Research Paper
Research Paper
Research Paper
Journal Pre-proof
PII: S0141-9331(20)30368-9
DOI: https://doi.org/10.1016/j.micpro.2020.103201
Reference: MICPRO 103201
Please cite this article as: Jean-Paul A. Yaacoub, Ola Salman, Hassan N. Noura, Nesrine Kaaniche,
Ali Chehab, Mohamad Malli, Cyber-Physical Systems Security: Limitations, Issues and Future Trends,
Microprocessors and Microsystems (2020), doi: https://doi.org/10.1016/j.micpro.2020.103201
This is a PDF file of an article that has undergone enhancements after acceptance, such as the addition
of a cover page and metadata, and formatting for readability, but it is not yet the definitive version of
record. This version will undergo additional copyediting, typesetting and review before it is published
in its final form, but we are providing this version to give early visibility of the article. Please note that,
during the production process, errors may be discovered which could affect the content, and all legal
disclaimers that apply to the journal pertain.
Abstract—Typically, Cyber-Physical Systems (CPS) involve CPS systems can sense the surrounding environment, with the
various interconnected systems, which can monitor and manip- ability to adapt and control the physical world [5]. This is
ulate real objects and processes. They are closely related to mainly attributed to their flexibility and capability to change
Internet of Things (IoT) systems, except that CPS focuses on
the interaction between physical, networking and computation the run-time of system(s) process(es) through the use of real-
processes. Their integration with IoT led to a new CPS aspect, time computing [6]. In fact, CPS systems are being used
the Internet of Cyber-Physical Things (IoCPT). The fast and in multiple domains (see Fig. 1), and embedded in different
significant evolution of CPS affects various aspects in people’s systems such as power transmission systems, communication
way of life and enables a wider range of services and applications systems, agricultural/ecological systems, military systems [7],
including e-Health, smart homes, e-Commerce, etc. However,
interconnecting the cyber and physical worlds gives rise to new [8], and autonomous systems (drones, robotics, autonomous
dangerous security challenges. Consequently, CPS security has cars, etc.) [9], [10]. That, in addition to medical care domains
attracted the attention of both researchers and industries. This to enhance the medical services [11]. Moreover, CPS can be
paper surveys the main aspects of CPS and the corresponding used in supply chain management to enable echo-friendly,
applications, technologies, and standards. Moreover, CPS security transient, cost efficient, and safe manufacturing process.
vulnerabilities, threats and attacks are reviewed, while the key
issues and challenges are identified. Additionally, the existing
security measures are presented and analyzed while identifying A. Problem Formulation
their main limitations. Finally, several suggestions and recom-
mendations are proposed benefiting from the lessons learned Despite their numerous advantages, CPS systems are prone
throughout this comprehensive review. to various cyber and/or physical security threats, attacks and
challenges. This is due to their heterogeneous nature, their
Keywords: Cyber-Physical Systems; Cyber-Security reliance on private and sensitive data, and their large scale
Threats, Attacks and Issues; Cyber-Physical Vulnerabilities deployment. As such, intentional or accidental exposures of
and Challenges; Security, Privacy and Forensics Solutions; these systems can result into catastrophic effects, which makes
Security and Performance Analysis. it critical to put in place robust security measures. However,
this could lead to unacceptable network overhead, especially
I. I NTRODUCTION in terms of latency. Also, zero-day vulnerabilities should be
minimized with constant software, applications and operating
Cyber Physical Systems (CPS) are designated as essential
system updates.
components of the Industrial Internet of Things (IIoT), and
they are supposed to play a key role in Industry v4.0. CPS
enables smart applications and services to operate accurately B. Related Work
and in real-time. They are based on the integration of cyber Recently, several research works addressed the different
and physical systems, which exchange various types of data security aspects of CPS: the different CPS security goals were
and sensitive information in a real-time manner [1]. The listed and discussed in [12], [13], [14], [15]; maintaining CPS
development of CPS is being carried out by researchers and security was presented in [16]; CPS security challenges and
manufacturers alike [2]. Given that CPS and Industry v4.0 issues were presented in [17], [18]; some of the security issues
offer a significant economic potential [3], the German gross were reviewed, including big data security [19], [20], IoT
value will be boosted by a cumulative of 267 billion Euros storage issues [21], and Operating System vulnerabilities [22];
by 2025 upon the introduction of CPS into Industry v4.0 [4]. several security and privacy solutions using cryptographic
algorithms and protocols were discussed in [23], [24]. How-
A CPS is identified as a network of embedded systems ever, none of the existing works presented a comprehensive
that interact with physical input and output. In other words, view of CPS security in terms of threats, vulnerabilities, and
CPS consists of the combination of various interconnected attacks based on the targeted domain (cyber, physical, or
systems with the ability to monitor and manipulate real IoT- hybrid). Hence, this paper presents a detailed overview of the
related objects and processes. CPS includes three main central existing cyber, physical and hybrid attacks, and their security
components: sensors, aggregators and actuators. Moreover, solutions including cryptographic and non-cryptographic ones.
2
Moreover, for the first time, CPS forensics are discussed as E. Organization
an essential requirement for the investigation of the causes of Aside from the introduction, this paper is divided into six
CPS-related crimes and attacks. main sections as follows. Section II presents some background
about CPS including their layers, components, and models.
C. Motivation Section III discusses and details the key CPS threats, attacks
and vulnerabilities in addition to listing and describing several
CPS systems have been integrated into critical real-case CPS attacks, and the main persistent challenges and
infrastructures (smart grid, industry, supply chain, healthcare, issues. Section V assesses and evaluates the risks associated
military, agriculture, etc.), which makes them an attractive with CPS security attacks, especially in a qualitative risk
target for security attacks for various purposes including assessment manner. Section V presents and analyzes the
economical, criminal, military, espionage, political and main CPS security solutions including cryptographic, non-
terrorism as well. Thus, any CPS vulnerability can be targeted cryptographic, and forensics ones. Section VI highlights the
to conduct dangerous attacks against such systems. Different lessons learnt throughout this study. Section VII provides key
security aspects can be targeted including confidentiality, suggestions and recommendations for a safe and secure CPS
integrity, and availability. In order to enable the wide adoption environment. Section VIII concludes the presented work.
and deployment of CPS systems and to leverage their benefits,
it is essential to secure these systems from any possible II. CPS - BACKGROUND
attack, internal or/and external, passive or active.
In this section, we present the CPS architecture, its main
layers and components, as well as the main CPS models.
The main motivation of this work is to identify the main
CPS security threats, vulnerabilities and attacks, and to dis-
cuss the advantages and limitations of the existing security A. CPS Layers & Components
solutions, with the aim to identify the requirements for a The architecture of CPS systems consists of different lay-
secure, accurate, reliable, efficient and safe CPS environment. ers and components, which rely on different communication
Moreover, the security solutions are analyzed in terms of the protocols and technologies to communicate among each other
associated computational complexity. Note that CPS systems across the different layers.
require innovative security solutions that can strike a good 1) CPS Layers: The CPS architecture consists of three
balance between security level and system performance. main layers, the perception layer, transmission layer, and
application layer, which are presented and described in Fig. 2.
The analysis of the security issues at the various CPS layers
D. Contributions
is based on the work in [25].
In this work, we conduct a comprehensive overview and • Perception Layer: It is also known as either the recog-
analysis of the different cyber-physical security aspects of nition or the sensing layer [26]. It includes equipment
CPS. The contributions entail the following: such as sensors, actuators, aggregators, Radio-Frequency
• General Background about CPS including their main IDentification (RFID) tags, Global Positioning Systems
layers, components and model types. (GPS) along with various other devices. These devices
• Cyber-Physical Attacks are presented in relation to the collect real-time data in order to monitor, track and
targeted cyber and/or physical system/device, and the interpret the physical world [27]. Examples of such col-
corresponding vulnerabilities of each such domain. lected data include electrical consumption, heat, location,
• Risk Assessment: a qualitative risk assessment method chemistry, and biology, in addition to sound and light
is presented to evaluate the risk and exposure levels signals [28], depending on the sensors’ type [29]. These
for each CPS system, while proposing suitable security sensors generate real-time data within wide and local
countermeasures. network domains, before being aggregated and analyzed
• Security Measures and their limitations are discussed by the application layer. Moreover, securing actuators de-
and analyzed, including recent cryptographic and non- pends on authorized sources to ensure that both feedback
cryptographic solutions. and control commands are error-free and protected [30].
• Forensics solutions are also presented and discussed Generally, increasing the security level requires an end-
about securely extracting evidence and thus, to improve to-end encryption scheme at each layer [31]. Therefore,
forensics investigations. heavyweight computations and large memory require-
• Lessons: various lessons are learnt throughout this survey ments would be introduced [32]. In this context, there
including how to protect real-time data/information com- is a need for the design of efficient and lightweight
munication among resource-constrained CPS devices, and security protocols, which take into consideration the
how to achieve protection of CPS security goals such as devices capabilities and the security requirements.
confidentiality, integrity, availability and authentication. • Transmission Layer: It is also known as the trans-
• Suggestions & Recommendations are presented about port layer or network layer, and it is the second CPS
how to mitigate and overcome various cyber, physical layer [29]. This layer interchanges and processes data
and hybrid threats, vulnerabilities, attacks, challenges and between the perception and application layers. Data trans-
issues for a safe CPS environment. mission and interaction is achieved through the Internet
3
using Local Area Networks (LANs) and communication computing, middleware, and data mining algorithms are
protocols including Bluetooth, 4G and 5G, InfraRed used to manage the data at this layer [41]. Protecting and
(IR) and ZigBee, Wi-Fi, Long Term Evolution (LTE), preserving privacy requires protecting private data from
along with other technologies. For this purpose, various being leaked. The most known protective approaches
protocols are used to address the increase in the num- include anonymization, data masking (camouflage) [42],
ber of internet-connected devices, such as the Internet [43], privacy-preserving, and secret sharing [31]. More-
Protocol version 6 (IPv6) [33]. This layer also ensures over, this layer also requires a strong multi-factor au-
data routing and transmission using cloud computing thentication process to prevent unauthorised access and
platforms, routing devices, switching and internet Gate- escalation of privilege [44]. Due to the increase in the
ways, firewalls and Intrusion Detection/Prevention Sys- number of Internet-connected devices, the size of the gen-
tems (IDS/IPS) [34], [35]. Before outsourcing data con- erated data has become a significant issue [21]. Therefore,
tents, it is essential to secure their transmission to prevent securing big data calls for efficient protection techniques
intrusions and malicious attacks including malware, ma- to process huge amounts of data in a timely and efficient
licious code injection [36], Denial of Service/Distributed manner [45].
Denial of Service (DoS/DDoS), eavesdropping, and unau- 2) CPS Components: CPS components are used for sensing
thorised access attacks [37]. This introduces a challenge, information [5], or for controlling signals (Fig. 3). In this re-
especially for resource-constrained devices due to the gard, CPS components are classified into two main categories:
imposed overhead in terms of the required processing and Sensing Components (SC) that collect and sense information,
power resources [38]. and Controlling Components (CC) that monitor and control
• Application Layer: It is the third and most interactive signals.
layer. It processes the received information from the • Sensing Components: are primarily located at the
data transmission layer and issues commands, which perception layer and consist of sensors that collect
are executed by the physical units including sensors data/information and forward them to aggregators. Then,
and actuators [39]. This is done by implementing com- this data/information is sent to the actuators for further
plex decision-making algorithms based on the aggregated analysis to ensure accurate decision making. In the fol-
data [40]. Moreover, this layer receives and processes lowing, we list the main CPS sensing components.
information from the perception layer before determining – Sensors: collect and record real-world data following
the rightly invoked automated actions [29]. In fact, cloud a correlation process named "calibration", to assess
Fig. 2: CPS Layers
4
5
the correctness of the collected data [46]. Sensing nology (OT/IT) [48], Control Loop/Server [49], and
data is essential since the decisions that will be made Human-Machine Interface (HMI)/Graphical User Inter-
are based on the analysis of this data. face (GUI) [50]) has become highly essential. Next, we
– Aggregators: are primarily located at the transmis- list the different types of control systems that are used in
sion layer (i.e routers, switches and gateways) to CPS systems:
process the received data/information from sensors, • Programmable Logic Controllers (PLC): were initially
before issuing the corresponding decision(s). In fact, developed to replace hard-wired relays, and are consid-
data aggregation is based on the collected informa- ered as industrial digital computers that control the man-
tion about a specific target, where this information ufacturing processes such as robotic devices performance
is gathered and summarized following a statistical and/or fault diagnosis processing; hence achieving better
analysis. Online Analytical Processing (OLAP) is a flexibility and resiliency.
prime data aggregation type used as an online re- • Distributed Control Systems (DCS): are computerized
porting mechanism for processing information [46]. control systems that allow the autonomous controllers’
distribution throughout the system using a central op-
– Actuators: are located at the application layer to erator supervisory control. As a result of the remote
make the information visible to the surrounding envi- monitoring and supervision process, the DCS’s reliability
ronment based on the decisions made by the aggrega- is increased, whilst its installation cost is reduced. In
tors. Since actuators highly depend on other network some cases, DCS can be similar to Supervisory Control
nodes, then each action performed by the CPS relies and Data Acquisition (SCADA) systems.
on an earlier data aggregation sequence [5]. Also • Remote Terminal Units (RTU): or “Remote Telemetry
in terms of operations, actuators process electrical Unit” [51], are electronic devices controlled by a micro-
signals as input and generate physical actions as processor such as the Master Terminal Unit (MTU) [52].
output [46]. Unlike the PLC, they do not support any control loop nor
control algorithm(s). Thus, making them more suitable
• Controlling Components: are used to control Signals
for wireless communications over wider geographical
and they play a key role in signal control, monitoring
telemetry areas. RTU’s main task is to interface SCADA
and management to achieve higher levels of accuracy and
to the physical object(s) using a supervisory messaging
protection against malicious attacks or accidents, mainly
system that controls these objects through the system’s
signal jamming, noise and interference. As a result,
transmission of telemetry data.
the reliance on Programmable Logic Controllers (PLCs)
and Distributed Control System (DCSs) along with their In fact, both RTUs and PLCs use a small computerized
components (i.e Programmable Automation Controller “artificial brain” (Central Processing Unit (CPU)) to process
(PAC) [47], Operational Technology/Information Tech- inputs and outputs from sensing devices and pumping equip-
6
ment [53]; hence using IEDs (Intelligent Electronic Devices) a real-time hybrid authentication method [64], while a
to transmit data flow or trigger an alarm in case of any configurable real-time hybrid structural testing for CPS
intrusion. TABLE I presents a comparison of the common was presented by Tidwell et al. in [65]. Finally, an event
points and differences between PLCs and RTUs. Concerning driven monitoring of CPS based on hybrid automata was
the relation between components and layers, it can be seen presented by Jianhui in [66].
that sensing components are mainly deployed at the perception
and transmission layers, while the controlling components are III. CPS V ULNERABILITIES , T HREATS , ATTACKS &
deployed at the application layer. FAILURES
In a similar manner to most networking systems, security
B. CPS Model Types services were not incorporated into CPS systems by design,
CPS models can be divided into three main types: leaving the door open for various vulnerabilities and threats
• Timed Actor CPS: This model focuses on the functional
to be leveraged by attackers to launch security attacks. This
aspects based on behaviour and correctness, along with is also due to the heterogeneous nature of CPS devices since
the non-functional aspects that are based on performance they operate in different IoT domains and communicate using
and timing. A theory was introduced in [54] with a different technologies and protocols.
functional and classical refinement that restricts certain
behaviour set, improving efficiency while reducing com- A. CPS Security Threats
plexity. The main focus is on the refinement based on CPS security threats can be classified as cyber or physical
the “earlier-the-better” principle since it offers the ability threats, as explained below, and if combined, these can result
to identify deterministic abstractions of non-deterministic into cyber-physical threats.
systems [55]. In fact, these time-deterministic models are 1) Cyber Threats: The main attention on Industrial IoT
less prone to state explosion problems, with the ability to security was highly focused on cyber threats rather than
derive analytical bounds easier [56]. physical threats for many reasons, as cited in [18]. This
• Event-Based CPS: In such models, an event must be
includes the electrical grid evolution into an Advanced
sensed and detected by the proper CPS components, Metering Infrastructure (AMI), which resulted into the
before the actuation decisions are made. However, indi- rise of newly unknown cyber threats aside from SCADA
vidual component timing constraints vary depending on vulnerabilities [67], [68], [69]. Electronic attacks are now
the non-deterministic system delay, which is caused by easier to launch from any device, unlike physical attacks
the different CPS actions including sensing, actuating, that require physical presence and physical tools. Moreover,
communication and computing [57]. In [58], Hu et al. the smart meter interfacing and interconnection with other
stated that time constraints can be handled through the meters in the Near-me Area Network (NAN) and Home
use of an event-based approach, which uses CPS events Area Network (HAN) increase its exposure to various remote
to ensure the system’s communication, computation, and threats. Finally, electronic attacks are difficult to mitigate
control processes. This allows the CPS to be more suit- and overcome in the absence of the right prevention and
able and more useful for spatio-temporal information. defensive countermeasures. For further details on cyber threat
• Lattice-Based Event Model In [59], the CPS events are
intelligence, a brief survey of CPS security approaches was
represented according to the event type, along with the presented in [14]. For further information about cyber security
internal and external event attributes. If these events are threats, more details can be found in [70], [71].
combined, they can be used to define a spatio-temporal
property of any given event, while also identifying all the Since cyber security is not limited to a single aspect, it can
components that were observing the event. be considered from different perspectives, such as:
• Hybrid-Based CPS Model Hybrid CPS systems are
• Centring Information: which requires protecting the
heterogeneous systems that are made up of two distinct
interactive system types, continuous state (physical dy- data flow during the storage phase, transmission phase,
namic systems) and discrete-state (discrete computing and even the processing phase.
• Oriented Function: which requires integrating the cyber-
systems) [60], [61]. Both development and evolution
depend on the response of discrete transient events physical components in the overall CPS.
• Oriented Threat: which impacts data confidentiality,
represented by finite state machines, and the the dy-
namic behaviour represented by differential/difference integrity, availability, and accountability [70].
equation(s) [62]. Unlike other CPS models, hybrid CPS The above issues make CPS systems prone to:
is interconnected via a network, which makes it prone to • Wireless Exploitation: It requires knowledge of the
delays. Moreover, hybrid CPS systems do not support any system’s structure and thus, exploiting its wireless ca-
hierarchical modeling, and are not suitable for modeling pabilities to gain remote access or control over a system
concurrent systems. Hence, hybrid systems modeling or possibly disrupt the system’s operations. This causes
challenges caused by CPS were discussed by Benveniste collision and/or loss of control [72].
et al. in [63]. In fact, CPS system network latency • Jamming: In this case, attackers usually aim at changing
issues were addressed and solved by Kumar et al. using the device’s state and the expected operations to cause
7
damage by launching waves of de-authentication or wire- are well protected. This is due to the fact that these
less jamming signals, which would result into denial of stations are well-manned and well-guarded based on
device and system services [73]. the implementation of access controls, authorisation and
• Reconnaissance: An example of such a threat is where authentication mechanisms such as usernames and pass-
intelligence agencies continuously perform operations tar- words, access cards, biometrics and video surveillance.
geting a nation’s Computational Intelligence (CI) and In- However, the main concern is related to the less protected
dustrial Control System (ICS) mainly through a malware power-generating sub-stations since transmission lines are
spread [74]. This results in violating data confidentiality vulnerable to sabotage attacks and disruption. In fact,
due to the limitation of traditional defenses [75], [76]. smart meters are also vulnerable to a number of threats as
• Remote Access: This is mainly done by trying to gain explained in [83]. To address this problem, smart meters
remote access to the CPS infrastructure, for example, must be tamper-resistant by relying on outage detection
causing disturbances, financial losses, blackouts, as well or even host-based intrusion detection. However, it is
as industrial data theft and industrial espionage [77]. almost impossible to prevent physical tampering or theft
Moreover, Havex Trojans are among the most dangerous by adversaries (such as Advanced Persistent Threats
malware against ICSs, as they can be weaponized and (APTs)), except that it is possible to mitigate the risk
used as part of cyber-warfare campaign management and reduce its impact.
against a nation’s CPS [78]. • Loss: the most worrying scenario is having more than a
• Disclosure of Information: Hackers can disclose any single substation failure caused by a malicious attacker. In
private/personal information through the interception of case of a severe damage in the smart grid, a total black-
communication traffic using wireless hacking tools [16], out of major metropolitan areas may occur for several
violating both privacy and confidentiality [79]. hours [84]. A real-case scenario includes the cascading
• Unauthorised Access: Attackers try to gain an unautho- blackout that managed to hit the U.S. on August 14th,
rized access through either a logical or physical network 2003 [85], caused by the People Liberation Army (PLA),
breach and to retrieve important data, leading to a privacy which is a Chinese politically-motivated group [86].
breach [80]. • Repair: it can be based on a self-healing process [87],
• Interception: Hackers can intercept private conversa- which is based on the ability to either sense faults or
tions through the exploitation of already existing or new disruptions, whilst isolating the problem and sending
vulnerabilities leading to another type of privacy and alerts to the corresponding control system to automati-
confidentiality breach [72]. cally reconfigure the back-up resources in order to con-
• GPS Exploitation: Hackers can track a device or even a tinuously provide the necessary service. The aim is to
car by exploiting (GPS) navigation systems, resulting in ensure a fast recovery in as short of a time as possible.
a location privacy violation [81], [72]. However, critical components do suffer from either a lack
• Information Gathering: software manufacturers or a limited backup capability. Therefore, self-healing can
covertly gather files and audit logs stored on any given respond faster to a severe damage.
device in order to sell this huge amount of personal
Some of the threats associated with CPS systems include:
information for marketing and commercial purposes in
an illegal manner. • Spoofing: it consists of masquerading the identity of a
trusted entity by a malicious unknown source. In this
2) Physical Threats: CPS systems are recently evolving
case, attackers are capable of spoofing sensors, for ex-
into the industrial domain by introducing an Advanced Meter-
ample, by sending misleading and/or false measurements
ing Infrastructure (AMI), and Neighbourhood Area Networks
to the control center.
(NANs), along with data meter management systems to main-
• Sabotage: Sabotage consists of intercepting the legal
tain the robustness of CPS in industrial domains [82]. In fact,
communication traffic and redirecting it to malicious
physical threats might be classified according to the following
third party or disrupting the communication process. For
three factors:
example, attackers can sabotage physically exposed CPS
• Physical Damage: since different facility types im- components across the power grid, to cause a service
plement different levels of protection, power-generating disruption or even denial of service that leads to either
stations (E.g power grid, power plants, base stations) total or partial blackout.
8
• Service Disruption or Denial: Attackers are capable of • Bad Practice: is primarily related to a bad coding/weak
physically tampering with any device to disrupt a service skills that lead to the code to execute infinite loops, or to
or to change the configuration. This has serious effects, become too easy to be modified by a given attacker.
especially in the case of medical applications. • Spying: CPS systems are also prone to
• Tracking: Since devices are physically exposed, an at- spying/surveillance attacks, mainly by using spyware
tacker can gain access to a given device, and/or even (malware) types that gain a stealthy access and
attach a malicious device or track the legal ones. remain undetected for years with the main task to
In the following, we present the main CPS vulnerabilities eavesdrop, steal and gather sensitive/confidential data
that can be targeted by the above-mentioned threats. and information.
• Homogeneity: similar cyber-physical system types suffer
conversations through eavesdropping [13]. of physical components is exposed without physical secu-
By default, ICS relies on Modbus and DNP3 protocols to rity, making them prone to physical destruction. Therefore,
monitor and send control commands to sensors and actuators. in [136], Mo et al. stressed on detection and prevention
In [16], Humayed et al. stated that the Modbus protocol lacks solutions. In [16], Humayed et al. stated that medical devices
basic security measures such as encryption, authentication are vulnerable to physical access along with the possibility of
and authorization. This has made it prone to eavesdropping, installing malware into them, or even modifying the device’s
wiretapping, and port-scan [123], with the risk of the controller configurations, risking the patient’s health. Moreover, a phys-
being spoofed through false data injection [124]. The DNP3 ical access to any medical device is also a vulnerability since
protocol is also prone to the same vulnerabilities and attacks, an attacker can retrieve the device’s serial number to launch
with one main difference which is the integration of Cyclic targeted attacks [131].
