Skip to main content
SpringerLink
Log in

Security Challenges in Cyber-Physical Production Systems

  • Conference paper
  • First Online:
Software Quality: Methods and Tools for Better Software and Systems (SWQD 2018)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 302))

Included in the following conference series:

Abstract

Within the last decade, Security became a major focus in the traditional IT-Industry, mainly through the interconnection of systems and especially through the connection to the Internet. This opened up a huge new attack surface, which resulted in major takedowns of legitimate services and new forms of crime and destruction. This led to the development of a multitude of new defense mechanisms and strategies, as well as the establishing of Security procedures on both, organizational and technical level. Production systems have mostly remained in isolation during these past years, with security typically focused on the perimeter. Now, with the introduction of new paradigms like Industry 4.0, this isolation is questioned heavily with Physical Production Systems (PPSs) now connected to an IT-world resulting in cyber-physical systems sharing the attack surface of traditional web based interfaces while featuring completely different goals, parameters like lifetime and safety, as well as construction. In this work, we present an outline on the major security challenges faced by cyber-physical production systems. While many of these challenges harken back to issues also present in traditional web based IT, we will thoroughly analyze the differences. Still, many new attack vectors appeared in the past, either in practical attacks like Stuxnet, or in theoretical work. These attack vectors use specific features or design elements of cyber-physical systems to their advantage and are unparalleled in traditional IT. Furthermore, many mitigation strategies prevalent in traditional IT systems are not applicable in the industrial world, e.g., patching, thus rendering traditional strategies in IT-Security unfeasible. A thorough discussion of the major challenges in CPPS-Security is thus required in order to focus research on the most important targets.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Agrawal, R., Kiernan, J.: Watermarking relational databases. In: Proceedings of the 28th International Conference on Very Large Data Bases, pp. 155–166. VLDB Endowment (2002)

    Google Scholar 

  2. Barry, B.I.A., Chan, H.A.: Intrusion detection systems. In: Stavroulakis, P., Stamp, M. (eds.) Handbook of Information and Communication Security, pp. 193–205. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-04117-4_10

    Chapter  Google Scholar 

  3. Barth, M., Biffl, S., Drath, R., Fay, A., Winkler, D.: Bewertung der offenheit von engineering-tools. Open Autom. 4(13), 12–15 (2013)

    Google Scholar 

  4. Byres, E.: The air gap: SCADA’s enduring security myth. Commun. ACM 56(8), 29–31 (2013)

    Article  Google Scholar 

  5. Crosby, M., Pattanayak, P., Verma, S., Kalyanaraman, V.: Blockchain technology: beyond bitcoin. Appl. Innov. 2, 6–10 (2016)

    Article  Google Scholar 

  6. Depren, O., Topallar, M., Anarim, E., Ciliz, M.K.: An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Expert Syst. Appl. 29(4), 713–722 (2005)

    Article  Google Scholar 

  7. Diemer, J.: Sichere industrie-4.0-plattformen auf basis von community-clouds. In: Vogel-Heuser, B., Bauernhansl, T., ten Hompel, M. (eds.) Handbuch Industrie 4.0 Bd. 1. VDI Springer Reference, pp. 177–204. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-45279-0_39

    Chapter  Google Scholar 

  8. Interinstitutional File: Proposal for a regulation of the european parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (general data protection regulation) (2012)

    Google Scholar 

  9. Villaronga, E.F., Kieseberg, P., Li, T.: Humans forget, machines remember: artificial intelligence and the right to be forgotten. Comput. Secur. Law Rev. 8 (2017)

    Google Scholar 

  10. Hell, K., Lüder, A.: Wiederverwendung im engineering. ZWF Zeitschrift für wirtschaftlichen Fabrikbetrieb 111(6), 337–341 (2016)

    Article  Google Scholar 

  11. Kagermann, H.: Recommendations for Implementing the Strategic Initiative Industrie 4.0. Forschungsunion, Essen (2013)

