Handbook on Securing Cyber-Physical Critical Infrastructure
By Sajal K Das, Krishna Kant and Nan Zhang
()
About this ebook
The worldwide reach of the Internet allows malicious cyber criminals to coordinate and launch attacks on both cyber and cyber-physical infrastructure from anywhere in the world. This purpose of this handbook is to introduce the theoretical foundations and practical solution techniques for securing critical cyber and physical infrastructures as well as their underlying computing and communication architectures and systems. Examples of such infrastructures include utility networks (e.g., electrical power grids), ground transportation systems (automotives, roads, bridges and tunnels), airports and air traffic control systems, wired and wireless communication and sensor networks, systems for storing and distributing water and food supplies, medical and healthcare delivery systems, as well as financial, banking and commercial transaction assets. The handbook focus mostly on the scientific foundations and engineering techniques – while also addressing the proper integration of policies and access control mechanisms, for example, how human-developed policies can be properly enforced by an automated system.
- Addresses the technical challenges facing design of secure infrastructures by providing examples of problems and solutions from a wide variety of internal and external attack scenarios
- Includes contributions from leading researchers and practitioners in relevant application areas such as smart power grid, intelligent transportation systems, healthcare industry and so on
- Loaded with examples of real world problems and pathways to solutions utilizing specific tools and techniques described in detail throughout
Sajal K Das
Sajal K. Das is a University Distinguished Scholar Professor of Computer Science and Engineering and the Founding Director of the Center for Research in Wireless Mobility and Networking (CReWMaN) at the University of Texas at Arlington (UTA).
Related authors
Related to Handbook on Securing Cyber-Physical Critical Infrastructure
Related ebooks
Techno Security's Guide to Securing SCADA: A Comprehensive Handbook On Protecting The Critical Infrastructure Rating: 0 out of 5 stars0 ratingsDigital Forensics: Threatscape and Best Practices Rating: 0 out of 5 stars0 ratingsThe Best Damn Cybercrime and Digital Forensics Book Period Rating: 3 out of 5 stars3/5Transportation Cyber-Physical Systems Rating: 0 out of 5 stars0 ratingsDesigning and Building Security Operations Center Rating: 3 out of 5 stars3/5Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization Rating: 1 out of 5 stars1/5Advances in Cyber Security: Technology, Operations, and Experiences Rating: 0 out of 5 stars0 ratingsNetwork and System Security Rating: 4 out of 5 stars4/5Effective Physical Security Rating: 3 out of 5 stars3/5Research Methods for Cyber Security Rating: 0 out of 5 stars0 ratingsThe Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice Rating: 1 out of 5 stars1/5Securing the Cloud: Cloud Computer Security Techniques and Tactics Rating: 5 out of 5 stars5/5Cloud Storage Forensics Rating: 4 out of 5 stars4/5FISMA and the Risk Management Framework: The New Practice of Federal Cyber Security Rating: 0 out of 5 stars0 ratingsThreat Forecasting: Leveraging Big Data for Predictive Analysis Rating: 0 out of 5 stars0 ratingsSecuring the Internet of Things Rating: 5 out of 5 stars5/5Cyber-Physical Attacks: A Growing Invisible Threat Rating: 4 out of 5 stars4/5Embedded Systems Security: Practical Methods for Safe and Secure Software and Systems Development Rating: 5 out of 5 stars5/5Information Security Analytics: Finding Security Insights, Patterns, and Anomalies in Big Data Rating: 5 out of 5 stars5/5Physical and Logical Security Convergence: Powered By Enterprise Security Management Rating: 0 out of 5 stars0 ratingsAssessing Information Security: Strategies, Tactics, Logic and Framework Rating: 5 out of 5 stars5/5The Cloud Security Ecosystem: Technical, Legal, Business and Management Issues Rating: 0 out of 5 stars0 ratingsModern Cybersecurity Practices: Exploring And Implementing Agile Cybersecurity Frameworks and Strategies for Your Organization Rating: 0 out of 5 stars0 ratingsComputer Incident Response and Forensics Team Management: Conducting a Successful Incident Response Rating: 4 out of 5 stars4/5Building a Practical Information Security Program Rating: 5 out of 5 stars5/5Managing Information Security Rating: 0 out of 5 stars0 ratingsIndustrial Network Security, Second Edition Rating: 3 out of 5 stars3/5Cybersecurity Operations Handbook Rating: 5 out of 5 stars5/5Cyber Security Resilience Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratings
Training For You
