Security and Privacy in Cyber-Physical Systems

HOUBING SONG, PhD is an assistant professor in the Department of Electrical, Computer, Software, and Systems Engineering at Embry-Riddle Aeronautical University, Daytona Beach, Florida, and the Director of the Security and Optimization for Networked Globe Laboratory (SONG Lab, www.SONGLab.us). GLENN A. FINK, PhD is a cyber security researcher with the National Security Directorate, Pacific Northwest National Laboratory. He was the lead inventor of PNNL's Digital Ants technology. SABINA JESCHKE, Dr. rer. nat. is a professor in the Department of Mechanical Engineering, RWTH Aachen University, Germany, and Head of the Cybernetics Lab IMA/ZLW & IfU.

• List of Contributors xviiForeword xxiiiPreface xxvAcknowledgments xxix1 Overview of Security and Privacy in Cyber-Physical Systems 1Glenn A. Fink, ThomasW. Edgar, Theora R. Rice, Douglas G. MacDonald and Cary E. Crawford1.1 Introduction 11.2 Defining Security and Privacy 11.2.1 Cybersecurity and Privacy 21.2.2 Physical Security and Privacy 31.3 Defining Cyber-Physical Systems 41.3.1 Infrastructural CPSs 51.3.1.1 Example: Electric Power 51.3.2 Personal CPSs 51.3.2.1 Example: Smart Appliances 61.3.3 Security and Privacy in CPSs 61.4 Examples of Security and Privacy in Action 71.4.1 Security in Cyber-Physical Systems 71.4.1.1 Protecting Critical Infrastructure from Blended Threat 81.4.1.2 Cyber-Physical Terrorism 81.4.1.3 Smart Car Hacking 91.4.1.4 Port Attack 101.4.2 Privacy in Cyber-Physical Systems 111.4.2.1 Wearables 111.4.2.2 Appliances 121.4.2.3 Motivating Sharing 121.4.3 Blending Information and Physical Security and Privacy 121.5 Approaches to Secure Cyber-Physical Systems 141.5.1 Least Privilege 141.5.2 Need-to-Know 151.5.3 Segmentation 151.5.4 Defensive Dimensionality 161.5.4.1 Defense-in-Depth 161.5.4.2 Defense-in-Breadth 161.5.5 User-Configurable Data Collection/Logging 171.5.6 Pattern Obfuscation 171.5.7 End-to-End Security 171.5.8 Tamper Detection/Security 181.6 Ongoing Security and Privacy Challenges for CPSs 181.6.1 Complexity of Privacy Regulations 181.6.2 Managing and Incorporating Legacy Systems 191.6.3 Distributed Identity and Authentication Management 201.6.4 Modeling Distributed CPSs 201.7 Conclusion 21References 212 Network Security and Privacy for Cyber-Physical Systems 25Martin Henze, Jens Hiller, René Hummen, Roman Matzutt, KlausWehrle andJan H. Ziegeldorf2.1 Introduction 252.2 Security and Privacy Issues in CPSs 262.2.1 CPS Reference Model 272.2.1.1 Device Level 272.2.1.2 Control/Enterprise Level 272.2.1.3 Cloud Level 282.2.2 CPS Evolution 282.2.3 Security and PrivacyThreats in CPSs 302.3 Local Network Security for CPSs 312.3.1 Secure Device Bootstrapping 322.3.1.1 Initial Key Exchange 332.3.1.2 Device Life Cycle 332.3.2 Secure Local Communication 342.3.2.1 Physical Layer 342.3.2.2 Medium Access 342.3.2.3 Network Layer 352.3.2.4 Secure Local Forwarding for Internet-Connected CPSs 352.4 Internet-Wide Secure Communication 362.4.1 Security Challenges for Internet-Connected CPS 372.4.2 Tailoring End-to-End Security to CPS 382.4.3 Handling Resource Heterogeneity 392.4.3.1 Reasonable Retransmission Mechanisms 392.4.3.2 Denial-of-Service Protection 402.5 Security and Privacy for Cloud-Interconnected CPSs 412.5.1 Securely Storing CPS Data in the Cloud 422.5.1.1 Protection of CPS Data 432.5.1.2 Access Control 432.5.2 Securely Processing CPS Data in the Cloud 442.5.3 Privacy for Cloud-Based CPSs 452.6 