    Google Scholar 

  12. Howard, M., Lipner, S.: The Security Development Lifecycle, vol. 8. Microsoft Press, Redmond (2006)

    Google Scholar 

  13. Hundt, L., Lüder, A.: Development of a method for the implementation of interoperable tool chains applying mechatronical thinking—use case engineering of logic control. In: 2012 IEEE 17th Conference on Emerging Technologies and Factory Automation (ETFA), pp. 1–8. IEEE (2012)

    Google Scholar 

  14. Kieseberg, P., Schrittwieser, S., Mulazzani, M., Echizen, I., Weippl, E.: An algorithm for collusion-resistant anonymization and fingerprinting of sensitive microdata. Electron. Mark. 24(2), 113–124 (2014)

    Article  Google Scholar 

  15. Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49–51 (2011)

    Article  Google Scholar 

  16. Liang, G., Weller, S.R., Zhao, J., Luo, F., Dong, Z.Y.: The 2015 ukraine blackout: implications for false data injection attacks. IEEE Trans. Power Syst. 32(4), 3317–3318 (2017)

    Article  Google Scholar 

  17. Lindemann, U.: Methodische Entwicklung Technischer Produkte: Methoden Flexibel und Situationsgerecht Anwenden. Springer, Heidelberg (2006). https://doi.org/10.1007/978-3-642-01423-9

    Google Scholar 

  18. McGraw, G.: Software security. IEEE Secur. Priv. 2(2), 80–83 (2004)

    Article  Google Scholar 

  19. Nagra, J., Collberg, C.: Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Pearson Education, London (2009)

    Google Scholar 

  20. Ramaswamy, A., Bratus, S., Smith, S.W., Locasto, M.E.: Katana: a hot patching framework for elf executables. In: International Conference on Availability, Reliability, and Security, ARES 2010, pp. 507–512. IEEE (2010)

    Google Scholar 

  21. Richtlinie, V.D.I.: 2206: Entwicklungsmethodik für mechatronische Systeme. VDI-Verlag, Düsseldorf (2004)

    Google Scholar 

  22. Richtlinie, V.D.I.: 2221 (1993): Methodik zum Entwickeln und Konstruieren technischer Systeme und Produkte. VDI-Verlag, Düsseldorf (2007)

    Google Scholar 

  23. Riel, A., Kreiner, C., Macher, G., Messnarz, R.: Integrated design for tackling safety and security challenges of smart products and digital manufacturing. CIRP Ann.-Manuf. Technol. 66, 177–180 (2017)

    Article  Google Scholar 

  24. Schrittwieser, S., Katzenbeisser, S., Kinder, J., Merzdovnik, G., Weippl, E.: Protecting software through obfuscation: can it keep pace with progress in code analysis? ACM Comput. Surv. (CSUR) 49(1), 4 (2016)

    Article  Google Scholar 

  25. Sion, R., Atallah, M., Prabhakar, S.: Watermarking relational databases (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. SBA Research, Vienna, Austria

    Peter Kieseberg

  2. TU Wien, Vienna, Austria

    Edgar Weippl

Authors
  1. Peter Kieseberg
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Edgar Weippl
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Peter Kieseberg .

Editor information

Editors and Affiliations

  1. Vienna University of Technology, Vienna, Austria

    Dietmar Winkler

  2. Vienna University of Technology, Vienna, Austria

    Stefan Biffl

  3. Software Quality Lab GmbH, Linz, Austria

    Johannes Bergsmann

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kieseberg, P., Weippl, E. (2018). Security Challenges in Cyber-Physical Production Systems. In: Winkler, D., Biffl, S., Bergsmann, J. (eds) Software Quality: Methods and Tools for Better Software and Systems. SWQD 2018. Lecture Notes in Business Information Processing, vol 302. Springer, Cham. https://doi.org/10.1007/978-3-319-71440-0_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-71440-0_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-71439-4

  • Online ISBN: 978-3-319-71440-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation