Abstract
We propose extensions to the Dolev-Yao attacker model to make it suitable for arguments about security of Cyber-Physical Systems. The Dolev-Yao attacker model uses a set of rules to define potential actions by an attacker with respect to messages (i.e. information) exchanged between parties during a protocol execution. As the traditional Dolev-Yao model considers only information (exchanged over a channel controlled by the attacker), the model cannot directly be used to argue about the security of cyber-physical systems where physical-layer interactions are possible. Our Dolev-Yao extension, called Cyber-Physical Dolev-Yao (CPDY), allows additional orthogonal interaction channels between the parties. In particular, such orthogonal channels can be used to model physical-layer mechanical, chemical, or electrical interactions between components. In addition, we discuss the inclusion of physical properties such as location or distance in the rule set. We present an example set of additional rules for the Dolev-Yao attacker, using those we are able to formally discover physical attacks that previously could only be found by empirical methods or detailed physical process models.
M. Rocchetto—The work was carried out while Marco was with iTrust at Singapore University of Technology and Design.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Adepu, S., Mathur, A.: An investigation into the response of a water treatment system into cyber attacks. In: IEEE Symposium on High Assurance Systems Engineering (HASE) (2015)
Antonioli, D., Tippenhauer, N.O., MiniCPS: a toolkit for security research on CPS networks. In: Proceedings of Workshop on Cyber-Physical Systems Security & Privay (SPC-CPS), co-located with CCS, October 2015
Armando, A., et al.: The AVANTSSAR platform for the automated validation of trust and security of service-oriented architectures. In: Flanagan, C., König, B. (eds.) TACAS 2012. LNCS, vol. 7214, pp. 267–282. Springer, Heidelberg (2012)
Armando, A., Compagna, L.: SATMC: a SAT-based model checker for security protocols. In: Alferes, J.J., Leite, J. (eds.) JELIA 2004. LNCS (LNAI), vol. 3229, pp. 730–733. Springer, Heidelberg (2004)
AVANTSSAR. Deliverable 5.3: AVANTSSAR Library of validated problem cases (2010). www.avantssar.eu
Basin, D., Capkun, S., Schaller, P., Schmidt, B.: Formal reasoning about physical properties of security protocols. Trans. Inf. Syst. Secur. (TISSEC) 14(2), 16 (2011)
Basin, D., Cremers, C., Meadows, C.: Model checking security protocols. In: Handbook of Model Checking (2011)
Basin, D., Mödersheim, S., Viganò, L.: OFMC: a symbolic model checker for security protocols. J. Inf. Secur. 4(3), 181–208 (2005)
Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: Computer Security Foundation Workshop (CSFW). IEEE (2001)
Buchler, M., Hossen, K., Mihancea, P., Minea, M., Groz, R., Oriat, C.: Model inference and security testing in the spacios project. In: IEEE Conference on Software Maintenance, Reengineering and Reverse Engineering (CSMR-WCRE) (2014)
Camenisch, J., Mödersheim, S., Sommer, D.: A formal model of identity mixer. In: Kowalewski, S., Roveri, M. (eds.) FMICS 2010. LNCS, vol. 6371, pp. 198–214. Springer, Heidelberg (2010)
Cárdenas, A.A., Amin, S.M., Sinopoli, B., Giani, A., Perrig, A., Sastry, S.S.: Challenges for securing cyber physical systems. In: Workshop on Future Directions in Cyber-physical Systems Security. DHS, July 2009
Cárdenas, A.A., Roosta, T., Sastry, S.: Rethinking security properties, threat models, and the design space in sensor networks: a case study in scada systems. Ad Hoc Netw. 7(8), 1434–1447 (2009)
Choi, Y.: From NuSMV to SPIN: experiences with model checking flight guidance systems. Formal Methods Syst. Des. 30(3), 199–216 (2007)
Cortier, V., Delaune, S., Lafourcade, P.: A survey of algebraic properties used in cryptographic protocols. J. Comput. Secur. 14(1), 1–43 (2006)
Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Trans. Inf. Theor. 29(2), 198–207 (1983)
Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2009. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009)
LeMay, E., Ford, M.D., Keefe, K., Sanders, W.H., Muehrcke, C.: Model-based security metrics using adversary view security evaluation (ADVISE). In: Proceedings of Conference on Quantitative Evaluation of Systems, QEST (2011)
