Covert channels in stochastic cyber-physical systems

IF 1.7 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS
Walter Lucia, Amr Youssef
{"title":"Covert channels in stochastic cyber-physical systems","authors":"Walter Lucia,&nbsp;Amr Youssef","doi":"10.1049/cps2.12020","DOIUrl":null,"url":null,"abstract":"<p>A covert channel is a communication channel that is not intended to exist, and that can be used to transfer information in a manner that violates the system security policy. Attackers can abuse such channels to exfiltrate sensitive information from cyber-physical systems (CPSs), for example to leak the confidential or proprietary parameters in a control system. Furthermore, attacks against CPSs can exploit the leaked information about the implementation of the control system, for example to determine optimal false data injection attack values that degrade the system performance while remaining undetected. In this study, a control theoretic approach for establishing covert channels in stochastic CPSs is presented. In particular, a scenario is considered where an attacker is able to inject malware into the networked controller and arbitrarily alter the control logic. By exploiting such capability, an attacker can establish an illegitimate communication channel, for example to transmit sensitive plant parameters, between the networked controller and an eavesdropper intercepting the sensor measurements. The authors show that such a channel can be established by exploiting the closed-loop system operations, a decoding mechanism based on an unknown input observer, and an error-correcting coding scheme that exploits the control loop to obtain an implicit acknowledgement. A simple proof of concept implementation of the covert channel is presented, and its performance is evaluated by resorting to a numerical example. Finally, some defences and countermeasures are proposed against the proposed covert channel.</p>","PeriodicalId":36881,"journal":{"name":"IET Cyber-Physical Systems: Theory and Applications","volume":null,"pages":null},"PeriodicalIF":1.7000,"publicationDate":"2021-07-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ietresearch.onlinelibrary.wiley.com/doi/epdf/10.1049/cps2.12020","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Cyber-Physical Systems: Theory and Applications","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/cps2.12020","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 3

Abstract

A covert channel is a communication channel that is not intended to exist, and that can be used to transfer information in a manner that violates the system security policy. Attackers can abuse such channels to exfiltrate sensitive information from cyber-physical systems (CPSs), for example to leak the confidential or proprietary parameters in a control system. Furthermore, attacks against CPSs can exploit the leaked information about the implementation of the control system, for example to determine optimal false data injection attack values that degrade the system performance while remaining undetected. In this study, a control theoretic approach for establishing covert channels in stochastic CPSs is presented. In particular, a scenario is considered where an attacker is able to inject malware into the networked controller and arbitrarily alter the control logic. By exploiting such capability, an attacker can establish an illegitimate communication channel, for example to transmit sensitive plant parameters, between the networked controller and an eavesdropper intercepting the sensor measurements. The authors show that such a channel can be established by exploiting the closed-loop system operations, a decoding mechanism based on an unknown input observer, and an error-correcting coding scheme that exploits the control loop to obtain an implicit acknowledgement. A simple proof of concept implementation of the covert channel is presented, and its performance is evaluated by resorting to a numerical example. Finally, some defences and countermeasures are proposed against the proposed covert channel.

Abstract Image

随机网络物理系统中的隐蔽信道
隐蔽通道是一种不打算存在的通信通道,可用于以违反系统安全策略的方式传输信息。攻击者可以滥用这些通道从网络物理系统(cps)中泄露敏感信息,例如泄露控制系统中的机密或专有参数。此外,针对cps的攻击可以利用有关控制系统实现的泄露信息,例如确定最佳的虚假数据注入攻击值,这些攻击值会降低系统性能,但不会被发现。本文提出了一种建立随机cps隐蔽信道的控制理论方法。特别是,考虑了攻击者能够将恶意软件注入网络控制器并任意更改控制逻辑的场景。通过利用这种能力,攻击者可以在联网控制器和拦截传感器测量的窃听者之间建立非法通信通道,例如传输敏感的工厂参数。该信道可以通过利用闭环系统操作、基于未知输入观测器的解码机制和利用控制环获得隐式确认的纠错编码方案来建立。给出了隐蔽信道实现的一个简单的概念证明,并通过一个数值算例对隐蔽信道的性能进行了评价。最后,针对所提出的隐蔽信道提出了一些防御和对策。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
IET Cyber-Physical Systems: Theory and Applications
IET Cyber-Physical Systems: Theory and Applications Computer Science-Computer Networks and Communications
CiteScore
5.40
自引率
6.70%
发文量
17
审稿时长
19 weeks
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信