实现关键网络物理基础设施运行时状态验证保证

2021 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm) Pub Date : 2021-10-25 DOI:10.1109/SmartGridComm51999.2021.9632340

Abel O. Gomez Rivera, Deepak K. Tosh, S. Shetty

{"title":"实现关键网络物理基础设施运行时状态验证保证","authors":"Abel O. Gomez Rivera, Deepak K. Tosh, S. Shetty","doi":"10.1109/SmartGridComm51999.2021.9632340","DOIUrl":null,"url":null,"abstract":"Industrial Cyber-Physical Systems (ICPS) are an essential backbone of national critical infrastructures. They help monitor and control crucial cyber-enabled services such as energy generation. Commonly ICPS monitors the physical process through Supervisory Control and Data Acquisition (SCADA) systems. The SCADA ecosystem takes critical real-time and future system operational decisions based on the runtime state behavior of field sensors. Traditional SCADA systems use legacy and insecure communication protocols such as the Modbus protocol that lack adequate security mechanisms to provide robust runtime state behavior assurance of constrained field sensors. Therefore, constrained field sensors are commonly vulnerable to standard semantic attacks that gradually change the behavior state of infected devices. This paper discusses process integrity assurance techniques necessary to enhance the security of behavior-based protocols such as the Modbus protocol. The Runtime State Verification (RSV) protocol proposed in this paper aims to address semantic attacks in the SCADA ecosystem by integrating behavior-based Mandatory Results Automata (MRA) and a Hyperledger Fabric (HLF) network. The RSV protocol provides high process integrity assurance through enhanced behavior-based MRA suitable for the constrained field devices. A proof of concept of the RSV protocol has been evaluated in an emulated water-tube boiler. Preliminary evaluations of the RSV protocol aimed to measure the efficiency of the proposed protocol by monitoring an Combustion Efficiency (CE) process necessary to preserve optimal combustion, thus minimizing costs and future maintenance of water-tube boilers. We analyze the overall network overhead and latency of the proposed RSV protocol by evaluating the HLF network performance and comparing the proposed RSV protocol with the state-of-art BloSPAI protocol. Through the preliminary evaluations of the proposed RSV protocol, this paper demonstrates that the proposed RSV protocol overcomes the shortcomings and network overhead of the BloSPAI protocol by integrating behavior-based authentication through novel MRAs and HLF networks.","PeriodicalId":378884,"journal":{"name":"2021 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm)","volume":"72 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Achieving Runtime State Verification Assurance in Critical Cyber-Physical Infrastructures\",\"authors\":\"Abel O. Gomez Rivera, Deepak K. Tosh, S. Shetty\",\"doi\":\"10.1109/SmartGridComm51999.2021.9632340\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Industrial Cyber-Physical Systems (ICPS) are an essential backbone of national critical infrastructures. They help monitor and control crucial cyber-enabled services such as energy generation. Commonly ICPS monitors the physical process through Supervisory Control and Data Acquisition (SCADA) systems. The SCADA ecosystem takes critical real-time and future system operational decisions based on the runtime state behavior of field sensors. Traditional SCADA systems use legacy and insecure communication protocols such as the Modbus protocol that lack adequate security mechanisms to provide robust runtime state behavior assurance of constrained field sensors. Therefore, constrained field sensors are commonly vulnerable to standard semantic attacks that gradually change the behavior state of infected devices. This paper discusses process integrity assurance techniques necessary to enhance the security of behavior-based protocols such as the Modbus protocol. The Runtime State Verification (RSV) protocol proposed in this paper aims to address semantic attacks in the SCADA ecosystem by integrating behavior-based Mandatory Results Automata (MRA) and a Hyperledger Fabric (HLF) network. The RSV protocol provides high process integrity assurance through enhanced behavior-based MRA suitable for the constrained field devices. A proof of concept of the RSV protocol has been evaluated in an emulated water-tube boiler. Preliminary evaluations of the RSV protocol aimed to measure the efficiency of the proposed protocol by monitoring an Combustion Efficiency (CE) process necessary to preserve optimal combustion, thus minimizing costs and future maintenance of water-tube boilers. We analyze the overall network overhead and latency of the proposed RSV protocol by evaluating the HLF network performance and comparing the proposed RSV protocol with the state-of-art BloSPAI protocol. Through the preliminary evaluations of the proposed RSV protocol, this paper demonstrates that the proposed RSV protocol overcomes the shortcomings and network overhead of the BloSPAI protocol by integrating behavior-based authentication through novel MRAs and HLF networks.\",\"PeriodicalId\":378884,\"journal\":{\"name\":\"2021 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm)\",\"volume\":\"72 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SmartGridComm51999.2021.9632340\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SmartGridComm51999.2021.9632340","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

工业信息物理系统(ICPS)是国家关键基础设施的重要支柱。它们有助于监测和控制关键的网络服务，如能源生产。通常，ICPS通过SCADA (Supervisory Control and Data Acquisition)系统监控物理过程。SCADA生态系统根据现场传感器的运行状态行为做出关键的实时和未来系统操作决策。传统的SCADA系统使用传统和不安全的通信协议，如Modbus协议，缺乏足够的安全机制来为受限现场传感器提供健壮的运行时状态行为保证。因此，约束场传感器通常容易受到标准语义攻击，这些攻击会逐渐改变受感染设备的行为状态。本文讨论了提高基于行为的协议(如Modbus协议)的安全性所必需的过程完整性保证技术。本文提出的运行时状态验证(RSV)协议旨在通过集成基于行为的强制结果自动机(MRA)和超级分类账结构(HLF)网络来解决SCADA生态系统中的语义攻击。RSV协议通过增强的适用于受限现场设备的基于行为的MRA，提供了高过程完整性保证。RSV协议的概念验证已在模拟水管锅炉中进行了评估。RSV协议的初步评估旨在通过监测保持最佳燃烧所需的燃烧效率(CE)过程来衡量拟议协议的效率，从而最大限度地降低成本和未来对水管锅炉的维护。我们通过评估HLF网络性能，并将所提出的RSV协议与最先进的BloSPAI协议进行比较，分析了所提出的RSV协议的总体网络开销和延迟。通过对所提出的RSV协议的初步评估，本文证明了所提出的RSV协议通过新型mra和HLF网络集成基于行为的认证，克服了BloSPAI协议的缺点和网络开销。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Achieving Runtime State Verification Assurance in Critical Cyber-Physical Infrastructures

Industrial Cyber-Physical Systems (ICPS) are an essential backbone of national critical infrastructures. They help monitor and control crucial cyber-enabled services such as energy generation. Commonly ICPS monitors the physical process through Supervisory Control and Data Acquisition (SCADA) systems. The SCADA ecosystem takes critical real-time and future system operational decisions based on the runtime state behavior of field sensors. Traditional SCADA systems use legacy and insecure communication protocols such as the Modbus protocol that lack adequate security mechanisms to provide robust runtime state behavior assurance of constrained field sensors. Therefore, constrained field sensors are commonly vulnerable to standard semantic attacks that gradually change the behavior state of infected devices. This paper discusses process integrity assurance techniques necessary to enhance the security of behavior-based protocols such as the Modbus protocol. The Runtime State Verification (RSV) protocol proposed in this paper aims to address semantic attacks in the SCADA ecosystem by integrating behavior-based Mandatory Results Automata (MRA) and a Hyperledger Fabric (HLF) network. The RSV protocol provides high process integrity assurance through enhanced behavior-based MRA suitable for the constrained field devices. A proof of concept of the RSV protocol has been evaluated in an emulated water-tube boiler. Preliminary evaluations of the RSV protocol aimed to measure the efficiency of the proposed protocol by monitoring an Combustion Efficiency (CE) process necessary to preserve optimal combustion, thus minimizing costs and future maintenance of water-tube boilers. We analyze the overall network overhead and latency of the proposed RSV protocol by evaluating the HLF network performance and comparing the proposed RSV protocol with the state-of-art BloSPAI protocol. Through the preliminary evaluations of the proposed RSV protocol, this paper demonstrates that the proposed RSV protocol overcomes the shortcomings and network overhead of the BloSPAI protocol by integrating behavior-based authentication through novel MRAs and HLF networks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2021 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm)

自引率

0.00%

发文量