research-article

The Process Matters: Ensuring Data Veracity in Cyber-Physical Systems

Authors:

Marina Krotofil,

Dieter GollmannAuthors Info & Claims

ASIA CCS '15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security

Pages 133 - 144

https://doi.org/10.1145/2714576.2714599

Published: 14 April 2015 Publication History

Abstract

Cyber-physical systems are characterized by an IT infrastructure controlling effects in the physical world. Attacks are intentional actions trying to cause undesired physical effects. When process data originating in the physical world is manipulated before being handed to the IT infrastructure, the data security property called "veracity" or trustworthiness will be violated. There is no canonical IT security solution guaranteeing that the inputs from a sensor faithfully represent reality. However, the laws of physics may help the defender to detect impossible or implausible sensor readings.

This paper proposes a process-aware approach to detect when a sensor signal is being maliciously manipulated. We present a set of lightweight real-time algorithms for spoofing sensor signals directly at the microcontroller of the field device. The detection of spoofed measurements takes the form of plausibility and consistency checks with the help of the correlation entropy in a cluster of related sensors. We use the Tennessee Eastman challenge process to demonstrate the performance of our approach and to highlight aspects relevant to the detection effectiveness.

References

[1]

A. Agogino and K. Tumer. Entropy based anomaly detection applied to space shuttle main engines. In Aerospace Conference, 2006 IEEE, pages 1--7, 2006.

[2]

T. Backx, O. Bosgra, and W. Marquardt. Integration of Model Predictive Control and Optimization of Processes. Technical report, The Chair of Process Systems Engineering, University of Aachen, 2000.

[3]

N. Borselius. Mobile agent security. Electronics & Communication Engineering Journal, 14(5):211--118, 2002.

[4]

J. V. Bradley. Distribution-Free Statistical Tests. Prentice Hall, 1968.

[5]

A. A. Cárdenas, S. Amin, Z.-S. Lin, Y.-L. Huang, C.-Y. Huang, and S. Sastry. Attacks against process control systems: risk assessment, detection, and response. In ASIACCS'11, pages 355--366, 2011.

Digital Library

[6]

J. J. Downs and E. F. Vogel. A plant-wide industrial process control problem. Computers & Chemical Engineering, 17(3):245--255, 1993.

[7]

Karupis Lab. METIS - Serial Graph Partitioning and Fill-Reducing Matrix Ordering. http://glaros.dtc.umn.edu/gkhome/views/metis.retrieved: July, 2014.

[8]

G. Karypis and V. Kumar. Multilevel graph partitioning schemes. In The 24th International Conference on Parallel Processing, pages 113--122, 1995.

[9]

G. Karypis and V. Kumar. A fast and high quality multilevel scheme for partitioning irregular graphs. SIAM Journal on Scientific Computing, 20(1):359--392, 1998.

Digital Library

[10]

G. Karypis and V. Kumar. Multilevel k-way partitioning scheme for irregular graphs. Journal of Parallel and Distributed Computing, 48:96--129, 1998.

Digital Library

[11]

R. Langner. To kill a centrifuge. Technical report, Langner Communications, 2013.

[12]

T. Larsson, K. Hestetun, E. Hovland, and S. Skogestad. Self-optimizing control of a large-scale plant: The Tennessee Eastmann process. Ind. Eng. Chem. Res., 40(22):4488--4901, 2001.

[13]

O. Linda, M. Manic, and M. McQueen. Improving Control System Cyber-State Awareness Using Known Secure Sensor Measurements. In Critical Information Infrastructures Security, volume 7722 of LNCS, pages 46--58. 2013.

[14]

T. R. McEvoy and S. D. Wolthusen. Detecting Sensor Signal Manipulations in Non-Linear Chemical Processes. In Critical Infrastructure Protection IV, pages 81--94, 2010.