Redundancy Check (CRC) as an integrity measure [125]. As listed above, CPS systems suffer from various vulnera-
Moreover, Windows Server Services were vulnerable to re- bilities making them prone to different types of attacks, which
mote code execution [99], with more attacks being achieved are discussed next.
through the exploitation of buffer overflow vulnerabilities in
any running Operating System (OS). C. Cyber-Physical System Attacks
Moreover, power system infrastructure of smart grids is In this section, we present the different types of attacks that
prone to the same vulnerabilities as ICS, Modbus and DNP3, target the different aspects of CPS systems, including cyber
since they are based on the same protocols. As a result, and physical ones:
IEC 61850 protocol was introduced in substations’ com- 1) Physical Attacks: Physical attacks were more active in
munications, which lack security properties and are prone past years, especially against industrial CPS systems [137],
to eavesdropping attacks. Therefore, leading to interference [138]. Many of these attacks were already presented in [139].
attacks [126], or false information injection attacks [127]. Nonetheless, this paper presents a broader range of physical
In [128], Santamarta et al. analysed the available documen- attack types:
tation of smart meters, and located a “factory login” account • Infected Items: this includes infected CDs, USBs,
used to perform basic configurations. This gives the user full devices and drives such as the case of the Stuxnet
control over a smart meter and leads to power disruption, worm [140], which upon their insertion into a cyber-
wrong decision making and targeting neighbouring smart physical device, a covert malware is installed containing
meters within the same network. In addition, many devices a malicious software.
are prone to battery exhausting attacks [73]. • Abuse of Privilege: this attack occurs when rogue or
Gollakota et al. [129] and Halperin et al. [130] exploited unsatisfied employees access the server rooms and instal-
the Implantable Cardioverter Defibrillator (ICD) wireless vul- lation areas within the CPS domain. This allows them to
nerabilities through injection attacks. The authors also showed insert a rogue USB for infection through the installation
that Smart cars are vulnerable to various attack types. In [131], of malicious malware/code or as keystroke, or to capture
Radcliffe, revealed another vulnerability with Continuous Glu- confidential data.
cose Monitoring (CGM) devices being vulnerable to replay • Wire Cuts/Taps/Dialing: since communication lines in-
attacks. The CGM device was spoofed with the injection of cluding telephony and Wi-Fi of many cyber-physical
incorrect values. This is due to the fact that security considera- headquarters (HQs) are still physically visible, attackers
tions were not made when the smart cars were designed [132]. can cut the wires or wiretap into them to intercept the
In fact, the Controller Area Network (CAN) protocol suffers communicated data [117].
from many vulnerabilities, which if exploited could result in • Fake Identity: this attack occurs when attackers mas-
attacks against smart cars. This will increase the likelihood of a querade themselves as legitimate employees, with enough
DoS attack [133]. A Tire-Pressure Monitoring System (TPMS) experience to fool the others. They mainly act as cleaners
is also vulnerable to eavesdropping and spoofing due to the to gain an easier access and better interaction with
lack of encryption [134]. In addition, Adaptive Cruise Control other employees. A prime example of that is Australia’s
(ACC), which forms a part of the CAN network can be directly Maroochy Water Breach in 2000 [141].
exploited [13]. In fact, a well-equipped attacker is able to • Stalkers: these are usually legal employees who act
interrupt ACC sensors’ operations by adding noise or spoofing. curious (with malicious intents) by being on the shoulder
Thus, controlling the car by either reducing, increasing its of CPS administrators and engineers to acquire their
speed or even causing collisions. credentials to blackmail or sell them to other competing
2) Physical Vulnerabilities: Physical tampering may result CPS organisations.
into misleading data in cyber-physical components. In fact, • CCTV Camera Interception: this includes intercepting
physical attacks with cyber impact were studied in [135]. the footage of Closed-circuit television cameras that are
The physical exposure of ICS components is classified as a securing entry and key points within CPS areas. This can
vulnerability due to the insufficient physical security provided be done by distorting the signals of cameras, cutting off
to these components. Thus, making them prone to physical the communication wires, deleting the footage, gaining
tampering, alteration, modification or even sabotage. CPS field access to the remote control and monitoring area, etc.,
devices (i.e smart grids, power grids, supply chains etc.) are before performing a physical attack in an undetected
prone to the same ICS vulnerabilities since a large number manner.
10
• Key-Card Hijacking: this includes cloning legitimate countries like Lebanon [158], [159].
cards that are stolen from employees, or creating look- 2) Cyber Attacks: In recent years, there was a rise in
alike genuine copies to gain full/partial access and to the rate of cyber-attacks targeting CPS and IoCPT with very
compromise the CPS domain. devastating consequences. According to current studies carried
• Physical Breach: this attack requires gaining an illegal out by [160], [161], CPS is highly prone to malicious code
physical access to the system, mainly through a physical injection attacks [162] and code-reuse attacks [163], along
breach such as the case of the Springfield Pumping with fake data injection attacks [164], zero-control data at-
Station in 2011 [142], a backdoor such as the case tacks [165], and finally Control-Flow Attestation (C-FLAT)
of US Georgia Water Treatment Plant in 2013 [143], attacks [160]. Such attacks can result into a total blackout
or an exploited security gap such as the case of the targeting CPS industrial devices and systems as presented in
Canadian Telvent Company in 2012 [144]. This allows TABLE II.
an attacker to damage and shut-down network-connected • Eavesdropping: eavesdropping includes the interception
manufacturing systems and CPS devices, resulting into of non-secure CPS network traffic to obtain sensitive in-
loss of availability and productivity. formation (passwords, usernames, or any other CPS infor-
• Malicious Third Party Software Provider: the main mation). Eavesdropping can take two main forms:passive
purpose of this attack is to target the company’s CPS by listening to CPS network message transmission, and
by compromising the legitimate “Industrial Control Sys- active by probing, scanning or tampering the message by
tems” software, such as the case of the Georgia Nuclear claiming to be a legitimate source.
Power Plant Shutdown in 2008 [145]. This includes • Cross-Site Scripting: or XSS occurs when third-party
replacing legitimate files in their repositories with a web resources are used to run malicious scripts in the
malware that will be installed to offer remote access targeted victim’s web browser (mainly a targeted CPS
functionalities to control or compromise a given system. engineer, contractor, workers, etc. ) by injecting malicious
• Abuse of Privilege: is mainly led by insiders or “whistle- Coding Script into a website’s database. XSS can achieve
blowers” to perform or help perform a (cyber)-attack from session hijacking, and in some cases, can log key strokes
within. Such high privilege grants them the ability to along and remotely accesses a victim’s machine.
conduct these attacks by exposing valuable knowledge on • SQL Injection: or SQLi targets CPS database-driven
CPS systems’ vulnerabilities and weaknesses. This abuse websites to read and/or modify sensitive data, along pos-
of privilege can take many forms. sibly executing administrative operations such as database
– Physical Tampering: including gaining unautho- shutdown, especially when CPS systems are still relying
rised or masqueraded authorised access to restricted on SQL for data management [166].
• Password Cracking: aim to target the authenticity
areas to damage CPS systems, devices, modify their
operational mode, inject malicious data/information of CPS users[167], [168] (mainly engineers and man-
or steal confidential documents. agers) by trying to crack their passwords using brute-
– Unauthorised Activities: are based on performing force [169], dictionary [170] (mitigated by using key
suspicious tasks, such as opening/closing pumping exchange [171]), rainbow table [172], birthday (mitigated
stations, increasing/decreasing power voltage, open- by hashing) [173] or online/offline password guessing
ing closed ports, communicating with an external attacks [174] to gain access to the password database,
entity, network traffic redirection or information or to the incoming/outgoing network traffic. Therefore,
leakage. it is important to prevent such escalation from taking
place [175], [176].
• Social Engineering: can take many deceptive forms [91] • Phishing: has many types such as e-mail phishing, vish-
such as reverse engineering (impersonating a techy- ing, spear phishing or whaling that target some or all
savvy), baiting (selling malicious USBs or software), CPS users (such as engineers, specialists, businessmen,
tailgating (following authorised personnel) or Quid Pro Chief Executive Officers (CEOs), Chief Operations Of-
Quo (impersonating technical support teams), and is ficers (COO), or/and Chief Financial Officers (CFO)),
based on the art of manipulating people (either mentally through impersonation of business colleagues or service
or emotionally) to reveal confidential information by providers.
manipulating their emotions to gain their trust to reveal • Replay: includes intercepting transmitted/received pack-
sensitive information related to a CPS, PLC or ICS ets between ICSs, RTUs, and PLCs through imperson-
system. ation to cause delays that affect CPS’s real-time opera-
Recently, CPS systems became the new target of hack- tions and affect their availability. In some cases, these
ers for espionage, sabotage, warfare, terrorism, and service intercepted packets can be modified, which would seri-
theft [146], mainly as part of cyber-warfare [147], cyber- ously hinder normal operations.
crimes [148], [149], (cyber)-terrorism [150], [151], [152], • DoS/DDoS: DoS attacks target the cyber-physical system
(cyber)-sabotage [153] (such as cyber-attacks against Esto- resources and are launched from a large number of locally
nia in 2007 [154], and Georgia in 2008 [155]), or (cyber)- infected devices. DDoS attacks are usually exploited by
espionage [156], [157]. The lack of (cyber)-security revealed Botnets, whereby a large number of infected devices
a serious issue with possibly drastic effects [12], especially in simultaneously launch a DDoS attack from different geo-
11
graphical locations. DoS attacks can take many forms (i.e (2001) [200], Triton (2017 [201])).
blackhole [177], teardrop [178]), while DDoS can take – Rootkit: is designed to remotely and covertly access
the following forms (i.e ping-of-death [179], smurf [180] or control a computer to execute files, access/steal
and Black Energy series (BE-1, BE-2 and BE-3 [181], information or modify system configurations (i.e
[182], [183]), all targeting CPS systems. Moonlight Maze (1999) [202], and Blackhole exploit
– TCP SYN Flood: exploits the TCP handshake kit (2012) [203]).
process by constantly sending requests without re- – Polymorphic Malware: constantly and frequently
sponding back to the server, causing the server to changes its identifiable to evade being detected to
constantly allocate space awaiting a reply [184]. This become unrecognizable against any pattern-matching
leads to a buffer overflow and causes the cyber- detection technique.
physical system to crash. – Spyware: is a malicious software covertly installed
on a device without the user or authorization knowl-
• Malicious Third Party: includes software that covertly edge, for spying purposes (e.g surveillance, recon-
exploit data aggregation network and compromises them, naissance, or scanning). In fact, they can be used
mainly using botnets, Trojans or worms to infiltrate infor- for future cyber-attack purposes (i.e ProjectSauron
mation through a CPS encrypted channel from an internal (2011) [204], Dark Caracal (2012) [205], Red Oc-
system (i.e PLC, ICS or RTU) through the reliance on tober (2013) [107], WarriorPride (2014) [206], Fin-
Trusted Third Party in disguise, to a botnet Command- Fisher (2014) [207], and COVID-19 spyware.)
and-Control server. Thus, targeting CPSs [185] and – Ransomware: is a malicious software that holds
AMIs [186]. and encrypts CPS data as a ransom by exploiting
• Watering-hole Attack: The attacker scans for any cyber- CPS vulnerabilities, targeting oil refineries, power
physical security weakness. Once a weakness is iden- grids [208], manufacturing facilities, medical cen-
tified, the chosen CPS website will be manipulated by ters and encrypting all data-backups until a ransom
a “watering hole”, where a malware will delivered by has been paid. A prime example of that is the
exploiting the targeted CPS system mainly through back- Siskey (2016), SamSam (2016), Locky (2016), Jig-
door, rootkits or zero-day exploit [187]. saw (2016) [209], Hitler-Ransomware (2016) [210],
• Malware: is used to compromise CPS devices in order WannaCry (2017), Petya (2017), Bad-Rabbit (2017),
to steal/leak data, harm devices or bypass access control Maze (2019) and Ekans (2020) ransomware [211],
systems. The malware can take many forms, however, [212], [213], [214].
the main forms that target CPS are briefly listed and
• Side-Channel: is based on the information gained from
presented in the following.
the implemented CPS system such as timing information,
– Botnets: this includes exploiting CPS devices vul- power consumption and electromagnetic leaks that can be
nerabilities to turn them into bots or zombies, mainly exploited.
to conduct hardly-traceable DDoS attacks (i.e Ram-
For this reason, some of the most infamous cyber-attacks
nit (2015) [188], Mirai (2016) [189], Smominru
deserve being mentioned (TABLE II). Moreover, for further
botnet (2017) [188], Mootbot (2020) [190], Wild-
details, you can refer to [139]. In fact, Do et al. presented
Pressure and VictoryGate (2020).)
a much more detailed attack description as early as 1980s
– Trojan: is a disguised malware that seems legitimate
in [142]. However, this paper aims to classify the occurrence
and tricks users to download it. Upon download, the
of these attacks as early as 2000 and based on, but not limited
Trojan infects the device and offers a remote access
to, political, religious, and criminal motives.
to steal data credentials and monitor users activities.
After reviewing the main CPS attacks, it is essential to
This also includes Remote Access Trojans which in
assess their associated risks to design the convenient counter-
turn, can be used to turn a device into a bot (i.e Turla
measures. In the next section, the risks associated with the
(2008) [191], MiniPanzer/MegaPanzer (2009) [192],
different CPS security attacks are evaluated.
Gh0st RAT (2009) [193], Shylock (2011) [194],
Coreflood (2011) [195], DarkCornet (2012) [196],
MEMZ (2016) [197], TinyBanker (2016) [198] and D. CPS Failures
Banking.BR Android Botnet (2020)).
– Virus: it can replicate and spread to other devices Given the different threats, attacks and vulnerabilities that
through human/non-human intervention. Viruses the CPS domain suffers from, it is important to highlight the
spread by attaching themselves to other executable main failures than CPs systems suffer from. These failures can
codes and programs to harm CPS devices and steal either be minor (limited damage) or major (severe damage).
information. In fact, further details can be found in [222], where Avizienis
– Worms: spread by exploiting operating system vul- et al. presented a well-defined and detailed explanation in this
nerabilities to harm host networks by carrying pay- regards.
loads to steal, modify and delete data, or overload • Content Failure: means that the content of the delivered
to web-servers (aside Stuxnet, Flame and Duqu, information is inaccurate, which would result into some
i.e aCode Red/Code Red II (2001) [199], Nimda functional system failure. Content failure can be ei-
12
power plant and other industries Stuxnet-2 worm December 25, Political
2012
Iranian Infrastructure (nuclear,oil) and DDoS Disruptive October 03, Political
communications companies 2012
Iranian key oil facilities Computer Virus Malware April 23, 2012 Political
Saudi Arabia Saudi infrastructure in the energy indus- Shamoon-1 Malware August 15-17, Religio-Political
try 2012
Saudi government computers and targets Shamoon-2 Malware November 17, Religio-Political
2016
Tasnee and other petrochemical firms, Shamoon-3 Malware January 23, Religio-Political
National Industrialization Company, 2017
Sadara Chemical Company
Qatar Qatar’s RasGas Shamoon Malware August 30, 2012 Political
United Arab Emirates UAE energy sector Trojan Laziok Malware January- Political
February 2015
Australia Maroochy Water Breach [141] Remote Access Unauthorised March, 2000 Criminal
Access
Canada Telvent Company [144] Security Breach Exploited September 10, Criminal
Vulnerability 2012
Ukraine Ukrainian Power-grids [219] BlackEnergy DDoS December 23, Political
Malware 2015
Ukramian Electricity Firms [220] Petya [221] Ransomware June 27, 2017 Political
ther numerical or non-numerical (i.e alphabets, graphics, through the service interface and affects its decision
sounds or colours). making or/and normal performance ability. This failure
• Timing Failure: means that the timing of information can either cause a partial or full CPS system failure either
delivery (transmission/receiving) is delayed or interrupted temporarily or permanently.
(received/transmitted too early or too late). This would • Consistent/Inconsistent Failures: a consistent failure
affect the decision making process and may cause data occurs when a given service is identically perceived by
management issues. all CPS users. An inconsistent failure takes place when
• Sensors Failure: means that the sensors are no longer all CPS users differently perceive an incorrect service
functioning properly, and would seriously hinder the de- (i.e bohrbugs, mandelbugs, heisenbugs and Byzantine
cision making process due to misinformation, or bringing failures) [223].
a CPS system to a sudden halt. A similar case occurred in
2005, at Taum Sauk Hydroelectric Power Station [216]. IV. E VALUATING R ISKS
• Silent Failure: occurs when there is no message sent or
Evaluating risks is essential to assess the risk’s economic
received in a distributed system.
impact of an attack on any CPS system, before managing it.
• Babbling Failure: occurs when the information is deliv-
Such management is based on assessing and analysing the risk
ered, causing the system to malfunction and to operate in
before mitigating it, then deploying the right security measures
a babbling manner.
according to the level of severity and risk impact (see Fig. 4).
• Budget Failure: occurs when the cost of implementing
a cyber-physical system outweighs the budget set, before
ever reaching the testing level. This is mainly caused by A. Risk Identification & Management:
poor planning. Risk Management is implemented in order to identify,
• Schedule Failure: occurs when the schedule set for analyse, rank, evaluate, plan and monitor any possible risk
planning, testing and evaluating a given CPS is not through risk assessment.
achieved due to further upgrades, additional testing, or • Identifying Risks: identification is based on uncover-
inadequacy for users needs. ing and recognising risks that can negatively affect a
• Service Failure: occurs when having an error propagates project/project outcome and describing it [224].
13
• Privacy: In CPS, a huge data collection process is and their information disclosure [258], [259].
constantly taking place, and this is what most people are • Dependability: Intelligent Physical World (IPW) ensures
not aware of [256], [257]. Therefore, a person has the that the CPS adaptive behaviour is achieved to bring
right to access his own data, along with being given the a higher dependability and ensure the right Quality of
right to know what type of data is being collected about Service (QoS) through the adoption of fault-tolerance
them by data collectors, and to whom these data is being mechanisms in a timely manner. Dependability includes
given or sold to. However, this also requires preventing two other qualities, safety and reliability. Safety is of-
the illegal/unauthorised access to the user’s personal data ten an objective defined in terms of the organisation’s
17
goals [243]. This is due to the negative impact of cyber- of Carshark software tools that control a car in [133],
security risks, where vulnerabilities can be compromised along with the successful design of a virus in 2010
and exploited by a hacker, or due to CPS failure. Hence, which attacked Siemens plant-control systems [261],
safety is of a high concern for IoT, CPS and (Internet along with how hackers broke into the United States
of Cyber-Physical Things) IoCPT users alike. While Federal Aviation Administration (US FAA) air traffic
reliability is based on the ability to adapt to changing control system in 2009 [262]. Resiliency is achieved by
conditions to overcome and recover from any possible each CPS component in a Base Architecture (BA) pre-
disruption either based on cyber or/and physical attacks sented in [263], where each communication and physical
led by adversaries, in addition to natural disasters [243]. connection path between elements is granted access by
Physical systems rely on timing and proper functionality. the BA’s connectors. This requires the BA system to know
However, in case of any possible mismatch, unreliability and identify every possible path, while overcoming any
and uncertainty can cause problems and disruptions for connection disruption. Moreover, in case the elements
CPS services. Therefore, maintaining a high reliability were inconsistent, a multi-view editor will be deployed
requires reducing the uncertainty levels. In fact, it is also to make corrections.
recommended to implement error-correction algorithms • Interaction and Coordination: are essential to maintain
to sort electronic components imperfect reliability [260]. an all-time operational CPS security. In [58], Hu et al.
As a result, Rajamaki et al. in [260] stated that CPS stated that CPS interaction and coordination between
behaviour can be predictable through the implementation cyber and physical system elements are a key aspect. In
and use of artificial intelligence or/and even Machine fact, the main physical world characteristics are based on
Learning (ML) schemes. This allows the prediction of the constant system change over time. However, the cyber
the so called “next-time system state”. world characteristics are based on sequence series with
• Resiliency: CPS must be resilient to overcome accidents no temporal semantics. Moreover, two basic approaches
and malicious attacks. Therefore, CPS logical and phys- are presented to study and analyse this problem. These
ical systems are prone to cyber security vulnerabilities approaches are based on the “cyberizing” the physical
from a security aspect. This included the demonstration (CtP) aspect through the introduction of cyber-properties
18
and interfaces into physical systems, and “physicalizing” an overall system integrity [270]. Therefore, it is essential
the cyber (PtC) where cyber-software components are to to set the right privileges (task-based, role-based, rule-
be represented in real-time [264]. based, etc..) and strong password complexity policies in
• Operational Security (OpSec): Operational Security order to enhance the security level. Moreover, this also
(OpSec) was introduced in 1988 to ensure physical se- includes getting rid of old unused accounts and open yet
curity, information security, and personnel security [265] unused ports to reduce the exposure to remote wireless
through careful planning, risk assessment and risk man- attacks. As a result, CPS nature must be considered before
agement [266]. Its primary task is to ensure operational achieving any design. In [136], Mo et al. presented a
effectiveness by denying any adversary access to pub- Cyber-Physical security by combining systems-theoretic
lic/private information; hence controlling information and with Cyber-Physical security controls.
observable actions about a given cyber-physical system,
especially in hostile environments/areas [265]. One of its
key benefits is providing means to develop cost-effective B. CPS Security Challenges
security measures to overcome a given threat. To achieve
this task, OPSEC involves five main steps: The adoption of security measures has many benefits when
it comes to protecting CPS components, layers and domains.
– Critical Information Identification: includes iden- However, despite these advantages, CPS systems are impacted
tifying which information, if targeted, can effectively by the application of these security measures, which can be
degrade a CPS’s operational effectiveness or place its summarized as follows:
potential organizational success at risk, and develop
an initial plan to protect it. • Reduced Performance: security measures can partially
– Threat Analysis: includes determining an adver- or fully affect the performance of a given CPS, in the
sary’s potential and capabilities to gather, process, absence of careful consideration for a balanced security-
analyze, and use the needed information. performance trade-off. This can affect normal operations
– Vulnerability Analysis: includes studying the weak- and requires more human interventions to manually as-
nesses of a given cyber-physical system and the sign services and domains.
strengths of an adversary. Thus, building a possible • Higher Power Consumption: is a serious issue, espe-
view over how a potential adversary might exploit cially for resource-constrained and battery-limited CPS
this security gap to perform a security breach. end devices. A higher power consumption means a
– Risk Assessment: risks are assessed based on the shorter lifespan and a higher cost to maintain their
threat and vulnerability levels combined, depending availability.
on how high or how low these levels are. Risk • Transmission Delays: transmitted/received data is prone
assessment levels include evaluating the cost of im- to delays due to the additional encryption process that is
plementing the right security measures by ensuring being added to thwart passive/active eavesdropping and
a trade-off between the effective cost and benefit sniffing attacks. Despite the protective advantage that is
balance. offers, this is unacceptable in a real-time CPS systems.