Crucial Conversations Tools for Talking When Stakes Are High, Second Edition Rating: 4 out of 5 stars4/5Crucial Conversations: Tools for Talking When Stakes are High, Third Edition Rating: 4 out of 5 stars4/5The Everything Career Tests Book: 10 Tests to Determine the Right Occupation for You Rating: 0 out of 5 stars0 ratingsHow To Buy A Business With No Money Rating: 4 out of 5 stars4/5Finding Your Focus: Practical strategies for the everyday challenges facing adults with ADD Rating: 5 out of 5 stars5/5The Everything Grant Writing Book: Create the perfect proposal to raise the funds you need Rating: 5 out of 5 stars5/5The Millionaire Real Estate Investor Rating: 5 out of 5 stars5/5Wooden on Leadership: How to Create a Winning Organizaion Rating: 5 out of 5 stars5/5Trade Like a Stock Market Wizard: How to Achieve Super Performance in Stocks in Any Market Rating: 5 out of 5 stars5/5Positioning: The Battle for Your Mind Rating: 4 out of 5 stars4/5Electronic Shorthand: An Easy-To-Learn Method Of Rapid Digital Note-Taking Rating: 5 out of 5 stars5/5The Insulin-Resistance Diet--Revised and Updated: How to Turn Off Your Body's Fat-Making Machine Rating: 3 out of 5 stars3/5Make Every Man Want You: or Make Yours Want You More) Rating: 4 out of 5 stars4/51001 Questions to Ask Before You Get Married Rating: 4 out of 5 stars4/5How to Talk and Instantly Connect with Anyone (EBOOK BUNDLE) Rating: 5 out of 5 stars5/5The Wisdom of Mike Mentzer: The Art, Science and Philosophy of a Bodybuilding Legend Rating: 5 out of 5 stars5/5Practice Makes Perfect Mastering Writing Rating: 5 out of 5 stars5/5Administrative Assistant's and Secretary's Handbook Rating: 4 out of 5 stars4/5Perfect Phrases for Writing Grant Proposals Rating: 4 out of 5 stars4/5The 2-Hour Workshop Blueprint: Design Fast. Deliver Strong. Without Stress. Rating: 5 out of 5 stars5/5SECURITIES INDUSTRY ESSENTIALS EXAM STUDY GUIDE 2022 + TEST BANK Rating: 5 out of 5 stars5/5101 Games and Activities for Children With Autism, Asperger’s and Sensory Processing Disorders Rating: 5 out of 5 stars5/5
Reviews for Handbook on Securing Cyber-Physical Critical Infrastructure
0 ratings0 reviews
Book preview
Handbook on Securing Cyber-Physical Critical Infrastructure - Sajal K Das
Acquiring Editor: Rick Adams
Development Editor: David Bevans
Project Manager: Danielle S. Miller
Designer: Dennis Schaeffer
Morgan Kaufmann is an imprint of Elsevier
225 Wyman Street, Waltham, MA 02451, USA
© 2012 Elsevier, Inc. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher's permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.
Library of Congress Cataloging-in-Publication Data
Handbook on securing cyber-physical critical infrastructure / Sajal K. Das, Krishna Kant, Nan Zhang (editors).
p. cm.
Includes bibliographical references and index.
ISBN 978-0-12-415815-3
1. Computer networks–Security measures–Handbooks, manuals, etc. 2. Computer security–Handbooks, manuals, etc. I. Das, Sajal K. II. Kant, Krishna. III. Zhang, Nan, 1982–
TK5105.59.H3533 2012
005.8–dc23
2011038620
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library.
ISBN: 978-0-12-415815-3
For information on all MK publications visit our website at www.mkp.com
Printed in the United States of America
12 13 14 15 10 9 8 7 6 5 4 3 2 1
To my family – Rupa, Roop and Rivu – for their love and support. – Sajal K. Das
To Josephine, Ramsey and Rajeev. – Krishna Kant
To my daughter Evelyn. – Nan Zhang
About the Authors
Dr. Sajal K. Das is a University distinguished Scholar Professor of Computer Science and Engineering and the founding Director of the Center for Research in Wireless Mobility and Networking at the University of Texas at Arlington. During 2008–2011, he was a program director at the NSF. His research interests include wireless and sensor networks, mobile and pervasive computing, smart environments and heath care, mobile cloud computing, security and privacy, social networks, and applied game theory. He has published over 500 papers (including 7 best paper awards), 46 book chapters, 5 US patents, and coauthored three books including Smart Environments: Technology, Protocols, and Applications (Wiley, 2005). He serves as the Founding Editor-in-Chief of Elsevier's Pervasive and Mobile Computing journal.
Krishna Kant is a research professor at the Center for Secure Information Systems, George Mason University, Fairfax, VA. His current areas of research include robustness in the Internet, cloud computing security, and sustainable computing. He has published in a wide variety of areas in computer science and has authored a graduate textbook on performance modeling of computer systems. He received his Ph.D. degree in 1981 from University of Texas at Dallas and has since held academic positions at Northwestern University and Pennsylvania State University, Industry positions in Bell Labs, Telcordia, and Intel, and governmental positions at the National Science Foundation.
Dr. Nan Zhang is an Assistant Professor of Computer Science at the George Washington University, Washington, DC, USA. Prior to joining GWU, he was an assistant professor of Computer Science and Engineering at the University of Texas at Arlington from 2006 to 2008. He received the B.S. degree from Peking University in 2001 and the Ph.D. degree from Texas A&M University in 2006, both in computer science. His current research interests include databases and information security/privacy. He received the NSF CAREER award in 2008.
About the Foreword Author
Dr. Robert F. Brammer is the President and CEO of Brammer Technology, LLC, a consultancy focusing on advanced information technology, environment and climate, and security. He recently retired as vice president for Advanced Technology and chief technology officer (CTO) for Northrop Grumman's Information Systems (IS) sector. In this role, he was responsible for the overall technology strategy and Independent Research and Development programs, technology and research partnerships, technical talent development and intellectual property management. Dr. Brammer has Ph.D. in mathematics from the University of Maryland, is a member of Phi Beta Kappa and Phi Kappa Phi, and is a Woodrow Wilson Fellow. He has served on advisory boards for the Department of Defense, the National Research Council, the Naval Studies Board, the National Science Foundation, the University Corporation for Atmospheric Research, and NASA.
