Skip to main content
SpringerLink
Log in

Security of Cyber-Physical Systems

From Theory to Testbeds and Validation

  • Conference paper
  • First Online:
Security of Industrial Control Systems and Cyber-Physical Systems (CyberICPS 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10166))

Abstract

Traditional control environments connected to physical systems are being upgraded with novel information and communication technologies. The resulting systems need to be adequately protected. Experimental testbeds are crucial for the study and analysis of ongoing threats against those resulting cyber-physical systems. The research presented in this paper discusses some actions towards the development of a replicable and affordable cyber-physical testbed for training and research. The architecture of the testbed is based on real-world components, and emulates cyber-physical scenarios commanded by SCADA (Supervisory Control And Data Acquisition) technologies. We focus on two representative protocols, Modbus and DNP3. The paper reports as well the development of some adversarial scenarios, in order to evaluate the testbed under cyber-physical threat situations. Some detection strategies are evaluated using our proposed testbed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aarts, R.: System identification and parameter estimation. Technical report, Faculty of Engineering Technology, University Twente (2012)

    Google Scholar 

  2. Brown, S.: Overview of IEC 61508 design of electrical/electronic/programmable electronic safety-related systems. Comput. Control Eng. J. 11(1), 6–12 (2000)

    Article  Google Scholar 

  3. Candell, R., Stouffer, K., Anand, D.: A cybersecurity testbed for industrial control systems. In: Process Control and Safety Symposium International Society of Automation, Houston, TX (2014)

    Google Scholar 

  4. Chmelar, P.: Java kalman library (2014). https://sourceforge.net/projects/jkalman/. Accessed Oct 2016

  5. Curtis, K.: A DNP3 protocol primer. A basic technical overview of the protocol (2005). http://www.dnp.org/AboutUs/DNP3%20Primer%20Rev%20A.pdf. Accessed Oct 2016

  6. Graham, J.H., Patel, S.C.: Security considerations in SCADA communication protocols. Technical report TR-ISRL-04-01 (2004). http://www.cs.louisville.edu/facilities/ISLab/tech%20papers/ISRL-04-01.pdf. Accessed Oct 2016

  7. Green, B., Hutchison, D., Frey, S.A.F., Rashid, A.: Testbed diversity as a fundamental principle for effective ICS security research. In: Proceedings of the First International Workshop on Security and Resilience of Cyber-Physical Infrastructures (SERECIN). Lancaster University, Technical report SCC-2016-01, pp. 12–15 (2016)

    Google Scholar 

  8. Holm, H., Karresand, M., Vidström, A., Westring, E.: A survey of industrial control system testbeds. In: Buchegger, S., Dam, M. (eds.) Secure IT Systems. LNCS, vol. 9417, pp. 11–26. Springer, Cham (2015). doi:10.1007/978-3-319-26502-5_2

    Chapter  Google Scholar 

  9. Kaung Myat, A.: Secure Water Treatment Testbed (SWaT): an overview (2015). https://itrust.sutd.edu.sg/wp-content/uploads/sites/3/2015/11/Brief-Introduction-to-SWaT_181115.pdf. Accessed Oct 2016

  10. Koutsandria, G., Gentz, R., Jamei, M., Scaglione, A., Peisert, S., McParland, C.: A real-time testbed environment for cyber-physical security on the power grid. In: 1st ACM Workshop on Cyber-Physical Systems-Security and/or Privacy, pp. 67–78. ACM (2015)

    Google Scholar 

  11. Krotofil, M., Larsen, J.: Rocking the pocket book: Hacking chemical plants for competition and extortion. DEF CON 23 (2015)

    Google Scholar 

  12. Lagu, S.S., Deshmukh, S.B.: Raspberry Pi for automation of water treatment plant. In: International Conference on Computing Communication Control and Automation (ICCUBEA), pp. 532–536, February 2015

    Google Scholar 

  13. Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49–51 (2011)

    Article  Google Scholar 

  14. McLaughlin, S., Konstantinou, C., Wang, X., Davi, L., Sadeghi, A.-R., Maniatakos, M., Karri, R.: The cybersecurity landscape in industrial control systems. Proc. IEEE 104(5), 1039–1057 (2016)

    Article  Google Scholar 

  15. Mo, Y., Weerakkody, S., Sinopoli, B.: Physical authentication of control systems: designing watermarked control inputs to detect counterfeit sensor outputs. IEEE Control Syst. 35(1), 93–109 (2015)

