Security and Privacy in Cyber-Physical Systems Security and Privacy in Cyber-Physical Systems Foundations, Principles, and Applications Edited by Houbing Song Embry-Riddle Aeronautical University Daytona Beach, FL, US Glenn A Fink Pacific Northwest National Laboratory Richland, WA, US Sabina Jeschke RWTH Aachen University Aachen, GM This edition first published 2018 © 2018 John Wiley & Sons Ltd All rights reserved No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by law Advice on how to obtain permision to reuse material from this title is available at http://www.wiley.com/go/permissions The right of Houbing Song, Glenn A Fink and Sabina Jeschke to be identified as the Editors of the editorial material in this work has been asserted in accordance with law Registered Offices John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USA John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, UK Editorial Office The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, UK For details of our global editorial offices, customer services, and more information about Wiley products visit us at www.wiley.com Wiley also publishes its books in a variety of electronic formats and by print-on-demand Some content that appears in standard print versions of this book may not be available in other formats Limit of Liability/Disclaimer of Warranty While the publisher and authors have used their best efforts in preparing this work, they make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation any implied warranties of merchantability or fitness for a particular purpose No warranty may be created or extended by sales representatives, written sales materials or promotional statements for this work The fact that an organization, website, or product is referred to in this work as a citation and/or potential source of further information does not mean that the publisher and authors endorse the information or services the organization, website, or product may provide or recommendations it may make This work is sold with the understanding that the publisher is not engaged in rendering professional services The advice and strategies contained herein may not be suitable for your situation You should consult with a specialist where appropriate Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages Library of Congress Cataloging-in-Publication Data Names: Song, Houbing, editor | Fink, Glenn A., editor | Jeschke, Sabina, editor Title: Security and privacy in cyber-physical systems : foundations, principles, and applications / edited by Houbing Song, Glenn A Fink, Sabina Jeschke Description: First edition | Chichester, UK ; Hoboken, NJ : John Wiley & Sons, 2017 | Includes bibliographical references and index | Identifiers: LCCN 2017012503 (print) | LCCN 2017026821 (ebook) | ISBN 9781119226055 (pdf ) | ISBN 9781119226062 (epub) | ISBN 9781119226048 (cloth) Subjects: LCSH: Computer networks–Security measures | Data protection Classification: LCC TK5105.59 (ebook) | LCC TK5105.59 S43923 2017 (print) | DDC 005.8–dc23 LC record available at https://lccn.loc.gov/2017012503 Hardback: 9781119226048 Cover design: Wiley Cover image: © fztommy/Shutterstock Set in 10/12pt WarnockPro by SPi Global, Chennai, India 10 v Contents List of Contributors xvii Foreword xxiii Preface xxv Acknowledgments xxix Overview of Security and Privacy in Cyber-Physical Systems Glenn A Fink, Thomas W Edgar, Theora R Rice, Douglas G MacDonald and Cary E Crawford 1.1 1.2 1.2.1 1.2.2 1.3 1.3.1 1.3.1.1 1.3.2 1.3.2.1 1.3.3 1.4 1.4.1 1.4.1.1 1.4.1.2 1.4.1.3 1.4.1.4 1.4.2 1.4.2.1 1.4.2.2 1.4.2.3 1.4.3 1.5 1.5.1 1.5.2 1.5.3 1.5.4 Introduction Defining Security and Privacy Cybersecurity and Privacy Physical Security and Privacy Defining Cyber-Physical Systems Infrastructural CPSs Example: Electric Power Personal CPSs Example: Smart Appliances Security and Privacy in CPSs Examples of Security and Privacy in Action Security in Cyber-Physical Systems Protecting Critical Infrastructure from Blended Threat Cyber-Physical Terrorism Smart Car Hacking Port Attack 10 Privacy in Cyber-Physical Systems 11 Wearables 11 Appliances 12 Motivating Sharing 12 Blending Information and Physical Security and Privacy 12 Approaches to Secure Cyber-Physical Systems 14 Least Privilege 14 Need-to-Know 15 Segmentation 15 Defensive Dimensionality 16 vi Contents 1.5.4.1 1.5.4.2 1.5.5 1.5.6 1.5.7 1.5.8 1.6 1.6.1 1.6.2 1.6.3 1.6.4 1.7 Defense-in-Depth 16 Defense-in-Breadth 16 User-Configurable Data Collection/Logging 17 Pattern Obfuscation 17 End-to-End Security 17 Tamper Detection/Security 18 Ongoing Security and Privacy Challenges for CPSs 18 Complexity of Privacy Regulations 18 Managing and Incorporating Legacy Systems 19 Distributed Identity and Authentication Management 20 Modeling Distributed CPSs 20 Conclusion 21 References 21 Network Security and Privacy for Cyber-Physical Systems 25 Martin Henze, Jens Hiller, René Hummen, Roman Matzutt, Klaus Wehrle and Jan H Ziegeldorf 2.1 2.2 2.2.1 2.2.1.1 2.2.1.2 2.2.1.3 2.2.2 2.2.3 2.3 2.3.1 2.3.1.1 2.3.1.2 2.3.2 2.3.2.1 2.3.2.2 2.3.2.3 2.3.2.4 2.4 2.4.1 2.4.2 2.4.3 2.4.3.1 2.4.3.2 2.5 2.5.1 2.5.1.1 2.5.1.2 2.5.2 2.5.3 Introduction 25 Security and Privacy Issues in CPSs 26 CPS Reference Model 27 Device Level 27 Control/Enterprise Level 27 Cloud Level 28 CPS Evolution 28 Security and Privacy Threats in CPSs 30 Local Network Security for CPSs 31 Secure Device Bootstrapping 32 Initial Key Exchange 33 Device Life Cycle 33 Secure Local Communication 34 Physical Layer 34 Medium Access 34 Network Layer 35 Secure Local Forwarding for Internet-Connected CPSs 35 Internet-Wide Secure Communication 36 Security Challenges for Internet-Connected CPS 37 Tailoring End-to-End Security to CPS 38 Handling Resource Heterogeneity 39 Reasonable Retransmission Mechanisms 39 Denial-of-Service Protection 40 Security and Privacy for Cloud-Interconnected CPSs 