[15]

C. McIntyre. Using Smart Instrumentation. Plant Engineering: online magazine, 2011. http://www.controleng.com/single-article/using-smart-instrumentation/a0ec350155bb86c8f65377ba66e59df8.html.

[16]

L. Neitzel and B. Huba. Top ten differences between ICS and IT cybersecurity. InTech, 61(3):12--18, 2014.

[17]

W. H. Press, B. P. Flannery, S. A. Teukolsky, and W. T. Vetterling. Numerical Recipes in FORTRAN: The Art of Scientific Computing, Cambridge University Press, 1992.

Digital Library

[18]

N. L. Ricker. Tennessee Eastman Challenge Archive. http://depts.washington.edu/control/LARRY/TE/download.html. retrieved: May, 2013.

[19]

C. E. Shannon and W. Weaver. The Mathematical Theory of Communications. University of Illinois Press, 1949.

Digital Library

[20]

U.S. Chemical Safety and Hazard Investigation Board. BP America Refinery Explosion: Final Investigation Report. 2007.

[21]

A. Vodencarevic, H. Kleine Buning, O. Niggemann, and A. Maier. Identifying behavior models for process plants. In Emerging Technologies Factory Automation, 2011 IEEE 16th Conference on, pages 1--8, 2011.

[22]

Y. Wang, Z. Xu, J. Zhang, L. Xu, H. Wang, and G. Gu. SRID: State Relation Based Intrusion Detection for False Data Injection Attacks in SCADA. In Computer Security - ESORICS 2014, volume 8713 of LNCS, pages 401--418. 2014.

Cited By

Brand MNarayan ALehnhoff S(2024)Applying Trust for Operational States of ICT-Enabled Power Grid ServicesACM Transactions on Autonomous and Adaptive Systems10.1145/365467219:4(1-22)Online publication date: 3-Apr-2024
https://dl.acm.org/doi/10.1145/3654672
Wang SKo RBai GDong NChoi TZhang Y(2024)Evasion Attack and Defense on Machine Learning Models in Cyber-Physical Systems: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2023.334480826:2(930-966)Online publication date: Oct-2025
https://doi.org/10.1109/COMST.2023.3344808
Rehman MBahşi H(2024)Process-aware security monitoring in industrial control systems: A systematic review and future directionsInternational Journal of Critical Infrastructure Protection10.1016/j.ijcip.2024.10071947(100719)Online publication date: Dec-2024
https://doi.org/10.1016/j.ijcip.2024.100719
Show More Cited By

Index Terms

The Process Matters: Ensuring Data Veracity in Cyber-Physical Systems
1. Applied computing
  1. Operations research
2. Information systems
  1. Information systems applications
    1. Process control systems

Recommendations

Attacks against process control systems: risk assessment, detection, and response
ASIACCS '11: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security

In the last years there has been an increasing interest in the security of process control and SCADA systems. Furthermore, recent computer attacks such as the Stuxnet worm, have shown there are parties with the motivation and resources to effectively ...
On synergies of cyber and physical security modelling in vulnerability assessment of railway systems

Display Omitted Cyber-physical systems need holistic methods to discover relationships between physical and cyber components.Security threats attempt to both physical and cyber elements.Model-driven techniques accounting for joint physical and cyber-...
Taxonomy for description of cross-domain attacks on CPS
HiCoNS '13: Proceedings of the 2nd ACM international conference on High confidence networked systems

The pervasiveness of Cyber-Physical Systems (CPS) in various aspects of the modern society grows rapidly. This makes CPS to increasingly attractive targets for various kinds of attacks. We consider cyber-security as an integral part of CPS security. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security

April 2015

698 pages

ISBN:9781450332453

DOI:10.1145/2714576

General Chairs:
Feng Bao
Huawei Technologies Pte Ltd, Singapore
,
Steven Miller
Singapore Management University, Singapore
,
Program Chairs:
Jianying Zhou
Institute for Infocomm Research, Singapore
,
Gail-Joon Ahn
Arizona State University, USA