Contributors
Michel Barbeau
School of Computer Science
Carleton University
Email: barbeau@scs.carlerton.ca
Elisa Bertino
CS Department
Purdue University
Email: bertino@cs.purdue.edu
Gedare Bloom
Department of Computer Science
The George Washington University
Email: gedare@gwmail.gwu.edu
Richard Brooks
Holcombe Department of Electrical and Computer Engineering
Clemson University
Email: rrb@acm.org
Julian Bunn
California Institute of Technology
Email: julian.bunn@caltech.edu
Alvaro A. Cardenas
Email: alvaro.cardenas-mora@us.fujitsu.com
Mani Chandy
California Institute of Technology
Email: mani@cs.caltech.edu
Yingying Chen
Department of Electrical and Computer Engineering
Stevens Institute of Technology
Email: yingying.chen@stevens.edu
Diane Cook
School of Electrical Engineering and Computer Science
Washington State University
Email: cook@eecs.wsu.edu
Ram Dantu
Department of Computer Science and Engineering
University of North Texas
Email: rdantu@unt.edu
Sajal K. Das
Department of Computer Science and Engineering
The University of Texas at Arlington
Email: das@uta.edu
Raja Datta
Department of Electronics & Electrical Communication Engineering
Indian Institute of Technology Kharagpur
Email: rajadatta@ece.iitkgp.ernet.in
Sabrina De Capitani di Vimercati
Dipartimento di Tecnologie dell'Informazione
Universitá degli Studi di Milano
Email: sabrina.decapitani@unimi.it
Casey Deccio
Sandia National Laboratories
Email: ctdecci@sandia.gov
Juan Deng
Holcombe Department of Electrical and Computer Engineering
Clemson University
Email: jdeng@clemson.edu
Mario Di Francesco
Email: mariodf@uta.edu
Al-Shaer Ehab
Department of Software and Information Systems
University of North Carolina
Email: ealshaer@uncc.edu
Yuguang Fang
Department of Electrical and Computer Engineering
University of Florida
Email: fang@ece.ufl.edu
Matthew Faulkner
California Institute of Technology
Email: mfaulk@caltech.edu
Tim Finin
Department of CSEE
UMBC
Email: finin@cs.umbc.edu
Sara Foresti
Dipartimento di Tecnologie dell'Informazione
Universitá degli Studi di Milano
Email: sara.foresti@unimi.it
Xinwen Fu
Department of Computer Science
University of Massachusetts
Lowell
Email: xinwenfu@cs.uml.edu
Mario Gerla
UCLA Computer Science Department
Email: gerla@cs.ucla.edu
Wenjun Gu
Department of Computer Science and Engineering
The Ohio State University
Email: gu.36@osu.edu
Yong Guan
Department of Electrical and Computer Engineering
Iowa State University
Email: guan@iastate.edu
Jun-Won Ho
Department of Information Security
Seoul Women's University
Email: jwho@swu.ac.kr
Pramod Jagtap
Amazon.com Inc.
Seattle, WA, USA
Email: pramod1@umbc.edu
Anupam Joshi
Department of CSEE
UMBC
Email: joshi@cs.umbc.edu
Krishna Kant
Research Professor
George Mason University
Email: krishna.kant@intel.com
Palanivel Kodeswaran
IBM India Research Lab
Bangalore, India
Email: palani.k@gmail.com
Narayanan Krishnan
School of EECS
Washington State University
Email: ckn@eecs.wsu.edu
Eugen Leontie
Department of Computer Science
The George Washington University
Email: eugen@gwu.edu
Na Li
Computer Science and Engineering Department
The University of Texas at Arlington
Email: na.li@mavs.uta.edu
Wenjia Li
Department of Computer Sciences
Georgia Southern University
Email: wenjiali@georgiasouthern.edu
Annie Liu
California Institute of Technology
Email: aliu@cs.caltech.edu
Donggang Liu
Email: dliu@uta.edu
Yang Liu
Email: yangl@iastate.edu
Wenjing Lou
Computer Science Department
Virginia Polytechnic Institute and State University
Email: wjlou@vt.edu
Chris Ma
Advanced Digital Sciences Center
Illinois at Singapore Pte Ltd
Email: chris.ma@adsc.com.sg
C. E. Veni Madhavan
Department of Computer Science and Automation
Indian Institute of Science
Email: cevm@csa.iisc.ernet.in
Ningrinla Marchang
Department of Computer Science and Engineering
North Eastern Regional Institute of Science and Technology
Email: ningrinla@yahoo.co.in
Sharad Mehrotra
Department of Computer Science
University of California
Irvine
Email: sharad@ics.uci.edu
Bhagi Narahari
Department of Computer Science
The George Washington University
Email: narahari@gwu.edu
Y. Narahari
Department of Computer Science and Automation
Indian Institute of Science
Email: hari@csa.iisc.ernet.in
Guevara Noubir
College of Computer and Information Science
Northeastern University
Email: noubir@ccs.neu.edu
Michael Olson
California Institute of Technology
Email: molson@cs.caltech.edu
Bera P.