41 Securely Storing CPS Data in the Cloud 42 Protection of CPS Data 43 Access Control 43 Securely Processing CPS Data in the Cloud 44 Privacy for Cloud-Based CPSs 45 Contents 2.6 2.7 Summary 46 Conclusion and Outlook 47 Acknowledgments 48 References 48 Tutorial on Information Theoretic Metrics Quantifying Privacy in Cyber-Physical Systems 57 Guido Dartmann, Mehmet Ö Demir, Hendrik Laux, Volker Lücken, Naim Bajcinca, Gunes K Kurt, Gerd Ascheid and Martina Ziefle 3.1 Social Perspective and Motivation 57 3.1.1 Motivation 59 3.1.2 Scenario 60 3.2 Information Theoretic Privacy Measures 62 3.2.1 Information Theoretic Foundations 62 3.2.2 Surprise and Specific Information 63 3.3 Privacy Models and Protection 64 3.3.1 k-Anonymity 65 3.4 Smart City Scenario: System Perspective 67 3.4.1 Attack without Anonymization 68 3.4.2 Attack with Anonymization of the ZIP 70 3.4.3 Attack with Anonymization of the Bluetooth ID 71 3.5 Conclusion and Outlook 71 Appendix A Derivation of the Mutual Information Based on the KLD 72 Appendix B Derivation of the Mutual Information In Terms of Entropy 73 Appendix C Derivation of the Mutual Information Conditioned on x 73 Appendix D Proof of Corollary 3.1 74 References 74 Cyber-Physical Systems and National Security Concerns 77 Jeff Kosseff 4.1 4.2 4.2.1 4.2.2 4.2.3 4.3 4.3.1 Introduction 77 National Security Concerns Arising from Cyber-Physical Systems 79 Stuxnet 80 German Steel Mill 81 Future Attacks 82 National Security Implications of Attacks on Cyber-Physical Systems 82 Was the Cyber-Attack a “Use of Force” That Violates International Law? 83 If the Attack Was a Use of Force, Was That Force Attributable to a State? 86 Did the Use of Force Constitute an “Armed Attack” That Entitles the Target to Self-Defense? 87 If the Use of Force Was an Armed Attack, What Types of Self-Defense Are Justified? 88 Conclusion 89 References 90 4.3.2 4.3.3 4.3.4 4.4 vii viii Contents Legal Considerations of Cyber-Physical Systems and the Internet of Things 93 Alan C Rither and Christopher M Hoxie 5.1 5.2 5.3 5.3.1 5.3.2 5.3.3 5.3.4 5.3.4.1 5.3.4.2 5.3.4.3 5.3.4.4 5.3.4.5 5.3.4.6 5.4 Introduction 93 Privacy and Technology in Recent History 94 The Current State of Privacy Law 96 Privacy 98 Legal Background 98 Safety 99 Regulatory 100 Executive Branch Agencies 101 The Federal Trade Commission 101 The Federal Communications Commission 105 National Highway and Traffic Safety Administration 106 Food and Drug Administration 108 Federal Aviation Administration 109 Meeting Future Challenges 111 References 113 Key Management in CPSs 117 Yong Wang and Jason Nikolai 6.1 6.2 6.2.1 6.2.2 6.2.3 6.3 6.3.1 6.3.2 6.3.3 6.3.4 6.3.5 6.4 6.4.1 6.4.2 6.4.2.1 6.4.2.2 6.4.3 6.4.4 6.4.5 6.4.6 6.4.7 6.5 6.6 Introduction 117 Key Management Security Goals and Threat Model 117 CPS Architecture 118 Threats and Attacks 119 Security Goals 120 CPS Key Management Design Principles 121 Heterogeneity 122 Real-Time Availability 122 Resilience to Attacks 123 Interoperability 123 Survivability 123 CPS Key Management 124 Dynamic versus Static 124 Public Key versus Symmetric Key 125 Public Key Cryptography 125 Symmetric Key Cryptography 127 Centralized versus Distributed 128 Deterministic versus Probabilistic 129 Standard versus Proprietary 130 Key Distribution versus Key Revocation 131 Key Management for SCADA Systems 131 CPS Key Management Challenges and Open Research Issues Summary 133 References 133 132 Contents Secure Registration and Remote Attestation of IoT Devices Joining the Cloud: The Stack4Things Case of Study 137 Antonio Celesti, Maria Fazio, Francesco Longo, Giovanni Merlino and Antonio Puliafito 7.1 7.2 7.2.1 7.2.2 7.2.3 7.2.3.1 7.2.3.2 7.2.3.3 7.3 7.4 7.4.1 7.4.2 7.4.3 7.5 7.5.1 7.5.2 7.5.3 7.6 7.6.1 7.6.2 7.6.3 7.6.3.1 7.6.3.2 7.7 Introduction 137 Background 138 Cloud Integration with IoT 139 Security and Privacy in Cloud and IoT 139 Technologies 140 Hardware 140 Web Connectivity 141 Cloud 141 Reference Scenario and Motivation 142 Stack4Things Architecture 143 Board Side 144 Cloud-Side – Control and Actuation 145 Cloud-Side – Sensing Data Collection 146 Capabilities for Making IoT Devices Secure Over the Cloud 147 Trusted Computing 147 Security Keys, Cryptographic Algorithms, and Hidden IDs 148 Arduino YUN Security Extensions 149 Adding Security Capabilities to Stack4Things 149 Board-Side Security Extension 149 Cloud-Side Security Extension 150 Security Services in Stack4Things 150 Secure Registration of IoT Devices Joining the Cloud 151 Remote Attestation of IoT Devices 152 Conclusion 152 References 153 Context Awareness for Adaptive Access Control Management in IoT Environments 157 Paolo Bellavista and Rebecca Montanari 8.1 8.2 8.2.1 8.2.2 8.3 8.3.1 8.3.2 8.3.3 8.4 8.4.1 8.4.2 8.5 Introduction 157 Security Challenges in IoT Environments 158 Heterogeneity and Resource Constraints 158 IoT Size and Dynamicity 160 Surveying Access Control Models and Solutions for IoT 160 Novel Access Control Requirements 160 Access Control Models for the IoT 162 State-of-the-Art Access Control Solutions 164 Access Control Adaptation: Motivations and Design Guidelines 165 Semantic Context-Aware Policies for Access Control Adaptation 166 Adaptation Enforcement Issues 167 Our Adaptive Context-Aware Access Control Solution for Smart Objects 168 ix x Contents 8.5.1 8.5.2 8.5.2.1 8.5.2.2 8.6 The Proteus Model 168 Adapting the General Proteus Model for the IoT 170 The Proteus Architecture for the IoT 172 Implementation and Deployment Issues 173 Open Technical Challenges and Concluding Remarks 174 References 176 Data Privacy Issues in Distributed Security Monitoring Systems 179 Jeffery A Mauth and David W Archer 9.1 9.2 9.2.1 9.2.2 9.2.3 9.2.4 9.2.5 9.2.6 9.3 9.3.1 9.3.2 9.3.3 9.3.4 9.3.5 9.3.6 9.4 Information Security in Distributed Data Collection Systems 179 Technical Approaches for Assuring Information Security 181 Trading Security