    Article  MathSciNet  Google Scholar 

  16. Modbus Organization. Official Modbus Specifications (2016). http://www.modbus.org/specs.php. Accessed Oct. 2016

  17. Nam, S.Y., Kim, D., Kim, J.: Enhanced ARP: preventing ARP poisoning-based man-in-the-middle attacks. IEEE Commun. Lett. 14(2), 187–189 (2010)

    Article  Google Scholar 

  18. Rollins, M.: Beginning LEGO MINDSTORMS EV3. Apress, Berkeley (2014)

    Book  Google Scholar 

  19. Rubio-Hernan, Jose, Cicco, Luca, Garcia-Alfaro, Joaquin: Event-triggered watermarking control to handle cyber-physical integrity attacks. In: Brumley, Billy Bob, Röning, Juha (eds.) NordSec 2016. LNCS, vol. 10014, pp. 3–19. Springer, Cham (2016). doi:10.1007/978-3-319-47560-8_1

    Chapter  Google Scholar 

  20. Rubio-Hernan, J., De Cicco, L., Garcia-Alfaro, J., Revisiting a watermark-based detection scheme to handle cyber-physical attacks. In: 11th International Conference on Availability, Reliability and Security, Salzburg, Austria. IEEE, September 2016

    Google Scholar 

  21. Siaterlis, C., Genge, B., Hohenadel, M.: EPIC: a testbed for scientifically rigorous cyber-physical security experimentation. IEEE Trans. Emerg. Topics Comput. 1(2), 319–330 (2013)

    Article  Google Scholar 

  22. Teixeira, A., Shames, I., Sandberg, H., Johansson, K.H.: A secure control framework for resource-limited adversaries. Automatica 51, 135–148 (2015)

    Article  MathSciNet  MATH  Google Scholar 

  23. Wimberger, D., Charlton, J.: Java modbus library (2004). http://jamod.sourceforge.net. Accessed Oct 2016

  24. Wu, G., Sun, J., Chen, J.: A survey on the security of cyber-physical systems. Control Theory Technol. 14(1), 2–10 (2016)

    Article  MathSciNet  Google Scholar 

  25. Yardley, T.: Testbed cross-cutting research (2014). https://tcipg.org/research/testbed-cross-cutting-research. Accessed Oct 2016

  26. Zhu, Y.: New development in industrial MPC identification. In: Proceedings of the International Symposium on Advanced Control of Chemical Processes (ADChEM), Hong Kong, China, January 2003

    Google Scholar 

Download references

Acknowledgements

The authors acknowledge support from the Cyber CNI Chair of Institut Mines-Télécom. The chair is held by Télécom Bretagne and supported by Airbus Defence and Space, Amossys, EDF, Orange, La Poste, Nokia, Société Générale and the Regional Council of Brittany. It has been acknowledged by the Center of excellence in Cybersecurity.

Author information

Authors and Affiliations

  1. SAMOVAR, Telecom SudParis, CNRS, Université Paris-Saclay, Evry, France

    Jose Rubio-Hernan, Juan Rodolfo-Mejias & Joaquin Garcia-Alfaro

Authors
  1. Jose Rubio-Hernan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Juan Rodolfo-Mejias
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Joaquin Garcia-Alfaro
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joaquin Garcia-Alfaro .

Editor information

Editors and Affiliations

  1. Telecom Bretagne , Cesson Sevigne, France

    Nora Cuppens-Boulahia

  2. University of Piraeus , Piraeus, Greece

    Costas Lambrinoudakis

  3. Telecom Bretagne, Cesson Sevigne , France

    Frédéric Cuppens

  4. Norwegian University of Science & Technology, Gjøvik, Norway

    Sokratis Katsikas

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Rubio-Hernan, J., Rodolfo-Mejias, J., Garcia-Alfaro, J. (2017). Security of Cyber-Physical Systems. In: Cuppens-Boulahia, N., Lambrinoudakis, C., Cuppens, F., Katsikas, S. (eds) Security of Industrial Control Systems and Cyber-Physical Systems. CyberICPS 2016. Lecture Notes in Computer Science(), vol 10166. Springer, Cham. https://doi.org/10.1007/978-3-319-61437-3_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-61437-3_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-61436-6

  • Online ISBN: 978-3-319-61437-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation