300 likes | 313 Views
This paper presents SURE, a modeling and simulation integration platform for the evaluation of secure and resilient cyber-physical systems. It discusses issues with SCADA, the SURE modeling framework, case studies, and concludes with thoughts and insights.
E N D
SURE: A Modeling and Simulation Integration Platform for Evaluation of SecUre and REsilient Cyber– Physical Systems (2018) By: XenofonKoutsouKos, Senior Member IEEE, Gabor Karsai, Senior Member IEEE, Aron Laszka, Himanshu Neema, Bradley Potteiger, Peter Volgyesi, Yevgeniy Vorobeychik, Member IEEE, and Janos Sztipanovits, Life Fellow IEEE Presented by: Matt Pasco, Michigan State University, 3/19/2019
Presentation Schedule • SCADA and IoT • Issues with SCADA • SURE Modeling Framework • SURE Case Studies • Conclusion and Thoughts
SCADA • Supervisory Control and Data Acquisition • Provides remote: • Information monitoring • Command execution • Usages: • Manufactory machine control • Enterprise HVAC control • Traffic lights • Agriculture • Off-the-shelf home automation
SCADA • Large Minicomputer (1970s) -> ESP8266 (present) • IoT: Internet of Things • present day SCADA • low cost IP based devices Source: Hackaday.com Source: Flicker.com
Issues with SCADA • Ted Koppel, Lights Out (2015) • Power grids are highly unsecured • Many SCADA devices have: • Default passwords • Exposed on Shodan browser • Terrible physical security • Unmanned Aerial Vehicle (UAV) remote access • UART: Universal Asynchronous Receiver-Transmitter • Port on many IoT devices • Root shell • Easily bypass secured devices Sources: Koppel, Yoon et al., Malwarebytes, GoodReads.com
Shodan Source: Shodan, cleancss.com
Attack scenario • New Cold-War • Full nation outage • Nation-state attack • Motivation: war • Regional outage • Terrorist group • Motivation: fearmongering, ransom • Mitigation strategy: • Ship in new technology • Transformers for power grid Sources: Koppel
Related Work • PowerCyber • Power grid CPS security testbed • Time based anomaly detection for CPS • Mohan et al. (2013) • Game-Theory detection • Ghafouri et al.(2016) • Ensuring resilient control design • SURE [26-29]
SURE • SecUre and REsilient Cyber-Physical Systems (CPS) • Provides • Realistic simulation models of CPS components and interactions • Both physical and cyber • Cyber attack models • Focus on impact on CPS behavior and operation • Operational scenarios evaluated for security risk • In-depth security evaluation Source: SURE, Baheti et al.
SURE Goals • Capture suitable metrics • Capture diverse attacks • Identify critical components to be protected • Understand traffic patterns • Design resilient monitoring Source: SURE
SURE Modeling and Simulation A. Domain Modeling for rapid experimentation • Utilizes graphical modeling language • Model partitioned into • Abstracted cyber infrastructure • Cyber attack model toolset • Elements for integration in concrete CPS domain Source: SURE
SURE Modeling and Simulation B. Collaboration and Gamification • Browser-based app • Provides live collaboration • Red-Blue teaming • Blue team defends (Security Engineers) • Red team attacks (Hackers) • Extremely prominent in Cybersecurity community Source: SURE
SURE Modeling and Simulation C. Traceability and Reproducibility • Influenced by Git • Changes are recorded with cryptographic hash • Tree structure Source: SURE
SURE Modeling and Simulation D. Transportation Domain • Simulation of Urban MObility (SUMO) framework • Used to simulate time of day and other parameters • Define: • Sensors • Controller • Hierarchies Source: SURE
SURE Modeling and Simulation E. Simulation Drivers • In-summary: you can run this from the command line Source: SURE
SURE Modeling and Simulation F. Model-Based Simulation Integration • Provides rapid: • Design • Synthesis • Evaluation Source: SURE
SURE Modeling Source: SURE
SURE Adversarial Environments • 6 types of attacks • Out of Order • Rearranges network packet order • DoS • Prevention of data transmission • Delay • Added network delay • Integrity • Modification • Data Corruption • Integrity, just uniformed • Network manipulation • Record and playback (replay) Source: SURE
SURE Adversarial Environments Source: SURE
SURE Case Studies • Vulnerability analysis of traffic signal tampering • Resilient sensor selection to predict traffic flow • Decentralized traffic signal control subjected to a Denial of Service (Dos) attack Source: SURE
SURE Case Study 1: Traffic Signal Tampering • Leveraging • Lack of encryption • Lack of authentication • Vulnerabilities • Attacker can: • Select set of traffic signals to attack • Create a new schedule for traffic lights • Assumes: • Attacker cannot set crossing intersections both to green Source: SURE
SURE Case Study 1: Traffic Signal Tampering • Maximizing travel time is NP-Hard problem • Attacker utilizes heuristic algorithm • 0.8% loss from exhaustive search • 92% morning travel • 51% midday travel Source: SURE
SURE Case Study 2: Resilient Sensor Selection for traffic forecasting • Minimize the effect of DoS attacks • Utilize a set of sensors to predict traffic at unobserved locations • Attacker can: • Select K sensors deployed • DoS attacks can be • Physical • Wireless jamming • Battery exhaustion Source: SURE
SURE Case Study 2: Resilient Sensor Selection for traffic forecasting • Designer trains a Gaussian based regression model to predict traffic at unobserved locations • Gaussian process is a type of Bayesian learning • Events are independent, probabilities are based on posterior and prior probabilities • Attacker removes [1,K] sensors • Assess model prediction with lack of sensors Source: SURE
SURE Case Study 2: Resilient Sensor Selection for traffic forecasting Source: SURE
SURE Case Study 3: Resilient Traffic Signal Control • Observes traffic network as a whole • System understands queue lengths • Sensors are vulnerable to DoS attacks • Game-theory approach to minimizing effects of DoS attacks • Attacker selects [1,K] sensors to attack • Control is evaluated Source: SURE
SURE Case Study 3: Centralized vs Decentralized Results Source: SURE
Conclusion • Attackers can compromise city traffic • Adverse effects for: • Fire/ Police • Delivery/ mail • Commuters • Proposed a toolset to simulate and design a traffic system and their attacks • Collaborative based • Red-Blue team Source: SURE
Thoughts for autonomous vehicles • Doesn’t address Vehicle-2-Infrastructure (V2I) communication
References • Baheti et al. : R. Baheti and H. Gill, “Cyber-physical systems,” Impact Control Technol., vol. 12, pp. 161–166, Mar. 2011 • Flicker: https://c1.staticflickr.com/3/2435/3878202215_372c46fccb_b.jpg • Ghafouriet al. : A. Ghafouri, W. Abbas, A. Laszka, Y. Vorobeychik, and X. Koutsoukos, “Optimal thresholds for anomaly-based intrusion detection in dynamical environments,” in Proc. Int. Conf. Decision Game Theory Secur., 2016, pp. 415–434. • GoodReads: https://i.gr-assets.com/images/S/compressed.photo.goodreads.com/books/1434725454i/25733923._UY630_SR1200,630_.jpg • Hackaday: https://hackadaycom.files.wordpress.com/2015/03/esp8266-how-to-thumb.jpg • Koppel: Ted Koppel, Lights Out (2015) • Malwarebytes: https://blog.malwarebytes.com/security-world/2014/02/uart-root-shell-on-commercial-devices/ • Mohan et al: S. Mohan, S. Bak, E. Betti, H. Yun, L. Sha, and M. Caccamo, “S3A: Secure system simplex architecture for enhanced security and robustness of cyber-physical systems,” in Proc. 2nd ACM Int. Conf. High Confidence Netw. Syst., Apr. 2013, pp. 65–74 • Shodan: https://www.shodan.io/host/216.173.131.201 • SURE: SURE: A Modeling and Simulation Integration Platform for Evaluation of SecUre and REsilient Cyber– Physical Systems • Yoon et al. : M. K. Yoon, B. Liu, N. Hovakimyan, and L. Sha, “VirtualDrone: Virtual sensing, actuation, and communication for attackresilient unmanned aerial systems,” in Proc. 8th ACM/IEEE Int. Conf. Cyber-Phys. Syst., Apr. 2017, pp. 143–154.