Skip to Secure: Securing Cyber-physical Control Loops with Intentionally Skipped Executions
Authors:
Sunandan Adhikary,
Ipsita Koley,
Sumana Ghosh,
Saurav Kumar Ghosh,
Soumyajit Dey,
Debdeep Mukhopadhyay
Abstract:
We consider the problem of provably securing a given control loop implementation in the presence of adversarial interventions on data exchange between plant and controller. Such interventions can be thwarted using continuously operating monitoring systems and also cryptographic techniques, both of which consume network and computational resources. We provide a principled approach for intentional s…
▽ More
We consider the problem of provably securing a given control loop implementation in the presence of adversarial interventions on data exchange between plant and controller. Such interventions can be thwarted using continuously operating monitoring systems and also cryptographic techniques, both of which consume network and computational resources. We provide a principled approach for intentional skipping of control loop executions which may qualify as a useful control theoretic countermeasure against stealthy attacks which violate message integrity and authenticity. As is evident from our experiments, such a control theoretic counter-measure helps in lowering the cryptographic security measure overhead and resulting resource consumption in Control Area Network (CAN) based automotive CPS without compromising performance and safety.
△ Less
Submitted 16 July, 2020;
originally announced July 2020.
Formal Synthesis of Monitoring and Detection Systems for Secure CPS Implementations
Authors:
Ipsita Koley,
Saurav Kumar Ghosh,
Soumyajit Dey,
Debdeep Mukhopadhyay,
Amogh Kashyap K N,
Sachin Kumar Singh,
Lavanya Lokesh,
Jithin Nalu Purakkal,
Nishant Sinha
Abstract:
We consider the problem of securing a given control loop implementation of a cyber-physical system (CPS) in the presence of Man-in-the-Middle attacks on data exchange between plant and controller over a compromised network. To this end, there exist various detection schemes that provide mathematical guarantees against such attacks for the theoretical control model. However, such guarantees may not…
▽ More
We consider the problem of securing a given control loop implementation of a cyber-physical system (CPS) in the presence of Man-in-the-Middle attacks on data exchange between plant and controller over a compromised network. To this end, there exist various detection schemes that provide mathematical guarantees against such attacks for the theoretical control model. However, such guarantees may not hold for the actual control software implementation. In this article, we propose a formal approach towards synthesizing attack detectors with varying thresholds which can prevent performance degrading stealthy attacks while minimizing false alarms.
△ Less
Submitted 27 February, 2020;
originally announced February 2020.