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 April 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASIA CCS '15

Sponsor:

SIGSAC

ASIA CCS '15: 10th ACM Symposium on Information, Computer and Communications Security

April 14 - March 17, 2015

Singapore, Republic of Singapore

Acceptance Rates

ASIA CCS '15 Paper Acceptance Rate 48 of 269 submissions, 18%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

56
Total Citations
View Citations
1,058
Total Downloads

Downloads (Last 12 months)82
Downloads (Last 6 weeks)6

Reflects downloads up to 13 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Brand MNarayan ALehnhoff S(2024)Applying Trust for Operational States of ICT-Enabled Power Grid ServicesACM Transactions on Autonomous and Adaptive Systems10.1145/365467219:4(1-22)Online publication date: 3-Apr-2024
https://dl.acm.org/doi/10.1145/3654672
Wang SKo RBai GDong NChoi TZhang Y(2024)Evasion Attack and Defense on Machine Learning Models in Cyber-Physical Systems: A SurveyIEEE Communications Surveys & Tutorials10.1109/COMST.2023.334480826:2(930-966)Online publication date: Oct-2025
https://doi.org/10.1109/COMST.2023.3344808
Rehman MBahşi H(2024)Process-aware security monitoring in industrial control systems: A systematic review and future directionsInternational Journal of Critical Infrastructure Protection10.1016/j.ijcip.2024.10071947(100719)Online publication date: Dec-2024
https://doi.org/10.1016/j.ijcip.2024.100719
Goknil ANguyen PSen SPolitaki DNiavis HPedersen KSuyuthi AAnand AZiegenbein A(2023)A Systematic Review of Data Quality in CPS and IoT for Industry 4.0ACM Computing Surveys10.1145/359304355:14s(1-38)Online publication date: 17-Jul-2023
https://dl.acm.org/doi/10.1145/3593043
Cui DWang ZXiao HShi Y(2023)Research on Multi-sensor Data Attack Detection Method for Industrial Control SystemProceeding of 2022 International Conference on Wireless Communications, Networking and Applications (WCNA 2022)10.1007/978-981-99-3951-0_70(637-647)Online publication date: 27-Jul-2023
https://doi.org/10.1007/978-981-99-3951-0_70
Wolsing KWagner ESaillard AHenze M(2022)IPAL: Breaking up Silos of Protocol-dependent and Domain-specific Industrial Intrusion Detection SystemsProceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3545948.3545968(510-525)Online publication date: 26-Oct-2022
https://dl.acm.org/doi/10.1145/3545948.3545968
Mallmann-Trenn FCavorsi MGil S(2022)Crowd Vetting: Rejecting Adversaries via Collaboration With Application to Multirobot FlockingIEEE Transactions on Robotics10.1109/TRO.2021.308903338:1(5-24)Online publication date: Feb-2022
https://doi.org/10.1109/TRO.2021.3089033
Yemini MNedic AGoldsmith AGil S(2022)Characterizing Trust and Resilience in Distributed Consensus for Cyberphysical SystemsIEEE Transactions on Robotics10.1109/TRO.2021.308805438:1(71-91)Online publication date: Feb-2022
https://doi.org/10.1109/TRO.2021.3088054
Azzam MPasquale LProvan GNuseibeh B(2022)Grounds for Suspicion: Physics-Based Early Warnings for Stealthy Attacks on Industrial Control SystemsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.311398919:6(3955-3970)Online publication date: 1-Nov-2022
https://doi.org/10.1109/TDSC.2021.3113989
Liu JLin XChen XWen HLi HHu YSun JShi ZSun L(2022)ShadowPLCs: A Novel Scheme for Remote Detection of Industrial Process Control AttacksIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2020.304626719:3(2054-2069)Online publication date: 1-May-2022
https://doi.org/10.1109/TDSC.2020.3046267
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents