🐉 neospace ~

📝 Latest Posts

Week 2 - Cyber Physical Systems

Jun 08, 202512 min read

NIT2242

Table of Content

Podcast Version

What is Cyber Physical Systems (CPSs)?

img

The evolution of computing has progressed through several stages:

  • Mainframe computing (60s – 70s): Involved large computers primarily for big data processing applications.
  • Desktop computing & Internet (80s – 90s): Characterised by one computer per desk for business and personal activities.
  • Ubiquitous computing (00s): Saw numerous computing devices everywhere and with everyone, shifting from millions of desktops to billions of embedded processors.
  • Cyber Physical Systems (10s): Represent the next computing revolution.

Defining Cyber-Physical Systems

img CPS is an umbrella term encompassing various systems such as robotics, machine automation, industrial control systems (ICSs), process control systems, supervisory control and data acquisition (SCADA) systems, the Industrial Internet, and the Internet of Things (IoT). Although these systems have different applications, architectures, and behaviours, they share key attributes.

According to the US President’s National Science and Technology Advisory Committee (NSTAC) report on IoT (NSTAC, 2014), IoT objects, which fall under the CPS umbrella, have three common properties:

  1. Ordinary (non-computational) objects are individually network addressable.
  2. Physical objects are interconnected.
  3. The devices are intelligent and many can perform functions adaptively, either individually or as part of a larger group.

“Embedded system” is noted as an older, very general term for computational capabilities fused with normal, “dumb” systems. Unlike CPS, embedded systems do not necessarily communicate with each other or the larger Internet. While IoT has become the most popular term for CPSs, it often evokes images of commercial consumer devices.

The CPS domain is broadly divided into two categories:

  • Infrastructural CPSs
  • Personal CPSs

Infrastructural CPSs

These systems are found widely in industry and are critical to modern life. In ICS, the physical side is emphasised, with the cyber side added for convenient access and control of physical machinery.

Some major concerns with Infrastructural CPSs include:

  • Points of connection between machinery and external computer networks may be undocumented or poorly understood, often having evolved over long periods.
  • For industrial systems that are part of critical infrastructures (like power and water), availability is the overriding concern, as modern societies heavily depend on them.

An example of an Infrastructural CPS is the Electric Power Grid.

Why Cyber Physical Systems?

img The current state of systems like the power grid often involves equipment protection devices tripping locally and reactively, which can lead to cascading failures. A desired future state for these systems, facilitated by CPS, includes:

  • Real-time cooperative control of protection devices.
  • Self-healing capabilities and the ability to aggregate islands of stable bulk power.
  • Coordination of distributed and dynamically interacting participants.

A key issue is that standard operational control concerns, such as bulk power stability and quality, flow control, and fault isolation, exhibit wide-area characteristics.

Personal CPSs

These technologies are primarily intended to generate economic value by automating routine tasks. In Personal CPSs, the cyber side is emphasised, with the physical dimension added to enhance the utility of the information system. Historically, observing and studying patterns of life required close physical proximity, but now these devices, via Internet connectivity, can provide this possibility from anywhere.

The principal concern with personal CPSs is privacy. Security is considered an important tertiary issue because personal CPSs may share trust relationships with office or industrial systems and ICS.

Why Cyber Physical Systems?

Technological and Economic Drivers:

  • The decreasing cost of computation, networking, and sensing provides economic motivation.
  • Ubiquitous computers and communication enable national or global scale CPSs, such as national power grids or transportation networks.

Social and economic forces necessitate more efficient use of national infrastructure. Environmental pressures also drive the adoption of new technologies to improve energy efficiency and reduce pollution.

Opportunities in CPS

a man in a superhero costume is holding a piece of paper that says there is an

CPSs are integrations of computation, networking, and physical processes. A CPS consists of two main functional components:

  1. Advanced connectivity: Ensures real-time data acquisition from the physical world and information feedback from cyber space.
  2. Intelligent data management, analytics, and computational capability: Constructs the cyber space.

Key aspects of CPS architecture include Smart Connection, Data-to-Information Conversion, Cyber, Cognition, and Configuration.

Focus on Cyber Physical Systems

CPS is not just about information technology; it combines Cyber + Physical, Computation + Dynamic, and Security + Safety.

There are inherent contradictions in CPS:

  • Adaptability vs Repeatability
  • High connectivity vs Security and Privacy
  • Asynchrony vs Coordination
  • Scalability vs Reliability and predictability
  • Laws and regulations vs Technical Possibilities
  • Cloud vs Edge
  • Algorithms vs Dynamic

Examples of CPS Applications:

  • e-Transportation: Cars can have numerous processors (30-90 per car in 2005) controlling various systems like engine, brakes, airbags, windshield wipers, door locks, and entertainment. Cars function as sensors and actuators in Vehicle-to-Vehicle (V2V) networks, enabling active networked safety alerts and autonomous navigation. Future transportation systems aim to incorporate single person and mass transportation vehicles (air and ground) to achieve efficiency, safety, and stability through real-time control and optimization.
  • Smart Health Care and Medicine: Examples include the National Health Information Network, Electronic Patient Record, and home care monitoring (using devices like pulse oximeters, blood glucose monitors, infusion pumps, accelerometers). The concept of an Operating Room of the Future involves closed loop monitoring and control, multiple treatment stations, plug-and-play devices, and robotic microsurgery, presenting a system coordination challenge. Progress in bioinformatics also relates to smart health care.
  • Smart Grid: Similar to the general ‘Why CPS’ discussion, the Smart Grid aims to move from reactive local tripping causing cascading failures to real-time cooperative control, self-healing, and coordinated dynamic participants, addressing wide-area operational concerns like stability, flow control, and fault isolation.

Security Overview in CPSs

Defining Security and Privacy

  • Security is a set of measures ensuring a system meets its intended goal while mitigating unintended negative consequences. Security measures are applied to new features to ensure they don’t compromise functionality or introduce new attack vectors.
  • Privacy is defined by NIST as “Assurance that the confidentiality of, and access to, certain information about an entity is protected” (Barker et al., 2013, p. 94). An entity can be a corporation, facility, or individual person. Certain information refers to any sensitive information, such as personally identifiable information.

Different types of security and privacy concerns in CPS include:

  • Physical: Where physical elements are directly tampered with, e.g., changing batteries in an implantable medical device.
  • Cyber: Attacks deployed through malware, software, or communication network access, e.g., faking sensor information.
  • Privacy: Compromised privacy of users due to reliance on granular and diverse sensors. Privacy attacks are often passive, requiring access to private data or making inferences from public data.

Physical Security and Privacy** aims to defend a physical area based on principles:

  • Deterrence: A credible threat of countermeasures to make the cost of attack outweigh benefits.
  • Detection: Positive assessment of an object causing an alarm or announcement of a potential malevolent act.
  • Delay: Impediments slowing or preventing an adversary from accessing assets or completing an act.
  • Response: Actions taken with appropriate force to stop adversary advancement.
  • Neutralization: Rendering enemy forces incapable of interfering.

Information Security

img is a state resulting from protective measures allowing an enterprise to perform its mission despite threats to its information systems. Protective measures can include deterrence, avoidance, prevention, detection, recovery, and correction as part of risk management.

The CIAA Triad outlines key information security goals:

  • Confidentiality: Only authorized parties can access computer assets.
  • Integrity: Assets can only be modified by authorized parties or in authorized ways.
  • Availability: Assets are accessible to authorized parties at appropriate times.
  • Authenticity: Ensuring data, transactions, and communications are genuine.

Cyber-physical Interaction Security focuses on security related to the interaction between the cyber and physical domains.

  • Physical → Cyber (Monitoring Security): Attacks include sensor data attacks, RFID tag attacks, memory reading attacks, and log attacks.
  • Cyber → Physical (Control Security): Attacks include wireless charge attacks, close-loop control attacks, device coordination attacks, and command misleading.

It is noted that conventional, general cyber security schemes cannot simply be used for all CPS protections, as most CPS security solutions need to be integrated with the underlying physical process control features.

Why CPS Security

A significant motivation for CPS security is the estimated $100 billion revenue loss globally due to counterfeit high-tech products, estimated at 10% of all high-tech products sold.

Security Goals (A Holistic Viewpoint)

Key security goals for CPS from a holistic perspective include:

  • Authentication: Includes user and data origin authentication. User identity must be verified for commands, and mechanisms are needed to verify sensor measurements and control commands.
  • Access control: Ensures only authorized persons can access the CPS.
  • Confidentiality: Protects sensor measurements and control commands from passive attacks, usually via encryption.
  • Integrity: Prevents CPS data modification in transit and use, ensured by message authentication code, hash function, or digital signatures.
  • Nonrepudiation: Prevents senders denying transmission or receivers denying receipt, ensured by digital signatures and handshakes.
  • Availability: Ensures a CPS is accessible when requested by users.

CPS Attacks and Threats

img Threats can be deliberate, accidental, or environmental (ISO/IEC 270001:2013). Examples include natural events, data compromise (tampering, eavesdropping), technical failures, function compromise (abuse of rights), and unauthorized actions. Attacks often target confidentiality, integrity, authenticity, and availability.

Specific types of attacks include:

  • Eavesdropping: An adversary intercepts information passively without interfering, observing operations. CPS is vulnerable through traffic analysis (e.g., intercepting sensor data). This violates user privacy.
  • Compromised-Key Attack: An attacker gains a secret key, accessing secured communication without knowledge of sender/receiver. They can decrypt/modify data, compute more keys, and access other resources. Attackers could monitor sensors to reverse engineer keys or pretend to be valid sensor nodes.
  • Man-in-the-Middle Attack: False messages (false positive/negative) are sent to the operator. The operator might think everything is fine when it’s not or cause an undesirable event by following normal procedures based on false information. This includes variations on modifying and replaying control data.
  • Denial-of-Service (DoS) Attack: Prevents legitimate traffic or requests from being processed. This often involves transmitting a huge volume of data to overwhelm the system, disrupting normal services.

A use case involving information flow in a CPS Smart Grid is illustrated, showing how information from observable physical events can yield information about cyber commands.

Information Flow Security in CPS aims to guarantee that confidential information is not revealed to low-level users, even with cyber/physical processes involved. Potential information flow models for CPSs include:

  • Non-Interference: High-level behaviour has no effect on what a low-level observer can see, so information doesn’t flow from high to low.
  • Non-Inference: Leaves a low-level observer in doubt about high-level events.
  • Non-deducibility: Given low-level outputs, a low-level subject cannot deduce anything about high-level inputs.

CPS Defense Mechanisms and Security Perspectives

img Developing defences is necessary after identifying vulnerabilities. CPS defence mechanisms can be categorised as:

  • Prevention: Security mechanisms like authentication, access controls, security policies, and network segmentation to prevent attacks.
  • Detection: Strategies to identify anomalous behaviour and attacks, acknowledging that sophisticated adversaries may bypass prevention.
  • Response: Automatic actions to mitigate detected attacks, crucial due to real-time constraints in most CPS.

Major domains of CPS considered for study include Smart grids, Medical devices, Industrial control systems (ICSs), Intelligent transport systems (ITSs), and Miscellaneous systems.

Defensive Strategies include:

  • Protection, by enhancing communication and introducing encrypted devices optimally located.
  • Detecting attacks by deploying signature-based and behaviour-based IDS.
  • Mitigation, which minimises potential disruptions and damages caused by an attack.

Techniques to Mitigate Privacy Risks include:

  • Anonymization
  • Trusted computing (attestation)
  • Cryptographic approaches
  • Perturbation (differential privacy)
  • Verifiable computation

Typical Three Layers of CPS

CPS can be viewed in three layers: Perception, Transmission, and Application. Attacks can target any of these layers.

Attacks at the Perception Layer:

  • Node Capture: Gaining control of a node (potentially holding encryption keys) to threaten the whole system. Targets confidentiality, integrity, availability, authenticity.
  • False Node: Adding a malicious node to compromise data integrity and potentially cause DoS by draining energy.
  • Node Outage: Stopping node services, making information gathering difficult and enabling other attacks affecting availability and integrity.
  • Path-Based DOS: Flooding packets along routing paths to the base station, causing network disruption and battery exhaustion, reducing node availability.
  • Integrity: Injecting external control inputs and false sensor measurements to disrupt the system.

Attacks at the Transmission Layer:

  • Routing: Creating loops in routing paths, causing transmission resistance, delays, or extended paths.
  • Wormhole: Announcing false paths to route packets, creating information holes.
  • Jamming: Interfering with the wireless channel (sensor nodes to base station) using noise or signals, leading to DoS.
  • Selective Forwarding: A compromised node drops packets and forwards only selected ones, or stops forwarding entirely. The node appears legitimate.
  • Sinkhole: Announcing the best routing path to attract traffic, enabling other attacks like selective forwarding and spoofing.

Attacks at the Application Layer:

  • Buffer Overflow: Exploiting software vulnerabilities to launch attacks.
  • Malicious Code: Attacking user applications with viruses and worms to slow down or damage the network.

The source also provides a table summarising the layers, their components, objectives, security issues, parameters, and countermeasures mechanisms:

  • Perception Layer:
    • Components: RFID tags and readers, WSN, Smart card, GPS.
    • Objective: Collecting information.
    • Security Issues: Terminal security, Sensor network security.
    • Security Parameters: Node repudiation, Privacy, Confidentiality, Authentication, Trust management, Access control, Certification.
    • Countermeasures Mechanisms: Authentication mechanism, Data encryption, Lightweight encryption, Sensor data protection, Key agreement, Environment monitoring, Secure routing protocol, Trust management.
  • Transmission Layer:
    • Components: Wireless networks, Wired Networks, Computers, Components.
    • Objective: Transmitting information.
    • Security Issues: Large number of nodes, Network routing and security, Internet security, Heterogeneous technology.
    • Security Parameters: Availability, Integrity, Confidentiality, Authentication of identity.
    • Countermeasures Mechanisms: Hop-by-hop data encryption, Robust routing protocol, Authentication and key management across heterogeneous network, Network access control, Attack detection mechanism.
  • Application Layer:
    • Components: Intelligent devices.
    • Objective: Analysing information, Control decision making, Processing information.
    • Security Issues: Access control problem, Interception of information, Safety.
    • Security Parameters: Privacy, Authentication and key agreement, Cloud security.
    • Countermeasures Mechanisms: End-to-end encryption, P2P, Intrusion detection, Trust management, Authorization and authentication of user.

Graph View

Backlinks