– Appropriate Application Countermeasures: once • Higher Cost: higher security levels are associated with
the trade-off is achieved in the earlier phase, the ap- higher computational costs, which are not limited to the
propriate countermeasures are then developed to of- initial capital spending phase, but also include training,
fer the best protection of CPS against these ongoing update, and operational phases.
threats in terms of feasibility, cost, and effectiveness. • Compatibility Issues: some CPS systems are not com-
patible with the employed security measures and vice
• System Hardening: System hardening can be used to versa. This can be due to the software in-use, firmware,
defend a wider range of threats. Therefore, it is highly Operating System, etc.
recommended to isolate critical applications that lack • Operational Security Delays: upon the deployment
the proper security measures, from any OS that is not of any security service, there is a training phase that
trusted in order to boost the IoCPT and CPT secu- precedes the full operational security mode, and during
rity. In [267], Shepherd et al. analysed different trust- which the service is temporarily ineffective or basic and
computing technologies along with their applications thus, prone to attacks.
in the CPS domain. According to [268], such analysis
included a Trusted Platform Module (TPM), Trusted
Execution Environments (TEE), Secure Elements (SE),
C. CPS Security Solutions
and Encrypted Execution Environment (E3), to increase
the OS’s integrity. Moreover, the authors’ work in [269] Maintaining a secure CPS environment is not an easy task
has successfully achieved a higher security level in the due to the constant increase of challenges, integration issues
presence of untrustworthy components. This allowed the and limitation of the existing solutions including the lack
improvement of CPS by enhancing system’s integrity. of security, privacy and accuracy. Nonetheless, this can be
However, if the Graph-based optimization was combined mitigated through different means including cryptographic and
with parameters, it can provide a reasoning basis to ensure non-cryptographic solutions as seen in Fig. 7.
19
1) CPS Criticality: CPS systems can be divided into four IoCPT due to power and size constraints. As a result, the
main types based on the aspect of their criticality: main focus should be limited to data security alone, instead it
should maintain and ensure the efficiency of the overall system
• Safety Critical: in such a CPS type, an attack can
process along. Therefore, various solutions were presented.
lead to loss of life or to chronic deadly diseases, with
In [23] Kocabas et al. conducted their own survey which was
significant damage to the environment such as fire, floods,
dedicated to conventional and emerging encryption schemes
radioactivity (e.g. Chernobyl in 1986 and Fukushima in
which could be employed to offer secure data storage and
2011) incidents [271], [272].
sharing. In [24], Lai et al. reviewed and discussed prominent
• Mission Critical: for this type of CPS, an attack can
cryptographic authentication and encryption methods [275] to
result into a fatal/non-fatal, total/partial failure of a CPS
secure Distributed Energy Resources (DER) systems, while
to achieve its objectives [273].
providing recommendations on applying cryptography to DER
• Business Critical: in such a CPS type, an attack can
systems. In [276], Ding et al. presented an overview of
result into huge financial and economic losses, damaged
recent advances on security control and attack detection of
reputation and loss of CPS contractors and clients.
industrial CPS, especially against denial-of-service, replay, and
• Security Critical: for this type of CPS, an attack can
deception attacks. In [15], Sklavos et al. presented a tutorial
result into a security breach of the cyber-physical system
that discusses the implementation efficiency of communica-
(security gap, exploitable vulnerability, rootkits, back-
tions confidentiality, user authentication, data integrity and
doors, etc.).
services availability, along attacks and modern threats with
2) Cryptographic-based Solutions: Cryptographic mea- their countermeasures.
sures are mainly employed to secure the communication chan- Many solutions were presented to maintain a secure CPS
nel from active/passive attacks, along any unauthorized access environment by fulfilling its main security goals. In [277],
and interception, especially in SCADA systems [274]. In fact, Adam et. al. presented a novel framework to understand
traditional cryptography approaches based on utilizing ciphers cyber-attacks and CPS risks. Their framework offers a novel
and hash function are not easily applied to CPS including approach to ensure a comprehensive study of CPS attack
20
elements, including the attacker and his objectives, cyber Attribute Based Encryption Scheme (LABE) for mobile
exploitation, control-theoretic and physical system proper- cloud-assisted CPS. Security analysis revealed that LABE
ties. In [232], Stouffer et al. provided a comprehensive ICS is secure with fine grained access control and users
security guideline that is related to technical controls in- revocation capability, with low overhead. In [292], Zhao
cluding Intrusion Detection Systems (IDS), Access Controls et al. presented a new architecture called Secure Pub-
(AC), firewalls, and operational controls including training, Sub (SPS) that is based on blockchain. Hybrid encryption
awareness and personnel security. In [97], security experts was used to ensure data confidentiality. Therefore, ensur-
were able to gain the employees’ credentials due to their ing data confidentiality and reliability, while achieving
lack of awareness and training, using phishing and social anonymity of subscribers and payment fairness between
engineering techniques through a simulated attack. In [34], subscribers and publishers. In [293], Sepulveda et al.
Sommestad et al. conducted a keyword mining comparison, presented a feasible post-quantum enhanced Datagram
and concluded that the main focus was either on operational Transport Layer security (DTLS) by using Public Key
controls, or technical controls only. In [278], Sharma et al. Cryptography (PKC) based on traditional Elliptic-Curves
presented a novel multi-level Network Security Evaluation (ECC) to secure communication channels between differ-
Scheme (NSES) that represent five different levels of security. ent parties.
Therefore, providing a holistic view over whether NSES is • Integrity: maintaining the integrity of CPS devices re-
suitable for Wireless Sensor Networks (WSN) security for quire preventing any physical or logical modification
IoT/CPS/IoCPT applications. NSES offers recommendation of incoming/outgoing real-time data. Hence, different
for network administrators on early design phases to achieve solutions are presented. In [294], Omkar et. al. addressed
the right security needs. As a result, this paper classifies these the problems of software reconfiguration and network
solutions in terms of them fulfilling one of the following attacks on ICS through the description of their pre-
security goals: sented approach called Trustworthy Autonomic Interface
Guardian Architecture (TAIGA). TAIGA offers protection
• Confidentiality: securing CPS communication lines is against the attacks that originate from both supervisory
essential. As a result, various cryptographic solutions and plant control nodes, whilst integrating a trusted
were presented. In [279], the authors presented a solu- safety-preserving backup controller. In [295], Tiago et al.
tion based on the use of compression techniques before introduced the Shadow Security Unit “SSU” as a low-cost
being encrypted. Their solution reduces the overhead and device used in parallel with a PLC or Remote Terminal
mitigates the problem. Since, lightweight cryptography Unit (RTU) to secure SCADA systems [296].
became the centre of attention with various lightweight SSU is complementary to the existing SIEM architec-
block ciphers being presented by different authors, in- tures, and it can transparently intercept its communi-
cluding an ultra-lightweight block cipher by Bogdanov cation control channels along with its physical process
et al. [280] and a low-latency block cipher for pervasive Input/Output lines to constantly assess both security and
computing applications [281]. This was due to their low- operational status of PLC or RTU. Another approach was
cost and low-latency with the ability to provide cryp- also presented in [297], by Asem et. al to overcome
tographic blocks for any resource constrained, normal, MITM, replay and command modification attacks by
industrial, or even medical devices. In [282], Shahzad, providing an encryption level for the transferred packets,
et al. suggested the installation of encryption-decryption along with the use of hardware cipher models. In [298],
modules at both ends of non-secure Modbus commu- Cao et al. presented a layered approach with the aim of
nication to protect its connection from confidentiality protecting sensitive data. Their techniques relied on hash
attacks. Thus, requiring an additional overhead to convert chains that provide a layered protection for both high
plaintexts into ciphertexts and vice versa. In [283], The and low security levels zones along with a lightweight
American Gas Association (AGA) presented its AGA- key management mechanism. Thus, preventing attackers
12 standard to provide “bump-in-the-wire” encryption from intercepting data from a higher security level zone.
services for CPS, but at the expense of large latency Therefore, ICS applications vendors should work on re-
overheard [284]. In [285], Vegh et al. described a hi- leasing compatible versions of their applications to ensure
erarchical cryptosystem method obtained through the that the ICS operators will not resort to older versions of
ElGamal algorithm that protects CPS communications. To vulnerable OS [22].
fix decryption issues, WSO2 Complex Event Processor • Availability: maintaining the availability of CPS devices
(WSO2-CEP) was presented in [286], [287] and used in is a must. Hence, different solutions are presented to miti-
to sort different challenges. Results ensure the ability to gate and overcome availability issues. For this reason, the
ensure confidentiality, privacy and availability in a secure Tennessee-Eastman Process Control System (TE-PCS)
and reliable CPS environment. model is used to test integrity and DoS attacks [299].
In [288], Zhou et al. presented a novel lightweight Upon testing, this model reveals how DoS attacks are
encryption scheme for real-time requirement in CPS ineffective against sensor networks. Thus, requesting to
including Vehicular ad hoc networks (VANETs) [289], prioritize security defences against integrity attacks due
[290]. Results revealed that this scheme is secure, reliable to their effectiveness to overcome DoS attacks only [300].
and efficient. In [291], He et al. presented a Lightweight In [39], Gao et al. designed and presented the network
21
ICS testbed based on Emulation, Physical, and Simulation technique on big power CPS data. Results revealed
(EPS-ICS testbed) as a control process for corporate and that ICA is more secure without breaching confi-
SCADA network emulations through the use of PLCs, dential data and offers a better privacy preserva-
RTUs, and DCS controllers to interact with the process. tion and data utility. In [312], J. Feng et al. pre-
In [301], Thiago et. al. combined an open source PLC sented a lightweight privacy-preserving high-order
with a machine learning-based IPS design to secure the Bi-Lanczos scheme in integrated edge-fog-cloud ar-
OpenPLC version and render it immune against a wide chitectural paradigm for big data processing. User’s
range of attacks. Their presented approach revealed the privacy is achieved using an homomorphic cryp-
ineffectiveness of interception, injection and denial of tosystem, while computation overheads are offloaded
service attacks, along with the ability of their OpenPLC using privacy-preserving tensor protocols. In [313],
project to overcome man-in-the-middle attacks through Ye et al. presented a secure and efficient outsourc-
data encryption, without interfering with its own real-time ing Differential Privacy (DP) scheme to solve data
characteristics. providers issues related to being vulnerable to pri-
• Authentication: authentication is the first line of defense vacy attacks. In [314], Zhang et al. presented a
that should be well-built, designed and maintained [302], practical lightweight identity-based proxy-oriented
[303], [259], [304]. As a result, in [130], Halperin et al. outsourcing with public auditing scheme in cloud-
presented a public key-exchange authentication mecha- based MCPS, by using elliptic curve cryptography
nism to prevent unauthorized parties from gaining ac- to achieve storage correctness guarantee and proxy-
cess. Their mechanism relies on external radio frequency oriented privacy-preserving property.
rather than batteries as an energy source. In fact, out-of- – Homomorphic Encryption: for a better data confi-
band authentication were deployed in certain wearable dentiality and privacy protection, homomorphic en-
devices, where the authentication mechanism uses addi- cryption techniques were adopted. In [315], Zhang et
tional channels including audio and visual channels [73]. al. presented a Secure Estimation based on Kalman
On the other hand, Medical CPS (MCPS) biometrics, Filtering (SEKF) using a multiplicative homomor-
including mainly heart rates and blood pressure [305], can phic encryption scheme with a modified decryp-
possibly be used to generate a key to encrypt and secure tion algorithm to reduce network overhead and en-
the body sensor network communication [73]. In [306], hance the confidentiality of the communicated data.
Ankarali et al. presented a physical layer authentication In [316], Kim et al. a fully homomorphic encryption
technique which relies on pre-equalization. In [307], (FHE) as an advanced cryptographic scheme to di-
Ibrokhimov et al. presented a five high-level features rectly enable arithmetic operations on the encrypted
categories of user authentication in the gadget-free world, variables without decryption. Moreover, a tree-based
including security, privacy, and usability aspects. computation of sequential matrix multiplication is
In [308], Chen et al. presented an authentication scheme introduced to slow down the decrease of the lifespan.
that applies Authenticated Identity-Based Cryptography In [317], Min et al. presented a parallel fully homo-
Without Key-Escrow (AIBCwKE) mechanism to pro- morphic encryption algorithm that supports floating-
tect user’s privacy and property from illegal attacks on point numbers to achieve an efficient ciphertext op-
Machine-to-Machine (M2M) communications. Making it eration without decryption. Results revealed that the
secure and suitable for safe sessions between mobile de- ability to limited application problems while meeting
vices with an acceptable overhead. In [309], Haroon et. al. the efficient homomorphic encryption requirements
detailed how recent versions of PLCs (2016) are prone to in cloud computing environment.
various vulnerabilities, especially password-based mech- 3) Non-Cryptographic-based Solutions: Many non-
anisms. The authors revealed that passwords stored in cryptographic solutions were also presented to mitigate and
a PLC memory can be intercepted and cracked. Thus, eliminate any possible cyber-attack or malicious event. This
allowing them to carry out advanced attacks including was done by implementing Intrusion Detection Systems
replay attacks and memory corruption attacks. In [310], (IDS), firewalls and honeypots. As a result, various solutions
Choi et al. presented an ICS-specific key management presented by various authors are mentioned and discussed.
solution with no delays.
• Privacy Preserving Preserving the privacy of users’ big • Intrusion Detection Systems
data is not an easy task. As a result, various privacy Various IDS methodology types are available due to
preserving techniques were presented to solve this issue the availability of different network configurations [318].
including differential privacy and homomorphic encryp- Each IDS methodology is characterised by its own ad-
tion. vantages and drawbacks when it comes to detection,
configuration, cost, and their placement in the network.
– Differential Privacy: limits the disclosure of pri- In [268], Almohri et al. stated that various research activ-
vate real-time big-data and information during its ities were implemented to detect attacks against the CPS.
transmission. in [311], Keshk et al. studied the fea- These attacks are split into two main models. Physics-
ture reduction role along privacy protection levels Based model, which defines normal CPS operations in
using Independent Component Analysis (ICA) as a CPS through anomaly detection. Cyber-Based model
22
which is used in order to recognize potential attacks Wireless Personal Area Networks (6LoWPAN) for
as listed in [319], [320]. In fact, existing approaches IoT" (INTI), which combines their concepts of
were mainly designed to detect specific attacks against trust and reputation with the watchdogs nodes to
specific applications, including Unmanned Aerial Vehi- mainly detect and mitigate sinkhole attacks. This
cles (UAV) [321], Industrial Control Processes [322], included the node’s role possibly changing every
and smart grids [323]. In [324], Zimmer et al. exploited time a network is reconfigured or an attack event
the possibility of a worst case execution time, through has occurred.
obtaining information using a static application analysis ∗ Centralized IDS: C-IDS is mainly deployed in
in order to detect malicious code injection attacks in centralized components. This allows all data to
CPS. In [325], Mitchell et al. analysed a behaviour-rule be gathered and transmitted by the LLN to the
specification-based technique to employ IDS mainly in Internet across the border. Therefore, Centralised
Medical CPS. The authors also presented the transfor- IDS can analyse all of the exchanged traffic be-
mation of behaviour rules in a state machine, which can tween the LLN and the Internet. In fact, it is
detect any suspicious deviation initiated from any medical not enough to only detect attacks involving nodes
device behaviour specification. within the LLN, since it is difficult to monitor each
– Intrusion Detection System Placement: IDS can node during an occurring attack [330]. In [331],
be placed at the border router of any given IoT Cho et al. presented their solution which is based
network, in one or many given hosts, or in every on analysing all the packets that pass through
physical object to ensure the required detection of the border router between physical and network
attacks. Simultaneously, IDS may be able to generate domains. However, the main task is based on
a communication overhead between the LLN (Low how to overcome a botnet attack. In [332], [333],
Power Lossy Networks) nodes and the border router Kasinathan et al. deployed a centralized placement
due to the IDS ability to frequently query the network that allows them to take into consideration the
state. In fact in [326], Zarpel at al. described three possibility of overcoming DoS attacks, where in
main IDS placement strategies (see Fig. 8): case of a DoS attack, the IDS data transmission
would not be affected. In [334], Wallgren et
al. employed their centralized approach which is
placed in the border router to detect the attacks
that target the physical domain.
∗ Hybrid IDS: H-IDS utilizes both concepts of cen-
tralized and distributed placements, by combining
their advantages and overcoming their drawbacks.
The initial approach allows the network to be
organised into clusters with the main node of
each cluster being able to host an IDS instance
before taking the responsibility for monitoring
other neighbouring nodes. Therefore, Hybrid IDS
placements can be designed in order to consume
more resources than a distributed IDS placement.
In [335], Le et al. followed the same approach,
Fig. 8: IDS Structure through the use of a hybrid placement using a
relatively small number of “watchdogs” nodes
∗ Distributed IDS: D-IDSs are being employed covering the network. This offered them the ability
in every physical LLN object, whilst being opti- to sniff the communication of its surrounding
mized in each resource-constrained node. There- neighbours in order to indicate whether a node
fore, a lightweight distributed IDS was presented. was compromised or not. Therefore, reducing the
In [327], Oh et al. identified a lightweight al- communication overhead. In [336], Le et al. also
gorithm matching the attack signatures, and the managed to organize the network into smaller
packet payloads, while suggesting other tech- clusters with a cluster head for each, using the
niques that require less matching numbers to same number of nodes. This allowed an IDS in-
detect any possible attack. In [328], Lee et al. sug- stance to be placed in each cluster head, with each
gested their own lightweight method that allows cluster member reporting its own related infor-
them to monitor a node’s energy consumption mation and other neighbours related information
by assigning nodes to monitor their neighbours to the cluster head. In the second approach, IDS
in the distributed placement. These nodes are modules were placed in, both the border router
defined as “watchdogs”. In [329], Cervantes et and other network nodes with the presence of a
al., presented a solution called "Intrusion detection central component. In [337], Raza et al. presented
of Sinkhole attacks on IPv6 over Low -Power their own IDS named as SVELTE, where the
23
border router hosts are given the task of processing the main objective of reducing the false alarm rate.
intensive IDS modules that are responsible for In [333], Kasinathan et al. presented a signature-
detecting any intrusion attempt by analysing the based approach as an extension of their presented
Routing Protocol Low-power and Lossy device’s approach in [332].
(RPL) network data. Based on Pongle et al.’s ∗ Behaviour Based: Behaviour Based can be clas-
work [338], network nodes were responsible for sified as a set of rules and thresholds implemented
any detectable changes in their neighbourhood. to define the expected behaviour of the network’s
Moreover, network nodes were also responsible components including both nodes and protocols.
for sending information about their surrounding This approach is capable of detecting any intru-
neighbours to their centralized module which is sion as soon as the network behaviour deviates
deployed in the border router having the main from its original behaviour. Behaviour-based acts
assigned responsibility of storing and analysing in the same way as the Anomaly-based detection
data. Thus, making it easier to detect and intrusion with a slight difference from specification-based
while identifying attacks in their early stages. systems where a human expert is needed to manu-
In [339], Thanigaivelan et al. presented an IDS, ally define each specification rule. Thus, providing
which allocates different responsibilities to the a lower false-positive rate than the anomaly based
network nodes and also to the router’s border. detection [343], [344]. Therefore, there will be no
Thus, ensuring a cooperative combined work need for any training phase, since they are imple-
amongst them, with the IDS module monitoring mented to operate instantly. However, such an ap-
neighbouring nodes, detecting any intrusion at- proach is not fit for all scenarios, and may become
tempt, and sending notifications to the IDS mod- time consuming and error prone. In [345], Misra
ules. et al. presented their new approach to protect the
IoT middleware from DDoS attacks, by triggering
– Intrusion Detection Methods: The four main
an alert whenever the request number exceeds
IDS methods are signature-based, anomaly-based,
the threshold line. In [335], Le et al. presented
behaviour-based and hybrid based. In fact in [326],
a different specification-based approach, aimed
these methods were presented, while testing methods
at detecting RPL attacks [346], by specifying
and techniques were classified into five main cate-
the RPL behaviour through network monitoring
gories, depending on their detection mechanism .
operation and malicious action detection.
∗ Signature Based: Such a detection technique is In [336], Le et al.’s work was extended. Their
very fast and easy to configure. However, it is experimentation resulted in a high true-positive
only effective for detecting known threats. Thus, rate, where false positive rates were low through-
showing a high weakness against unknown threats out their experimentation, whilst also causing an
mainly polymorphic malwares and crypting ser- energy overhead compared to a typical RPL net-
vices. Despite its limited capability, Signature work as stated in [326]. In [347], Amaral et al.
Based IDS is very accurate, and also very effective presented a specification-based IDS that grants the
at detecting known threats, with an easy way to network administrator the ability to create and
understand mechanism. However, this approach is maintain rules in order to detect any potential
ineffective against the detection of both new and attack. Whenever the rule is violated, the IDS
variants of known attacks, due to their matching would right away send an alert to the Event
signature remaining unknown, and constantly up- Management System (EMS) that correlates these
dating its signature patches [340], [341]. In [327], alerts for different available nodes in a given
Oh et al.’s aimed to reduce the computational cost network. The success of Misra et al. [345] and
by comparing attack signatures and packet pay- Amaral et al. [347] approaches highly relied on
loads. In [342], Liu et al. presented a signature- the expertise of the network administrator, as well
based IDS that employs an “Artificial Immune as his experience and skills combined. Therefore,
System” (AIS) mechanism with detectors being in case of any wrong specifications, it will cause
modelled as immune cells with an ability to clas- an excessively high false-positive rate and/or a
sify any datagram as malicious or non-malicious high false-negative rate, leading to a possibly
according to the matching signature. Such ap- serious risk that threatens the network’s security.
proach can evolve into the adaptation ability new ∗ Anomaly Based: This type compares system’s
conditions in new environments that are being activities instantly with the ability to generate an
monitored. In [332], Kasinathan et al. integrated a alert whenever a deviation from normal behaviour
signature-based IDS into the network framework, is detected. However, such a detection method
with the objective of being able to detect DoS suffers from a high false positive rate [343],
Attacks against 6LoWPAN-based networks. This [348], [349]. In [331], Cho et al. presented a
IDS was implemented through the adaptation of botnet detection scheme using the anomaly-based
“Suricata4” used for 6LoWPAN networks, with method, by computing an average for each three
24
metrics composing the normal behaviour profile. ∗ Radio-Frequency Based: In [353], Stone et al.
This was achieved before the system monitors the presented a Radio-frequency based anomaly de-
network’s traffic and raises the alert whenever a tection method for programmable logic controllers
metric violates the already defined computed av- in the critical infrastructure [354]. Their exper-
erages. In [350], Gupta et al. presented their own imental results have demonstrated that the use
architecture for a wireless IDS, by applying the of a single collected waveform response provides
necessary Computational Intelligence algorithms sufficient separability to enable the differentiation
which are used in order to a construct normal between anomalous and normal operational con-
profile behaviour. Moreover, a distinct normal ditions. However, in case of using multi-time do-
behaviour profile will be implemented for each main waveform response, their performance sig-
different IP address being assigned. In [328], Lee nificantly degrades. To solve this problem, the au-
et al. suggested that energy consumption should thors presented anomaly detection method based
be classified as parameter in order to be used in on RF fingerprint feature retrieved from the wave-
analyzing each node’s behaviour. Thus, defining form amplitude, phase, and frequency response
a regular energy consumption model for each to ensure a qualitative differentiation between an
mesh-under routing scheme and route-over routing anomalous and normal operating conditions.
scheme, where each node will monitor its own In [355], Stone et al. also presented an RF-based
energy consumption. In case the node deviates, the methodology to detect anomalous programmable
IDS classifies the node as malicious and removes logic controller behaviours with a superior time-
it. domain RF emissions performance. The Cincin-
In [351], Summerville et al. successfully man- nati Bell Any Distance (CBAD) approach reached
aged to develop a deep-packet anomaly detection a Threat Agent Detection and Response (TADR)
approach aimed at reducing the run on resource detection rate higher than 90% benchmark realised
constrained IoT devices, by using a bit-pattern at an Signal Power Ratio (SNR) higher or equal
matching technique which performs a feature se- to 0 dB. Despite these results, this approach is
lection. In their experimental evaluation, they used prone to RF noise, signal degradation and cod-
internet enabled devices against four main attack ing loops. In [356], Stephen et al. presented a
types (including SQLi, worms, etc..), and results timing-based side channel analysis technique to
have shown low false-positive rates. In [339], help control system operators in detecting any
Thanigaivelan et al. successfully introduced an firmware and ladder logic programs modification
IoT distributed internal anomaly detection system, to the programmable logic controllers. This ap-
that monitors the node’s data rate and packet size. proach allows a field device to be fingerprinted
Moreover , in [338] Pongle and Chavan presented upon deployment to create an supplicate base-
an IDS that is designed specifically in order to line fingerprint. Various fingerprints of the device
detect wormhole attacks in IoT devices, in addi- are taken and compared to the baseline in order
tion to presenting three main algorithms to detect to detect and alert operators of both intentional
network anomalies. As a result, their experiment and unintentional modifications in programmable
revealed that the system has achieved a true pos- logic controllers.
itive rate of 94% when tested against wormhole ∗ Hybrid Based: It is based on using a
detection, whilst scoring an 87% when it came specification-based techniques of signature-based,
to detecting both, the attack, and the attacker and anomaly-based detection in order to maximize
launching it. In [352], K. Demertzis et al. pre- their advantage whilst minimizing their draw-
sented an advanced Spiking One-Class Anomaly backs. In [337], Raza et al. presented a hybrid
Detection Framework (SOCCADF) based on the IDS known as SVELTE which offers the right
evolving Spiking Neural Network algorithm. This trade-off between storage cost of signature-based
algorithm implements a One-class classification methods, and computational cost of anomaly-
methodology in an innovative applicable way, due based methods. In [357], Krimmling et al. tested
to it being exclusively trained with data to char- their anomaly and signature-based IDS using the
acterise normal ICS operations. Moreover, this IDS evaluation framework that they presented.
algorithm can detect any divergence in behaviours Their results revealed the failure of each approach
and abnormalities that are associated with APT at- in detecting certain attacks alone. As a result,
tacks. The authors stated that SOCCADF is highly the authors combined these approaches to cover
suitable for difficult problems, and applications and detect a wider attack range. In [329], Cer-
with a huge amount of data. According to their vantes et al. presented the Intrusion Detection
results, the authors stated that SOCCADF has a of SiNkhole attacks on 6LoWPAN for Internet
better performance at a very fast learning speed, of Things (INTI), to detect and isolate sinkhole
with higher accuracy, reliability, and efficiency, attacks by combining the anomaly-based approach
and it outperforms the other approaches. which ensures a packet exchange between these
25
nodes. This was done by using the specification- pot specifically designed for networked robotic systems.
based method in order to extract the evaluation Simulations reveal that HoneyBot can fool attackers into
node based on both trust and reputation. However, believing that their exploits are successful.
when comparing SVELTE [337] to INTI IDS, In [367], Fraunholz et al. set up a medium interaction
Cervantes et al. simulated a scenario where INTI honeypot offering telnet and Secure Shell (SSH) services
IDS achieved a sinkhole detection with a rate up to to capture data from attack sessions. This data was
92%. In case of a fixed scenario, the rate has only analysed to allow the classification of attacker types and
reached 75%. Either ways, it has shown a low rate sessions, respectively. In [368], Tian et al. presented
of false-positives and false-negatives compared to a honeypot game model with both low/high-interaction
SVELTE. modes to mainly improve CPS security. Simulation re-
sults revealed that optimal human analysis cost alloca-
• Firewalls Firewalls saw rare use of employment in CPS tion and defensive strategy are obtained. Making their
domain due to the advancement of IDS and Artificial method suitable for CPS data protection. In [369], Duan
Intelligence technologies. Therefore, a handful number of et al. presented a framework called "CONCEAL" as a
firewall-based solutions were presented. In [358], Jiang new deception as a service paradigm that is effective
et al. mentioned the use of paired Firewalls between and scalable. This was done by combining m-mutation
enterprise and manufacturing zones to enhance the cyber for address anonymization, k-anonymity for fingerprint
security of servers. Their choice of paired firewalls is due anonymization, and l-diversity for configuration diver-
to the stringent security and clear management separation. sification. CONCEAL’s proxies save can reach as high
In [359], Nivethan et al. presented a novel methodology as 90%. In [370], Bernieri et al. presented a modular
that uses iptables as an effective powerful open-source framework called Deep Detection Architecture (DDA) to
network-level firewall for SCADA systems that inspects provide cyber-physical security for industrial control sys-
and filters SCADA protocol messages. In [360], Adepu et tems. A cyber-physical simulation methodology was also
al. presented Argus as a framework for defending a public presented and exploited to analyse the security modules
utility against cyber-physical attacks. Its implementation under several different attack scenarios. Moreover, DDA
tests revealed its effectiveness in detecting single and will be extensively used for the next ICS generation and
complex multi-component deception attacks. In [361], implemented into the Industry v4.0 paradigm. In [371],
Ghosh et al. presented their approach towards predict- Sayin et al. introduced a deceptive signalling framework
ing real-time failures of network devices including load as a new defence measure against advanced adversaries
balancers and firewalls using event data. Their focus was in CPS. This framework relies on information that is
on raw device event data. Results revealed that a low strategically accessible to adversaries to indirectly control
failure rate of devices, while achieving a precision rate their actions.
of 77% and recall network device failure prediction of
67%. In [362], Javed et al. presented a novel security
architecture that localizes the cyber-attack in a timely D. CPS Forensics
manner, and simultaneously recovers the affected cyber- It is not enough to encrypt, detect and protect against passive
physical system functionality. Results revealed its effec- and active attacks. In fact, aside from identifying the source
tiveness against system availability attacks only. of the attack, it is also important to know how the attack was
• Honeypots & Deception Techniques Deception is a key performed despite of the challenges [372]. Hence, there an
defensive security measure that CPS rely on as a decoy urgent need for the forensics domain to enhance the forensics
to hide and protect their system. This can be mainly tools and techniques to retrieve and analyze logs of events that
done using honeypots. However, other deceptive solutions took place before, during and after the incident. In fact, CPS
also exist. In [363], Cohen presented how honeypot forensic analysis is still in its early stages of development,
deception can be made more effective upon employment, due to the ICS specialized nature along with its proprietary
while discussing different ranges of deception tactics. and poorly documented protocols [373]. In [374], Awad et
In [364], Antonioli et al. presented the design of a virtual, al. surveyed the digital forensics applied to SCADA systems
high-interaction, server-based ICS honeypot to ensure a and covered the challenges that surround them. Therefore,
realistic, cost-effective, and maintainable ICS honeypot presenting the current state-of-the-art device and network-
that captures the attackers activities. Such implementation specific tools. In [375], Grispos et al. presented a forensic-
aims to target Ethernet/IP based ICS honeypots. In [365], by-design framework that ensure the integration of forensics
Litchfield et al. presented HoneyPhy, a physics-aware principles and concepts in MCPS. In [376], H. Al-Khateeb
framework for complex CPS honeypots that monitor et al. shed a light on a new approach where a Blockchain-
the originating behaviour from the CPS process and based Chain-of-Custody may be simultaneously established
the device that controls the CPS itself. Results reveal to the generated preidentified data (data of interest) by an
that HoneyPhy can be employed to simulate these be- IoT device. In [377], Chan et al. described a novel security
haviours in a real-time manner. In [366], Irvene et al. block method for detecting memory variable changes that
leverage HoneyPhy framework to create the HoneyBot. may affect the integrity of programmable logic controllers and
HoneyBot is the first software hybrid interaction honey- efficiently and effectively enhancing security and forensics.
26
This is done by by adding monitoring and logging mechanisms Authors also stated that their proof-of-concept tool, "Cutter",
to PLCs. Therefore, ensuring faster anomaly detection with which is capable of parsing the content of PCCC messages,
higher accuracy, less overhead and adjustable impact. extracts and presents digital artifacts in a human-readable form
In [378], Ahmadi et al. presented a federated Blockchain such as Simple Mail Transfer Protocol (SMTP) configuration.
(BC) model that achieves forensic-readiness by establishing Moreover, the SMTP configuration can be retrieved from the
a digital Chain-of-Custody (CoC) and a CPS collaborative network log and can be parsed, too.
environment to qualify as Digital Witnesses (DW) to support In [377], Chan et. al. presented a novel security block
post-incident investigations. In [379], Parry et al. presented method that enhances ICS security and forensics by adding
a high speed hardware-software network forensics tool that monitoring and logging mechanisms to PLCs, and ICS’s key
was specifically designed for capturing and replaying data components. Their results demonstrated that their approach
traffic in SCADA systems. Experimental results guaranteed increased the anomaly detection range, speed and accuracy
preserving the original packet ordering with improvement in with a slight performance impact and a reduced network
data capture and replay capabilities. In [380], Cebe et al. overhead. Thus, ensuring a more enhanced, efficient and
presented a blockchain infrastructure by integrating a Vehicu- effective forensic investigation procedure. In [388], Yua et
lar Public Key Infrastructure (VPKI) to achieve membership al. described the design and implementation of a novel PLC
establishment and privacy along a fragmented ledger related logging system. To overcome the inadequacy of information
to detailed vehicular data. Moreover, identities pseudonyms in forensics investigations, their logging system is used to
were used to preserve users’ privacy. In [381], P. Taveras extract data from Siemens S7 communications protocol traffic.
presented a high level software application that detects critical This logging system also helps in recording the evidence
situations like abnormal changes of sensor reads and traffic based on the exchanged data between the PLC and other
over the communication channel, mainly. Therefore, helping network devices. Thus, providing key information about the
by improving critical infrastructure protection and providing attack source, actions and timelines. The choice of Simatic
appropriate SCADA forensics tools for incident response and S7 PLC is due to their widespread use [389] and successful
forensics analysis. In [382], Ahmed et. al. presented a testbed exploitation by insidious Stuxnet malware. In [390], Chan et
of three IPPs (Industrial Physical Processes) using real-world al. focused on the logging mechanism of a Siemens PLC,
industrial equipment including PLC. The authors stated that including the Siemens Total Integrated Automation Portal V13
their presented testbed is useful in cyber-security, education program (Siemens TIA Portal, known as Siemens Step-7).
(SCADA systems) and forensics research including PLC anal- The author’s methodology performs an effective and practical
ysis and programming. Moreover, their testbed includes fully forensics analysis of the PLC. Moreover, it focuses on Siemens
functional physical processes which are deemed very essential PLC along with an installed computer workstation with the
for both research and pedagogical efforts. Siemens TIA Portal (previously targeted by Stuxnet).
In [383], Yau and Chow presented a novel methodology
which logs relevant memory address values, that are being
E. Limitations
used by programmable logic controller programs, in addition
to their timestamps. This methodology can be extremely During the evaluation and analysis of the existing presented
valuable in a forensic investigation in case of an ICS incident. security solutions, several limitations can be deduced, pre-
This is realized by applying machine learning techniques to the sented and discussed as follows:
logged data in order to identify any anomalous programmable • Asymmetric Cryptography: introduces overhead in
logic controller operation. In [384] Saman et. al. combined terms of latency and resources. The asymmetric nature
symbolic execution with model checking to analyse any mali- of certain cryptographic work [285], [292] leaves CPS’s
cious PLC code bound injection. Their combined approach can real-time communication prone to network latency and
also be used for forensic purposes including the identification overhead due to delays in the encryption/decryption pro-
of the areas where the code injection took place, along with cess.
which part of the code caused its execution. In [385], McMinn • Weak Device/User Authentication Scheme: many of
et al. presented a firmware verification tool used for the the presented authentication techniques [130], [73], [306],
forensics analysis of trials of the altered firmware codes to [308] are not very suitable for a secure appliance, due to
gain unauthorised access over ICS networks. Such verification the lack of multi-factor authentication schemes to protect
is achieved either though the analysis of the PLC’s captured CPS systems from unauthorised users and access.
data to check whether the PLC’s firmware is modified or • CPS Forensics Field: are still prone to many challenges
not. In [386], Kleinmann et al. presented an accurate IDS including the lack of tools, skills and responses against
that utilizes a deterministic finite automaton that models the any potential anti-forensics activity [372], [373].
network traffic with a 99.26% accuracy, after analysing and • Inefficient Honeypot & Deception System: despite of
observing the highly periodic network traffic of Siemens S7 the recently proposed techniques in [366], [368], [370],
PLC. In [387], Saranyan et al. provided a comprehensive [371], there are no appropriate honeypot techniques that
forensic analysis of network traffic generated by the PCCC can be specifically adopted to protect CPS systems,
(Programmable Controller Communication Commands) proto- especially in the wake of Industry v4.0.
col, and also presented prototype tool that extracts updates of • Lack of Firewall Protection: firewall solutions includ-
the programmable logic and crucial configuration information. ing [358], [359] are not very applicable and suitable
27
for employment into the CPS domain, nor they offer an modern digital forensics solutions should define new
effective protection. The best solution requires dynamic countermeasures to preserve digital forensics logs.
firewalls, as well as application and next generation 4) Enhancing Security Policy: in many cases, CPS at-
firewall types. tacks occurred by insiders (by accident or on purpose).
• Inefficient Intrusion Detection Systems: despite the Accordingly, all employees must undergo a screening
availability of various IDS types such as anomaly- process before recruitment, and have their privileges
based [352], behaviour-based [345] and signature- suspended outside working hours and monitored their
based [333], these are generally applied within IoT-based actions in the case of advanced tasks. This means that
domains and not specifically designed to protect CPS CPS security policy should be contain new rules to limit
systems. access and to reduce the potential damage.
5) Smart Cooperation with non-cryptographic solu-
VI. L EARNT L ESSONS tions: Intrusion detection systems should be hybrid in all
terms and should be coordinated in an efficient manner
To secure CPS, many lessons were learnt as how to
with firewalls and dynamic honeypot systems.
maintain and achieve their required security goals. Among
6) Enforcing Compliance: by respecting users’ privacy
such lessons:
through ensuring data access regulatory compliance that
1) Maintaining Security Services: new lightweight cryp- processes CPS’s big data via clouds, especially when
tographic solutions are required to secure CPS and stored by utility providers (Trusted Third Party (TTP))
IoCPT in real-time operations but with minimum com- to prevent any data leakage and users privacy violations.
putational complexity. These cryptographic solutions can Therefore, maintaining a suitable trade-off between users
help ensure the following security services: privacy and systems’ security and performance, while
• Confidentiality: there is a need for a new class also ensuring firmer accountability measures [405],
of lightweight block or stream cipher algorithms to [406].
secure CPS resource-constrained real-time commu- 7) Achieving Trade-Off: is essential for maintaining sys-
nications. Recently, a new approach was presented, tems’ availability, safety and security [407], [408].
and it is based on the dynamic key-dependent cipher Therefore, such a trade-off must be achieved based
structure and it requires two or one iteration with on the combination of these three key requirements
few operations [391], [392], [393], [394]. A set while taking into consideration available budget and cost
of these solutions can be applied at the physical requirements in terms of risk assessment:
layer [395], [393], [394].
• Message/Device Integrity: this includes the pro- • Availability & Safety: both features are linked
tection of CPS data and devices’ integrity from any together since issues related to the safety of a CPS
physical/logical alteration(s). This can be done by system also affect its operational availability. To
ensuring that the Operating System, applications, ensure this trade-off, verified back-ups of compu-
and software are securely designed and without tational devices must always be considered in the
any flaws to prevent tampering, with strong cryp- planning phase, as a second line of defense to
tographic hash functions (SHA256, SHA384 and handle any sudden service/system disruption (power
SHA512). In this end, a new lightweight hash cuts, blackouts, pumping stoppage), or maintenance
function was presented in [396] and it requires a (updates, renovation, installation, etc.).
single round compared to the existing ones. • Availability & Security: since availability is very
• Device/Data Availability: requires the need for crucial for all real-time CPS operations, securing
computational resources along with verified back- them is a top priority. For this reason, a trade-off is
ups, and a self-healing ability of CPS in such a to be established between availability and security
way to recover immediately from availability attack (Frequency Hopping/Shifting, Signal-to-Noise Ra-
types. Also, maintaining data availability is as nec- tion, Backup devices, Firewalls, IDS, Traffic Mon-
essary [397], and this can be done by defining a itoring, etc.) especially against wireless jamming
multi-secure connection [398]-[403]. attacks.
2) Strong Device/user Authentication: An efficient de- • Safety & Security: having a secure CPS does
vice/user mutual multi-factor authentication scheme is not always mean that it is protected. In fact, a
necessary,along with enhancing verification and identifi- trade-off must be achieved to maintain both safety
cation phases based on attribute access-control privileges and security features in any CPS domain, where a
(least-privilege) to ensure non-repudiation and stronger safety feature is meant to protect the CPS from any
accountability. accidental failure/hazard (system failure, miscalcu-
3) Protecting Digital Evidences: this is highly important lations, abnormal activities, etc.), while a security
since most of the advanced attacks focus on eliminating feature (IDS, Firewalls, Artificial Intelligence (AI),
any source of evidence that traces back to the attack etc.) ensures protection against intentional cyber-
source, such as the case of Shamoon, Duqu, Flame and physical attacks.
Stuxnet malware types [404], [109], [75]. Furthermore,
28
VII. S UGGESTIONS & R ECOMMENDATIONS the entity authentication scheme since any entity authen-
tication attack can lead to confidentiality, integrity and/or
Different security measures could be adopted and enhanced availability attack. Recently, the concept of multi-factor
to enhance the protection against various threats and attacks. authentication was applied by combining two or more
These include: factors: 1) "you are" which includes device fingerprint,
• Prioritization & Classification: of critical CPS com- user fingerprint, hand geometry, iris scan, retina scan, etc.,
ponents and assets before assessing, managing and and 2) "you have" which includes cryptographic keys to
analysing risks to ensure the proper budget spending on increase its robustness against authentication attacks such
the right choice of security measures (basic, standard or as the ones described in [411], [412]. This mechanism
advanced) in accordance to their costs compared to the should be an essential requirement in CPS systems, in
likelihood of the occurrence of a given incident and its addition to the use of the geographical location. The
impact. advantage of these solutions is their ability to reduce false
• Careful Financial Planning & Management: must positives, and to complicate the authentication attacks
be conducted in terms of available budget and needed since several factors should be broken instead of one.
costs/resources to protect critical/non-critical CPS assets Consequently, this limits the access only to authorised
and components. entities and personnel (devices/users).
• Lightweight Dynamic Key Dependent Cryptographic • Strong Password & dynamic Hashing Process: Pass-
Algorithms: These solutions can be used to to ensure words are considered as the "you know" authentication
several security services such as message confidentiality, factor. However, several attacks such as rainbow and hash
integrity and authentication, which are mandatory during table attacks can be applied. In order to prevent them
any secure CPS communications. This can be done by from occurring, after a periodic interval, passwords must
using new generation of cryptographic algorithms, which be re-hashed with a new dynamic Nonce for each user.
were presented in [392], [409], [410]. The advantage of Moreover, a secure cryptographic hash function should
these solutions that it can reach a good balance between be used such as SHA-3 and SHA-2 (variant 512). This
security and performance level. The robustness against avoids birthday attacks and reduces rainbow/hash table
attacks were proved since a dynamic key is used per attacks.
message (or a set of messages; depend of application • Secure and Protected Audit: can be done by using an
constraints and requirements). Moreover, this dynamic Audit manager system that collects and stores logs in a
key is used to produce a set of cryptographic primitives distributed system. A possible solution that can be applied
and update cryptographic primitives. This means different in this context was presented recently in [413]. This limits
ciphertext can be obtained for the same plaintext since any insider attempt against a cyber-physical system and
different cryptographic primitives are used. While, the it preserves the digital evidence of internal and external
effectiveness is validates since these algorithms require attacks to trace them back.
only one round iteration and uses simple operations in • Enhanced Non-Cryptographic Solutions: require the
addition to avoid diffusion operation. The new generation need for hybrid IDS/IPS systems or AI-based IDS/IPS
of these cryptographic algorithms reduce the required (using Machine Learning algorithms), along with ad-
latency, resources and computation overhead, which help vanced firewalls (i.e Application and Next Generation
CPS devices to preserve better their main functionalities. Firewalls) [414], and dynamic honeypots [415] to prevent
• Defining Privileges: This should be considered as any future security breach based on a vulnerability ex-
the most suitable access control policy, which as- ploit. This can be done by employing lightweight IDS/IPS
signs permissions and rights depending on the users’ and especially the anomaly-based ones. In fact, one
roles/tasks/attributes when it comes to accessing CPS, and should select the anomaly detection algorithm according
removing these access rights upon completing the task or to the CPS device constraints, which can be statistical
upon the employee’s leave. This also includes the use for limited ones or based on machine algorithm, such as
of the least privilege policy. Therefore, the definition of random forest, for powerful CPS devices. On the other
privilege should be done based on Attribute Based Access hand, signature-based techniques can be applied at the
Control (ABAC), where policies combined with attributes Gateway (GW) where all network traffic can be analyzed.
specify access authorizations. Note that ABAC makes • Secure & Verified Backups: this is essential to maintain
access control decisions based on Boolean conditions of the CPS data availability and to avoid data destruction
attribute values. It provides a high level of granularity, or alteration by ensuring robustness against DoS/DDoS
which is necessary to make CPS control access scheme and Ransowmare attacks, especially that such attacks may
more secure. result in total blackouts as in the case of the US. This
• Strong Entity Multi-Factor Authentication: Unfortu- can be done by using lightweight data protection solutions
nately, entity authentication schemes that are based on such as the ones presented in [399].
a single factor of authentication (you have, you know, • Forensic Efforts: are essential to retrieve the traces of
you do or you are) are not resistant enough against any occurring attack. Also, new solutions against anti-
authentication attacks, which are increasingly becoming forensic techniques should be introduced to preserve any
more dangerous. The first line of defense in any system is digital evidence [413]. This is realized by recovering logs
29
and monitoring network and system behaviour, which can • Up-to-Date Systems: cyber-physical systems must be
successfully limit various reconnaissance attempts. How- kept up-to-date in terms of software, firmware and hard-
ever, the newly introduced forensics tools must be com- ware through constant verified patches and updates [422].
patible with different CPS devices’ software/hardware, Moreover, such systems must be secured at different
especially resource constrained devices, and must also levels of their implementations (layered protection), with
be resistant against anti-forensics attempts. the ability to mitigate and tackle a given attack to reduce
• Enhanced Incident Response: includes the ability to its impact and prevent further escalation and damage.
identify, alert and respond to a given incident. More- Furthermore, USB ports must be physically and log-
over, incident recovery and incident investigation plans ically removed to prevent any payload injection, and
should be put in place to mitigate attacks. This provides PLC systems behaviour and activities must be constantly
protection against non-intentional technical and opera- monitored for any suspicious/abnormal behaviour [422].
tional failures (power shortage, blackout) through back- • AI Security Solutions: Artificial Intelligence is used
up plans, and from intentional failures (cyber-attacks), in IDS/IPS anomaly detection schemes or in "you are"
through CERT (Computer Emergency Response) [416], or "you do" entity authentication schemes. In fact, AI
CSIRT (Computer Security Incident Response) [417], is now being considered as a game-changing solution
and IRCF (Incident Response And Computer Forensics) against a variety of cyber-physical attacks targeting CPS
teams [418], [419]. As such, CPS scientists and engineers systems, devices and communication points. Despite the
must undergo further education and training to ensure an time consuming process of training an AI system, the
enhanced and efficient cyber, physical and computational accuracy of detection and prevention are much higher
environment with secure computing and communications. than any human intervention. Recent advancements in
• Real time Monitoring: running real-time systems using machine learning, and especially in deep learning, can
specialised forensics or non-forensics tools and methods make CPS systems more secure, robust and resistant
is essential to prevent any cyber-physical system acci- against cyber-physical attacks.
dental or non-accidental failure. This enables constant • Defense In-Depth: most of the existing solutions offer
checking and monitoring of CPS devices’ behaviour and protection against a single attack aspect or a security
hence, the detection of any cyber-attack attempt in its requirement. Instead, there is need for a multi-purpose se-
early stages. curity solution that ensures the best protection at each op-
• Security Check: and employee screening must be done erational layer (perception, transmission and application)
for each employee before and during the job to elimi- of CPS. For example, the two most known international
nate and contain any possible insider/whistle-blower at- standards for functional safety in the automotive industry,
tempt. Therefore, signing agreements [420] such as Non- the ISO 26262 [423] and IEC 61508/Edition2 [424],
Disclosure Agreement (NDA), Confidentiality Agreement [425] should be respected and applied. This ensures
(CA), Confidential Disclosure Agreement (CDA), Propri- a safe CPS implementation based on the Functional
etary Information Agreement (PIA) or Secrecy Agree- safety, which includes the Safety Integrity Level (SIL)
ment (SA) is highly recommended. Such security checks basics [426] which in turn, rely on the Probability of
are essential especially in critical areas such as nuclear Failure on Demand (PoFoD) and the Risk Reduction Fac-
power plants [421]. tor (RRF) to ensure a much more accurate and efficient
• Periodic Employee Training: includes periodic aware- Hazard and Risk Analysis (HRA) [426], [424], mainly in
ness training of ICS and PLC employees on the best the Electronic Control Units (ECU) [427], [428]).
cyber-security practices based on their level and knowl- • CPS Security & Privacy Life-cycle: finally, to sum up
edge, with the ability to detect any suspicious behaviour this work, our paper presents a combined Operational
or activity. Moreover, employees must be trained over and Functional Safety/Security (OFSS) life-cycle that
various security threats and wrong practices such as ensures a successful and safe CPS employment as seen
avoiding the installation of any software update, how to in Fig. 9). This framework is derived from ISO 26262
counter social-engineering and phishing attempts, while and IEC 61508/Edition2 protocols and their approach
also maintaining accountability in case of wrong doings. towards ensuring the CPS Functional safety/security. The
• Periodic Pen Testing & Vulnerability Assessment: framework consists of six main phases:
must be maintained in a periodic manner to enforce sys-
tem auditing, detecting threats, and mitigating them in a – Phase 1: Devising a plan to design a CPS system by
real-time manner before they are discovered and exploited following a well-defined time-table and schedule in
by an attacker under the zero-day exploit conditions. accordance to the needed budget and corresponding
• Periodic Risk Assessment: must also be enforced to costs. This also requires the assistance of humans
study the likelihood and impact of a given risk against (businessmen, engineers, workers, etc.) and non-
a critical/non-critical cyber-physical system based on human assets (vehicles, machines, etc.).
a qualitative or/and quantitative risk assessment and a – Phase 2: requires a careful risk and hazard analysis,
Cost–Benefit Analysis (CBA), to classify the risk based which consists of a proper risk management and
on acceptable/non-acceptable level and to mitigate it as asset classification, as well as the mutual connection
early as possible. between the two to ensure an accurate decision-
30
[23] Ovunc Kocabas, Tolga Soyata, and Mehmet K Aktas. Emerging [31] Qi Jing, Athanasios V Vasilakos, Jiafu Wan, Jingwei Lu, and Dechao
security mechanisms for medical cyber physical systems. IEEE/ACM Qiu. Security of the internet of things: perspectives and challenges.
transactions on computational biology and bioinformatics, 13(3):401– Wireless Networks, 20(8):2481–2501, 2014.
416, 2016. [32] Anthony D Wood and John A Stankovic. Security of distributed,
[24] Christine Lai, Patricia Cordeiro, Adarsh Hasandka, Nicholas Jacobs, ubiquitous, and embedded computing platforms. Wiley Handbook of
Shamina Hossain-McKenzie, Deepu Jose, Danish Saleem, and Maurice Science and Technology for Homeland Security, pages 1–1, 2008.
Martin. Cryptography considerations for distributed energy resource [33] Miao Wu, Ting-Jie Lu, Fei-Yang Ling, Jing Sun, and Hui-Ying Du.
systems. In 2019 IEEE Power and Energy Conference at Illinois Research on the architecture of internet of things. In 2010 3rd Inter-
(PECI), pages 1–7. IEEE, 2019. national Conference on Advanced Computer Theory and Engineering
[25] Yosef Ashibani and Qusay H Mahmoud. Cyber physical systems (ICACTE), volume 5, pages V5–484. IEEE, 2010.
security: Analysis, challenges and solutions. Computers & Security, [34] Teodor Sommestad, Göran N Ericsson, and Jakob Nordlander. Scada
68:81–97, 2017. system cyber security—a comparison of standards. In Power and
[26] Rwan Mahmoud, Tasneem Yousuf, Fadi Aloul, and Imran Zualkernan. Energy Society General Meeting, 2010 IEEE, pages 1–8. IEEE, 2010.
Internet of things (iot) security: Current status, challenges and prospec- [35] Bonnie Zhu and Shankar Sastry. Scada-specific intrusion detec-
tive measures. In 2015 10th International Conference for Internet tion/prevention systems: a survey and taxonomy. In Proceedings of
Technology and Secured Transactions (ICITST), pages 336–341. IEEE, the 1st workshop on secure control systems (SCS), volume 11, page 7,
2015. 2010.
[27] Nishanth Gaddam, G Sudha Anil Kumar, and Arun K Somani. Securing [36] Venkatraman Sridharan. Cyber security in power systems. PhD thesis,
physical processes against cyber attacks in cyber-physical systems. Georgia Institute of Technology, 2012.
In Proc. Nat. Workshop Res. High-Confidence Transp. Cyber-Phys. [37] Joseph Weiss. Protecting industrial control systems from electronic
Systems, Autom., Aviation Rail, pages 1–3, 2008. threats. Momentum Press, 2010.
[28] Kai Zhao and Lina Ge. A survey on the internet of things security. [38] Wei Hu, Jason Oberg, Janet Barrientos, Dejun Mu, and Ryan Kastner.
In 2013 Ninth international conference on computational intelligence Expanding gate level information flow tracking for multilevel security.
and security, pages 663–667. IEEE, 2013. IEEE Embedded Systems Letters, 5(2):25–28, 2013.
[29] Rafiullah Khan, Sarmad Ullah Khan, Rifaqat Zaheer, and Shahid Khan. [39] Haihui Gao, Yong Peng, Kebin Jia, Zhonghua Dai, and Ting Wang.
Future internet: the internet of things architecture, possible applications The design of ics testbed based on emulation, physical, and simulation
and key challenges. In 2012 10th international conference on frontiers (eps-ics testbed). In 2013 Ninth International Conference on Intelligent
of information technology, pages 257–260. IEEE, 2012. Information Hiding and Multimedia Signal Processing, pages 420–423.
[30] YANG Geng, Chun-ming Rong, Christian Veigner, Jiang-Tao Wang, IEEE, 2013.
and Hong-Bing Cheng. Identity-based key agreement and encryption [40] A Saqib, RAJA WASEEM Anwar, OMAR KHADEER Hussain, Mu-
for wireless sensor networks. The Journal of China Universities of dassar Ahmad, Md Asri Ngadi, Mohd Murtadha Mohamad, ZOHAIR
Posts and Telecommunications, 13(4):54–60, 2006. Malki, C Noraini, BOKOLO ANTHONY Jnr, RNH Nor, et al. Cyber
32
security for cyber physcial systems: A trust-based approach. J Theor [62] Yang Yalei and Zhou Xingshe. Cyber-physical systems modeling
Appl Inf Technol, 71(2):144–152, 2015. based on extended hybrid automata. In 2013 International Conference
[41] Bing Zhang, Xin-Xin Ma, and Zhi-Guang Qin. Security architecture on Computational and Information Sciences, pages 1871–1874. IEEE,
on the trusting internet of things. Journal of Electronic Science and 2013.
Technology, 9(4):364–367, 2011. [63] Albert Benveniste, Timothy Bourke, Benoıt Caillaud, and Marc
[42] James Clause and Alessandro Orso. Camouflage: automated Pouzet. Hybrid systems modeling challenges caused by cyber-
anonymization of field data. In 2011 33rd International Conference physical systems. Cyber-Physical Systems (CPS) Foundations and
on Software Engineering (ICSE), pages 21–30. IEEE, 2011. Challenges. Available on-line: http://people. rennes. inria. fr/Albert.
[43] Steven Patrick Pomroy, Robert Raymond Lake, and Trevor Anthony Benveniste/pub/NIST2012. pdf, 2013.
Dunn. Data masking system and method, July 5 2011. US Patent [64] Pratyush Kumar, Dip Goswami, Samarjit Chakraborty, Anuradha An-
7,974,942. naswamy, Kai Lampka, and Lothar Thiele. A hybrid approach to cyber-
[44] Charalambos Konstantinou, Michail Maniatakos, Fareena Saqib, physical systems verification. In DAC Design Automation Conference
Shiyan Hu, Jim Plusquellic, and Yier Jin. Cyber-physical systems: 2012, pages 688–696. IEEE, 2012.
A security perspective. In 2015 20th IEEE European Test Symposium [65] Terry Tidwell, Xiuyu Gao, Huang-Ming Huang, Chenyang Lu, Shirley
(ETS), pages 1–8. IEEE, 2015. Dyke, and Christopher Gill. Towards configurable real-time hybrid
[45] Shahid Raza. Lightweight security solutions for the internet of things. structural testing: a cyber-physical system approach. In 2009 IEEE
PhD thesis, Mälardalen University, Västerås, Sweden, 2013. International Symposium on Object/Component/Service-Oriented Real-
[46] Jayavardhana Gubbi, Rajkumar Buyya, Slaven Marusic, and Time Distributed Computing, pages 37–44. IEEE, 2009.
Marimuthu Palaniswami. Internet of things (iot): A vision, architectural [66] Mao Jianhui. Event driven monitoring of cyber-physical systems
elements, and future directions. Future generation computer systems, based on hybrid automata. National University of Defense Technology
29(7):1645–1660, 2013. Changsha, 2011.
[47] David C Mazur, Ryan D Quint, and Virgilio A Centeno. Time [67] Chee-Wooi Ten, Chen-Ching Liu, and Govindarasu Manimaran. Vul-
synchronization of automation controllers for power applications. In nerability assessment of cybersecurity for scada systems. IEEE Trans-
2012 IEEE Industry Applications Society Annual Meeting, pages 1–8. actions on Power Systems, 23(4):1836–1846, 2008.
IEEE, 2012. [68] Roberto Godreau. SCADA systems and their vulnerabilities within the
[48] Umberto Morelli, Lorenzo Nicolodi, and Silvio Ranise. An open and Smart Grid: Can they be defended from a cyber attack. PhD thesis,
flexible cybersecurity training laboratory in it/ot infrastructures. In Utica College, 2013.
Computer Security, pages 140–155. Springer, 2019. [69] Kyle Coffey, Richard Smith, Leandros Maglaras, and Helge Janicke.
[49] Stephen R Vogel and Steven Jeffrey Zack. Method and apparatus Vulnerability analysis of network scanning on scada systems. Security
providing remote reprogramming of programmable logic devices using and Communication Networks, 2018, 2018.
embedded jtag physical layer and protocol, December 26 2006. US [70] Frances M Cleveland. Cyber security issues for advanced metering
Patent 7,155,711. infrasttructure (ami). In Power and Energy Society General Meeting-
[50] Aitor Ardanza, Aitor Moreno, Álvaro Segura, Mikel de la Cruz, Conversion and Delivery of Electrical Energy in the 21st Century, 2008
and Daniel Aguinaga. Sustainable and flexible industrial human IEEE, pages 1–5. IEEE, 2008.
machine interfaces to support adaptable applications in the industry 4.0 [71] Anthony R Metke and Randy L Ekl. Smart grid security technology.
paradigm. International Journal of Production Research, 57(12):4045– In Innovative Smart Grid Technologies (ISGT), 2010, pages 1–7. IEEE,
4059, 2019. 2010.
[51] James R Saunders. Automated remote telemetry paging system, [72] Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Ander-
August 8 1989. US Patent 4,856,047. son, Hovav Shacham, Stefan Savage, Karl Koscher, Alexei Czeskis,
[52] Keith Stouffer and Joe Falco. Guide to supervisory control and data Franziska Roesner, Tadayoshi Kohno, et al. Comprehensive experi-
acquisition (SCADA) and industrial control systems security. National mental analyses of automotive attack surfaces. In USENIX Security
institute of standards and technology, 2006. Symposium, pages 77–92. San Francisco, 2011.
[53] Richard E Zapolin. Remote terminal industrial control communication [73] Michael Rushanan, Aviel D Rubin, Denis Foo Kune, and Colleen M
system, June 16 1992. US Patent 5,122,948. Swanson. Sok: Security and privacy in implantable medical devices
[54] Marc Geilen, Stavros Tripakis, and Maarten Wiggers. The earlier the and body area networks. In 2014 IEEE Symposium on Security and
better: a theory of timed actor interfaces. In Proceedings of the 14th Privacy (SP), pages 524–539. IEEE, 2014.
international conference on Hybrid systems: computation and control, [74] Robson de Oliveira Albuquerque, Luis Javier García Villalba, Ana
pages 23–32. ACM, 2011. Lucila Sandoval Orozco, Rafael Timóteo de Sousa Júnior, and Tai-
[55] Pascal A Vicaire, Enamul Hoque, Zhiheng Xie, and John A Stankovic. Hoon Kim. Leveraging information security and computational trust
Bundle: A group-based programming abstraction for cyber-physical for cybersecurity. The Journal of Supercomputing, 72(10):3729–3763,
systems. IEEE Transactions on Industrial Informatics, 8(2):379–392, 2016.
2012. [75] Kate Munro. Deconstructing flame: the limitations of traditional
[56] Arquimedes Canedo, Eric Schwarzenbach, and Mohammad Abdullah defences. Computer Fraud & Security, 2012(10):8–11, 2012.
Al Faruque. Context-sensitive synthesis of executable functional [76] Bill Miller and Dale Rowe. A survey scada of and critical infrastructure
models of cyber-physical systems. In Proceedings of the ACM/IEEE incidents. In Proceedings of the 1st Annual conference on Research in
4th International Conference on Cyber-Physical Systems, pages 99– information technology, pages 51–56. ACM, 2012.
108. ACM, 2013. [77] Patrick McDaniel and Stephen McLaughlin. Security and privacy
[57] Zhenkai Zhang, Joseph Porter, Emeka Eyisi, Gabor Karsai, Xenofon challenges in the smart grid. IEEE Security & Privacy, (3):75–77,
Koutsoukos, and Janos Sztipanovits. Co-simulation framework for 2009.
design of time-triggered cyber physical systems. In Proceedings of the [78] Jan Vávra and Martin Hromada. An evaluation of cyber threats to
ACM/IEEE 4th International Conference on Cyber-Physical Systems, industrial control systems. In International Conference on Military
pages 119–128. ACM, 2013. Technologies (ICMT) 2015, pages 1–5. IEEE, 2015.
[58] Fei Hu, Yu Lu, Athanasios V Vasilakos, Qi Hao, Rui Ma, Yogendra [79] Daniel Halperin, Thomas S Heydt-Benjamin, Kevin Fu, Tadayoshi
Patil, Ting Zhang, Jiang Lu, Xin Li, and Neal N Xiong. Robust Kohno, and William H Maisel. Security and privacy for implantable
cyber–physical systems: concept, models, and implementation. Future medical devices. IEEE pervasive computing, (1):30–39, 2008.
generation computer systems, 56:449–475, 2016. [80] Insup Lee, Oleg Sokolsky, Sanjian Chen, John Hatcliff, Eunkyoung
[59] Ying Tan, Mehmet C Vuran, Steve Goddard, Yue Yu, Miao Song, and Jee, BaekGyu Kim, Andrew King, Margaret Mullen-Fortino, Soojin
Shangping Ren. A concept lattice-based event model for cyber-physical Park, Alexander Roederer, et al. Challenges and research directions in
systems. In Proceedings of the 1st ACM/IEEE International Conference medical cyber–physical systems. Proceedings of the IEEE, 100(1):75–
on Cyber-physical Systems, pages 50–60. ACM, 2010. 90, 2012.
[60] Rajeev Alur, Costas Courcoubetis, Nicolas Halbwachs, Thomas A [81] RR Brooks, S Sander, J Deng, and J Taiber. Automotive system secu-
Henzinger, Pei-Hsin Ho, Xavier Nicollin, Alfredo Olivero, Joseph rity: challenges and state-of-the-art. In Proceedings of the 4th annual
Sifakis, and Sergio Yovine. The algorithmic analysis of hybrid systems. workshop on Cyber security and information intelligence research:
Theoretical computer science, 138(1):3–34, 1995. developing strategies to meet the cyber security and information
[61] Panos J Antsaklis, James A Stiver, and Michael Lemmon. Hybrid intelligence challenges ahead, page 26. ACM, 2008.
system modeling and autonomous control systems. In Hybrid systems, [82] Hossein Zeynal, Mostafa Eidiani, and Dariush Yazdanpanah. Intelligent
pages 366–392. Springer, 1992. substation automation systems for robust operation of smart grids. In
33
2014 IEEE Innovative Smart Grid Technologies-Asia (ISGT ASIA), Apt28, red october, and regin. In Critical Infrastructure Security and
pages 786–790. IEEE, 2014. Resilience, pages 221–244. Springer, 2019.
[83] Thomas M Chen, Juan Carlos Sanchez-Aarnoutse, and John Buford. [109] Sami Zhioua. The middle east under malware attack dissecting cyber
Petri net modeling of cyber-physical attacks on smart grid. IEEE weapons. In 2013 IEEE 33rd International Conference on Distributed
Transactions on Smart Grid, 2(4):741–749, 2011. Computing Systems Workshops, pages 11–16. IEEE, 2013.
[84] S Massoud Amin. Securing the electricity grid. The Bridge, 40(1):19– [110] Zakariya Dehlawi and Norah Abokhodair. Saudi arabia’s response
20, 2010. to cyber conflict: A case study of the shamoon malware incident.
[85] Task Force. Final report on the august 14, 2003 blackout in the united In 2013 IEEE International Conference on Intelligence and Security
states and canada: Causes and recommendations, us-canada power Informatics, pages 73–75. IEEE, 2013.
system outage task force, 2004. [111] Afnan Alabdulatif. Cybercrime and Analysis of Laws in Kingdom of
[86] Yong-Soo Eun and Judith Sita Aßmann. Cyberwar: Taking stock Saudi Arabia. PhD thesis, 2018.
of security and warfare in the digital age. International Studies [112] Kenneth Geers, Darien Kindlund, Ned Moran, and Rob Rachwald.
Perspectives, 17(3):343–360, 2016. World war c: Understanding nation-state motives behind today’s ad-
[87] Charles M Davidson and Michael J Santorelli. Realizing the smart grid vanced cyber attacks. FireEye, Milpitas, CA, USA, Tech. Rep., Sep,
imperative. 2011. 2014.
[88] John Moteff. Risk management and critical infrastructure protection: [113] Gaute Wangen. The role of malware in reported cyber espionage: a
Assessing, integrating, and managing threats, vulnerabilities and conse- review of the impact and mechanism. Information, 6(2):183–211, 2015.
quences. Library of Congress Washington DC Congressional Research [114] Michele Gaietta. The Trajectory of Iran’s Nuclear Program. Springer,
Service, 2005. 2016.
[89] Bonnie Zhu, Anthony Joseph, and Shankar Sastry. A taxonomy of [115] David Moore, Vern Paxson, Stefan Savage, Colleen Shannon, Stuart
cyber attacks on scada systems. In 2011 International conference on Staniford, and Nicholas Weaver. Inside the slammer worm. IEEE
internet of things and 4th international conference on cyber, physical Security & Privacy, (4):33–39, 2003.
and social computing, pages 380–388. IEEE, 2011. [116] Andrew Simmonds, Peter Sandilands, and Louis Van Ekert. An
[90] Troy Nash. Backdoors and holes in network perimeters. Online]: ontology for network security attacks. In Asian Applied Computing
http://ics-cert. us-cert. gov/controlsystems, 2005. Conference, pages 317–323. Springer, 2004.
[91] Saurabh Amin, Xavier Litrico, Shankar Sastry, and Alexandre M [117] G Francia III, D Thornton, and T Brookshire. Cyberattacks on scada
Bayen. Cyber security of water scada systems—part i: Analysis and systems. In Proc. 16th Colloquium Inf. Syst. Security Educ, pages 9–14,
experimentation of stealthy deception attacks. IEEE Transactions on 2012.
Control Systems Technology, 21(5):1963–1970, 2012. [118] Patrick S Ryan. War, peace, or stalemate: Wargames, wardialing,
[92] Eric Byres and Justin Lowe. The myths and facts behind cyber wardriving, and the emerging market for hacker ethics. Va. JL & Tech.,
security risks for industrial control systems. In Proceedings of the 9:1, 2004.
VDE Kongress, volume 116, pages 213–218, 2004.
[119] Hüseyin Demirci and Ali Aydın Selçuk. A meet-in-the-middle attack on
[93] Saurabh Amin, Galina A Schwartz, and Alefiya Hussain. In quest of
8-round aes. In International Workshop on Fast Software Encryption,
benchmarking security risks to cyber-physical systems. IEEE Network,
pages 116–126. Springer, 2008.
27(1):19–24, 2013.
[120] Anita D’Amico, Christina Verderosa, Christopher Horn, and Timothy
[94] Emilio Iasiello. Cyber attack: A dull tool to shape foreign policy. In
Imhof. Integrating physical and cyber security resources to detect
2013 5th International Conference on Cyber Conflict (CYCON 2013),
wireless threats to critical infrastructure. In Technologies for Homeland
pages 1–18. IEEE, 2013.
Security (HST), 2011 IEEE International Conference on, pages 494–
[95] Vehbi C Gungor, Dilan Sahin, Taskin Kocak, Salih Ergut, Concettina
500. IEEE, 2011.
Buccella, Carlo Cecati, and Gerhard P Hancke. Smart grid technolo-
gies: Communication technologies and standards. IEEE transactions [121] Guillermo Francia III, David Thornton, and Thomas Brookshire. Wire-
on Industrial informatics, 7(4):529–539, 2011. less vulnerability of scada systems. In Proceedings of the 50th Annual
[96] Jacob W Jorgensen. Transmission control protocol/internet protocol Southeast Regional Conference, pages 331–332. ACM, 2012.
(tcp/ip) packet-centric wireless point to multi-point (ptmp) transmission [122] T Paukatong. Scada security: A new concerning issue of an in-
system architecture, March 1 2005. US Patent 6,862,622. house egat-scada. In Transmission and Distribution Conference and
[97] Andrew Nicholson, Stuart Webber, Shaun Dyer, Tanuja Patel, and Exhibition: Asia and Pacific, 2005 IEEE/PES, pages 1–5. IEEE, 2005.
Helge Janicke. Scada security in the light of cyber-warfare. Computers [123] Igor Nai Fovino, Andrea Carcano, Marcelo Masera, and Alberto
& Security, 31(4):418–436, 2012. Trombetta. An experimental investigation of malware attacks on scada
[98] Raj Srinivasan. Rpc: Remote procedure call protocol specification systems. International Journal of Critical Infrastructure Protection,
version 2. 1995. 2(4):139–145, 2009.
[99] Maxwell Dondo, Jonathan Risto, and Reginald Sawilla. Reliability [124] Rose Tsang. Cyberthreats, vulnerabilities and attacks on scada net-
of exploits and consequences for decision support. Technical Report, works. University of California, Berkeley, Working Paper, http://gspp.
pages 1–16, 2015. berkeley. edu/iths/Tsang_SCADA% 20Attacks. pdf (as of Dec. 28,
[100] Stamatis Karnouskos. Stuxnet worm impact on industrial cyber- 2011), 2010.
physical system security. In IECON 2011-37th Annual Conference [125] Peter Huitsing, Rodrigo Chandia, Mauricio Papa, and Sujeet Shenoi.
of the IEEE Industrial Electronics Society, pages 4490–4494. IEEE, Attack taxonomies for the modbus protocols. International Journal of
2011. Critical Infrastructure Protection, 1:37–44, 2008.
[101] Thomas M Chen and Saeed Abu-Nimeh. Lessons from stuxnet. [126] Daisuke Mashima and Alvaro A Cárdenas. Evaluating electricity theft
Computer, 44(4):91–93, 2011. detectors in smart grid networks. In International Workshop on Recent
[102] Boldizsár Bencsáth, Gábor Pék, Levente Buttyán, and Mark Felegyhazi. Advances in Intrusion Detection, pages 210–229. Springer, 2012.
The cousins of stuxnet: Duqu, flame, and gauss. Future Internet, [127] Wenye Wang and Zhuo Lu. Cyber security in the smart grid: Survey
4(4):971–1003, 2012. and challenges. Computer Networks, 57(5):1344–1371, 2013.
[103] Boldizsár Bencsáth, Gábor Ács-Kurucz, Gábor Molnár, Gábor Vaspöri, [128] Ruben Santamarta. Here be backdoors: A journey into the secrets of
Levente Buttyán, and Roland Kamarás. Duqu 2.0: A comparison to industrial firmware. Black Hat USA, 2012.
duqu. Budapest. Retrieved February, 27:2016, 2015. [129] Shyamnath Gollakota, Haitham Hassanieh, Benjamin Ransford, Dina
[104] Boldizsár Bencsáth, Gábor Pék, Levente Buttyán, and Márk Félegyházi. Katabi, and Kevin Fu. They can hear your heartbeats: non-invasive se-
Duqu: A stuxnet-like malware found in the wild. CrySyS Lab Technical curity for implantable medical devices. In ACM SIGCOMM Computer
Report, 14:1–60, 2011. Communication Review, volume 41, pages 2–13. ACM, 2011.
[105] Darlene Storm. Gauss malware: Nation-state cyber-espionage banking [130] Daniel Halperin, Thomas S Heydt-Benjamin, Benjamin Ransford,
trojan related to flame, stuxnet. Computerworld, 9, 2012. Shane S Clark, Benessa Defend, Will Morgan, Kevin Fu, Tadayoshi
[106] Andrew Leedom. Stuxnet-risk & uncertainty in the first salvo of global Kohno, and William H Maisel. Pacemakers and implantable cardiac
cyber warfare. The SAIS Europe Journal of Global Affairs, 2016. defibrillators: Software radio attacks and zero-power defenses. In
[107] Raymond Chavez, William Kranich, and Alex Casella. Red october Security and Privacy, 2008. SP 2008. IEEE Symposium on, pages 129–
and its reincarnation. Bost. Univ.| CS558 Netw. Secur, 2015. 142. IEEE, 2008.
[108] Henry Mwiki, Tooska Dargahi, Ali Dehghantanha, and Kim- [131] Jerome Radcliffe. Hacking medical devices for fun and insulin: Break-
Kwang Raymond Choo. Analysis and triage of advanced hack- ing the human scada system. In Black Hat Conference presentation
ing groups targeting western countries critical national infrastructure: slides, volume 2011, 2011.
34
[132] Ulf E Larson and Dennis K Nilsson. Securing vehicles against cyber Electronique et Automatique, Laval, France 5-6 July 2012 Edited by,
attacks. In Proceedings of the 4th annual workshop on Cyber security page 18, 2012.
and information intelligence research: developing strategies to meet the [154] Merike Kaeo. Cyber attacks on estonia: Short synopsis. Double
cyber security and information intelligence challenges ahead, page 30. Shot Security. www. doubleshotsecurity. com/pdf/NANOG_eesti. pdf
ACM, 2008. (accessed 18 July 2009), 2007.
[133] Karl Koscher, Alexei Czeskis, Franziska Roesner, Shwetak Patel, [155] George T Donovan Jr. Russian operational art in the russo-georgian
Tadayoshi Kohno, Stephen Checkoway, Damon McCoy, Brian Kantor, war of 2008. Technical report, ARMY WAR COLL CARLISLE
Danny Anderson, Hovav Shacham, et al. Experimental security analysis BARRACKS PA, 2009.
of a modern automobile. In Security and Privacy (SP), 2010 IEEE [156] Madihah Mohd Saudi, Sazali Sukardi, Noor Azwa Azreen Abd Aziz,
Symposium on, pages 447–462. IEEE, 2010. Azuan Ahmad, and Muhammad‘Afif Husainiamer. Malware classifica-
[134] Rob Millerb Ishtiaq Roufa, Hossen Mustafaa, Sangho Ohb Travis Tay- tion for cyber physical system (cps) based on phylogenetics.
lora, Wenyuan Xua, Marco Gruteserb, Wade Trappeb, and Ivan Seskarb. [157] Abel Yeboah-Ofori, Jamal-Deen Abdulai, and Ferdinand Katsriku.
Security and privacy vulnerabilities of in-car wireless networks: A Cybercrime and risks for cyber physical systems 2019. International
tire pressure monitoring system case study. In 19th USENIX Security Journal of Cyber-Security and Digital Forensics, 8(1):43–58, 2019.
Symposium, Washington DC, pages 11–13, 2010. [158] Kristofas Barakat. Does Lebanon possess the capabilities to defend
[135] Doug MacDonald, Samuel L Clements, Scott W Patrick, Casey Perkins, itself from cyber-theats? Learning from Estonia’s experience.(c2019).
George Muller, Mary J Lancaster, and Will Hutton. Cyber/physical PhD thesis, Lebanese American University, 2019.
security vulnerability assessment integration. In Innovative Smart Grid [159] Ale J Hejase, Hussin J Hejase, and Jose A Hejase. Cyber warfare
Technologies (ISGT), 2013 IEEE PES, pages 1–6. IEEE, 2013. awareness in lebanon: Exploratory research. International Journal of
[136] Yilin Mo, Tiffany Hyun-Jin Kim, Kenneth Brancik, Dona Dickinson, Cyber-Security and Digital Forensics (IJCSDF), 4(4):482–497, 2015.
Heejo Lee, Adrian Perrig, and Bruno Sinopoli. Cyber–physical security [160] Tigist Abera, N Asokan, Lucas Davi, Jan-Erik Ekberg, Thomas Nyman,
of a smart grid infrastructure. Proceedings of the IEEE, 100(1):195– Andrew Paverd, Ahmad-Reza Sadeghi, and Gene Tsudik. C-flat:
209, 2012. control-flow attestation for embedded systems software. In Proceedings
[137] Haibo He and Jun Yan. Cyber-physical attacks and defences in of the 2016 ACM SIGSAC Conference on Computer and Communica-
the smart grid: a survey. IET Cyber-Physical Systems: Theory & tions Security, pages 743–754. ACM, 2016.
Applications, 1(1):13–27, 2016. [161] Daming D Chen, Maverick Woo, David Brumley, and Manuel
[138] Hamza Fawzi, Paulo Tabuada, and Suhas Diggavi. Secure estimation Egele. Towards automated dynamic analysis for linux-based embedded
and control for cyber-physical systems under adversarial attacks. IEEE firmware. In NDSS, 2016.
Transactions on Automatic control, 59(6):1454–1467, 2014. [162] Aurélien Francillon and Claude Castelluccia. Code injection attacks
[139] Mohammed Nasser Al-Mhiqani, Rabiah Ahmad, Warusia Yassin, on harvard-architecture devices. In Proceedings of the 15th ACM
Aslinda Hassan, Zaheera Zainal Abidin, Nabeel Salih Ali, and Kar- conference on Computer and communications security, pages 15–26.
rar Hameed Abdulkareem. Cyber-security incidents: a review cases in ACM, 2008.
cyber-physical systems. International Journal of Advanced Computer [163] Ryan Roemer, Erik Buchanan, Hovav Shacham, and Stefan Savage.
Science and Applications, 9(1):499–508, 2018. Return-oriented programming: Systems, languages, and applications.
[140] David Albright, Paul Brannan, and Christina Walrond. Stuxnet malware ACM Transactions on Information and System Security (TISSEC),
and natanz: Update of isis december 22, 2010 report. Institute for 15(1):2, 2012.
Science and International Security, 15:739883–3, 2011. [164] Homa Alemzadeh, Daniel Chen, Xiao Li, Thenkurussi Kesavadas,
[141] Jill Slay and Michael Miller. Lessons learned from the maroochy Zbigniew T Kalbarczyk, and Ravishankar K Iyer. Targeted attacks
water breach. In International conference on critical infrastructure on teleoperated surgical robots: Dynamic model-based detection and
protection, pages 73–82. Springer, 2007. mitigation. In Dependable Systems and Networks (DSN), 2016 46th
Annual IEEE/IFIP International Conference on, pages 395–406. IEEE,
[142] Lionel Fillatre, Igor Nikiforov, Peter Willett, et al. Security of scada
2016.
systems against cyber–physical attacks. IEEE Aerospace and Electronic
[165] Hong Hu, Shweta Shinde, Sendroiu Adrian, Zheng Leong Chua,
Systems Magazine, 32(5):28–45, 2017.
Prateek Saxena, and Zhenkai Liang. Data-oriented programming: On
[143] Mary Jane Credeur. Fbi probes georgia water plant break-in on terror
the expressiveness of non-control data attacks. In Security and Privacy
concern, 2013.
(SP), 2016 IEEE Symposium on, pages 969–986. IEEE, 2016.
[144] Fahmida Y Rashid. Telvent hit by sophisticated cyber-attack, scada [166] Venkat N Gudivada, Srini Ramaswamy, and Seshadri Srinivasan. Data
admin tool compromised. Retrieved from SecurityWeek website: management issues in cyber-physical systems. In Transportation
http://www. securityweek. com/telvent-hit-sophisticated-cyber-attack- Cyber-Physical Systems, pages 173–200. Elsevier, 2018.
scada-admin-tool-compromised, 2012. [167] George Loukas. Cyber-physical attacks: A growing invisible threat.
[145] Brian Krebs. Cyber incident blamed for nuclear power plant shutdown. Butterworth-Heinemann, 2015.
Washington Post, June, 5:2008, 2008. [168] Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, and Marcel
[146] Tony Flick and Justin Morehouse. Securing the smart grid: next Winandy. Privilege escalation attacks on android. In international
generation power grid security. Elsevier, 2010. conference on Information security, pages 346–360. Springer, 2010.
[147] Lydia Ray. Cyber-physical systems: An overview of design process, [169] Jim Owens and Jeanna Matthews. A study of passwords and methods
applications, and security. In Cyber Warfare and Terrorism: Concepts, used in brute-force ssh attacks. In USENIX Workshop on Large-Scale
Methodologies, Tools, and Applications, pages 128–150. IGI Global, Exploits and Emergent Threats (LEET), 2008.
2020. [170] Arvind Narayanan and Vitaly Shmatikov. Fast dictionary attacks on
[148] Michał Choraś, Rafał Kozik, Adam Flizikowski, Witold Hołubowicz, passwords using time-space tradeoff. In Proceedings of the 12th ACM
and Rafał Renk. Cyber threats impacting critical infrastructures. In conference on Computer and communications security, pages 364–372.
Managing the Complexity of Critical Infrastructures, pages 139–161. ACM, 2005.
Springer, Cham, 2016. [171] David P Jablon. Extended password key exchange protocols immune to
[149] Timo Kiravuo, Mikko Särelä, and Jukka Manner. Weapons against dictionary attack. In Proceedings of IEEE 6th Workshop on Enabling
cyber-physical targets. In 2013 IEEE 33rd International Conference Technologies: Infrastructure for Collaborative Enterprises, pages 248–
on Distributed Computing Systems Workshops, pages 321–326. IEEE, 255. IEEE, 1997.
2013. [172] Panagiotis Papantonakis, Dionisios Pnevmatikatos, Ioannis Papaefs-
[150] Yacov Y Haimes. Risk of terrorism to cyber-physical and tathiou, and Charalampos Manifavas. Fast, fpga-based rainbow table
organizational-societal infrastructures. Public Works Management & creation for attacking encrypted mobile communications. In 2013
Policy, 6(4):231–240, 2002. 23rd International Conference on Field programmable Logic and
[151] Abhishek Gupta, Mohit Kumar, Siddhartha Hansel, and Aswini Kumar Applications, pages 1–6. IEEE, 2013.
Saini. Future of all technologies-the cloud and cyber physical systems. [173] Mihir Bellare and Tadayoshi Kohno. Hash function balance and
Future, 2(2), 2013. its impact on birthday attacks. In International Conference on the
[152] Abel Yeboah-ofori, Jamal-Deen Abdulai, and Ferdinand Katsriku. Theory and Applications of Cryptographic Techniques, pages 401–418.
Cybercrime and risks for cyber physical systems: A review. 2018. Springer, 2004.
[153] Kari Alenius and M Warren. An exceptional war that ended in victory [174] Patrick Gage Kelley, Saranga Komanduri, Michelle L Mazurek, Richard
for estonia or an ordinary e-disturbance? estonian narratives of the Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith
cyber-attacks in 2007. The Institute Ecole Supérieure en Informatique Cranor, and Julio Lopez. Guess again (and again and again): Measuring
35
password strength by simulating password-cracking algorithms. In Levchenko. To catch a ratter: Monitoring the behavior of amateur
2012 IEEE symposium on security and privacy, pages 523–537. IEEE, darkcomet rat operators in the wild. In 2017 IEEE Symposium on
2012. Security and Privacy (SP), pages 770–787. Ieee, 2017.
[175] Niels Provos, Markus Friedl, and Peter Honeyman. Preventing privilege [197] Stephen Hilt and Lord Alfred Remorin. How cybercriminals can abuse
escalation. In USENIX Security Symposium, 2003. chat platform apis as c&c infrastructures.
[176] Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Thomas Fischer, [198] Alexander Gostev, Roman Unuchek, Maria Garnaeva, Denis
and Ahmad-Reza Sadeghi. Xmandroid: A new android evolution to Makrushin, and Anton Ivanov. It threat evolution in q1 2016.
mitigate privilege escalation attacks. Technische Universität Darmstadt, Kapersky 2015 Report, Kapersky L, 2016.
Technical Report TR-2011-04, 2011. [199] James Cowie, A Ogielski, BJ Premore, and Yougu Yuan. Global routing
[177] Mohammad Al-Shurman, Seong-Moo Yoo, and Seungjin Park. Black instabilities triggered by code red ii and nimda worm attacks. Technical
hole attack in mobile ad hoc networks. In Proceedings of the 42nd report, Tech. Rep., Renesys Corporation, 2001.
annual Southeast regional conference, pages 96–97, 2004. [200] A Machie, Jenssen Roculan, Ryan Russell, and MV Velzen. Nimda
[178] Prajakta Solankar, Subhash Pingale, and Ranjeetsingh Parihar. Denial worm analysis. Technical report, Tech. Rep., Incident Analysis,
of service attack and classification techniques for attack detection. SecurityFocus, 2001.
(IJCSIT) International Journal of Computer Science and Information [201] AC Alessandro Di Pinto, Younes Dragoni, and Andrea Carcano. Triton:
Technologies, 6(2):1096–1099, 2015. The first ics cyber attack on safety instrument systems. In Proc. Black
[179] Fekadu Yihunie, Eman Abdelfattah, and Ammar Odeh. Analysis of Hat USA, pages 1–26, 2018.
ping of death dos and ddos attacks. In 2018 IEEE Long Island Systems, [202] Ramjee Prasad and Vandana Rohokale. Malware. In Cyber Security:
Applications and Technology Conference (LISAT), pages 1–4. IEEE, The Lifeline of Information and Communication Technology, pages 67–
2018. 81. Springer, 2020.
[180] Sanjeev Kumar. Smurf-based distributed denial of service (ddos) [203] Deepen Desai and Thoufique Haq. Blackhole exploit kit: Rise &
attack amplification in internet. In Second International Conference evolution. Malware Research Team Technical Paper, 2012.
on Internet Monitoring and Protection (ICIMP 2007), pages 25–25. [204] NPH Adams, RJ Chisnall, C Pickering, and S Schauer. How port
IEEE, 2007. security has to evolve to address the cyber-physical security threat:
[181] Rafiullah Khan, Peter Maynard, Kieran McLaughlin, David Laverty, Lessons from the sauron project. International Journal of Transport
and Sakir Sezer. Threat analysis of blackenergy malware for syn- Development and Integration, 4(1):29–41, 2020.
chrophasor based real-time control and monitoring in smart grid. In 4th [205] James Twist. Cyber threat report 16 jan-31 jan 2018. 2018.
International Symposium for ICS & SCADA Cyber Security Research [206] Morgan Marquis-Boire, Marion Marschalek, and Claudio Guarnieri.
2016 4, pages 53–63, 2016. Big game hunting: The peculiarities in nation-state malware research.
[182] Anton Cherepanov and Robert Lipovsky. Blackenergy–what we really Black Hat, Las Vegas, NV, USA, 2015.
know about the notorious cyber attacks. Virus Bulletin October, 2016. [207] Morgan Marquis-Boire, Bill Marzcak, and Claudio Guarnieri. The
[183] E Kovacs. Blackenergy malware used in ukraine power grid attacks, smartphone who loved me: Finfisher goes mobile. 2012.
2016. [208] Julia E Sullivan and Dmitriy Kamensky. How cyber-attacks in ukraine
[184] Jonathan Lemon et al. Resisting syn flood dos attacks with a syn cache. show the vulnerability of the us power grid. The Electricity Journal,
In BSDCon, volume 2002, pages 89–97, 2002. 30(3):30–35, 2017.
[185] Daniele Antonioli, Giuseppe Bernieri, and Nils Ole Tippenhauer. Tak- [209] Dermot Byrne and Christina Thorpe. Jigsaw: An investigation and
ing control: Design and implementation of botnets for cyber-physical countermeasure for ransomware attacks. In European Conference on
attacks with cpsbot. arXiv preprint arXiv:1802.00152, 2018. Cyber Warfare and Security, pages 656–665. Academic Conferences
[186] Kallisthenis I Sgouras, Avraam N Kyriakidis, and Dimitris P Labridis. International Limited, 2017.
Short-term risk assessment of botnet attacks on advanced metering [210] Segun I Popoola, Samuel O Ojewande, Faith O Sweetwilliams,
infrastructure. IET Cyber-Physical Systems: Theory & Applications, SN John, AA Atayero, et al. Ransomware: Current trend, challenges,
2(3):143–151, 2017. and research directions. 2017.
[187] Fadi Shrouf, Joaquin Ordieres, and Giovanni Miragliotta. Smart [211] Marcelo Ayres Branquinho. Ransomware in industrial control systems.
factories in industry 4.0: A review of the concept and of energy what comes after wannacry and petya global attacks? WIT Transactions
management approached in production based on the internet of things on The Built Environment, 174:329–334, 2018.
paradigm. In Industrial Engineering and Engineering Management [212] Jagmeet Singh Aidan, Harsh Kumar Verma, and Lalit Kumar Awasthi.
(IEEM), 2014 IEEE International Conference on, pages 697–701. Comprehensive survey on petya ransomware attack. In 2017 Inter-
IEEE, 2014. national Conference on Next Generation Computing and Information
[188] Lorenzo De Carli, Ruben Torres, Gaspar Modelo-Howard, Alok Ton- Systems (ICNGCIS), pages 122–125. IEEE, 2017.
gaonkar, and Somesh Jha. Botnet protocol inference in the presence [213] Alexey S Petrenko, Sergei A Petrenko, Krystina A Makoveichuk, and
of encrypted traffic. In IEEE INFOCOM 2017-IEEE Conference on Petr V Chetyrbok. Protection model of pcs of subway from attacks type
Computer Communications, pages 1–9. IEEE, 2017. «wanna cry»,«petya» and «bad rabbit» iot. In 2018 IEEE Conference
[189] Constantinos Kolias, Georgios Kambourakis, Angelos Stavrou, and of Russian Young Researchers in Electrical and Electronic Engineering
Jeffrey Voas. Ddos in the iot: Mirai and other botnets. Computer, (EIConRus), pages 945–949. IEEE, 2018.
50(7):80–84, 2017. [214] Ross Brewer. Ransomware attacks: detection, prevention and cure.
[190] Joseph Seering, Juan Pablo Flores, Saiph Savage, and Jessica Hammer. Network Security, 2016(9):5–9, 2016.
The social roles of bots: evaluating impact of bots on discussions in [215] Kevin Poulsen. Slammer worm crashed ohio nuke plant network.
online communities. Proceedings of the ACM on Human-Computer http://www. securityfocus. com/news/6767, 2003.
Interaction, 2(CSCW):1–29, 2018. [216] J David Rogers and Conor M Watkins. Overview of the taum sauk
[191] Paul Rascagneres and Eddy Willems. Regin, an old but sophisticated pumped storage power plant upper reservoir failure, reynolds county,
cyber espionage toolkit platform. 2016. mo. 2008.
[192] Katerina Zdravkova. Reconsidering human dignity in the new era. New [217] Siobhan Gorman. Electricity grid in us penetrated by spies. The wall
Ideas in Psychology, 54:112–117, 2019. street journal, 8, 2009.
[193] Vamshika Boinapally, George Hsieh, and Kevin S Nauer. Building a [218] Martin Brunner, Hans Hofinger, Christoph Krauß, Christopher Roblee,
gh0st malware experimentation environment. In Proceedings of the P Schoo, and S Todt. Infiltrating critical infrastructures with next-
International Conference on Security and Management (SAM), pages generation attacks. Fraunhofer Institute for Secure Information Tech-
89–95. The Steering Committee of The World Congress in Computer nology (SIT), Munich, 2010.
Science, Computer . . . , 2017. [219] Thomas FoxBrewster. Ukraine claims hackers caused christmas power
[194] Stuart Murdoch and Nick Leaver. Anonymity vs. trust in cyber- outage. Forbes Security, 2016.
security collaboration. In Proceedings of the 2nd ACM Workshop on [220] P Katerynchuk. Challenges and threats of ukraine’s national cyber
Information Sharing and Collaborative Security, pages 27–29. ACM, security in hybrid war. . : . , (21):166–173, 2018.
2015. [221] Victor Zhoghov. The ransomware “Petya” as a challenge to the
[195] Luky Hendraningrat, Shidong Li, and Ole Torsæter. A coreflood cybersecurity of Ukraine, main factors of spreading this virus in
investigation of nanofluid enhanced oil recovery. Journal of Petroleum the focus of Ukraine, the steps taken by the authorities to combat
Science and Engineering, 111:128–138, 2013. this phenomenon and suggest ways to improve such activities using
[196] Brown Farinholt, Mohammad Rezaeirad, Paul Pearce, Hitesh Dhar- experience of other countries. PhD thesis, Victor Zhoghov The
mdasani, Haikuo Yin, Stevens Le Blond, Damon McCoy, and Kirill ransomware “Petya” as a challenge to the cybersecurity of . . . , 2017.
36
[222] Algirdas Avizienis, J-C Laprie, Brian Randell, and Carl Landwehr. [245] Wei Zhao, Feng Xie, Yong Peng, Yang Gao, Xuefeng Han, Haihui Gao,
Basic concepts and taxonomy of dependable and secure computing. and Dejin Wang. Security testing methods and techniques of industrial
IEEE transactions on dependable and secure computing, 1(1):11–33, control devices. In 2013 Ninth International Conference on Intelligent
2004. Information Hiding and Multimedia Signal Processing, pages 433–436.
[223] Taylor Johnson. Fault-tolerant distributed cyber-physical systems: Two IEEE, 2013.
case studies. 2010. [246] David Rhoades. Achilles – the world’s first man-in-the-middle web
[224] Alvaro Cardenas, Saurabh Amin, Bruno Sinopoli, Annarita Giani, security tool. https://www.mavensecurity.com/about/achilles.
Adrian Perrig, Shankar Sastry, et al. Challenges for securing cyber [247] Dark Reading. Breakingpoint unveils firestorm cy-
physical systems. In Workshop on future directions in cyber-physical ber tomography ... https://www.darkreading.com/risk/
systems security, volume 5, 2009. breakingpoint-unveils-firestorm-cyber-tomography-machine/d/d-id/
[225] G Dondossola. Risk assessment of information and communication 1135182, October 2011.
systems—analysis of some practices and methods in the electric power [248] Ryosuke Nishimura, Ryo Kurachi, Kazumasa Ito, Takashi Miyasaka,
industry. CIGRÉ Electra, 2008. Masaki Yamamoto, and Miwako Mishima. Implementation of the can-
[226] C Mani Krishna and Israel Koren. Adaptive fault-tolerance fault- fd protocol in the fuzzing tool bestorm. In 2016 IEEE International
tolerance for cyber-physical systems. In Computing, Networking and Conference on Vehicular Electronics and Safety (ICVES), pages 1–6.
Communications (ICNC), 2013 International Conference on, pages IEEE, 2016.
310–314. IEEE, 2013. [249] Anne MacFarland. Codenomicon defensics finds risks that lurk in your
protocols, august 16, 2007. The Clipper Group Navigator, Report#
[227] Janusz Zalewski, Steven Drager, William McKeever, and Andrew J
TCG2007081, pages 1–3.
Kornecki. Threat modeling for security assessment in cyberphysical
[250] Mu studio performance suite. https://www.slideshare.net/aquaphlex/
systems. In Proceedings of the Eighth Annual Cyber Security and
mu-studio-performance-suite.
Information Intelligence Research Workshop, page 10. ACM, 2013.
[251] Michael Eddington. Peach fuzzing platform. Peach Fuzzer, 34, 2011.
[228] Tianbo Lu, Bing Xu, Xiaobo Guo, Lingling Zhao, and Feng Xie. A
[252] Ganesh Devarajan. Unraveling scada protocols: Using sulley fuzzer.
new multilevel framework for cyber-physical system security. In First
In Defon 15 Hacking Conf, 2007.
international workshop on the swarm at the edge of the cloud, 2013.
[253] Dave Aitel. An introduction to spike, the fuzzer creation kit. presen-
[229] Tianbo Lu, Jiaxi Lin, Lingling Zhao, Yang Li, and Yong Peng. An tation slides), Aug, 1, 2002.
analysis of cyber physical system security theories. In 2014 7th [254] exida certification - iec 61508, iec 61511, iec 62443, iso 26262, cfse.
International Conference on Security Technology, pages 19–21. IEEE, https://www.exida.com/Certification, November 2015.
2014. [255] Isasecure - iec 62443-4-2 - edsa certification. https://www.
[230] Yong Peng, Tianbo Lu, Jingli Liu, Yang Gao, Xiaobo Guo, and Feng isasecure.org/en-US/Certification/IEC-62443-EDSA-Certification, Oc-
Xie. Cyber-physical system risk assessment. In 2013 Ninth Interna- tober 2018.
tional Conference on Intelligent Information Hiding and Multimedia [256] Sana Belguith, Nesrine Kaaniche, and Giovanni Russello. Pu-abe:
Signal Processing, pages 442–447. IEEE, 2013. lightweight attribute-based encryption supporting access policy update
[231] Attlee M Gamundani. An impact review on internet of things attacks. for cloud assisted iot. In 2018 IEEE 11th International Conference on
In 2015 International Conference on Emerging Trends in Networks and Cloud Computing (CLOUD), pages 924–927. IEEE, 2018.
Computer Communications (ETNCC), pages 114–118. IEEE, 2015. [257] Sana Belguith, Nesrine Kaaniche, Mohamed Mohamed, and Giovanni
[232] Keith Stouffer, Joe Falco, and Karen Scarfone. Guide to industrial Russello. C-absc: cooperative attribute based signcryption scheme for
control systems (ics) security. NIST special publication, 800(82):16– internet of things applications. In 2018 IEEE International Conference
16, 2011. on Services Computing (SCC), pages 245–248. IEEE, 2018.
[233] Nikos Virvilis and Dimitris Gritzalis. The big four-what we did wrong [258] Anthony O Moyegun. Information Security and Innovation; Guide to
in advanced persistent threat detection? In Availability, Reliability and Secure Technology Innovation Initiatives. PhD thesis, 2016.
Security (ARES), 2013 Eighth International Conference on, pages 248– [259] Nesrine Kaaniche and Maryline Laurent. Data security and privacy
254. IEEE, 2013. preservation in cloud storage environments based on cryptographic
[234] Mouna Jouini, Latifa Ben Arfa Rabai, and Anis Ben Aissa. Classifi- mechanisms. Computer Communications, 111:120–141, 2017.
cation of security threats in information systems. Procedia Computer [260] Jyri Rajamäki, Paresh Rathod, Anu Ahlgren, Johanna Aho, Mari Takari,
Science, 32:489–496, 2014. and Sami Ahlgren. Resilience of cyber-physical system: A case study
[235] Ateeq Ahmad. Type of security threats and it’s prevention. Int. J. of safe school environment. In Intelligence and Security Informatics
Computer Technology & Applications, 3(2):750–752, 2012. Conference (EISIC), 2012 European, pages 285–285. IEEE, 2012.
[236] SJ Ruffle, F Caccioli, AW Coburn, S Kelly, B Leslie, and D Ralph. [261] Vanessa Fuhrmans. Virus attacks siemens plant-control systems. The
Stress test scenario: Sybil logic bomb cyber catastrophe. Cambridge Wall Street Journal, 2010.
Risk Framework series, Centre for Risk Studies, University of Cam- [262] Elinor Mills. Hackers broke into faa air traffic control system. The
bridge. Cambridge Centre for Risk Studies, University of Cambridge Wall Street Journal, page A, 6:2009, 2009.
Judge Business School, pages 1–45, 2014. [263] Akshay Rajhans, Shang-Wen Cheng, Bradley Schmerl, David Garlan,
[237] Ragunathan Rajkumar, Insup Lee, Lui Sha, and John Stankovic. Cyber- Bruce H Krogh, Clarence Agbi, and Ajinkya Bhave. An architectural
physical systems: the next computing revolution. In Design Automation approach to the design and analysis of cyber-physical systems. Elec-
Conference (DAC), 2010 47th ACM/IEEE, pages 731–736. IEEE, 2010. tronic Communications of the EASST, 21, 2009.
[264] Siddharth Deshmukh, Balasubramaniam Natarajan, and Anil Pahwa.
[238] Dr ANIL NIDHI KANDHIL. A study on secure shell (ssh) protocol.
State estimation in spatially distributed cyber-physical systems: Bounds
[239] Kaiyuan Yang, David Blaauw, and Dennis Sylvester. Hardware designs
on critical measurement drop rates. In Distributed Computing in Sensor
for security in ultra-low-power iot systems: an overview and survey.
Systems (DCOSS), 2013 IEEE International Conference on, pages 157–
IEEE Micro, 37(6):72–89, 2017.
164. IEEE, 2013.
[240] Antonio Scarfo. New security perspectives around byod. In 2012 [265] Koenraad Van Brabant et al. Operational security management in
Seventh International Conference on Broadband, Wireless Computing, violent environments. Overseas Development Institute London, 2000.
Communication and Applications, pages 446–451. IEEE, 2012. [266] Terje Aven. Risk assessment and risk management: Review of recent
[241] XL Keystone and Cardno ENTRIX. Comments of the sierra club, et advances on their foundation. European Journal of Operational
al., to the department of state on the supplemental draft environmental Research, 253(1):1–13, 2016.
impact statement for the transcanada keystone xl pipeline. [267] Carlton Shepherd, Ghada Arfaoui, Iakovos Gurulian, Robert P Lee,
[242] S Girgin and E Krausmann. Historical analysis of us onshore hazardous Konstantinos Markantonakis, Raja Naeem Akram, Damien Sauveron,
liquid pipeline accidents triggered by natural hazards. Journal of Loss and Emmanuel Conchon. Secure and trusted execution: Past, present,
Prevention in the Process Industries, 40:578–590, 2016. and future-a critical review in the context of the internet of things
[243] László Monostori, Botond Kádár, T Bauernhansl, S Kondoh, S Kumara, and cyber-physical systems. In Trustcom/BigDataSE/ISPA, 2016 IEEE,
G Reinhart, O Sauer, G Schuh, W Sihn, and K Ueda. Cyber-physical pages 168–177. IEEE, 2016.
systems in manufacturing. CIRP Annals, 65(2):621–641, 2016. [268] Hussain Almohri, Long Cheng, Danfeng Yao, and Homa Alemzadeh.
[244] Zakarya Drias, Ahmed Serhrouchni, and Olivier Vogel. Analysis of On threat modeling and mitigation of medical cyber-physical systems.
cyber security for industrial control systems. In 2015 International In Connected Health: Applications, Systems and Engineering Technolo-
Conference on Cyber Security of Smart Cities, Industrial Control gies (CHASE), 2017 IEEE/ACM International Conference on, pages
System and Communications (SSIC), pages 1–8. IEEE, 2015. 114–119. IEEE, 2017.
37
[269] Hussain MJ Almohri, Danfeng Daphne Yao, and Dennis Kafura. [288] Tianqi Zhou, Jian Shen, Xiong Li, Chen Wang, and Haowen Tan.
Process authentication for high system assurance. IEEE Transactions Logarithmic encryption scheme for cyber–physical systems employing
on Dependable and Secure Computing, (1):1, 2013. fibonacci q-matrix. Future Generation Computer Systems, 2018.
[270] Hussain MJ Almohri, Layne T Watson, Danfeng Yao, and Xinming Ou. [289] Sherali Zeadally, Ray Hunt, Yuh-Shyan Chen, Angela Irwin, and Aamir
Security optimization of dynamic networks with probabilistic graph Hassan. Vehicular ad hoc networks (vanets): status, results, and
modeling and linear programming. IEEE Transactions on Dependable challenges. Telecommunication Systems, 50(4):217–241, 2012.
and Secure Computing, 13(4):474–487, 2016. [290] Saif Al-Sultan, Moath M Al-Doori, Ali H Al-Bayatti, and Hussien
[271] Kathryn A Higley. Environmental consequences of the chernobyl Zedan. A comprehensive survey on vehicular ad hoc network. Journal
accident and their remediation: twenty years of experience. report of of network and computer applications, 37:380–392, 2014.
the chernobyl forum expert group ‘environment’ sti/pub/1239, 2006, [291] Qian He, Ning Zhang, Yongzhuang Wei, and Yan Zhang. Lightweight
international atomic energy agency, vienna, austria isbn: 92-0-114705- attribute based encryption scheme for mobile cloud assisted cyber-
8, 166 pp, 40.00 euros (softbound). Radiation Protection Dosimetry, physical systems. Computer Networks, 140:163–173, 2018.
121(4):476–477, 2006. [292] Yanqi Zhao, Yannan Li, Qilin Mu, Bo Yang, and Yong Yu. Secure
[272] Yang-Hyun Koo, Yong-Sik Yang, and Kun-Woo Song. Radioactivity pub-sub: Blockchain-based fair payment with reputation for reliable
release from the fukushima accident and its consequences: A review. cyber physical systems. IEEE Access, 6:12295–12303, 2018.
Progress in Nuclear Energy, 74:61–70, 2014. [293] Johanna Sepúlveda, Shiyang Liu, and Jose M Bermudo Mera. Post-
[273] Ayan Banerjee, Krishna K Venkatasubramanian, Tridib Mukherjee, and quantum enabled cyber physical systems. IEEE Embedded Systems
Sandeep Kumar S Gupta. Ensuring safety, security, and sustainability Letters, 2019.
of mission-critical cyber–physical systems. Proceedings of the IEEE, [294] Omkar A Harshe, N Teja Chiluvuri, Cameron D Patterson, and
100(1):283–299, 2011. William T Baumann. Design and implementation of a security frame-
[274] American Gas Association et al. Cryptographic protection of scada work for industrial control systems. In 2015 International Conference
communications part 1: Background, policies and test plan. Technical on Industrial Instrumentation and Control (ICIC), pages 127–132.
report, AGA Report, 2005. IEEE, 2015.
[275] Michael Kirkpatrick, Elisa Bertino, and Frederick T Sheldon. Re- [295] Tiago Cruz, Jorge Barrigas, Jorge Proença, Antonio Graziano, Stefano
stricted authentication and encryption for cyber-physical systems. In Panzieri, Leonid Lev, and Paulo Simões. Improving network security
DHS CPS Workshop Restricted Authentication and Encryption for monitoring for industrial control systems. In 2015 IFIP/IEEE Inter-
Cyber-physical Systems, 2009. national Symposium on Integrated Network Management (IM), pages
[276] Derui Ding, Qing-Long Han, Yang Xiang, Xiaohua Ge, and Xian-Ming 878–881. IEEE, 2015.
Zhang. A survey on security control and attack detection for industrial [296] Matthew E Luallen. Sans scada and process control security survey. A
cyber-physical systems. Neurocomputing, 275:1674–1683, 2018. SANS Whitepaper, February, 2013.
[277] Adam Hahn, Roshan K Thomas, Ivan Lozano, and Alvaro Cardenas.
[297] Asem Ghaleb, Sami Zhioua, and Ahmad Almulhem. On plc network
A multi-layered and kill-chain based security analysis framework for
security. International Journal of Critical Infrastructure Protection,
cyber-physical systems. International Journal of Critical Infrastructure
22:62–69, 2018.
Protection, 11:39–50, 2015.
[298] Huayang Cao, Peidong Zhu, Xicheng Lu, and Andrei Gurtov. A layered
[278] Mridula Sharma, Fayez Gebali, Haytham Elmiligi, and Musfiq Rah-
encryption mechanism for networked critical infrastructures. IEEE
man. Network security evaluation scheme for wsn in cyber-physical
Network, 27(1):12–18, 2013.
systems. In 2018 IEEE 9th Annual Information Technology, Electronics
[299] Saurabh Amin, Galina A Schwartz, and S Shankar Sastry. On
and Mobile Communication Conference (IEMCON), pages 1145–1151.
the interdependence of reliability and security in networked control
IEEE, 2018.
systems. In Decision and Control and European Control Conference
[279] Meng Zhang, Anand Raghunathan, and Niraj K Jha. Trustworthiness
(CDC-ECC), 2011 50th IEEE Conference on, pages 4078–4083. IEEE,
of medical devices and body area networks. Proceedings of the IEEE,
2011.
102(8):1174–1188, 2014.
[280] Andrey Bogdanov, Lars R Knudsen, Gregor Leander, Christof Paar, [300] Alvaro A Cárdenas, Saurabh Amin, Zong-Syun Lin, Yu-Lun Huang,
Axel Poschmann, Matthew JB Robshaw, Yannick Seurin, and Charlotte Chi-Yen Huang, and Shankar Sastry. Attacks against process control
Vikkelsoe. Present: An ultra-lightweight block cipher. In International systems: risk assessment, detection, and response. In Proceedings of
Workshop on Cryptographic Hardware and Embedded Systems, pages the 6th ACM symposium on information, computer and communications
450–466. Springer, 2007. security, pages 355–366. ACM, 2011.
[281] Julia Borghoff, Anne Canteaut, Tim Güneysu, Elif Bilge Kavun, [301] Thiago Alves, Rishabh Das, and Thomas Morris. Embedding
Miroslav Knezevic, Lars R Knudsen, Gregor Leander, Ventzislav encryption and machine learning intrusion prevention systems on
Nikov, Christof Paar, Christian Rechberger, et al. Prince–a low-latency programmable logic controllers. IEEE Embedded Systems Letters,
block cipher for pervasive computing applications. In International 10(3):99–102, 2018.
Conference on the Theory and Application of Cryptology and Infor- [302] Sana Belguith, Nesrine Kaaniche, Mohammad Hammoudeh, and
mation Security, pages 208–225. Springer, 2012. Tooska Dargahi. Proud: verifiable privacy-preserving outsourced at-
[282] Aamir Shahzad, Malrey Lee, Young-Keun Lee, Suntae Kim, Naixue tribute based signcryption supporting access policy update for cloud
Xiong, Jae-Young Choi, and Younghwa Cho. Real time modbus assisted iot applications. Future Generation Computer Systems, 2019.
transmissions and cryptography security designs and enhancements of [303] Nesrine Kaaniche, Maryline Laurent, Pierre-Olivier Rocher, Christophe
protocol sensitive information. Symmetry, 7(3):1176–1210, 2015. Kiennert, and Joaquin Garcia-Alfaro. Pcs, a privacy-preserving certi-
[283] MD Hadley, KA Huston, and TW Edgar. Aga-12, part 2 performance fication scheme. In Data Privacy Management, Cryptocurrencies and
test results. Pacific Northwest National Laboratories, 2007. Blockchain Technology, pages 239–256. Springer, 2017.
[284] José Rubio-Hernán, Luca De Cicco, and Joaquin Garcia-Alfaro. Re- [304] Nesrine Kaaniche. Cloud data storage security based on cryptographic
visiting a watermark-based detection scheme to handle cyber-physical mechanisms. PhD thesis, 2014.
attacks. In 2016 11th International Conference on Availability, Relia- [305] Robert M Seepers, Jos H Weber, Zekeriya Erkin, Ioannis Sourdis, and
bility and Security (ARES), pages 21–28. IEEE, 2016. Christos Strydis. Secure key-exchange protocol for implants using
[285] Laura Vegh and Liviu Miclea. Secure and efficient communication heartbeats. In Proceedings of the ACM International Conference on
in cyber-physical systems through cryptography and complex event Computing Frontiers, pages 119–126. ACM, 2016.
processing. In 2016 International Conference on Communications [306] Z Esat Ankaralı, A Fatih Demir, Marwa Qaraqe, Qammer H Abbasi,
(COMM), pages 273–276. IEEE, 2016. Erchin Serpedin, Huseyin Arslan, and Richard D Gitlin. Physical
[286] Sachini Jayasekara, Srinath Perera, Miyuru Dayarathna, and Sriskan- layer security for wireless implantable medical devices. In Computer
darajah Suhothayan. Continuous analytics on geospatial data streams Aided Modelling and Design of Communication Links and Networks
with wso2 complex event processor. In Proceedings of the 9th ACM (CAMAD), 2015 IEEE 20th International Workshop on, pages 144–147.
International Conference on Distributed Event-Based Systems, pages IEEE, 2015.
277–284. ACM, 2015. [307] Sanjar Ibrokhimov, Kueh Lee Hui, Ahmed Abdulhakim Al-Absi, Man-
[287] Srinath Perera, Suhothayan Sriskandarajah, Mohanadarshan gal Sain, et al. Multi-factor authentication in cyber physical system: A
Vivekanandalingam, Paul Fremantle, and Sanjiva Weerawarana. state of art survey. In 2019 21st International Conference on Advanced
Solving the grand challenge using an opensource cep engine. In Communication Technology (ICACT), pages 279–284. IEEE, 2019.
Proceedings of the 8th ACM International Conference on Distributed [308] Shuo Chen, Maode Ma, and Zhenxing Luo. An authentication scheme
Event-Based Systems, pages 288–293. ACM, 2014. with identity-based cryptography for m2m security in cyber-physical
38
systems. Security and Communication Networks, 9(10):1146–1157, based on energy consumption analysis in 6lowpan. In Advanced Tech-
2016. nologies, Embedded and Multimedia for Human-centric Computing,
[309] Haroon Wardak, Sami Zhioua, and Ahmad Almulhem. Plc access pages 1205–1213. Springer, 2014.
control: a security analysis. In 2016 World Congress on Industrial [329] Christian Cervantes, Diego Poplade, Michele Nogueira, and Aldri
Control Systems Security (WCICSS), pages 1–6. IEEE, 2016. Santos. Detection of sinkhole attacks for supporting secure routing
[310] Donghyun Choi, Hakman Kim, Dongho Won, and Seungjoo Kim. Ad- on 6lowpan for internet of things. In IM, pages 606–611, 2015.
vanced key-management architecture for secure scada communications. [330] Ashfaq Hussain Farooqi and Farrukh Aslam Khan. Intrusion detection
IEEE Transactions on Power Delivery, 24(3):1154–1163, 2009. systems for wireless sensor networks: A survey. In Communication
[311] Marwa Keshk, Nour Moustafa, Elena Sitnikova, and Benjamin Turn- and networking, pages 234–241. Springer, 2009.
bull. Privacy-preserving big data analytics for cyber-physical systems. [331] Choong Seon Hong, Toshio Tonouchi, Yan Ma, and Chi-Shih Chao.
Wireless Networks, pages 1–9, 2018. Management Enabling the Future Internet for Changing Business and
[312] Jun Feng, Laurence T Yang, and Ronghao Zhang. Practical privacy- New Computing Services: 12th Asia-Pacific Network Operations and
preserving high-order bi-lanczos in integrated edge-fog-cloud architec- Management Symposium, APNOMS 2009 Jeju, South Korea, September
ture for cyber-physical-social systems. ACM Transactions on Internet 23-25, 2009 Proceedings, volume 5787. Springer, 2009.
Technology (TOIT), 19(2):26, 2019. [332] Prabhakaran Kasinathan, Claudio Pastrone, Maurizio A Spirito, and
[313] Heng Ye, Jiqiang Liu, Wei Wang, Ping Li, Tong Li, and Jin Li. Secure Mark Vinkovits. Denial-of-service detection in 6lowpan based internet
and efficient outsourcing differential privacy data release scheme in of things. In 2013 IEEE 9th international conference on wireless and
cyber–physical system. Future Generation Computer Systems, 2018. mobile computing, networking and communications (WiMob), pages
[314] Xiaojun Zhang, Jie Zhao, Liming Mu, Yao Tang, and Chunxiang 600–607. IEEE, 2013.
Xu. Identity-based proxy-oriented outsourcing with public auditing [333] Prabhakaran Kasinathan, Gianfranco Costamagna, Hussein Khaleel,
in cloud-based medical cyber–physical systems. Pervasive and Mobile Claudio Pastrone, and Maurizio A Spirito. An ids framework for
Computing, 56:18–28, 2019. internet of things empowered by 6lowpan. In Proceedings of the 2013
[315] Zhenyong Zhang, Junfeng Wu, David Yau, Peng Cheng, and Jiming ACM SIGSAC conference on Computer & communications security,
Chen. Secure kalman filter state estimation by partially homomorphic pages 1337–1340. ACM, 2013.
encryption. In 2018 ACM/IEEE 9th International Conference on Cyber- [334] Linus Wallgren, Shahid Raza, and Thiemo Voigt. Routing attacks
Physical Systems (ICCPS), pages 345–346. IEEE, 2018. and countermeasures in the rpl-based internet of things. International
[316] Junsoo Kim, Chanhwa Lee, Hyungbo Shim, Jung Hee Cheon, Andrey Journal of Distributed Sensor Networks, 9(8):794326, 2013.
Kim, Miran Kim, and Yongsoo Song. Encrypting controller using fully [335] Anhtuan Le, Jonathan Loo, Yuan Luo, and Aboubaker Lasebae.
homomorphic encryption for security of cyber-physical systems. IFAC- Specification-based ids for securing rpl from topology attacks. In
PapersOnLine, 49(22):175–180, 2016. Wireless Days (WD), 2011 IFIP, pages 1–3. IEEE, 2011.
[317] Zhaoe Min, Geng Yang, Arun Kumar Sangaiah, Shuangjie Bai, and [336] Anhtuan Le, Jonathan Loo, Kok Keong Chai, and Mahdi Aiash.
Guoxiu Liu. A privacy protection-oriented parallel fully homomorphic A specification-based ids for detecting attacks on rpl-based network
encryption algorithm in cyber physical systems. EURASIP Journal on topology. Information, 7(2):25, 2016.
Wireless Communications and Networking, 2019(1):15, 2019.
[337] Shahid Raza, Linus Wallgren, and Thiemo Voigt. Svelte: Real-
[318] Nilotpal Chakraborty. Intrusion detection system and intrusion preven-
time intrusion detection in the internet of things. Ad hoc networks,
tion system: A comparative study. International Journal of Computing
11(8):2661–2674, 2013.
and Business Research (IJCBR) ISSN (Online), pages 2229–6166,
[338] Pavan Pongle and Gurunath Chavan. Real time intrusion and wormhole
2013.
attack detection in internet of things. International Journal of Computer
[319] Xiaokui Shu, Danfeng Yao, and Naren Ramakrishnan. Unearthing
Applications, 121(9), 2015.
stealthy program attacks buried in extremely long execution paths. In
[339] Nanda Kumar Thanigaivelan, Ethiopia Nigussie, Rajeev Kumar Kanth,
Proceedings of the 22nd ACM SIGSAC Conference on Computer and
Seppo Virtanen, and Jouni Isoaho. Distributed internal anomaly
Communications Security, pages 401–413. ACM, 2015.
detection system for internet-of-things. In Consumer Communications
[320] Kui Xu, Ke Tian, Danfeng Yao, and Barbara G Ryder. A sharper
& Networking Conference (CCNC), 2016 13th IEEE Annual, pages
sense of self: Probabilistic reasoning of program behaviors for anomaly
319–320. IEEE, 2016.
detection with context sensitivity. In 2016 46th Annual IEEE/IFIP
International Conference on Dependable Systems and Networks (DSN), [340] Hung-Jen Liao, Chun-Hung Richard Lin, Ying-Chih Lin, and Kuang-
pages 467–478. IEEE, 2016. Yuan Tung. Intrusion detection system: A comprehensive review.
