ACM Transactions on Cyber-Physical Systems最新文献

{"title":"Introduction to the Special Issue on Security and Privacy for Connected Cyber-physical Systems","authors":"Moreno Ambrosin, M. Conti, R. Lazzeretti, Chia-Mu Yu","doi":"10.1145/3431201","DOIUrl":"https://doi.org/10.1145/3431201","url":null,"abstract":"Cyber-Physical Systems (CPS) are becoming pervasive and changing our lives. Smart cyberphysical devices can be used in many different fields, such as connected vehicles, smart homes, mobile social networks and Internet of People, and Industrial Cyber-Physical Systems. CPS devices usually leverage on Machine-to-Machine (M2M) communication. This allows these devices to operate in interconnected groups, enabling them to autonomously perform critical operations, take decisions, or perform tasks that single devices cannot do. As we move towards an era of “automation,” interconnected CPS certainly make their existence as a panacea to address several issues in the smart world, but also are an attractive target for attackers, which can operate on single devices or on the whole network. In fact, these devices are usually resource-constrained and unable to defend themselves against security threats. Even a single compromised node in a group of cooperating devices can pose a serious security threat, e.g., by either disrupting communications (and thus the coordination) within the group, or sharing critical information to unauthorized external parties. Attackers can use devices as a vector to other targets, as in the case of Denial of Service (DoS) attacks, interfere with the normal functionality of the network to force abnormal behaviors, or simply infer private information through compromised devices. As such, security and privacy are a major concern to guarantee both the correct operational capabilities of devices and prevent data thefts and/or privacy violations. This special issue provides significant contributions for the improvement of different interconnected Cyber-physical Systems in several fields with the goal of improving their security and/or privacy. We start our special issue with two articles focusing on smart home security. Kafle et al. provide a systematic security analysis of Google Nest and Philips Hue, two widely popular data store-based smart home platforms. In “Security in Centralized Data Store-based Home Automation Platforms: A Systematic Analysis of Nest and Hue,” authors evaluate the security of the two platforms, identify vulnerabilities in them, and propose solutions for their mitigations. In “Canopy: A Verifiable Privacy-preserving Token Ring–based Communication Protocol for Smart Homes,” Panwar et al. propose a protocol that prevents privacy breaches in smart homes that can arise from the analysis of the traffic generated by smart devices. The protocol is based on a cryptographically secure token circulation in a ring network to which smart home devices are connected. We then continue with two articles whose subject is the network of connected people. Azad et al. in “Privacy-preserving Crowd-sensed Trust Aggregation in the User-centric Internet of People Networks” propose a protocol that uses homomorphic cryptosystem in a decentralized way","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2020-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3431201","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47303579","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Security in Centralized Data Store-based Home Automation Platforms","authors":"Kaushal Kafle, Kevin Moran, Sunil Manandhar, Adwait Nadkarni, D. Poshyvanyk","doi":"10.1145/3418286","DOIUrl":"https://doi.org/10.1145/3418286","url":null,"abstract":"Home automation platforms enable consumers to conveniently automate various physical aspects of their homes. However, the security flaws in the platforms or integrated third-party products can have serious security and safety implications for the user’s physical environment. This article describes our systematic security evaluation of two popular smart home platforms, Google’s Nest platform and Philips Hue, which implement home automation “routines” (i.e., trigger-action programs involving apps and devices) via manipulation of state variables in a centralized data store. Our semi-automated analysis examines, among other things, platform access control enforcement, the rigor of non-system enforcement procedures, and the potential for misuse of routines, and it leads to 11 key findings with serious security implications. We combine several of the vulnerabilities we find to demonstrate the first end-to-end instance of lateral privilege escalation in the smart home, wherein we remotely disable the Nest Security Camera via a compromised light switch app. Finally, we discuss potential defenses, and the impact of the continuous evolution of smart home platforms on the practicality of security analysis. Our findings draw attention to the unique security challenges of smart home platforms and highlight the importance of enforcing security by design.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2020-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3418286","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45931072","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"From Trustworthy Data to Trustworthy IoT","authors":"C. Ardagna, Rasool Asal, E. Damiani, Nabil El Ioini, Mehdi Elahi, C. Pahl","doi":"10.1145/3418686","DOIUrl":"https://doi.org/10.1145/3418686","url":null,"abstract":"Internet of Things (IoT) is composed of physical devices, communication networks, and services provided by edge systems and over-the-top applications. IoT connects billions of devices that collect data from the physical environment, which are pre-processed at the edge and then forwarded to processing services at the core of the infrastructure, on top of which cloud-based applications are built and provided to mobile end users. IoT comes with important advantages in terms of applications and added value for its users, making their world smarter and simpler. These advantages, however, are mitigated by the difficulty of guaranteeing IoT trustworthiness, which is still in its infancy. IoT trustworthiness is a must especially in critical domains (e.g., health, transportation) where humans become new components of an IoT system and their life is put at risk by system malfunctioning or breaches. In this article, we put forward the idea that trust in IoT can be boosted if and only if its automation and adaptation processes are based on trustworthy data. We therefore depart from a scenario that considers the quality of a single decision as the main goal of an IoT system and consider the trustworthiness of collected data as a fundamental requirement at the basis of a trustworthy IoT environment. We therefore define a methodology for data collection that filters untrusted data out according to trust rules evaluating the status of the devices collecting data and the collected data themselves. Our approach is based on blockchain and smart contracts and collects data whose trustworthiness and integrity are proven over time. The methodology balances trustworthiness and privacy and is experimentally evaluated in real-world and simulated scenarios using Hyperledger fabric blockchain.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2020-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3418686","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41546292","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Preserving Secrecy in Mobile Social Networks","authors":"Gabriela Suntaxi, A. A. E. Ghazi, Klemens Böhm","doi":"10.1145/3396071","DOIUrl":"https://doi.org/10.1145/3396071","url":null,"abstract":"Location-based services are one of the most important services offered by mobile social networks. Offering this kind of service requires accessing the physical position of users together with the access authorizations, i.e., who is authorized to access what information. However, these physical positions and authorizations are sensitive information that have to be kept secret from any adversary, including the service providers. As far as we know, the problem of offering location-based services in mobile social networks with a revocation feature under collusion assumption, i.e., an adversary colludes with the service provider, has not been studied. In this article, we show how to solve this problem in the example of range queries. Specifically, we guarantee any adversary, including the service provider, is not able to learn (1) the physical position of the users, (2) the distance between his position and that of the users, and (3) whether two users are allowed to learn the distance between them. We propose two approaches, namely, two-layer symmetric encryption and two-layer attribute-based encryption. The main difference between them is that they use, among other encryption schemes, symmetric and attribute-based encryption, respectively. Next, we prove the secrecy guarantees of both approaches, analyze their complexity, and provide experiments to evaluate their performance in practice.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2020-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3396071","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47817053","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Can Replay Attacks Designed to Steal Water from Water Distribution Systems Remain Undetected?","authors":"Venkata Reddy Palleti, Vishrut Kumar Mishra, Chuadhry Mujeeb Ahmed, A. Mathur","doi":"10.1145/3406764","DOIUrl":"https://doi.org/10.1145/3406764","url":null,"abstract":"Industrial Control Systems (ICS) monitor and control physical processes. ICS are found in, among others, critical infrastructures such as water treatment plants, water distribution systems, and the electric power grid. While the existence of cyber-components in an ICS leads to ease of operations and maintenance, it renders the system under control vulnerable to cyber and physical attacks. An experimental study was conducted with replay attacks launched on an operational water distribution (WADI) plant to understand under what conditions an attacker/attack can remain undetected while stealing water. A detection method, based on an input-output Linear Time-invariant system model of the physical process, was developed and implemented in WADI to detect such attacks. The experiments reveal the strengths and limitations of the detection method and challenges faced by an attacker while attempting to steal water from a water distribution system.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2020-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3406764","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43612505","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Decentralized Firmware Attestation for In-Vehicle Networks","authors":"Abhimanyu Rawat, Mohammad Khodari, Mikael Asplund, A. Gurtov","doi":"10.1145/3418685","DOIUrl":"https://doi.org/10.1145/3418685","url":null,"abstract":"Today’s vehicles are examples of Cyber-Physical Systems (CPS) controlled by a large number of electronic control units (ECUs), which manage everything from heating to steering and braking. Due to the increasing complexity and inter-dependency of these units, it has become essential for an ECU to be able to ensure the integrity of the firmware running on other ECU’s to guarantee its own correct operation. Existing solutions for firmware attestation use a centralized approach, which means a single point of failure. In this article, we propose and investigate a decentralized firmware attestation scheme for the automotive domain. The basic idea of this scheme is that each ECU can attest to the state of those ECU’s on which it depends. Two flavors of ECU attestation, i.e., parallel and serial solution, were designed, implemented, and evaluated. The two variants were compared in terms of both detection performance (i.e., the ability to identify unauthorized firmware modifications) and timing performance. Our results show that the proposed scheme is feasible to implement and that the parallel solution showed a significant improvement in timing performance over the serial solution.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2020-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3418685","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47148621","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Categorical Semantics of Cyber-Physical Systems Theory","authors":"Georgios Bakirtzis, C. Fleming, Christina N. Vasilakopoulou","doi":"10.1145/3461669","DOIUrl":"https://doi.org/10.1145/3461669","url":null,"abstract":"Cyber-physical systems require the construction and management of various models to assure their correct, safe, and secure operation. These various models are necessary because of the coupled physical and computational dynamics present in cyber-physical systems. However, to date the different model views of cyber-physical systems are largely related informally, which raises issues with the degree of formal consistency between those various models of requirements, system behavior, and system architecture. We present a category-theoretic framework to make different types of composition explicit in the modeling and analysis of cyber-physical systems, which could assist in verifying the system as a whole. This compositional framework for cyber-physical systems gives rise to unified system models, where system behavior is hierarchically decomposed and related to a system architecture using the systems-as-algebras paradigm. As part of this paradigm, we show that an algebra of (safety) contracts generalizes over the state of the art, providing more uniform mathematical tools for constraining the behavior over a richer set of composite cyber-physical system models, which has the potential of minimizing or eliminating hazardous behavior.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2020-10-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3461669","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"49268318","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Control Communication Co-Design for Wide Area Cyber-Physical Systems","authors":"Laksh Bhatia, Ivana Tomić, A. Fu, Michael J. Breza, J. Mccann","doi":"10.1145/3418528","DOIUrl":"https://doi.org/10.1145/3418528","url":null,"abstract":"Wide Area Cyber-Physical Systems (WA-CPSs) are a class of control systems that integrate low-powered sensors, heterogeneous actuators, and computer controllers into large infrastructure that span multi-kilometre distances. Current wireless communication technologies are incapable of meeting the communication requirements of range and bounded delays needed for the control of WA-CPSs. To solve this problem, we use a Control Communication Co-design approach for WA-CPSs, that we refer to as the C3 approach, to design a novel Low-Power Wide Area (LPWA) MAC protocol called Ctrl-MAC and its associated event-triggered controller that can guarantee the closed-loop stability of a WA-CPS. This is the first article to show that LPWA wireless communication technologies can support the control of WA-CPSs. LPWA technologies are designed to support one-way communication for monitoring and are not appropriate for control. We present this work using an example of a water distribution network application, which we evaluate both through a co-simulator (modeling both physical and cyber subsystems) and testbed deployments. Our evaluation demonstrates full control stability, with up to 50% better packet delivery ratios and 80% less average end-to-end delays when compared to a state-of-the-art LPWA technology. We also evaluate our scheme against an idealised, wired, centralised, control architecture, and show that the controller maintains stability and the overshoots remain within bounds.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2020-08-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3418528","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"42929957","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Sℒ1-Simplex: Safe Velocity Regulation of Self-Driving Vehicles in Dynamic and Unforeseen Environments","authors":"Y. Mao, Yuliang Gu, N. Hovakimyan, L. Sha, P. Voulgaris","doi":"10.1145/3564273","DOIUrl":"https://doi.org/10.1145/3564273","url":null,"abstract":"This article proposes a novel extension of the Simplex architecture with model switching and model learning to achieve safe velocity regulation of self-driving vehicles in dynamic and unforeseen environments. To guarantee the reliability of autonomous vehicles, an ℒ1 adaptive controller that compensates for uncertainties and disturbances is employed by the Simplex architecture as a verified high-assurance controller (HAC) to tolerate concurrent software and physical failures. Meanwhile, the safe switching controller is incorporated into the HAC for safe velocity regulation in the dynamic (prepared) environments, through the integration of the traction control system and anti-lock braking system. Due to the high dependence of vehicle dynamics on the driving environments, the HAC leverages the finite-time model learning to timely learn and update the vehicle model for ℒ1 adaptive controller, when any deviation from the safety envelope or the uncertainty measurement threshold occurs in the unforeseen driving environments. With the integration of ℒ1 adaptive controller, safe switching controller and finite-time model learning, the vehicle’s angular and longitudinal velocities can asymptotically track the provided references in the dynamic and unforeseen driving environments, while the wheel slips are restricted to safety envelopes to prevent slipping and sliding. Finally, the effectiveness of the proposed Simplex architecture for safe velocity regulation is validated by the AutoRally platform.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2020-08-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43897861","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Survey on Intersection Management of Connected Autonomous Vehicles","authors":"M. Khayatian, Mohammadreza Mehrabian, E. Andert, Rachel Dedinsky, S. Choudhary, Y. Lou, Aviral Shirvastava","doi":"10.1145/3407903","DOIUrl":"https://doi.org/10.1145/3407903","url":null,"abstract":"Intersection management of Connected Autonomous Vehicles (CAVs) has the potential to improve safety and mobility. CAVs approaching an intersection can exchange information with the infrastructure or each other to schedule their cross times. By avoiding unnecessary stops, scheduling CAVs can increase traffic throughput, reduce energy consumption, and most importantly, minimize the number of accidents that happen in intersection areas due to human errors. We study existing intersection management approaches from following key perspectives: (1) intersection management interface, (2) scheduling policy, (3) existing wireless technologies, (4) existing vehicle models used by researchers and their impact, (5) conflict detection, (6) extension to multi-intersection management, (7) challenges of supporting human-driven vehicles, (8) safety and robustness required for real-life deployment, (9) graceful degradation and recovery for emergency scenarios, (10) security concerns and attack models, and (11) evaluation methods. We then discuss the effectiveness and limitations of each approach with respect to the aforementioned aspects and conclude with a discussion on tradeoffs and further research directions.","PeriodicalId":7055,"journal":{"name":"ACM Transactions on Cyber-Physical Systems","volume":null,"pages":null},"PeriodicalIF":2.3,"publicationDate":"2020-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/3407903","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47268533","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}