Mathur, A., Tippenhauer, N.O.: A water treatment testbed for research and training on ICS security. In: Proceedings of Workshop on Cyber-Physical Systems for Smart Water Networks (CySWater), April 2016
Mo, Y., Kim, T.-H., Brancik, K., Dickinson, D., Lee, H., Perrig, A., Sinopoli, B.: Cyber-physical security of a smart grid infrastructure. Proc. IEEE 100(1), 195–209 (2012)
Morris, T., Srivastava, A., Reaves, B., Gao, W., Pavurapu, K., Reddi, R.: A control system testbed to validate critical infrastructure protection concepts. J. Crit. Infrastruct. Prot. 4(2), 88–103 (2011)
Reaves, B., Morris, T.: An open virtual testbed for industrial control system security research. J. Inf. Secur. 11(4), 215–229 (2012)
Rocchetto, M., Ochoa, M., Torabi Dashti, M.: Model-based detection of CSRF. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IFIP AICT, vol. 428, pp. 30–43. Springer, Heidelberg (2014)
Rocchetto, M., Tippenhauer, N.O.: CPDY (Cyber-Physical Dolev-Yao) (2016). http://research.scy-phy.net/cpdy/
Rocchetto, M., Viganò, L., Volpe, M., Vedove, G.D.: Using interpolation for the verification of security protocols. In: Accorsi, R., Ranise, S. (eds.) STM 2013. LNCS, vol. 8203, pp. 99–114. Springer, Heidelberg (2013)
Schaller, P., Schmidt, B., Basin, D.A., Capkun, S.: Modeling and verifying physical properties of security protocols for wireless networks. In: Computer Security Foundations Symposium (CSF), pp. 109–123 (2009)
Schmidt, B., Sasse, R., Cremers, C., Basin, D.A.: Automated verification of group key agreement protocols. In: Symposium on Security and Privacy (S&P), pp. 179–194 (2014)
Schmidt, M., Lipson, H.: Distilling free-form natural laws from experimental data. Science 324(5923), 81–85 (2009)
SPaCIoS. Deliverable 3.3.2: Methodology and technology forvulnerability-driven security testing (final version) (2014). http://www.spacios.eu
Steinmetzer, D., Schulz, M., Hollick, M.: Lockpicking physical layer key exchange: weak adversary models invite the thief. In: Proceedings of ACM Conference Wireless Security (WiSeC) (2015)
Taormina, R., Galelli, S., Tippenhauer, N.O., Salomons, E., Ostfeld, A.: Simulation of cyber-physical attacks on water distribution systems with EPANET. In: Proceedings of Singapore Cyber Security R&D Conference (SG-CRC), January 2016
Turuani, M.: The CL-Atse protocol analyser. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 277–286. Springer, Heidelberg (2006)
Urbina, D., Giraldo, J., Tippenhauer, N.O., Cardenas, A.: Attacking fieldbus communications in ICS: applications to the SWaT testbed. In: Proceedings of Singapore Cyber Security R&D Conference (SG-CRC), January 2016
Viganò, L.: The spacios project: secure provision and consumption in the internet of services. In: Software Testing, Verification and Validation (ICST), pp. 497–498. IEEE (2013)
Vigo, R.: The cyber-physical attacker. In: Ortmeier, F., Daniel, P. (eds.) SAFECOMP Workshops 2012. LNCS, vol. 7613, pp. 347–356. Springer, Heidelberg (2012)
von Oheimb, D.: The high-level protocol specification language HLPSL developed in the EU project AVISPA. In: Proceedings of APPSEM 2005 workshop, pp. 1–17 (2005)
von Oheimb, D., Mödersheim, S.: ASLan++ — a formal security specification language for distributed systems. In: Aichernig, B.K., Boer, F.S., Bonsangue, M.M. (eds.) Formal Methods for Components and Objects. LNCS, vol. 6957, pp. 1–22. Springer, Heidelberg (2011)
Weinberger, S.: Computer security: is this the start of cyberwarfare? Nature 174, 142–145 (2011)
Acknowledgments
This work was supported by the National Research Foundation of Singapore under grant NRF2014NCR-NCR001-40.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Rocchetto, M., Tippenhauer, N.O. (2016). CPDY: Extending the Dolev-Yao Attacker with Physical-Layer Interactions. In: Ogata, K., Lawford, M., Liu, S. (eds) Formal Methods and Software Engineering. ICFEM 2016. Lecture Notes in Computer Science(), vol 10009. Springer, Cham. https://doi.org/10.1007/978-3-319-47846-3_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-47846-3_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-47845-6
Online ISBN: 978-3-319-47846-3
eBook Packages: Computer ScienceComputer Science (R0)