Summary 462.7 Conclusion and Outlook 47Acknowledgments 48References 483 Tutorial on Information Theoretic Metrics Quantifying Privacy in Cyber-Physical Systems 57Guido Dartmann, Mehmet Ö. Demir, Hendrik Laux, Volker Lücken, Naim Bajcinca, Gunes K. Kurt, Gerd Ascheid andMartina Ziefle3.1 Social Perspective and Motivation 573.1.1 Motivation 593.1.2 Scenario 603.2 Information Theoretic Privacy Measures 623.2.1 Information Theoretic Foundations 623.2.2 Surprise and Specific Information 633.3 Privacy Models and Protection 643.3.1 k-Anonymity 653.4 Smart City Scenario: System Perspective 673.4.1 Attack without Anonymization 683.4.2 Attack with Anonymization of the ZIP 703.4.3 Attack with Anonymization of the Bluetooth ID 713.5 Conclusion and Outlook 71Appendix A Derivation of the Mutual Information Based on the KLD 72Appendix B Derivation of the Mutual Information In Terms of Entropy 73Appendix C Derivation of the Mutual Information Conditioned onx 73Appendix D Proof of Corollary 3.1 74References 744 Cyber-Physical Systems and National Security Concerns 77Jeff Kosseff4.1 Introduction 774.2 National Security Concerns Arising from Cyber-Physical Systems 794.2.1 Stuxnet 804.2.2 German Steel Mill 814.2.3 Future Attacks 824.3 National Security Implications of Attacks on Cyber-Physical Systems 824.3.1 Was the Cyber-Attack a “Use of Force” That Violates International Law? 834.3.2 If the AttackWas a Use of Force,Was That Force Attributable to a State? 864.3.3 Did the Use of Force Constitute an “Armed Attack” That Entitles the Target to Self-Defense? 874.3.4 If theUse of ForceWas an ArmedAttack, What Types of Self-Defense Are Justified? 884.4 Conclusion 89References 905 Legal Considerations of Cyber-Physical Systems and the Internet of Things 93Alan C. Rither and Christopher M. Hoxie5.1 Introduction 935.2 Privacy and Technology in Recent History 945.3 The Current State of Privacy Law 965.3.1 Privacy 985.3.2 Legal Background 985.3.3 Safety 995.3.4 Regulatory 1005.3.4.1 Executive Branch Agencies 1015.3.4.2 The Federal Trade Commission 1015.3.4.3 The Federal Communications Commission 1055.3.4.4 National Highway and Traffic Safety Administration 1065.3.4.5 Food and Drug Administration 1085.3.4.6 Federal Aviation Administration 1095.4 Meeting Future Challenges 111References 1136 Key Management in CPSs 117YongWang and Jason Nikolai6.1 Introduction 1176.2 Key Management Security Goals and Threat Model 1176.2.1 CPS Architecture 1186.2.2 Threats and Attacks 1196.2.3 Security Goals 1206.3 CPS Key Management Design Principles 1216.3.1 Heterogeneity 1226.3.2 Real-Time Availability 1226.3.3 Resilience to Attacks 1236.3.4 Interoperability 1236.3.5 Survivability 1236.4 CPS Key Management 1246.4.1 Dynamic versus Static 1246.4.2 Public Key versus Symmetric Key 1256.4.2.1 Public Key Cryptography 1256.4.2.2 Symmetric Key Cryptography 1276.4.3 Centralized versus Distributed 1286.4.4 Deterministic versus Probabilistic 1296.4.5 Standard versus Proprietary 1306.4.6 Key Distribution versus Key Revocation 1316.4.7 Key Management for SCADA Systems 1316.5 CPS Key Management Challenges and Open Research Issues 1326.6 Summary 133References 1337 Secure Registration and Remote Attestation of IoT Devices Joining the Cloud: The Stack4Things Case of Study 137Antonio Celesti,Maria Fazio, Francesco Longo, Giovanni Merlino and Antonio Puliafito7.1 Introduction 1377.2 Background 1387.2.1 Cloud Integration with IoT 1397.2.2 Security and Privacy in Cloud and IoT 1397.2.3 Technologies 1407.2.3.1 Hardware 1407.2.3.2 Web Connectivity 1417.2.3.3 Cloud 1417.3 Reference Scenario and Motivation 1427.4 Stack4Things Architecture 1437.4.1 Board Side 1447.4.2 Cloud-Side – Control and Actuation 1457.4.3 Cloud-Side – Sensing Data Collection 1467.5 Capabilities for Making IoT Devices Secure Over the Cloud 1477.5.1 Trusted Computing 1477.5.2 Security Keys, Cryptographic Algorithms, and Hidden IDs 1487.5.3 Arduino YUN Security Extensions 1497.6 Adding Security Capabilities to Stack4Things 1497.6.1 Board-Side Security Extension 1497.6.2 Cloud-Side Security Extension 1507.6.3 Security Services in Stack4Things 1507.6.3.1 Secure Registration of IoT Devices Joining the Cloud 1517.6.3.2 Remote Attestation of IoT Devices 1527.7 Conclusion 152References 1538 Context Awareness for Adaptive Access Control Management in IoT Environments 157Paolo Bellavista and Rebecca Montanari8.1 Introduction 1578.2 Security Challenges in IoT Environments 1588.2.1 Heterogeneity and Resource Constraints 1588.2.2 IoT Size and Dynamicity 1608.3 Surveying Access Control Models and Solutions for IoT 1608.3.1 Novel Access Control Requirements 1608.3.2 Access Control Models for the IoT 1628.3.3 State-of-the-Art Access Control Solutions 1648.4 Access Control Adaptation:Motivations and Design Guidelines 1658.4.1 Semantic Context-Aware Policies for Access Control Adaptation 1668.4.2 Adaptation Enforcement Issues 1678.5 Our Adaptive Context-Aware Access Control Solution for Smart8.5.1 The Proteus Model 1688.5.2 Adapting the General Proteus Model for the IoT 1708.5.2.1 The Proteus Architecture for the IoT 1728.5.2.2 Implementation and Deployment Issues 1738.6 Open Technical Challenges and Concluding Remarks 174References 1769 Data Privacy Issues in Distributed Security Monitoring Systems 179Jeffery A. Mauth and DavidW. Archer9.1 Information Security in Distributed Data Collection Systems 1799.2 Technical Approaches for Assuring Information Security 1819.2.1 Trading Security for Cost 1829.2.2 Confidentiality: Keeping Data Private 1829.2.3 Integrity: Preventing Data Tampering and Repudiation 1869.2.4 Minimality: Reducing Data Attack Surfaces 1889.2.5 Anonymity: Separating Owner from Data 1889.2.6 Authentication: Verifying User Privileges for Access to Data 1899.3 Approaches for Building Trust in Data Collection Systems 1909.3.1 Transparency 1909.3.2 Data Ownership and Usage Policies 1919.3.3 Data Security Controls 1919.3.4 Data Retention and Destruction Policies 1929.3.5 Managing Data-loss Liability 1929.3.6 Privacy Policies and Consent 1929.4 Conclusion 193References 19310 Privacy Protection for Cloud-Based Robotic Networks 195Hajoon Ko, Sye L. Keoh and Jiong Jin10.1 Introduction 19510.2 Cloud Robot Network: Use Case, Challenges, and Security Requirements 19710.2.1 Use Case 19710.2.2 SecurityThreats and Challenges 19910.2.3 Security Requirements 20010.3 Establishment of Cloud Robot Networks 20010.3.1 Cloud Robot Network as a Community 20010.3.2 A Policy-Based Establishment of Cloud Robot Networks 20110.3.3 Doctrine: A Community Specification 20110.3.3.1 Attribute Types and User-Attribute Assignment (UAA) Policies 20310.3.3.2 Authorization and Obligation Policies 20310.3.3.3 Constraints Specification 20510.3.3.4 Trusted Key Specification 20610.3.3.5 Preferences Specification 20610.3.3.6 Authentication in Cloud Robot Community 20710.3.3.7 Service Access Control 20710.4 Communication Security 20710.4.1 Attribute-Based Encryption (ABE) 20710.4.2 Preliminaries 20810.4.3 Ciphertext-Policy Attribute-Based Encryption (CP-ABE) Scheme 20810.4.4 Revocation Based on Shamir’s Secret Sharing 20910.4.5 Cloud Robot Community’s CP-ABE Key Revocation 20910.4.6 Integration of CP-ABE and Robot Community Architecture 21010.5 Security Management of Cloud Robot Networks 21210.5.1 Bootstrapping (Establishing) a Cloud Robot Community 21210.5.2 Joining the Community 21410.5.3 Leaving a Community 21510.5.4 Service Access Control 21610.6 RelatedWork 21710.7 Conclusion 219References 22011 Toward Network Coding for Cyber-Physical Systems: Security Challenges and Applications 223Pouya Ostovari and JieWu11.1 Introduction 22311.2 Background on Network Coding and Its Applications 22511.2.1 Background and Preliminaries 22511.2.2 Network Coding Applications 22611.2.2.1 Throughput/Capacity Enhancement 22611.2.2.2 Robustness Enhancement 22711.2.2.3 Protocol Simplification 22811.2.2.4 Network Tomography 22811.2.2.5 Security 22911.2.3 Network Coding Classification 22911.2.3.1 Stateless Network Coding Protocols 22911.2.3.2 State-Aware Network Coding Protocols 22911.3 Security Challenges 23011.3.1 Byzantine Attack 23011.3.2 Pollution Attack 23011.3.3 Traffic Analysis 23011.3.4 Eavesdropping Attack 23111.3.5 Classification of the Attacks 23211.3.5.1 Passive versus Active 23211.3.5.2 External versus Internal 23211.3.5.3 Effect of Network Coding 23211.4 Secure Network Coding 23311.4.1 Defense against Byzantine and Pollution Attack 23311.4.2 Defense against Traffic Analysis 23411.5 Applications of Network Coding in Providing Security 23411.5.1 Eavesdropping Attack 23411.5.1.1 Secure Data Transmission 23411.5.1.2 Secure Data Storage 23611.5.2 Secret Key Exchange 23711.6 Conclusion 238Acknowledgment 239References 23912 Lightweight Crypto and Security 243Lo’ai A. Tawalbeh and Hala Tawalbeh12.1 Introduction 24312.1.1 Cyber-Physical Systems CPSs 24312.1.2 Security and Privacy 24312.1.3 Lightweight Cryptography (LWC) 24312.1.4 Chapter Organization 24412.2 Cyber-Physical Systems 24412.3 Security and Privacy in Cyber-Physical Systems 24512.4 Lightweight Cryptography Implementations for Security and Privacy inCPSs 24712.4.1 Introduction 24712.4.2 Why Is Lightweight Cryptography Important? 24912.4.3 Lightweight Symmetric and Asymmetric Ciphers Implementations 25012.4.3.1 Hardware Implementations of Symmetric Ciphers 25112.4.3.2 Software Implementations of Symmetric Ciphers 25312.4.3.3 Hardware Implementations of Asymmetric Ciphers 25412.4.3.4 Software Implementations of Asymmetric Ciphers 25512.4.3.5 Secure Hash Algorithms (SHA) 25612.5 Opportunities and Challenges 25712.6 Conclusion 258Acknowledgments 259References 25913 Cyber-Physical Vulnerabilities ofWireless Sensor Networks in Smart Cities 263Md. Mahmud Hasan and Hussein T. Mouftah13.1 Introduction 26313.1.1 The Smart City Concept and Components 26313.2 WSN Applications in Smart Cities 26513.2.1 Smart Home 26513.2.2 Smart Grid Applications 26713.2.2.1 Substation Monitoring 26713.2.3 Intelligent Transport System Applications 26813.2.3.1 Roadside Unit 26813.2.3.2 Vehicular Sensor Network 26913.2.3.3 Intelligent Sensor Network 26913.2.4 Real-Time Monitoring and Safety Alert 27013.3 Cyber-Physical Vulnerabilities 27013.3.1 Possible Attacks 27113.3.2 Impacts on Smart City Lives 27213.3.2.1 Service Interruption 27213.3.2.2 Damage to Property 27313.3.2.3 Damage to Life 27313.3.2.4 Privacy Infiltration 27413.4 Solution Approaches 27413.4.1 Cryptography 27413.4.2 Intrusion Detection System 27613.4.3 Watchdog System 27713.4.4 GameTheoretic Deployment 27713.4.5 Managed Security 27713.4.6 Physical Security Measures 27813.5 Conclusion 278Acknowledgment 278References 27914 Detecting Data Integrity Attacks in Smart Grid 281Linqiang Ge,Wei Yu, Paul Moulema, Guobin Xu, David Griffith and Nada Golmie14.1 Introduction 28114.2 Literature Review 28314.3 Network andThreat Models 28514.3.1 Network Model 28514.3.2 Threat Model 28614.4 Our Approach 28714.4.1 Overview 28714.4.2 Detection Schemes 28914.4.2.1 Statistical Anomaly-Based Detection 28914.4.2.2 Machine Learning-Based Detection 29014.4.2.3 Sequential Hypothesis Testing-Based Detection 29114.5 Performance Evaluation 29214.5.1 Evaluation Setup 29214.5.2 Evaluation Results 29414.6 Extension 29714.7 Conclusion 298References 29815 Data Security and Privacy in Cyber-Physical Systems for Healthcare 305Aida Cauševic, Hossein Fotouhi and Kristina Lundqvist15.1 Introduction 30515.2 Medical Cyber-Physical Systems 30615.2.1 Communication withinWBANs 30715.2.1.1 Network Topology 30715.2.1.2 Interference inWBANs 30815.2.1.3 Challenges with LPWNs inWBANs 30815.2.1.4 Feedback Control inWBANs 30815.2.1.5 Radio Technologies 30915.2.2 ExistingWBAN-Based Health Monitoring Systems 31015.3 Data Security and Privacy Issues and Challenges inWBANs 31215.3.1 Data Security and PrivacyThreats and Attacks 31415.4 Existing Security and Privacy Solutions inWBAN 31415.4.1 Academic Contributions 31515.4.1.1 Biometric Solutions 31515.4.1.2 Cryptographic Solutions 31615.4.1.3 Solutions on ImplantableMedical Devices 31815.4.2 Existing Commercial Solutions 31915.5 Conclusion 320References 32016 Cyber Security of Smart Buildings 327SteffenWendzel, Jernej Tonejc, Jaspreet Kaur and Alexandra Kobekova16.1 What Is a Smart Building? 32716.1.1 Definition of the Term 32716.1.2 The Design and the Relevant Components of a Smart Building 32816.1.3 Historical Development of Building Automation Systems 33016.1.4 The Role of Smart Buildings in Smart Cities 33016.1.5 Known Cases of Attacks on Smart Buildings 33116.2 Communication Protocols for Smart Buildings 33216.2.1 KNX/EIB 33316.2.2 BACnet 33516.2.3 ZigBee 33616.2.4 EnOcean 33816.2.5 Other Protocols 33916.2.6 Interoperability and Interconnectivity 33916.3 Attacks 34016.3.1 How Can Buildings Be Attacked? 34016.3.2 Implications for the Privacy of Inhabitants and Users 34016.3.3 Reasons for Insecure Buildings 34116.4 Solutions to Protect Smart Buildings 34216.4.1 Raising Security Awareness and Developing Security Know-How 34216.4.2 Physical Access Control 34316.4.3 Hardening Automation Systems 34316.4.3.1 Secure Coding 34316.4.3.2 Operating System Hardening 34316.4.3.3 Patching 34416.4.4 Network-Level Protection 34416.4.4.1 Firewalls 34516.4.4.2 Monitoring and Intrusion Detection Systems 34516.4.4.3 Separation of Networks 34516.4.5 Responsibility Matrix 34516.5 Recent Trends in Smart Building Security Research 34616.5.1 Visualization 34616.5.2 Network Security 34616.5.2.1 Traffic Normalization 34616.5.2.2 Anomaly Detection 34616.5.2.3 Novel Fuzzing Approaches 34716.6 Conclusion and Outlook 347References 34817 The Internet of Postal Things: Making the Postal Infrastructure Smarter 353Paola Piscioneri, Jessica Raines and Jean Philippe Ducasse17.1 Introduction 35317.2 Scoping the Internet of PostalThings 35417.2.1 The Rationale for an Internet of PostalThings 35417.2.1.1 A Vast Infrastructure 35417.2.1.2 Trust as a Critical Brand Attribute 35517.2.1.3 Operational Experience in Data Collection and Analytics 35617.2.1.4 Customer Demand for Information 35617.2.2 Adjusting to a New Business Environment 35617.2.2.1 Shifting from Unconnected to “Smart” Products and Services 35717.2.2.2 Shifting from Competing on Price to Competing on Overall Value 35717.2.2.3 Shifting from Industries to Ecosystems 35717.2.2.4 Shifting fromWorkforce Replacement to Human-Centered Automation 35717.3 Identifying Internet of Postal Things Applications 35817.3.1 Transportation and Logistics 35817.3.1.1 Predictive Maintenance 35917.3.1.2 Fuel Management 35917.3.1.3 Usage-Based Insurance 36017.3.1.4 Driverless Vehicles 36017.3.1.5 Load Optimization 36017.3.1.6 Real-Time Dynamic Routing 36017.3.1.7 Collaborative Last Mile Logistics 36117.3.2 Enhanced Mail and Parcel Services: The Connected Mailbox 36117.3.2.1 Concept and Benefits 36217.3.2.2 The Smart Mailbox as a Potential Source of New Revenue 36317.3.3 The Internet ofThings in Postal Buildings 36417.3.3.1 Optimizing Energy Costs 36417.3.3.2 The Smarter Post Office 36517.3.4 Neighborhood Services 36517.3.4.1 Smart Cities Need Local Partners 36517.3.4.2 Carriers as Neighborhood Logistics Managers 36617.3.5 Summarizing the Dollar Value of IoPT Applications 36717.4 The Future of IoPT 36717.4.1 IoPT Development Stages 36717.4.2 Implementation Challenges 36817.4.3 Building a Successful Platform Strategy 37117.5 Conclusion 371References 37218 Security and Privacy Issues in the Internet of Cows 375Amber Adams-Progar, Glenn A. Fink, ElyWalker and Don Llewellyn18.1 Precision Livestock Farming 37518.1.1 Impact on Humans 37618.1.1.1 Labor andWorkforce Effects 37718.1.1.2 Food Quality and Provenance 37718.1.1.3 Transparency and Remote Management 37818.1.2 Impact on Animals 37918.1.2.1 Estrus Monitoring 37918.1.2.2 Rumen Health 38018.1.2.3 Other Bovine Health Conditions 38118.1.3 Impact on the Environment 38218.1.4 Future Directions for IoT Solutions 38318.2 Security and Privacy of IoT in Agriculture 38418.2.1 Cyber-Physical System Vulnerabilities 38518.2.2 Threat Models 38618.2.2.1 Threat: Misuse of Video Data 38618.2.2.2 Threat: Misuse of Research Data 38718.2.2.3 Threat: Misuse of Provenance Data 38718.2.2.4 Threat: Data Leakage via Leased Equipment and Software 38818.2.2.5 Threat: Political Action and Terrorism 38918.2.3 Recommendations for IoT Security and Privacy in Agriculture 39018.2.3.1 Data Confidentiality 39118.2.3.2 Data Integrity 39318.2.3.3 System Availability 39318.2.3.4 System Safety 39318.3 Conclusion 395References 39519 Admission Control-Based Load Protection in the Smart Grid 399Paul Moulema, SriharshaMallapuram,Wei Yu, David Griffith, Nada Golmie and David Su19.1 Introduction 39919.2 RelatedWork 40119.3 Our Approach 40219.3.1 Load Admission Control 40319.3.2 Load Shedding Techniques 40419.3.2.1 Load-Size-Based Shedding – Smallest Load First: 40519.3.2.2 Load-Size-Based Shedding – Largest Load First: 40619.3.2.3 Priority-Based Load Shedding: 40719.3.2.4 Fair Priority-Based Load Shedding: 40819.3.3 Simulation Scenarios 41019.4 Performance Evaluation 41119.4.1 Scenario 1: Normal Operation 41119.4.2 Scenario 2: Brutal Admission Control 41319.4.3 Scenario 3: Load-Size-Based Admission Control 41319.4.4 Scenario 4: Priority-Based Admission Control 41619.4.5 Scenario 5: Fair Priority-Based Admission Control 41719.5 Conclusion 419References 419Editor Biographies 423Index 427