for Cost 182 Confidentiality: Keeping Data Private 182 Integrity: Preventing Data Tampering and Repudiation 186 Minimality: Reducing Data Attack Surfaces 188 Anonymity: Separating Owner from Data 188 Authentication: Verifying User Privileges for Access to Data 189 Approaches for Building Trust in Data Collection Systems 190 Transparency 190 Data Ownership and Usage Policies 191 Data Security Controls 191 Data Retention and Destruction Policies 192 Managing Data-loss Liability 192 Privacy Policies and Consent 192 Conclusion 193 References 193 10 Privacy Protection for Cloud-Based Robotic Networks 195 Hajoon Ko, Sye L Keoh and Jiong Jin 10.1 10.2 Introduction 195 Cloud Robot Network: Use Case, Challenges, and Security Requirements 197 Use Case 197 Security Threats and Challenges 199 Security Requirements 200 Establishment of Cloud Robot Networks 200 Cloud Robot Network as a Community 200 A Policy-Based Establishment of Cloud Robot Networks 201 Doctrine: A Community Specification 201 Attribute Types and User-Attribute Assignment (UAA) Policies 203 Authorization and Obligation Policies 203 Constraints Specification 205 Trusted Key Specification 206 Preferences Specification 206 Authentication in Cloud Robot Community 207 Service Access Control 207 Communication Security 207 10.2.1 10.2.2 10.2.3 10.3 10.3.1 10.3.2 10.3.3 10.3.3.1 10.3.3.2 10.3.3.3 10.3.3.4 10.3.3.5 10.3.3.6 10.3.3.7 10.4 Contents 10.4.1 10.4.2 10.4.3 10.4.4 10.4.5 10.4.6 10.5 10.5.1 10.5.2 10.5.3 10.5.4 10.6 10.7 Attribute-Based Encryption (ABE) 207 Preliminaries 208 Ciphertext-Policy Attribute-Based Encryption (CP-ABE) Scheme 208 Revocation Based on Shamir’s Secret Sharing 209 Cloud Robot Community’s CP-ABE Key Revocation 209 Integration of CP-ABE and Robot Community Architecture 210 Security Management of Cloud Robot Networks 212 Bootstrapping (Establishing) a Cloud Robot Community 212 Joining the Community 214 Leaving a Community 215 Service Access Control 216 Related Work 217 Conclusion 219 References 220 11 Toward Network Coding for Cyber-Physical Systems: Security Challenges and Applications 223 Pouya Ostovari and Jie Wu 11.1 11.2 11.2.1 11.2.2 11.2.2.1 11.2.2.2 11.2.2.3 11.2.2.4 11.2.2.5 11.2.3 11.2.3.1 11.2.3.2 11.3 11.3.1 11.3.2 11.3.3 11.3.4 11.3.5 11.3.5.1 11.3.5.2 11.3.5.3 11.4 11.4.1 11.4.2 11.5 11.5.1 11.5.1.1 11.5.1.2 11.5.2 Introduction 223 Background on Network Coding and Its Applications 225 Background and Preliminaries 225 Network Coding Applications 226 Throughput/Capacity Enhancement 226 Robustness Enhancement 227 Protocol Simplification 228 Network Tomography 228 Security 229 Network Coding Classification 229 Stateless Network Coding Protocols 229 State-Aware Network Coding Protocols 229 Security Challenges 230 Byzantine Attack 230 Pollution Attack 230 Traffic Analysis 230 Eavesdropping Attack 231 Classification of the Attacks 232 Passive versus Active 232 External versus Internal 232 Effect of Network Coding 232 Secure Network Coding 233 Defense against Byzantine and Pollution Attack 233 Defense against Traffic Analysis 234 Applications of Network Coding in Providing Security 234 Eavesdropping Attack 234 Secure Data Transmission 234 Secure Data Storage 236 Secret Key Exchange 237 xi Admission Control-Based Load Protection in the Smart Grid 23 Laghari, J., Mokhlis, H., Karimi, M., Bakar, A., Halim, A and Mohamad, H (2015) A new under-frequency load shedding technique based on combination of fixed and random priority of loads for smart grid applications IEEE Transactions on Power Systems, 30 (5), 2507–2515 24 Khamis, A., Shareef, H and Mohamed, A (2015) Islanding detection and load shedding scheme for radial distribution systems integrated with dispersed generations IET Generation, Transmission and Distribution, (15), 2261–2275 25 Pacific Northwest National Laboratory (PNNL) GridLABD, http://www.gridlabd.org (accessed 14 March 2017) 26 University Of California, Irvine Electrical Engineering and Computer Science Department GriMat, http://www.sourceforge.net/projects/gridmat (accessed 14 March 2017) 421 423 Editor Biographies Houbing Song received the MS degree in civil engineering from the University of Texas, El Paso, TX, in December 2006, and the PhD in electrical engineering from the University of Virginia, Charlottesville, VA, in August 2012 In August 2017, he joined the Department of Electrical, Computer, Software, and Systems Engineering, Embry-Riddle Aeronautical University, Daytona Beach, FL, where he is currently an Assistant Professor and the Director of the Security and Optimization for Networked Globe Laboratory (SONG Lab, www SONGLab.us) He served on the faculty of the Department of Electrical and Computer Engineering, West Virginia University, Montgomery, WV, and the Founding Director of West Virginia Center of Excellence for Cyber-Physical Systems sponsored by West Virginia Higher Education Policy Commission, from August 2012 to August 2017 In 2007, he was an engineering research associate with the Texas A&M Transportation Institute He is the editor of four books, including Smart Cities: Foundations, Principles and Applications, Hoboken, NJ: Wiley, 2017; Security and Privacy in Cyber-Physical Systems: Foundations, Principles and Applications, Chichester, UK: Wiley-IEEE Press, 2017; Cyber-Physical Systems: Foundations, Principles and Applications, Waltham, MA: Elsevier, 2016; and Industrial Internet of Things: Cybermanufacturing Systems, Cham, Switzerland: Springer, 2016 He is serving as an Associate Technical Editor (ATE) for the IEEE Communications Magazine He is the author of more than 100 articles His research interests include cyber-physical systems, Internet of Things, cloud computing, big data analytics, connected vehicle, wireless communications and networking, and optical communications and networking He is a senior member of both IEEE and ACM He was the very first recipient of the