Department of Software and Information Systems
University of North Carolina
Email: bpadmalo@uncc.edu
Mayank Raj
Email: mayank.raj@mavs.uta.edu
Nageswara Rao
Science and Mathematics Division
Oak Ridge National Laboratory
Email: raons@ornl.gov
Parisa Rashidi
Department of Computer and Information Science and Engineering
University of Florida
Email: prashidi@eecs.wsu.edu
Kui Ren
Department of Electrical and Computer Engineering
Illinois Institute of Technology
Email: kren@ece.iit.edu
Brian Rivera
US Army Research Laboratory
Tactical Network Assurance Branch
Email: brian.rivera1@us.army.mil
Sandip Roy
School of Electrical Engineering and Computer Science
Washington State University
Ghosh S. K.
School of Information Technology
Indian Institute of Technology
Email: skg@iitkgp.ac.in
Rei Safavi-Naini
Department of Computer Science
University of Calgary
Email: rei.safav@gmail.com
Pierangela Samarati
Dipartimento di Tecnologie dell'Informazione
Universitá degli Studi di Milano
Email: pierangela.samarati@unimi.it
Rahul Simha
Department of Computer Science
The George Washington University
Email: simha@gwu.edu
Christopher Smith
Email: cssmith@gwmail.gwu.edu
Mark-Oliver Stehr
Computer Science Laboratory
SRI International
Email: stehr@csl.sri.com
Jinyuan Sun
Department of Electrical Engineering and Computer Science
niversity of Tennessee
Email: jysun@utk.edu
Carolyn Talcott
Computer Science Laboratory
SRI International
Email: clt@cs.stanford.edu
Jin Teng
Department of Computer Science and Engineering
The Ohio State University
Email: tengj@cse.ohio-state.edu
Nalini Venkatasubramanian
Department of Computer Science
University of California
Irvine
Email: nallini@ics.uci.edu
Yan Wan
Department of Electrical Engineering
University of North Texas
Email: Yan.Wan@unt.edu
Xiaohui Wang
Department of Computer Science
George Mason University
Email: xyang3@gmu.edu
Dong Xuan
Department of Computer Science and Engineering
The Ohio State University
Email: xuan@cse.ohio-state.edu
Mengran Xue
School of Electrical Engineering and Computer Science
Washington State University
Email: morashu@gmail.com
Jie Yang
Department of Electrical and Computer Engineering
Stevens Institute of Technology
Email: jyang@stevens.edu
David Yau
Department of Computer Science
Purdue University
Email: yau@cs.purdue.edu
Shucheng Yu
Department of Computer Science
Donaghey College of Engineering and Information Technology
University of Arkansas at Little Rock
Email: sxyu1@ualr.edu
Wei Yu
Department of Computer and Information Sciences
Towson University
Email: wyu@towson.edu
Seok Bae Yun
Holcombe Department of Electrical and Computer Engineering
Clemson University
Email: syun@clemson.edu
Chi Zhang
University of Science and Technology of China
School of Information Science and Technology
Email: zhangchi@ufl.edu
Nan Zhang
Department of Computer Science
George Washington University
Email: nzhang10@gwu.edu
Xiaoyan Zhu
School of Telecommunications
Xidian University
Email: xyzhu@mail.xidian.edu.cn
Foreword
It is a pleasure for me to write the foreword to this book. The security of critical infrastructure is a significant priority for many countries, and I believe that this handbook can make an important contribution to research and education on this subject by organizing a well-selected collection of fundamental papers of enduring value on vital topics. The editors have done an outstanding work in many fields comprising this subject, including wireless communications, data center engineering, sensor network design, and other areas. That work has connected them broadly in the research community and enabled them to be selective for this book.
As appropriate in a handbook, the editors have taken a comprehensive approach to the subject. There are 30 chapters written by a total of 78 different authors, assuring a breadth of vision and perspective. There is a balanced organization of these chapters into eight major parts. These parts begin with theoretical foundations, including applications of control theory, game theory, system identification, and network modeling to critical infrastructure. The final part comprises six chapters addressing security topics in real-world critical infrastructure systems, including electric power, transportation, health, and telecommunications. In between are the chapters focusing on the themes of security in mobile wireless networks, sensor networks, and technology platforms. Other parts include the essential areas of cloud computing, event monitoring and situational awareness, and policy issues. This organization combined with the depth of the chapters enables the reader to get both a broad view of the field and a deep discussion of critical issues.
During my career, I have had the opportunity to contribute to several National Academy and Defense Science Board Task Forces whose work focused on homeland security and critical infrastructure. Notable among those was the National Academy Task Force on Science and Technology for Counter-Terrorism
in 2001 and 2002 [1]. The work of that group laid the foundation for much of the research on homeland security for the past decade. The scope of this handbook is very consistent with the breadth of issues that we addressed in that study. Of course, these chapters are addressing the current topics like cloud computing and the SmartGrid that are core to today's designs of cyber-physical systems for critical infrastructure.
One important current example of a cyber-physical critical infrastructure system is the New York City Wireless Network (NYCWiN). Motivated by the events of 9/11 and influenced by the above National Academy study, Northrop Grumman initiated a series of research projects in highly secure mobile broadband networks. One result of this research was Northrop Grumman's selection to build NYCWiN, the first such network for public safety in the world [2]. Its design includes many features to mitigate both cyber and physical threats. That highly secure network became fully operational in 2009, and its cyber-physical system architecture is enabling improvements in traffic control, transportation, public health, and environmental quality, as well as providing communications for emergency response. Some of the key concepts that we developed for that network are discussed in this handbook as topics for future research. I am encouraged to see paths to further developments that will enable future networks with increased functionality and security.