[321] Robert Mitchell and Ray Chen. Adaptive intrusion detection of mali- Journal of Network and Computer Applications, 36(1):16–24, 2013.
cious unmanned air vehicles using behavior rule specifications. IEEE [341] John R Vacca. Computer and information security handbook. Newnes,
Transactions on Systems, Man, and Cybernetics: Systems, 44(5):593– 2012.
604, 2014. [342] Caiming Liu, Jin Yang, Yan Zhang, Run Chen, and Jinquan Zeng.
[322] David I Urbina, Jairo A Giraldo, Alvaro A Cardenas, Nils Ole Tippen- Research on immunity-based intrusion detection technology for the
hauer, Junia Valente, Mustafa Faisal, Justin Ruths, Richard Candell, and internet of things. In Natural Computation (ICNC), 2011 Seventh
Henrik Sandberg. Limiting the impact of stealthy attacks on industrial International Conference on, volume 1, pages 212–216. IEEE, 2011.
control systems. In Proceedings of the 2016 ACM SIGSAC Conference [343] Robert Mitchell and Ing-Ray Chen. A survey of intrusion detection
on Computer and Communications Security, pages 1092–1105. ACM, techniques for cyber-physical systems. ACM Computing Surveys
2016. (CSUR), 46(4):55, 2014.
[323] Siddharth Sridhar, Adam Hahn, Manimaran Govindarasu, et al. Cyber- [344] Ismail Butun, Salvatore D Morgera, and Ravi Sankar. A survey
physical system security for the electric power grid. Proceedings of of intrusion detection systems in wireless sensor networks. IEEE
the IEEE, 100(1):210–224, 2012. communications surveys & tutorials, 16(1):266–282, 2014.
[324] Christopher Zimmer, Balasubramanya Bhat, Frank Mueller, and Sibin [345] Sudip Misra, P Venkata Krishna, Harshit Agarwal, Antriksh Saxena,
Mohan. Time-based intrusion detection in cyber-physical systems. In and Mohammad S Obaidat. A learning automata based solution for
Proceedings of the 1st ACM/IEEE International Conference on Cyber- preventing distributed denial of service in internet of things. In Internet
Physical Systems, pages 109–118. ACM, 2010. of things (ithings/cpscom), 2011 international conference on and 4th
[325] Robert Mitchell and Ray Chen. Behavior rule specification-based international conference on cyber, physical and social computing,
intrusion detection for safety critical medical cyber physical systems. pages 114–122. IEEE, 2011.
IEEE Transactions on Dependable and Secure Computing, 12(1):16– [346] Ala Al-Fuqaha, Mohsen Guizani, Mehdi Mohammadi, Mohammed
30, 2015. Aledhari, and Moussa Ayyash. Internet of things: A survey on en-
[326] Bruno Bogaz Zarpelão, Rodrigo Sanches Miani, Cláudio Toshio abling technologies, protocols, and applications. IEEE communications
Kawakani, and Sean Carlisto de Alvarenga. A survey of intrusion surveys & tutorials, 17(4):2347–2376, 2015.
detection in internet of things. Journal of Network and Computer [347] João P Amaral, Luís M Oliveira, Joel JPC Rodrigues, Guangjie Han,
Applications, 84:25–37, 2017. and Lei Shu. Policy and network-based intrusion detection system
[327] Doohwan Oh, Deokho Kim, and Won Woo Ro. A malicious pattern for ipv6-enabled wireless sensor networks. In Communications (ICC),
detection engine for embedded security systems in the internet of 2014 IEEE International Conference on, pages 1796–1801. IEEE,
things. Sensors, 14(12):24188–24211, 2014. 2014.
[328] Tsung-Han Lee, Chih-Hao Wen, Lin-Huang Chang, Hung-Shiou Chi- [348] Herve Debar. An introduction to intrusion-detection systems. Proceed-
ang, and Ming-Chun Hsieh. A lightweight intrusion detection scheme ings of Connect, 2002:1–18, 2000.
39
[349] Karen Scarfone and Peter Mell. Guide to intrusion detection and cyber-physical systems with analysis cost constraint based on honeypot
prevention systems (idps). NIST special publication, 800(2007):94, game model. 2019.
2007. [369] Qi Duan, Ehab Al-Shaer, Mazharul Islam, and Haadi Jafarian. Conceal:
[350] Abhishek Gupta, Om Jee Pandey, Mahendra Shukla, Anjali Dadhich, A strategy composition for resilient cyber deception-framework, met-
Samar Mathur, and Anup Ingle. Computational intelligence based rics and deployment. In 2018 IEEE Conference on Communications
intrusion detection systems for wireless communication and pervasive and Network Security (CNS), pages 1–9. IEEE, 2018.
computing networks. In Computational Intelligence and Computing [370] Giuseppe Bernieri, Mauro Conti, and Federica Pascucci. A novel
Research (ICCIC), 2013 IEEE International Conference on, pages 1– architecture for cyber-physical security in industrial control networks.
7. IEEE, 2013. In 2018 IEEE 4th International Forum on Research and Technology
[351] Douglas H Summerville, Kenneth M Zach, and Yu Chen. Ultra- for Society and Industry (RTSI), pages 1–6. IEEE, 2018.
lightweight deep packet anomaly detection for internet of things [371] Muhammed O Sayin and Tamer Basar. Deception-as-defense frame-
devices. In Computing and Communications Conference (IPCCC), work for cyber-physical systems. arXiv preprint arXiv:1902.01364,
2015 IEEE 34th International Performance, pages 1–8. IEEE, 2015. 2019.
[352] Konstantinos Demertzis, Lazaros Iliadis, and Stefanos Spartalis. A [372] Irfan Ahmed, Sebastian Obermeier, Martin Naedele, and Golden G
spiking one-class anomaly detection framework for cyber-security on Richard III. Scada systems: challenges for forensic investigators.
industrial control systems. In International Conference on Engineering Computer, 45(12):44–51, 2012.
Applications of Neural Networks, pages 122–134. Springer, 2017. [373] Irfan Ahmed, Sebastian Obermeier, Sneha Sudhakaran, and Vassil
[353] Samuel Stone and Michael Temple. Radio-frequency-based anomaly Roussev. Programmable logic controller forensics. IEEE Security &
detection for programmable logic controllers in the critical infras- Privacy, 15(6):18–24, 2017.
tructure. International Journal of Critical Infrastructure Protection, [374] Rima Asmar Awad, Saeed Beztchi, Jared M Smith, Bryan Lyles, and
5(2):66–73, 2012. Stacy Prowell. Tools, techniques, and methodologies: A survey of
[354] Andrew Hildick-Smith. Security for critical infrastructure scada sys- digital forensics for scada systems. In Proceedings of the 4th Annual
tems. SANS Reading Room, GSEC Practical Assignment, Version, Industrial Control System Security Workshop, pages 1–8. ACM, 2018.
1:498–506, 2005. [375] George Grispos, William Bradley Glisson, and Kim-Kwang Raymond
[355] Samuel J Stone, Michael A Temple, and Rusty O Baldwin. Detecting Choo. Medical cyber-physical systems development: A forensics-
anomalous programmable logic controller behavior using rf-based driven approach. In Proceedings of the Second IEEE/ACM Interna-
hilbert transform features and a correlation-based verification process. tional Conference on Connected Health: Applications, Systems and
International Journal of Critical Infrastructure Protection, 9:41–51, Engineering Technologies, pages 108–114. IEEE Press, 2017.
2015. [376] Haider Al-Khateeb, Gregory Epiphaniou, and Herbert Daly. Blockchain
[356] Stephen Dunlap, Jonathan Butts, Juan Lopez, Mason Rice, and Barry for modern digital forensics: The chain-of-custody as a distributed
Mullins. Using timing-based side channels for anomaly detection in ledger. In Blockchain and Clinical Trial, pages 149–168. Springer,
industrial control systems. International Journal of Critical Infrastruc- 2019.
ture Protection, 15:12–26, 2016. [377] Chun-Fai Chan, Kam-Pui Chow, Siu-Ming Yiu, and Ken Yau. En-
[357] Jana Krimmling and Steffen Peter. Integration and evaluation of intru- hancing the security and forensic capabilities of programmable logic
sion detection for coap in smart city applications. In Communications controllers. In IFIP International Conference on Digital Forensics,
and Network Security (CNS), 2014 IEEE Conference on, pages 73–78. pages 351–367. Springer, 2018.
IEEE, 2014. [378] Gabriela Ahmadi-Assalemi, Haider M Al-Khateeb, Gregory Epiphan-
[358] Ning Jiang, Hu Lin, Zhenyu Yin, and Chunyan Xi. Research of iou, Jon Cosson, Hamid Jahankhani, and Prashant Pillai. Federated
paired industrial firewalls in defense-in-depth architecture of integrated blockchain-based tracking and liability attribution framework for em-
manufacturing or production system. In 2017 IEEE International ployees and cyber-physical objects in a smart workplace. In 2019
Conference on Information and Automation (ICIA), pages 523–526. IEEE 12th International Conference on Global Security, Safety and
IEEE, 2017. Sustainability (ICGS3), pages 1–9. IEEE, 2019.
[359] Jeyasingam Nivethan and Mauricio Papa. On the use of open-source [379] Jack Parry, Daniel Hunter, Kenneth Radke, and Colin Fidge. A network
firewalls in ics/scada systems. Information Security Journal: A Global forensics tool for precise data packet capture and replay in cyber-
Perspective, 25(1-3):83–93, 2016. physical systems. In Proceedings of the Australasian Computer Science
[360] Sridhar Adepu, Siddhant Shrivastava, and Aditya Mathur. Argus: An Week Multiconference, page 22. ACM, 2016.
orthogonal defense framework to protect public infrastructure against [380] Mumin Cebe, Enes Erdin, Kemal Akkaya, Hidayet Aksu, and Sel-
cyber-physical attacks. IEEE Internet Computing, 20(5):38–45, 2016. cuk Uluagac. Block4forensic: An integrated lightweight blockchain
[361] Tamoghna Ghosh, Dipanjan Sarkar, Tushar Sharma, Ashok Desai, and framework for forensics applications of connected vehicles. IEEE
Raghav Bali. Real time failure prediction of load balancers and Communications Magazine, 56(10):50–57, 2018.
firewalls. In 2016 IEEE International Conference on Internet of Things [381] Pedro Taveras. Scada live forensics: real time data acquisition process
(iThings) and IEEE Green Computing and Communications (Green- to detect, prevent or evaluate critical situations. European Scientific
Com) and IEEE Cyber, Physical and Social Computing (CPSCom) and Journal, 9(21), 2013.
IEEE Smart Data (SmartData), pages 822–827. IEEE, 2016. [382] Irfan Ahmed, Vassil Roussev, William Johnson, Saranyan Senthivel,
[362] Yahya Javed, Muhamad Felemban, Tawfeeq Shawly, Jason Kobes, and and Sneha Sudhakaran. A scada system testbed for cybersecurity and
Arif Ghafoor. A partition-driven integrated security architecture for forensic research and pedagogy. In Proceedings of the 2nd Annual
cyber-physical systems. arXiv preprint arXiv:1901.03018, 2019. Industrial Control System Security Workshop, pages 1–9. ACM, 2016.
[363] Fred Cohen. The use of deception techniques: Honeypots and decoys. [383] Ken Yau and Kam-Pui Chow. Detecting anomalous programmable
Handbook of Information Security, 3(1):646–655, 2006. logic controller events using machine learning. In IFIP International
[364] Daniele Antonioli, Anand Agrawal, and Nils Ole Tippenhauer. Towards Conference on Digital Forensics, pages 81–94. Springer, 2017.
high-interaction virtual ics honeypots-in-a-box. In Proceedings of the [384] Saman Zonouz, Julian Rrushi, and Stephen McLaughlin. Detecting
2nd ACM Workshop on Cyber-Physical Systems Security and Privacy, industrial control malware using automated plc code analytics. IEEE
pages 13–22. ACM, 2016. Security & Privacy, 12(6):40–47, 2014.
[365] Samuel Litchfield, David Formby, Jonathan Rogers, Sakis Meliopoulos, [385] Lucille McMinn and Jonathan Butts. A firmware verification tool
and Raheem Beyah. Rethinking the honeypot for cyber-physical for programmable logic controllers. In International Conference on
systems. IEEE Internet Computing, 20(5):9–17, 2016. Critical Infrastructure Protection, pages 59–69. Springer, 2012.
[366] Celine Irvene, David Formby, Samuel Litchfield, and Raheem Beyah. [386] Amit Kleinmann and Avishai Wool. Accurate modeling of the siemens
Honeybot: A honeypot for robotic systems. Proceedings of the IEEE, s7 scada protocol for intrusion detection and digital forensics. Journal
106(1):61–70, 2017. of Digital Forensics, Security and Law, 9(2):4, 2014.
[367] Daniel Fraunholz, Daniel Krohmer, Simon Duque Anton, and Hans Di- [387] Saranyan Senthivel, Irfan Ahmed, and Vassil Roussev. Scada network
eter Schotten. Investigation of cyber crime conducted by abusing weak forensics of the pccc protocol. Digital Investigation, 22:S57–S65, 2017.
or default passwords with a medium interaction honeypot. In 2017 [388] Ken Yau, Kam-Pui Chow, and Siu-Ming Yiu. A forensic logging system
International Conference on Cyber Security And Protection Of Digital for siemens programmable logic controllers. In IFIP International
Services (Cyber Security), pages 1–7. IEEE, 2017. Conference on Digital Forensics, pages 331–349. Springer, 2018.
[368] Wen Tian, Xiaopeng Ji, Weiwei Liu, Guangjie Liu, Rong Lin, Jiangtao [389] Dillon Beresford. Exploiting siemens simatic s7 plcs. Black Hat USA,
Zhai, and Yuewei Dai. Defense strategies against network attacks in 16(2):723–733, 2011.
40
[390] Raymond Chan and Kam-Pui Chow. Forensic analysis of a siemens In 2019 International Conference on Wireless and Mobile Computing,
programmable logic controller. In International Conference on Critical Networking and Communications (WiMob), pages 1–8. IEEE, 2019.
Infrastructure Protection, pages 117–130. Springer, 2016. [411] Reem Melki, Hassan N Noura, and Ali Chehab. Lightweight multi-
[391] Hassan Noura, Ali Chehab, Mohamad Noura, Raphaël Couturier, and factor mutual authentication protocol for IoT devices. International
Mohammad M Mansour. Lightweight, dynamic and efficient image Journal of Information Security, pages 1–16, 2019.
encryption scheme. Multimedia Tools and Applications, 78(12):16527– [412] Hassan N Noura, Reem Melki, and Ali Chehab. Secure and lightweight
16561, 2019. mutual multi-factor authentication for IoT communication systems. In
[392] Hassan Noura, Ali Chehab, Lama Sleem, Mohamad Noura, Raphaël 2019 IEEE 90th Vehicular Technology Conference (VTC2019-Fall),
Couturier, and Mohammad M. Mansour. One round cipher algorithm pages 1–7. IEEE, 2019.
for multimedia IoT devices. Multimedia Tools and Applications, Jan [413] Hassan N Noura, Ola Salman, Ali Chehab, and Raphaël Couturier.
2018. Distlog: A distributed logging scheme for iot forensics. Ad Hoc
[393] Hassan N Noura, Reem Melki, Ali Chehab, and Mohammad M Networks, 98:102061, 2020.
Mansour. A physical encryption scheme for low-power wireless M2M [414] Steven Thomason. Improving network security: next generation fire-
devices: a dynamic key approach. Mobile Networks and Applications, walls and advanced packet inspection devices. Global Journal of
pages 1–17, 2018. Computer Science and Technology, 2012.
[394] Reem Melki, Hassan N Noura, Mohammad M Mansour, and Ali [415] Iyad Kuwatly, Malek Sraj, Zaid Al Masri, and Hassan Artail. A
Chehab. An efficient OFDM-based encryption scheme using a dynamic dynamic honeypot design for intrusion detection. In The IEEE/ACS
key approach. IEEE Internet of Things Journal, 2018. International Conference onPervasive Services, 2004. ICPS 2004.
[395] Reem Melki, Hassan N Noura, Mohammad M Mansour, and Ali Proceedings., pages 95–104. IEEE, 2004.
Chehab. A survey on OFDM physical layer security. Physical [416] L Carver and Murray Turoff. The human and computer as a team
Communication, 32:1–30, 2019. in emergency management information systems. CACM, 50(3):33–38,
[396] Hassan Noura, Soran Hussein, Steven Martin, Lila Boukhatem, and 2007.
Khaldoun Al Agha. Erdia: An efficient and robust data integrity algo- [417] Robin Ruefle, Audrey Dorofee, David Mundie, Allen D Householder,
rithm for mobile and wireless networks. In Wireless Communications Michael Murray, and Samuel J Perl. Computer security incident
and Networking Conference (WCNC), 2015 IEEE, pages 2103–2108. response team development and evolution. IEEE Security & Privacy,
IEEE, 2015. 12(5):16–26, 2014.
[397] Han Qiu, Gerard Memmi, and Hassan Noura. An efficient secure [418] Karen Kent, Suzanne Chevalier, Tim Grance, and Hung Dang. Guide
storage scheme based on information fragmentation. In 2017 IEEE to integrating forensic techniques into incident response. NIST Special
4th International Conference on Cyber Security and Cloud Computing Publication, 10(14):800–86, 2006.
(CSCloud), pages 108–113. IEEE, 2017. [419] Chris Prosise, Kevin Mandia, and Matt Pepe. Incident response &
[398] Hassan Noura, Steven Martin, Khaldoun Al Agha, and Khaled Chahine. computer forensics. 2003.
ERSS-RLNC: efficient and robust secure scheme for random linear [420] Maurice M Klee. The importance of having a non-disclosure agree-
network coding. Computer networks, 75:99–112, 2014. ment. IEEE engineering in medicine and biology magazine, 19(3):120,
[399] Hassan Noura, Ola Salman, Ali Chehab, and Raphael Couturier. Pre- 2000.
serving data security in distributed fog computing. Ad Hoc Networks, [421] Joyce Hogan and Robert Hogan. How to measure employee reliability.
94:101937, 2019. Journal of Applied psychology, 74(2):273, 1989.
[400] Katarzyna Kapusta, Gerard Memmi, and Hassan Noura. Secure and [422] Abraham Serhane, Mohamad Raad, Raad Raad, and Willy Susilo.
resilient scheme for data protection in unattended wireless sensor Plc code-level vulnerabilities. In 2018 International Conference on
networks. In 2017 1st Cyber Security in Networking Conference Computer and Applications (ICCA), pages 348–352. IEEE, 2018.
(CSNet), pages 1–8. IEEE, 2017. [423] Yung-Chang Chang, Li-Ren Huang, Hsing-Chuang Liu, Chih-Jen Yang,
[401] Katarzyna Kapusta, Gerard Memmi, and Hassan Noura. Additively ho- and Ching-Te Chiu. Assessing automotive functional safety micropro-
momorphic encryption and fragmentation scheme for data aggregation cessor with iso 26262 hardware requirements. In Technical papers of
inside unattended wireless sensor networks. Annals of Telecommuni- 2014 international symposium on VLSI design, automation and test,
cations, 74(3-4):157–165, 2019. pages 1–4. IEEE, 2014.
[402] Rida Diba, Elias Yaacoub, Mohammed Al-Husseini, Hassan Noura, [424] Ron Bell. Introduction and revision of iec 61508. In Advances in
Khalid Abualsaud, Tamer Khattab, and Mohsen Guizani. A simple Systems Safety, pages 273–291. Springer, 2011.
approach for securing iot data transmitted over multi-rats. In 2018 [425] Ron Bell. Introduction to iec 61508. In ACM International Conference
14th International Wireless Communications & Mobile Computing Proceeding Series, volume 162, pages 3–12, 2006.
Conference (IWCMC), pages 249–254. IEEE, 2018. [426] Curtis Miller, Justin Kassie, Daniel Poston, et al. Assessing and com-
[403] Hassan N Noura, Reem Melki, Mohammad Malli, and Ali Chehab. puting the safety integrity level (sil) for turbo machinery protection. In
Design and realization of efficient & secure multi-homed systems based Proceedings of the 46th Turbomachinery Symposium. Turbomachinery
on random linear network coding. Computer Networks, 163:106886, Laboratory, Texas A&M Engineering Experiment Station, 2017.
2019. [427] Teiyu Goto. Electronic control unit, October 2 2001. US Patent App.
[404] John Demme, Matthew Maycock, Jared Schmitz, Adrian Tang, Adam 29/132,291.
Waksman, Simha Sethumadhavan, and Salvatore Stolfo. On the [428] Nikolaus Dellantoni, Bernhard Schinkowitsch, André Schoenekaes,
feasibility of online malware detection with performance counters. In Axel Nix, and Niall R Lynam. Scalable integrated electronic control
ACM SIGARCH Computer Architecture News, volume 41, pages 559– unit for vehicle, May 19 2015. US Patent 9,036,026.
570. ACM, 2013.
[405] Nesrine Kaaniche, Maryline Laurent, and Claire Levallois-Barth. Id-
based user-centric data usage auditing scheme for distributed environ-
ments. Frontiers in Blockchain, 3:17, 2020.
[406] Nesrine Kaaniche, Mohamed Mohamed, Maryline Laurent, and Heiko
Ludwig. Security sla based monitoring in clouds. In 2017 IEEE
International Conference on Edge Computing (EDGE), pages 90–97.
IEEE, 2017.
[407] Giedre Sabaliauskaite and Aditya P Mathur. Aligning cyber-physical
system safety and security. In Complex Systems Design & Management
Asia, pages 41–53. Springer, 2015.
[408] Feng Xie, Tianbo Lu, Xiaobo Guo, Jingli Liu, Yong Peng, and Yang
Gao. Security analysis on cyber-physical system using attack tree. In
2013 Ninth International Conference on Intelligent Information Hiding
and Multimedia Signal Processing, pages 429–432. IEEE, 2013.
[409] Hassan N Noura, Ali Chehab, and Raphael Couturier. Efficient &
secure cipher scheme with dynamic key-dependent mode of operation.
Signal Processing: Image Communication, 78:448–464, 2019.
[410] Hassan Noura, Raphaël Couturier, Congduc Pham, and Ali Chehab.
Lightweight stream cipher scheme for resource-constrained iot devices.
uthor Biography
Jean-Paul Yaacoub is a Master student in the department of Electrical and Computer Engineering at the Arab
Open University.
Ola Salman is a PhD student in the department of Electrical and Computer Engineering at the American
University of Beirut (AUB), Lebanon.
Hassan Noura is a research associate in the department of Electrical and Computer Engineering at the American
University of Beirut (AUB), Lebanon.
Nesrine Kaaniche is Lecturer in Cybersecurity and expert in cryptographic solutions at the University of
Salford, School of Computing, Science and Engineering, Greater Manchester, England.
Ali Chehab is a professor in the department of Electrical and Computer Engineering at the American University
of Beirut (AUB), Lebanon.
Mohamad Malli is a professor in the department of Electrical and Computer Engineering at the Arab Open
University.
Declaration of interests
☒ The authors declare that they have no known competing financial interests or personal relationships
that could have appeared to influence the work reported in this paper.
☐The authors declare the following financial interests/personal relationships which may be considered
as potential competing interests:
Jean-Paul Yaacoub is a Master student in the department
of Electrical and Computer Engineering at the Arab Open University.
43
Mohamad Malli is a professor in the depart-
ment of Electrical and Computer Engineering at the Arab Open University.
44