Golden Bear Scholar Award, the highest faculty research award at West Virginia University Institute of Technology (WVU Tech) in 2016 Security and Privacy in Cyber-Physical Systems: Foundations, Principles, and Applications, First Edition Edited by Houbing Song, Glenn A Fink and Sabina Jeschke © 2018 John Wiley & Sons Ltd Published 2018 by John Wiley & Sons Ltd 424 Editor Biographies Dr Glenn A Fink has been a member of the IEEE Society on Man Machines and Cybernetic Systems since earning his PhD in computer science from Virginia Polytechnic Institute and State University (VA Tech) in 2006 His dissertation topic was in the areas of cyber security, information visualization, and visual analytics Before that he earned his MS in computer science specializing in software engineering also at VA Tech He earned his BS degree in mathematics and computer science from Hampden-Sydney College in Farmville, Virginia in 1988 He has worked at the Pacific Northwest National Laboratory (PNNL) in Richland, Washington, since 2006 He has published over 30 scientific articles and papers and has hosted several workshops on computer security, privacy, and the Internet of Things Before coming to PNNL, he worked for 15 years as a software engineer for the Naval Surface Warfare Center in Dahlgren, Virginia, on projects such as the Trident ballistic missile program, a unified ground-control station for unoccupied aerial vehicles, and a virtual operations network for rapid-deployment coalition warfare He served for 11 years as an Army Reserve officer in the Signal Corps where he attained the rank of captain and commanded a communications company His research interests include computer security, visualization, bioinspired software design, and human-centric computing At PNNL, he has been the lead inventor of several technologies including PNNL’s Digital Ants technology, which Scientific American cited as one of ten “world-changing ideas” in 2010 Digital Ants was recently listed as a finalist for an R&D 100 award His recent work includes research in bioinspired, decentralized cyber security and privacy His dissertation “Visual Correlation of Network Traffic and Host Processes” fostered the Hone technology that was further developed at PNNL and is now open-source software He has worked with the IEEE Experts on Technology and Privacy (ETAP) group and is currently collaborating on two position papers with them involving security and privacy topics regarding the Internet of Things Sabina Jeschke was born in Kungälv, Sweden, in 1968 She received a diploma in physics from the Berlin University of Technology, Germany, in 1997 After research stays at the NASA Ames Research Center/California and the Georgia Institute of Technology/Atlanta, she gained a doctoral degree on “Mathematics in Virtual Knowledge Environments” from the Berlin University of Technology, Germany, in 2004 She stayed at Berlin University of Technology, Germany, as a junior professor from 2005 to 2007 Until 2009, she had been a professor at the University of Stuttgart, at the Department of Electrical Engineering and Information Technology, and simultaneously Director of the Central Information Technology Services (RUS) and the Institute for IT Service Technologies (IITS) In 2009, she was appointed professor at the Faculty of Mechanical Engineering, RWTH Aachen University, Aachen, Germany Her research areas are inter alia distributed artificial intelligence, robotics and automation, traffic and mobility, virtual worlds and innovation and future research She is Editor Biographies vice dean of the Faculty of Mechanical Engineering of the RWTH Aachen University, chairwoman of the board of management of the VDI Aachen, and member of the supervisory board of the Körber AG She is a senior member of the Institute of Electrical and Electronics Engineers (IEEE), a member and consultant of numerous committees and commissions, including the American Society of Mechanical Engineers (ASME), the Association for Computing Machinery (ACM), the American Mathematical Society (AMS), and the American Society for Engineering Education (ASEE) She is alumni of the German National Academic Foundation (Studienstiftung des deutschen Volkes) and fellow of the RWTH Aachen University In July 2014, the Gesellschaft für Informatik (GI) honored her with their award Deutschlands digitale Köpfe (Germany’s digital heads) In September 2015, she was awarded the Nikola-Tesla Chain by the International Society of Engineering Pedagogy (IGIP) for her outstanding achievements in the field of engineering pedagogy 425 427 Index a access control systems 328 access threats 314 admission control approach brutal admission control 413–415 consumer’s satisfaction 401 demand-side management 402 fair priority-based admission control 417–419 GridLAB-D and GridMat simulation tools 400, 403 load admission control 403–404 load shedding mechanisms 400, 404–410 load-size-based admission control 413–416 normal operation 411–413 PHEV charging 402 priority-based admission control 416–418 priority-based load protection and control scheme 402 proposed approach 400 simulation scenarios 410–411 utility-side load management 402 wide area information (WAI)-based control scheme 402 wide area measurement (WAM) 402 Advanced Encryption Standard (AES) 184, 248, 309 advanced metering infrastructure (AMI) 264, 285 Alarm-Net 311 anomaly detection 346–347 anonymity 188–189 anonymized authentication 199 arranger robot 197 artificial neural network (ANN) 290 assistant robots 197 attack strategies 288–289 attribute-based access control (ABAC) model 164 attribute-based encryption (ABE) 196, 207–208 authentication 189–190, 207 automatic repeat request 227 b biometric solutions 315–316 BLE Bluetooth 309 block chain 187 Bluetooth 309 body area network (BAN) 266 body area network authentication (BANA) scheme 317 bolus-enabled temperature sensing 