Abstract
Cyber-physical systems have established as an essential part of the modern world and will grow in amount and complexity in the future. In the beginning, this paper provides an overview of CPS architecture, where we describe basic components at three different OSI reference model layers that includes: the human machine interface (application layer), supervisory control and data acquisition (network layer) and programmable logic controllers (physical layer). Since the physical layer enables direct contact to human beings, security is an important factor in the development process. Nonetheless, cyber-physical systems become more and more complicated and offer a wide surface of vulnerabilities which can be exploited through external threats. Since attacks can be launched at every single layer, a wide area of different threats can be inherited and need to be avoided by appropriate security measures. The main contribution of this paper is to provide a security threat tool, where we determine threats and vulnerabilities in cyber-physical systems at the application, the network and the physical layer. Furthermore, the tool is able to suggest solutions which can prevent attacks against those identified threats.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Rehman, S., Gruhn, V.: Security requirements engineering (SRE) framework for cyber-physical systems (CPS): SRE for CPS. In: New Trends in Intelligent Software Methodologies, Tools and Techniques: Proceedings of the 16th International Conference SoMeT_17, vol 297, p. 153. IOS Press, Sept 2017
Rehman, S., Gruhn, V.: Recommended architecture for car parking management system based on cyber-physical system. In: 2017 International Conference on Engineering & MIS (ICEMIS), pp. 1–6. IEEE, May 2017
Rehman, S., Gruhn, V.: An effective security requirements engineering framework for cyber-physical systems. Int. J. Inf. Commun. Technol. (Special Issue Cyber-Phys. Syst. Data Process. Commun. Architect.) 6(3). ISSN: 2227-7080; ESCI-WoS index (2018)
Todd, M., Koster, S.R., Wong, P.C.M.: Hewlett-Packard Enterprise Development LP, 2016. System and method for securing a network from zero-day vulnerability exploits. U.S. Patent 9,264,441
Humayed, A., Lin, J., Li, F., Luo, B.: Cyber-physical systems security—a survey. IEEE Internet Things J. 1–1 (2017)
Zimmermann, J.D.: OS1 reference model—the IS0 model of architecture for open systems interconnection
Stallings, W., Brown, L.: Computer Security: Principles and Practice, 3rd edn. Pearson, Boston (2015)
Stallings, W.: Cryptography and Network Security: Principles and Practice, 7th edn. Pearson, Boston (2017)
Greensmith, J., Aickelin, U.: Firewalls, intrusion detection systems and anti-virus scanners (2005)
Steiner, J.G., Neuman, B.C., Schiller, J.I.: Kerberos: an authentication service for open network systems. In: USENIX Winter (1988)
Omar, S.: Information system security threats and vulnerabilities: evaluating the human factor in data protection. Doctoral dissertation (2017)
Kalloniatis, C., Mouratidis, H., Vassilis, M., Islam, S., Gritzalis, S., Kavakli, E.: Towards the design of secure and privacy-oriented information systems in the cloud: identifying the major concepts. Computer Stand. Interfaces 36(4), 759–775 (2014)
Wells, L.J., Camelio, J.A., Williams, C.B., White, J.: Cyber-physical security challenges in manufacturing systems. Manuf. Lett. 2(2), 74–77 (2014)
Wang, L., Törngren, M., Onori, M.: Current status and advancement of cyber-physical systems in manufacturing. J. Manuf. Syst. 37, 517–527 (2015)
Abomhara, M.: Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. J. Cyber Secur. Mobil. 4(1), 65–88 (2015)
Papp, D., Ma, Z., Buttyan, L.: Embedded systems security: threats, vulnerabilities, and attack taxonomy. In: 13th Annual Conference on Privacy, Security and Trust (PST), pp. 145–152. IEEE, July 2015
Kornecki, A.J., Subramanian, N., Zalewski, J.: Studying interrelationships of safety and security for software assurance in cyber-physical systems: approach based on bayesian belief networks. In 2013 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 1393–1399. IEEE, Sept 2013
Mo, Y., Kim, T.H.J., Brancik, K., Dickinson, D., Lee, H., Perrig, A., Sinopoli, B.: Cyber–physical security of a smart grid infrastructure. Proc. IEEE 100(1), 195–209 (2012)
Kushner, D.: The real story of Stuxnet. IEEE spectrum: technology, engineering, and science news, 26-Feb-2013. Available: https://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet. Accessed 15 Nov 2017
Karnouskos, S.: Stuxnet worm impact on industrial cyber-physical system security. In IECON 2011-37th Annual Conference on IEEE Industrial Electronics Society, pp. 4490–4494. IEEE, Nov 2011
Slay, J., Miller, M.: Lessons learned from the Maroochy water breach. Crit. Infrastruct. Prot. 73–82 (2007)
Zhu, B., Joseph, A., Sastry, S.: A taxonomy of cyber-attacks on SCADA systems. In: Internet of things (iThings/CPSCom), 2011 International Conference on and 4th International Conference on Cyber, Physical and Social Computing, pp. 380–388. IEEE, Oct 2011
Zanella, A., Bui, N., Castellani, A., Vangelista, L., Zorzi, M.: Internet of things for smart cities. IEEE Internet of Things J 1(1), 22–32 (2014)
Acknowledgements
This work has been supported by the European Community through project CPS.HUB NRW, EFRE Nr. 0-4000-17.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Shafiq ur Rehman, De Ceglia, M., Gruhn, V. (2020). Analysing Security Threats for Cyber-Physical Systems. In: Arai, K., Bhatia, R. (eds) Advances in Information and Communication. FICC 2019. Lecture Notes in Networks and Systems, vol 70. Springer, Cham. https://doi.org/10.1007/978-3-030-12385-7_74
Download citation
DOI: https://doi.org/10.1007/978-3-030-12385-7_74
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12384-0
Online ISBN: 978-3-030-12385-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)