate by the users. Here, we have two methods for implementing Crowdsourcing GPS. In the first method, the users in the crowd are aware of their approximate distance from other users using Bluetooth. They cross validate this approximate distance with the GPS-derived distance and in case of any discrepancy they report ongoing spoofing activities. This method is a strong candidate when the users in the crowd have a sparse distribution. It is also very effective when tackling multiple coordinated adversaries. For method II, we exploit the angular dispersion of the users with respect to the direction that the adversarial signal is being transmitted from. As a result, the users that are not facing the attacker will be safe. The reason for this is that human body mostly comprises of water and absorbs the weak adversarial GPS signal. The safe users will help the spoofed users find out that there is an ongoing attack and recover from it. Additionally, the angular information is used for localizing the adversary. This method is slightly more complex, and shows the best performance in dense areas. It is also designed based on the assumption that the spoofing attack is only terrestrial. Finally, we propose a tandem IDS to secure SCADA systems. SCADA systems play a critical role in most safety-critical infrastructures of ICSs. The evolution of communications technology has rendered modern SCADA systems and their connecting actuators and sensors vulnerable to malicious attacks on both physical and application layers. The conventional IDS that are built for securing SCADA systems are focused on a single layer of the system. With the tandem IDS we break this habit and propose a strong multi-layer solution which is able to expose a wide range of attack. To be more specific, the tandem IDS comprises of two parts, a traditional network IDS and a shadow replica. We design the shadow replica as a deterministic IDS. It performs a workflow analysis and makes sure the logical flow of the events in the SCADA controller and its connected devices maintain their expected states. Any deviation would be a malicious activity or a reliability issue. To model the application level events, we leverage finite state machines (FSMs) to compute the anticipated states of all of the devices. This is feasible because in many of the existing ICSs the flow of traffic and the resulting states and actions in the connected devices have a deterministic nature. Consequently, it leads to a reliable and free of uncertainty solution. Aside from detecting traditional network attacks, our approach bypasses the attacker in case it succeeds in taking over the devices and also maintains continuous service if the SCADA controller gets compromised.en
dc.description.abstractgeneralOur lives are entangled with cyber-physical systems (CPSs) on a daily basis. Examples of these systems are vehicles, navigation systems, transportation systems, industrial control systems, etc. CPSs are mostly legacy systems and were built with a focus on performance, overlooking security. Security was not considered in the design of these old systems and now they are dominantly used in our everyday life. After numerous demonstration of cyber hacks, the necessity of protecting the CPSs from adversarial activities is no longer ambiguous. Many of the advanced cryptographic techniques are far too complex to be implemented in the existing CPSs such as cars, satellites, etc. We attempt to secure such resource constraint systems using simple backward compatible techniques in this dissertation. We design cheap lightweight solutions, with no modifications to the original system. In part of our research, we use fingerprinting as a technique to secure passenger cars from being hacked, and GPS receivers from being spoofed. For a brief description of fingerprinting, we use the example of two identical T-shirts with the same size and design. They will always have subtle differences between them no matter how hard the tailor tried to make them identical. This means that there are no two T-shirts that are exactly identical. This idea, when applied to analog signalling on electric devices, is called fingerprinting. Here, we fingerprint the mini computers inside a car, which enables us to identify these computers and prevent hacking. We also use the signal levels to design fingerprints for GPS signals. We use the fingerprints to distinguish counterfeit GPS signals from the ones that have originated from genuine satellites. This summarizes two major contributions in the dissertation. Our earlier contribution to GPS security was effective, but it was heavily dependent on the underlying hardware, requiring extensive training for each radio receiver that it was protecting. To remove this dependence of training for the specific underlying hardware, we design and implement the next framework using defenses that require application-layer access. Thus, we proposed two methods that leverage crowdsourcing approaches to defend against GPS spoofing attacks and, at the same time, improve the accuracy of localization for commodity mobile devices. Crowdsourcing is a method were several devices agree to share their information with each other. In this work, GPS users share their location and direction information, and in case of any discrepancy they figure that they are under attack and cooperate to recover from it. Last, we shift the gear to the industrial control systems (ICSs) and propose a novel IDS to protect them against various cyber attacks. Unlike the conventional IDSs that are focused on one of the layers of the system, our IDS comprises of two main components. A conventional component that exposes traditional attacks and a second component called a shadow replica. The replica mimics the behavior of the system and compares it with that of the actual system in a real-time manner. In case of any deviation between the two, it detects attacks that target the logical flow of the events in the system. Note that such attacks are more sophisticated and difficult to detect because they do not leave any obvious footprints behind. Upon detection of attacks on the original controller, our replica takes over the responsibilities of the original ICS controller and provides service continuity.en
dc.description.degreeDoctor of Philosophyen
dc.format.mediumETDen
dc.identifier.othervt_gsexam:33523en
dc.identifier.urihttp://hdl.handle.net/10919/110885en
dc.language.isoenen
dc.publisherVirginia Techen
dc.rightsCreative Commons Attribution-NonCommercial-ShareAlike 4.0 Internationalen
dc.rights.urihttp://creativecommons.org/licenses/by-nc-sa/4.0/en
dc.subjectSecurityen
dc.subjectCyber-physical-systemsen
dc.subjectFingerprintingen
dc.subjectCrowdsourcingen
dc.subjectDeterministic Modelsen
dc.subjectCANen
dc.subjectGPSen
dc.subjectSCADAen
dc.titleDesigning Security Defenses for Cyber-Physical Systemsen
dc.typeDissertationen
thesis.degree.disciplineElectrical Engineeringen
thesis.degree.grantorVirginia Polytechnic Institute and State Universityen
thesis.degree.leveldoctoralen
thesis.degree.nameDoctor of Philosophyen

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Foruhandeh_M_D_2022.pdf
Size:
22.11 MB
Format:
Adobe Portable Document Format