381 bootstrapping 212–213 Building Automation and Control Networks (BACnet) 335–336 building automation systems (BAS) 330 Byzantine attack 230 c CapBAC model 164 certificate revocation lists (CRLs) 197 certification authority (CA) 274 ciphertext 184 ciphertext (encrypted) character 183 ciphertext-policy attribute-based encryption scheme 208–209 Security and Privacy in Cyber-Physical Systems: Foundations, Principles, and Applications, First Edition Edited by Houbing Song, Glenn A Fink and Sabina Jeschke © 2018 John Wiley & Sons Ltd Published 2018 by John Wiley & Sons Ltd 428 Index city-based cloud 277 cloud-based robotic networks ad hoc network 218 attribute-based encryption 196 communication security 207–212 as a community 200–201 doctrine 201–207 law governed interaction 218 Persona 219 policy-based establishment 201 security management 212–217 security requirements 200 security threats and challenges 199 Terminodes 218 use case 197–199 Cloud computing and IoT Arduino YUN security extensions 149 hardware 140–141 legacy protocols 137 OpenStack 141 reference scenario and motivation 142 remote attestation 152 SAaaS vision 137 secure registration 151–152 security and privacy 139–140 security keys, cryptographic algorithms, and hidden IDs 148–149 sensing resource virtualization and management 139 Stack4Things architecture 138 board-side architecture 144–145 board-side security extension 149–150 cloud-side security extension 150 control and actuation 145–146 security services 150 sensing data collection 146 Trusted Computing 147–148 web connectivity 141 WebSocket technology 138 Cloud services 26 CodeBlue 310 collaborative last mile logistics 361 collar-mounted accelerometers 383 communication security attribute-based encryption 207–208 ciphertext-policy attribute-based encryption scheme 208–209 CP-ABE key revocation 209–210 integration of CP-ABE and robot community architecture 210–212 preliminaries 208 Shamir’s secret sharing 209 computationally hard/information theoretic technique 183 confidentiality 182–186 data confidentiality 313, 391–392 lightweight cryptography (LWC) 250 security and privacy constraints specification 205–206 Cow Manager 380 CP-ABE key revocation 209–210 CRYPE 317 cryptographic hash function 187 cryptographic solutions 316–318 cryptography 274–276 cyber-network-defense (CND) 180–181 cyber-physical hacking 389 cyber-physical systems (CPS) air traffic control 245 applications 243 cybercriminals 117 definition 243 embedded system infrastructural CPSs key management accountability 122 centralized vs distributed scheme 128–129 challenges and open research issues 132–133 communications 118–119 deterministic vs probabilistic scheme 129–130 dynamic vs static management 124–125 embedded processors 118 freshness 122 heterogeneity 122 interoperability 123 key distribution and key revocation 131 Index public key vs symmetric key 125–128 real-time availability 122–123 resilience to attacks 123 SCADA systems 131–132 scalability 121 security goals 120–121 standard vs proprietary scheme 130 survivability 123–124 threats and attacks 119–120 personal CPS technologies 5–6 security and privacy 245–246 security services 117 specific computational and physical processes 244 system workflow 244–245 wireless technologies 117 cyber-physical vulnerabilities damage to the lives 273–274 damage to the properties 273 definition 270 interactions and threats 271 possible attacks 271–272 privacy infiltration 274 service interruption 272–273 d Data Encryption Standard (DES) 248 data integrity attacks 283 data-loss liability 192 data ownership and usage policies 191 data retention and destruction policies 192 data security controls 191–192 DeLaval farm-monitoring camera system 378–379 denial-of-service (DOS) attack 246, 314 DESL 251–252 DESXL 251–252 detection 4, 289 deterrence 3–4 disclosure threat 314 discrete logarithm problem 183 distributed cybersecurity monitoring (DSM) 180–181 distributed security monitoring system anonymity 188–189 authentication 189–190 confidentiality 182–186 data-loss liability 192 data ownership and usage policies 191 data retention and destruction policies 192 data security controls 191–192 information security 179–181 integrity 186–188 minimality 188 privacy policies and consent 192 trading security for cost 182 transparency 190–191 doctrine abstract community description 202 attribute types and user-attribute assignment policies 203 authentication 207 authorization and obligation policies 203–205 constraints specification 205–206 definition 201 information model 202–203 preferences specification 206 service access control 207 trusted key specification 206 Dossia 319 e EASiER 219 eavesdropping attack 231–232 secure data storage 234–237 secure data transmission 234–236 eCare Companion 319–320 ECC-based public key scheme 316 E-Government Act of 2002, 355 electric power electric vehicles (EVs) 265 elliptic curve cryptography (ECC) 254–255 Elliptic Curve Primitive 248 encryption 182 endorser robot 197 End-User License Agreement (EULA) 12 energy-based cyber-physical system 283 429 430 Index enhanced mail and parcel services feedback loop 362 new services 362 operational cost reduction of missed delivery 362 security and convenience for recipients 362 smart mailbox 363–364 visibility 361 EnOcean Radio Protocol 338 EnOcean Serial Protocol 338 estrus monitoring 379–380 f facility management systems 329–330 “farm-to-fork” animal tracking 377 feature data 287 Federal Aviation Administration 109–111 Federal Communications Commission 105–106 Federal Trade Commission (FTC) consumer focus 104 deceptive trade practices 102–104 unfair trade practices 102 fire alarm systems 328 firewalls 345 Food and Drug Administration 108–109 “French IoT” initiative 357 g game theoretic deployment 277 garbled circuit computation 185 Google Health 319 GridLAB-D simulation tool 282 GrowSafe system 381 guide robots 195 h hashtag 187 Health 320 Google Health 319 rumen health 380–382 HealthVault 319 Heatime 380 heating, ventilation, and air conditioning (HVAC) systems 328 HIGHT 252 housekeeping robots 195 i identity threat 314 IEEE 802.15.6 310 IEEE 802.15.4 standard 309 individual mailbox/parcelbox model 364 industrial robots 195 information security 2, 179–181, 191 integrity 186–188 intelligent sensor network (ISN) 269–270 intelligent transport system applications intelligent sensor network 269–270 roadside unit 268–269 vehicular sensor network 269 IntelTM processor architecture 184 Internet Engineering Task Force (IETF) 112 Internet of postal things (IoPT) competing on price to competing on overall value 357 critical brand attribute 355–356 customer demand for information 356 development stages 367–368 energy costs 364 enhanced mail and parcel services 361–364 implementation challenges 368–370 from industries to ecosystems 357 neighborhood services 365–367 operational experience in data collection and analytics 356 smarter post office 365 “smart” products and services 357 successful platform strategy 371 transportation and logistics 358–361 vast infrastructure 354–355 from workforce replacement to human-centered automation 357–358 Internet of Things (IoT) 25, 77, 179 access control adaptation context-aware security policies 165 enforcement issues 167–168 personal sensor network 165 Index semantic context-aware policies 166–167 access control models attribute-based access control (ABAC) model 164 CapBAC model 164 location and context information 161 node mobility 162 novel policy languages 161 policy-based approaches 161 policy decision point (PDP) 162 policy enforcement/deployment 162 role-based access control (RBAC) model 163 runtime innovative models 161 in agriculture 384–385 cyber-physical system vulnerabilities 385–386 data confidentiality 391–392 data integrity 393 data leakage via leased equipment and software 388–389 misuse of provenance data 387–388 misuse of research data 387 misuse of video data 386–387 political action and terrorism 389–390 system availability 393 system safety 393–395 and Cloud computing (see Cloud computing and IoT) heterogeneity and resource constraints 158–159 IoT-enhanced PA 383 legal considerations (see legal issues, for CPS and IoT) Proteus model 168–174 size and dynamicity 160 intersection attacks 188 intrusion detection system (IDS) 276 k KATAN 253 key distribution center (KDC) key management accountability 122 274 centralized vs distributed scheme 128–129 challenges and open research issues 132–133 communications 118–119 deterministic vs probabilistic scheme 129–130 dynamic vs static management 124–125 embedded processors 118 freshness 122 heterogeneity 122 interoperability 123 key distribution and key revocation 131 public key vs symmetric key 125–128 real-time availability 122–123 resilience to attacks 123 SCADA systems 131–132 scalability 121 security goals 120–121 standard vs proprietary scheme 130 survivability 123–124 threats and attacks 119–120 key predistribution-based tag encoding scheme 233 KLEIN 252 KNX/EIB 333–335 KTAN-hardware-oriented cipher 258 KTANTAN 253 l LAURA 311–312 law governed interaction (LGI) 218 LED 253 legacy systems 19–20 legal issues, for CPS and IoT anti-Paparazzi law 99 Computer Fraud and Abuse Act 99 contractual and tort liability, personal injuries 99 digital music file sharing 97 federal and state laws 96 Fifth Amendment 96 government and nongovernment intrusion 98 Griswold v Connecticut 98 HIPAA Act 99 431 432 Index legal issues, for CPS and IoT (contd.) laissez faire approach 97 regulatory legal issues executive branch agencies 101 Federal Aviation Administration 109–111 Federal Communications Commission 105–106 Federal Trade Commission 101–104 Food and Drug Administration 108–109 National Highway and Traffic Safety Administration 106–108 standards of care 101 Riley v California 98 Roe v.Wade 98 statutory and regulatory protection 99 U.S v.Quartavious Davis 98 LifeGuard 310–311 lighting control systems 328 lightweight cryptography (LWC) 243–244 authentication 250 clever outside attacker 249 confidentiality 250 data communication 250 data encryption standard 247 design constrains 247 design goals 247 embedded systems 249 funded organizations 249 hardware implementations of asymmetric ciphers 254–255 hardware implementations of symmetric ciphers 251–253 information security services 249 invasive attacks 249 knowledgeable inside attacker 249 lightweight symmetric ciphers 250 limited-resources systems 249 low computation cryptographic algorithms 247 opportunities and challenges 257–258 passive attacks 249 secure hash algorithms 256–257 security services 247 smart object networks 249 software implementations of asymmetric ciphers 255 software implementations of symmetric ciphers 253–254 symmetric and asymmetric cryptography 248 lightweight encryption scheme 236 linear network coding 226 linear secret sharing 185 link loss rate inference 228–229 load-altering attack 288 localized encryption and authentication protocol (LEAP) 275 LonTalk protocol 339 LWC see lightweight cryptography (LWC) m machine learning-based detection 282, 290–291 man-in-the-middle attacks 189 masquerade attack threat 314 mathematical metrics derivation of mutual information 72–74 information theoretic foundations 62–63 k-anonymity, concept of 65–68 proof of corollary 74 Smart City scenario 58 smart home scenario 58 surprise and specific information 63–64 medical cyber-physical systems access threats 314 authentication 313 authorization 313 biometric solutions 315–316 challenges with LPWNs in WBANs 308 cryptographic solutions 316–318 data confidentiality 313 data freshness 313 data integrity 313 data security and privacy threats and attacks 314 disclosure threat 314 Dossia 319 eCare Companion 319–320 existing WBAN-based health monitoring systems 310–312 Index feedback control in WBANs 308–309 fundamental security requirements 312 Google Health 319 Health 320 HealthVault 319 identity threat 314 interference in WBANs 308 network topology 307–308 patient’s prescription leakage 314 privacy 313 radio technologies 309–310 Redwood MedNet 319 solutions on implantable medical devices 318–319 WBANs 306–307 wireless sensor networks 306 MEDiSN 311 message authentication code (MAC) 276 minimality 188 MobiCare 311 Mobile Delivery Devices (MDD) 356 Modbus 339 MooMonitor 380 mopper robots 197 multichannel authentication 189 multifactor authentication 189 mutual authentication and access control scheme based on elliptic curve cryptography (MAACE) 317 n nanotechnology 94 National Institute of Science and Technology CPSs 244 National Institute of Standards and Technology (NIST) national livestock identification system (NLIS) 377 national security concerns CIA Triad 79 companies and consumers 79 data breaches 79 data’s confidentiality 79 denial-of-service attacks 79 file’s integrity 79 future attacks 82 German SteelMill 81–82 international law-of-war principles jus ad bellum and jus in bello 83 Tallinn Manual 83 Stuxnet 80–81 use of military force armed attack 87–89 Article 2(4) of United Nations Charter 84 Article 51 of United Nations Charter 84 Nicaragua v United States 84 physical system 86 United Nations Draft Articles on Responsibility of States for Internationally Wrongful Acts 86 warfare law 84 NATO Cooperative Cyber Defence Centre of Excellence 78 neighborhood services, IoPT carriers as neighborhood logistics managers 366–367 dollar value of IoPT applications 367 smart cities need local partners 365–366 network coding background and preliminaries 225–226 Byzantine attack 230 classification of security attacks effect of network coding 232 external versus internal 232 passive versus active 232 defense against Byzantine and pollution attacks 233–234 defense against traffic analysis 234 eavesdropping attack 231–232, 234–237 max-flow min-cut theorem 223 network tomography 228–229 pollution attack 230 protocol simplification 228 random linear network coding 223 robustness enhancement 227–228 secret key exchange 237–238 security 229 state-aware network coding protocols 229–230 433 434 Index network coding (contd.) stateless network coding protocols 229 throughput/capacity enhancement 226–227 traffic analysis 230–231 in wired networks 223–224 in wireless networks 223–224 network model 285–286 network security and privacy client-server model 26 Cloud-interconnected CPSs data handling requirements 46 data storage 42–44 model-driven privacy 46 security mechanisms 44–45 Cloud services 26 CPS reference model All-IP vision 30 Big Data 30 cloud level 28 Cloud platforms 29 control/enterprise level 27 device level 27 future evolution 28 RFID technology 29 smartphones 29 threats and challenges 30–31 wireless sensor networks (WSNs) 29 Internet ofThings 25 internet-wide secure communication Cloud services 36 end-to-end security protocols 37–39 RAM and ROM 38 resource heterogeneity 39–41 transport layer security (TLS) 37 local communication, security of Internet Protocol (IP) 35 6LoWPAN fragments 35 medium access control 34–35 network layer 35 physical layer 34 secure device bootstrapping device life cycle 33–34 initial key exchange 33 network tomography 228–229 nice but curious nodes 231 o one-time pad cryptosystem 183 Online Social Network (OSN) 219 OpenStack 141 operating system hardening 343–344 p Pacific Northwest National Laboratory (PNNL) 403 patching 344 P-coding 236 PEACE framework 199 Persona 219 personal CPS technologies 5–6 personally identifiable information (PII) physiological values scheme (PVS) 315 pollution attack 230 precision agriculture (PA) 375 see also precision livestock farming (PLF) precision livestock farming (PLF) estrus monitoring 379–380 feedback control loops 375–376 food quality and provenance 377–378 impact on the environment 382 IoT solutions 383–384 IoT technology 376 labor and workforce effects 377 rumen health 380–382 single biochemical process 375–376 transparency and remote management 378–379 PRESENT 252 PRINCE 253 Privacy Act of 1974, 355 privacy and technology, history of cellular phones 94 Federal regulatory control 95 Internet connections 95 oral and written communications 95 “pen register,” 95 telegraph 95 Twitter and Facebook 96 privacy policies and consent 192 programmable logic controller (PLC) Proteus model access control policies 169 access zone element 171 Index active contexts 169 authentication element 171 communication element 171 identity element 171 IoT 172–174 policy conflicts and inconsistencies policy specifications 168 protection context modeling 169 requestor context 169, 171 protocol simplification 228 public key cryptography 125–126 public-key cryptosystems 184 public key-infrastructure (PKI) 275 170 q Quality of Context (QoC) 175–176 r Radio-Frequency Identification (RFID) tags 356 random linear network coding 226 Redwood MedNet 319 reidentification 188 resource heterogeneity denial-of-service protection 40–41 retransmission mechanisms 39–40 responsibility matrix 345 Resurrecting Duckling Protocol 218 roadside unit 268–269 robot-supported product management system 197–198 role-based access control (RBAC) model 163 routing threats 314 RSA 125, 189, 255 rumen health 380–382 s SAaaS vision 137 SATIRE 311 secret key exchange 237–238 secure coding 343 secure hash algorithms (SHA) 256–257 Securing User Access to Medical Sensing Information (SecMed) 316 security and privacy authentication barriers and identifiers blending information 12–14 computerized skid detectors confidentiality cyber-physical terrorism 8–9 defense-in-breadth, principle of 16–17 defense-in-depth, principle of 16 definition digital signatures and secure hashes distributed systems 21 end-to-end security 17–18 identity and authentication management 20 least privilege 14–15 legacy systems 19–20 motivating sharing 12 need-to-know, principle of 15 network-connected appliances 12 nonrepudiation pattern obfuscation 17 physical protection 3–4, politicians and industry leaders port attack 10 privacy regulations 18–19 programmable logic controller (PLC) security attack points, in CPSs security surveys segmentation 15–16 smart car hacking 9–10 tamper detection/security 18 user-configurable data collection/logging 17 wearable devices 11–12 security breaches 77 security management, cloud-based robotic networks bootstrapping 212–213 joining the community 214–215 leaving a community 215–216 service access control 216–217 segmentation 15–16 self-defense 78 sensor spoof prevention 187 sensor substitution and modification of data in transit 187 sequential hypothesis testing-based detection 282, 291–292 435 436 Index service access control 207, 216–217 SERVICE BROADCAST message 196 service level agreements (SLAs) 200 SERVICE REQUEST message 196 Shamir’s secret sharing 209 shared parcelbox model 363–364 signature scheme 233 Silent Herdsman 380 smart appliances smart buildings access control systems 328–329 anomaly detection 346–347 attacks 340–342 BACnet 335–336 BAS communication protocols 332 building automation systems 330 definition 327–328 EnOcean 338–339 facility management systems 329–330 fire alarm systems 328–329 firewalls 345 fuzzing approaches 347 HVAC systems 328–329 interoperability and interconnectivity 339–340 known cases of attacks 331–332 KNX/EIB 333–335 lighting control systems 328–329 LonTalk protocol 339 Modbus 339 monitoring and intrusion detection systems 345 operating system hardening 343–344 patching 344 physical access control 343 raising security awareness and develop security know-how 342–343 responsibility matrix 345 secure coding 343 separation of networks 345 smart cities 330–331 traffic normalization 346 video surveillance systems 328–329 visualization 346 ZigBee 336–338 smart cities bluetooth detector 59 Bluetooth ID 61 bluetooth receiver 60 concept and components 263–265 cryptography 274–276 cyber-physical vulnerabilities 271–274 game theoretic deployment 277 intelligent sensor network 269–270 intrusion detection system 276 localization 60 managed security 277–278 physical security measures 278 privacy-preserving system 60 real-time monitoring and safety alert 270 roadside unit 268–269 smart homes 265–267 substation monitoring 267–268 system perspective anonymization, of Bluetooth ID 71 attack with anonymization, of ZIP 70–71 attack without anonymization 68–70 traffic efficiency 59 vehicular sensor network 269 watchdog system 277 smarter post office 365 smart grid 264, 267–268 admission control approach (see admission control approach) data integrity 281 demand response process 399 distribution 403 evaluation results 294–297 evaluation setup 292–294 excess load 403 extension 297–298 GridLAB-D simulation tool 282 literature review 283–284 load management 400 machine learning-based detection 282, 290–291 network model 285–286 overview 287–289 physical domain and cyber domain 399 power generator 399 power grid simulation model 403 Index sequential hypothesis testing-based detection 282, 291–292 statistical anomaly-based detection 282, 289–290 substation 403 threat model 286–287 Smart Grid Program 244 smart homes 265–267 smart mailbox 363–364 Stack4Things 138 board-side architecture 144–145 board-side security extension 149–150 cloud-side security extension 150 control and actuation 145–146 security services 150 sensing data collection 146 state-aware network coding protocols 229–230 stateless network coding protocols 229 statistical anomaly-based detection 282, 289–290 Stuxnet 80–81 substation cluster head gateway 268 supervisory control and data acquisition (SCADA) 286 symmetric key block cipher 184 symmetric key cryptography 126–128 t TEA 253 Terminodes 218 threat model 286–287 ThreatTrack Security survey 283 trading security for cost 182 traffic analysis 230–231 traffic normalization 346 transparency 190–191 transportation and logistics 358–359 collaborative last mile logistics 361 driverless vehicles 360 fuel management 359–360 load optimization 360 predictive maintenance 359 real-time dynamic routing 360–361 usage-based insurance 360 Transport Layer Security (TLS) 184 transport layer security (TLS) 37 Transposition Substitution Folding Shifting encryption algorithm (TSFS) 248 trusted key specification 206 trusted third party (TTP) 274 TWINE 253 two-stage attacking scheme 284 u UbiMon 310 ultra-wideband (UWB) standard 310 United Nations Convention on the Law of the Sea (UNCLOS) 112 v vehicle-to-infrastructure (V2I) communication 265 vehicle-to-vehicle (V2V) communication 265 vehicular sensor network (VSN) 269 video surveillance systems 328–329 virtual hardware security module (HSM) 185 voiceprints 12 w watchdog system 277 weakly secure system 236 Web Application Messaging Protocol (WAMP) 138 WebSocket technology 138 wireless body area networks (WBANs) 305 wireless sensor networks (WSNs) 29 intelligent sensor network 269–270 real-time monitoring and safety alert 270 roadside unit 268–269 smart homes 265–267 substation monitoring 267–268 vehicular sensor network 269 wiretapping nodes 231 x XTEA 253 z ZigBee 309, 336–338 437 ... editor | Jeschke, Sabina, editor Title: Security and privacy in cyber-physical systems : foundations, principles, and applications / edited by Houbing Song, Glenn A Fink, Sabina Jeschke Description:... 1.4.3 1.5 1.5.1 1.5.2 1.5.3 1.5.4 Introduction Defining Security and Privacy Cybersecurity and Privacy Physical Security and Privacy Defining Cyber-Physical Systems Infrastructural CPSs Example: Electric... Smart Appliances Security and Privacy in CPSs Examples of Security and Privacy in Action Security in Cyber-Physical Systems Protecting Critical Infrastructure from Blended Threat Cyber-Physical