Our critical infrastructure has tremendous value and drives major segments of the US economy. For example, North American energy assets are worth more than $1T [3]. Despite this asset value and capability for the economy, much of the infrastructure is aging, difficult to maintain, and not competitive internationally. Many organizations have begun to address these strategic national issues [4].
How we as a nation choose to renew our infrastructure systems in the coming years will help determine the quality of life for future generations. It will also help determine our success in meeting other national challenges, including those of remaining economically competitive, reducing our dependence on imported oil, and dealing with issues related to global climate change, national security, and disaster resilience.
Many of the approaches to renew our infrastructure systems
involve significant uses of advanced information technology and networking. Infrastructure designs with state-of-the-art information technology can deliver lower costs with increased flexibility, functionality, and performance. Moreover, these designs can reduce energy requirements and use environmentally friendly materials.
However, the large and growing base of cyber threats can significantly reduce the benefits and limit the credibility of these advanced design approaches by exploiting the information technology that yields so many benefits. The cyber threats to our critical infrastructures are far more serious than most people realize [5]. Our current infrastructure is underdeveloped for addressing cyber risk from threats as sophisticated, for example, as Stuxnet [6]. This type of malware can manipulate critical infrastructure and can cause significant damage and destruction. Cybersecurity must be built into the infrastructure to mitigate the effects from such increasingly sophisticated threats [7]. Without it, we will lose much of the potential benefits to be gained from IT investments. Securing new designs for cyber-physical systems in critical infrastructure like electric power (e.g., the SmartGrid), transportation, healthcare, and telecommunications are important examples of such developments discussed in this handbook. These developments make this handbook so important and timely.
The field of cyber-physical systems has its roots in the work of Norbert Wiener in the development of cybernetics [8]. I worked on many cyber-physical systems in the Apollo Program where we used the results of Wiener's work to build real-time systems for vital operations in many mission phases. We overcame many challenges in technology, operational concepts, quality, and many others to put men on the Moon and return them safely. However, one challenge that we did not have to face is the cybersecurity threat that architects and engineers must address today. The reality of that threat will cause significant changes in research and education programs in the twenty-first century. Architects and engineers working in critical infrastructure design, development, and operations will need a thorough understanding of cyber threats and approaches to mitigate them. This handbook can make significant contributions to the effectiveness of research and education programs required to meet these needs.
Robert F. Brammer
President and CEO,
Brammer Technology LLC
REFERENCES
[1] National Research Council, Making The Nation Safer-The Role of Science and Technology In Countering Terrorism, National Academy Press, Washington DC, 2002.
[2] H. Morganstern. NYCWiN Interoperable Communications—A Report on the New York City Wireless Innovations, in: The Counter Terrorist, September/October 2008.
[3] R. Anderson, S. Fuloria, Security Economics and Critical Infrastructure, University of Cambridge, Cambridge, UK, 2011.
[4] National Academy of Sciences, Sustainable Critical Infrastructure Systems: A Framework for Meeting 21st Century Imperatives, National Academy Press, Washington DC, 2009.
[5] G. Wilshusen, Continued Attention Needed to Protect Our Nation’s Critical Infrastructure and Federal Information Systems, United States Government Accountability Office, Testimony Before the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies, Committee on Homeland Security, House of Representatives, March 16, 2011
[6] E. Byres, What Does Stuxnet Mean for Industrial Control Systems? The Future of Critical Infrastructure Security, www.tofino.com, March 2011.
[7] R. Brammer, Cyber Security—The Vital Ingredient for Today’s and Tomorrow’s Infrastructure Needs, Energy, Environment, Defense, and Security 2011, Washington DC, May 4, 2011.
[8] N. Wiener, Cybernetics: Or Control and Communication in the Animal and the Machine, 2nd revised ed., MIT Press, Cambridge, MA, 1961.
Securing Cyber-Physical Infrastructure: Perspectives and Overview of the Handbook
I-1 Introduction
Modern society depends on sophisticated infrastructures to carry out its day-to-day activities. Such infrastructures includes buildings (e.g., homes, factories, offices, schools, shopping malls, etc.), utility networks (e.g., electricity, water, gas, sewage, etc.), transportation networks (e.g., roads, railroads and stations, harbors, shipping channels and yards, airports, etc.), transport vehicles (trains, planes, buses, etc.), food and goods distribution networks, healthcare delivery systems, information technology (IT) networks, and so on. Efficient management of these physical and/or cyber infrastructures not only involves sophisticated control systems, but also computing and communication paradigms (see Fig. I-1). Control of large-scale entities such as transportation systems could involve integrated communication, computing and control over wide geographic areas. The IT systems themselves play a dual role in this context: they have an associated physical infrastructure that needs to be configured, managed, and protected. Yet, the IT infrastructure leads to a complex cyber world that helps control cyber-infused physical infrastructures.
Figure I-1 A view of cyber-physical systems.
The role of IT infrastructure also extends well beyond the (semi) automatic control of the physical infrastructure. The nearly ubiquitous smart devices (including sensors) and their increasing capabilities allow them to play significant roles in the intelligent control and protection of the physical infrastructure. In particular, these devices can sense vital information (location, speed, noise, pollution, seismic activity, congestion, etc.), perform (possibly with the help of cloud computing) complex computations such as activity recognition, situation awareness, reasoning, and decision making, and ultimately enable humans to effect the desired control or protection over physical infrastructures. This intertwining of physical and IT infrastructures calls for a holistic treatment of cyber-physical systems in terms of control, protection, and security.
Due to the scale, complexity, and resource limitations, both cyber and physical components of critical infrastructures are vulnerable to a variety of security challenges and threats, such as disruption and damage due to natural disasters or social crises like wars and riots, terrorist activities that deliberately target infrastructure to injure, disrupt, and frighten citizens, and malicious attacks or intrusions with the intent of disrupting communications or stealing sensitive information and records. Furthermore, the worldwide reach of the Internet allows malicious cyber criminals to coordinate and launch attacks on both cyber and cyber-physical infrastructures from anywhere in the world.
These attack-related security challenges call for effective safeguard techniques for monitoring, detection, and prevention of attacks, as well as recovery from attacks, thereby protecting critical national and global infrastructures. In particular, the main objective of infrastructure security is to deter, avert, and detect both previously known and potential attacks. In addition, when the attack and resultant damage do occur, the security mechanisms should point to appropriate defensive actions to protect unaffected portions of the infrastructure as well as help diagnose, reconfigure, and repair the affected parts. Because both the physical and cyber infrastructures may be attacked and damaged, a coordinated action on both fronts is often necessary, which could be extremely complex.
Intelligent control of cyber-physical infrastructure requires continuous collection and analysis of data relevant for assessing the state and performance of the infrastructure. An essential component of this data is how people use the infrastructure. For example, in order to optimize energy conversion and distribution in the smart grid, it is essential to learn how households and businesses use energy throughout the day. Similarly, intelligent traffic and congestion management requires information about commuting habits of people. This brings in serious privacy issues and potential for leakage and misuse of the information for security attacks. Thus, privacy preservation is also an important goal of security mechanisms. Unfortunately, the goal of privacy preservation directly conflicts the goal of effective threat monitoring and timely evasive action. An essential attribute of intelligent cyber control of physical infrastructure is the availability of additional degrees of freedom and the ability to manipulate the configuration under program control. For example, an intelligent, metro-area wide management of traffic signals requires new capabilities to remotely control the state and duration of traffic lights. Such new capabilities result in additional complexity, new failure modes, numerous opportunities for misconfiguration, and new ways of attacking the infrastructure often at a much wider scale than a simpler dumb
infrastructure. Similarly, the complex cyber-infrastructure required to manage these capabilities is more likely to suffer from misconfigurations, software bugs, robustness issues, and new attack pathways. This makes a holistic treatment of cyber-physical systems both essential albeit exceedingly complex.
I-2 Scope of the Handbook
This handbook is intended to provide a comprehensive coverage of the theoretical foundations and practical solution techniques for securing critical cyber-physical infrastructures including the information technology (IT) infrastructure. Effective security of cyber-physical systems must consider a variety of issues including physical barriers to intrusion/disruption, social and legal deterrents, human behavior and usability aspects, and acceptable privacy norms in addition to the scientific and engineering solutions. This handbook is primarily focused on scientific and engineering solution techniques, frameworks and applications. Although in many cases, such fundamental solutions can be adapted to a variety of socio-legal contexts, they are not specifically dealt within this handbook.
To address the scientific and engineering challenges facing the design of secure infrastructures, one must properly understand the limits of cyber-physical systems that may range from largely autonomous systems to those that merely provide useful information for human processing and control. Human–machine interaction is a rich multidisciplinary area, and it is not the intent of this handbook to delve into its challenges. Instead, the handbook is focused on scientific challenges of coping with a wide variety of scenarios that impact the robustness, security or privacy of specific technology, network and system architectures and application areas.
The existing literature on infrastructure security is scattered across several journals, conference proceedings, and rather narrowly focused books. In contrast, this handbook attempts a comprehensive coverage of foundations in the area of cyber-physical and pervasive infrastructure security. Specifically, it brings together in a systematic way high quality contributions on the critical challenges, innovative solutions, and foundational techniques for infrastructure protection and security by leading experts in the field.
I-3 Overview of the Handbook
The handbook consists of the following eight parts, each of which contains multiple chapters focusing on various aspects in that part. Together, the 30 chapters paint a fairly comprehensive picture of the challenges, tools and techniques for securing critical cyber-physical infrastructure against evolving threats and vulnerabilities. Each chapter ends with discussion on open problems and future research and technology challenges. Each chapter also includes a set of thoughtful exercises that can be used in a classroom setting. Thus the unique treatment of the book would be of considerable interest to researchers, practitioners, professionals, and students. In the following, we present a brief overview for each of the parts and the chapters therein.
I-3.1 Part I: Theoretical Foundations
The first part of the handbook consists of four chapters dealing with advanced foundational material in the areas of control theory, game theory, and epidemic theory as they apply to uncertainty management, vulnerability and threat analysis, and worm propagation in securing cyber-physical networks and systems. The focus here is not on basic theory behind private and public key cryptography, or encryption and access control, which are also important but widely covered in many other books and tutorial articles.
Chapter 1 addresses the interplay of security and vulnerability in analyzing threats and uncertainties in cyber-physical networks. Specifically, from control theory perspective, this chapter formally defines and characterizes security as an indication of how easily an adversary can identify network dynamics from noisy measurements, and additionally how vulnerability provides an impact measure for an adversary. The proposed formalisms are then applied to air traffic management, a complex cyber-physical system.
Chapter 2 focuses on game formulations for infrastructure security by analyzing the power of an adversary's intent to obtain more accurate results without compromising other entities' private information. The developed theory is applied to two important infrastructure security applications, namely anomaly detection and anonymous communication.
Chapter 3 considers game theory as a tool for developing analytical framework for cyber-physical networks consisting of sensors and computational nodes. In particular, it deals with placement and modality detection of sensors as well as spatial data collection and fusion for the purposes of source localization and trajectory tracking of various environmental phenomena in cyber-physical systems.
Chapter 4 addresses how to defend against epidemics of worm propagation and associated attacks in cyber-physical infrastructure. It studies worm evolution–interaction process from a system knowledge perspective, as well as the corresponding defensive countermeasures given worm-related knowledge.
I-3.2 Part II: Security for Wireless Mobile Networks
Wireless mobile networks are becoming increasingly integral part of communication infrastructure required to monitor and control cyber-physical systems. For example, wireless technologies such as Wimax/LTE (Long Term Evolution) are being considered for monitoring smart grid in addition to wired technologies such as BPL (Broadband over Power Line). As mentioned earlier, mobile devices enhanced with a variety of sensing and computing capabilities are increasingly being used for applications related to infrastructure security and robustness such as reporting of attacks, anomalies, or other unusual circumstances. Therefore, security of wireless networks is crucial in protecting cyber-physical infrastructures.
There exist a multitude of wireless access technologies including infrastructure-based cellular wireless networks, infrastructureless mobile ad hoc networks (MANET), 802.11-based wireless LANs, and so on. However, radio frequency wireless communications occur over a broadcast medium and hence wireless channels are inherently insecure. Indeed, they are prone to eavesdropping and vulnerable to adversaries such as jamming, identity-based attacks, spoofing, and Sybil attacks. These attacks can severely affect the operation of wireless mobile networks, and hence resistance against them is essential for successful use of such networks for controlling cyber-physical systems. Part II of the handbook contains four chapters addressing some of these important challenges and related state of the art solutions.
Chapter 5 lists a variety of issues and challenges in securing wireless and mobile networks. While reviewing pertinent solution mechanisms from the literature, the chapter addresses how to mitigate security threats to wireless communications (e.g., unauthorized access to a medium and transmission in WiFi or 802.11-based wireless LANs) as well as to supporting mobility (e.g., in mobile IP and location tracking). The underlying techniques are based on cryptography.
Chapter 6 provides an overview of current design principles to build robust wireless infrastructure in adversarial settings. Through case studies (cellular and wireless LAN), this chapter demonstrates that cross-layer attacks and virtually undetectable denial of service attacks are possible in today's wireless infrastructure. It then covers schemes to protect against insider and outsider attacks, cryptographic and coding-based protection mechanisms, and key assignment for robust broadcast; as well as game theoretic approach to deal with adaptive attackers.
Chapter 7 deals with security challenges in MANETs and categorizes the types of attacks as active and passive, depending on whether an attack disrupts the network protocol functions while extracting vital information. After introducing various schemes for certification authority, key management and distribution, several popular techniques for securing routing protocols in MANETs are presented in this chapter.
Chapter 8 provides an overview of the feasibility of launching identity-based attacks in wireless networks and their impact on network performance. It describes existing schemes to prevent such attacks through cryptographic authentication. This chapter also presents new studies that utilize unique properties of wireless systems and exploit domain-specific information to defend against identity-based attacks. The domain-specific information includes location of communicating devices, radio propagation characteristics, and properties of medium access control (MAC) layer.
I-3.3 Part III: Security for Sensor Networks
Wireless sensor networks (WSNs) provide an indispensable sensing and actuation platform in a wide variety of cyber-physical infrastructure and systems, such as smart metering of electric grids, distance and speed monitoring of vehicles in transportation systems, environment and health monitoring, security and surveillance, early warning systems and disaster management, and so on. WSNs, along with auxiliary computation facilities, such as clouds, can help integrate sensing, communication, computation, and control functionalities. However, sensor networks with limited resources (e.g., CPU, storage, energy, wireless bandwidth) are known to be vulnerable to various attacks that could impair normal operations. A major security issue with WSNs is that sensor nodes are often unattended and could be physically captured and compromised by an adversary. The captured nodes could then be used to launch a variety of attacks, some of which may be very difficult to detect and isolate. Other WSN attacks include simply monitoring of a node's communication patterns by an adversary and then draining their battery or overwhelming them. Therefore, there is a great demand for efficient and effective defense mechanisms to protect WSNs.
In hostile situations, it is critical to enforce network access control to ensure sensory data integrity, availability, and confidentiality. Chapter 9 discusses two practical, efficient, and distributed access control methods in WSNs. One of the methods uses only symmetric cryptographic operations, whereas the other applies public key cryptography.
Chapter 10 deals with how to defend WSNs against physical attacks and introduces the associated challenges. It also presents a sacrificial node-based defense mechanism in which a few sensors purposefully perform the tasks of attacker detection and attacker information propagation in order to save other sensors, at the expense of themselves being detected and destroyed by the attacker.
Chapter 11 describes a robust framework for detection and isolation of limited and wide-spread attacks in static and mobile WSNs. In the limited attack, an attacker physically captures a few nodes, compromises and moves them to multiple locations to evade detection. In the wide-spread attack, on the other hand, an attacker can generate many replicas of a few compromised nodes and widely disseminate them over the network. This chapter describes how to combat against such attacks, by developing efficient mechanisms for detecting node compromises as well as node replicas.
I-3.4 Part IV: Platform Security
All mechanisms for securing protocols, applications, and user data depend on three fundamental assumptions: (a) the hardware itself is not bugged
or has Trojan logic that steals information, updates or perturbs it clandestinely, or interferes with the correct execution of the program logic, (b) the basic software tools such as compilers, runtime systems, drivers, etc. function as expected and do not compromise the higher level software, and (c) the system is not compromised during boot up or runtime. If any of these assumptions do not hold, mechanisms implemented to secure individual protocols or applications may be suspect. Therefore, the Part of platform security addresses three fundamental areas: (a) ensuring that the hardware does not harbor Trojan logic (or circuits), (b) ensuring the integrity of software and exploitation of compiler techniques in this regard, and (c) hardening the system against compromise and providing a trusted computing base.
Topics (a) and (c) are addressed in Chapter 12, whereas topic (b) is addressed in Chapter 13. In particular, Chapter 12 discusses the issue of detecting Trojan circuits, watermarking/fingerprinting the hardware, architectural support to detect attacks and to secure the execution, and using software to check hardware.
Chapter 13 discusses watermarking techniques for software, software obfuscation (which tries to make the code unintelligible), techniques to ensure that the code integrity is preserved, and information flow tracking and verification mechanisms.
These hardware and software techniques can result in systems that are much harder to attack successfully and thus simplify the job of securing individual applications.
I-3.5 Part V: Cloud Computing and Data Security
In critical cyber-physical infrastructure, significant security concerns often arise from data processing and transmission. In particular, large amounts of sensitive data may need to be protected when transmitted or hosted at a data center that may not be entirely trusted to protect the confidentiality or integrity of the data. Moreover, certain components of sensitive data may have to be published to agents without full access right to the data, such as aggregate information of a dataset for report generation purposes without divulging the values of individual (sensitive) tuples.
Part V consists of four chapters on securing the transmission, processing, and publishing of large amounts of security-sensitive data. The chapters also cover various data encryption and perturbation techniques as the underlying primitives for protecting data security and privacy.
Chapter 14 deals with the first issue – that is, the transmission of security-sensitive data. In particular, it considers the problem of data outsourcing, the security concerns it incurs, and how to mitigate the concerns through a multitude of data transformation techniques, for example, encryption, perturbation, as well as access control techniques. By leveraging these techniques, this chapter covers not only the protection of data confidentiality, but also the assurance of data integrity in storage and query processing.
Chapter 15 addresses the second issue – that is, how to ensure security when data are processed in private and public clouds. In particular, it discusses a comprehensive set of security issues for generic cloud computing systems, outlines the types of data to be protected as well as the potential attacks that an adversary may launch to compromise data security, and reviews a number of necessary security services and mechanisms required for enforcing data security. This chapter also summarizes the state-of-the-practice security mechanisms adopted by real-world cloud computing service providers such as Amazon Web Services, Microsoft Windows Azure, and Google App Engine.
Chapter 16 also addresses the problem of data security in cloud computing. Nonetheless, unlike the previous chapter, this chapter focuses on a specific type of cloud computing systems – those composed of mobile devices. Note that mobile cloud computing systems are especially suitable for cyber-physical infrastructures because of the versatility and portability offered by such systems. This chapter first explains why data security is the most important obstacle preventing the wide adoption of mobile cloud computing systems. Then, it describes a number of security mechanisms and case studies of using them in real-world applications of mobile cloud computing systems.
Chapter 17 considers the last issue discussed above – that is, the publishing of security-sensitive data. Specifically, this chapter focuses on the publishing of social network topologies – a problem often arising in cyber-physical infrastructures – to untrusted third parties. The key technical challenge here is how to publish the minimum amount of information that is necessary for the intended purpose of publishing (e.g., mining the topology to identify terrorists). This chapter describes various data perturbation mechanisms that can enable social network publishing without violating the privacy/security of each individual user/vertex in the social network.
I-3.6 Part VI: Event Monitoring and Situation Awareness
To properly secure a critical cyber-physical infrastructure, it is important to monitor it comprehensively and recognize interesting
and actionable events in real time. Wireless devices and sensors play important roles in monitoring and detecting such events. Furthermore, owing to severe resource constraints on the sensors, the collected data may not be simply sent to a central place for processing; instead, mechanisms to reduce data (e.g., local filtering, aggregation, and simple event detection) and judicious distributed processing to recognize anomalies and patterns become essential. A critical element of event monitoring is situational awareness so that monitoring, reasoning and control actions can be efficiently managed. Online automated understanding of situation is a highly desirable yet extremely ambitious goal that involves a large number of research challenges. Part VI (consisting of four chapters) discusses these issues and corresponding solutions.
Chapter 18 deals with the problem of distributed network and system monitoring. The focus is on addressing the important challenges of using limited memory space and computational resources to process a continuous stream of large amounts of sensory data coming in at a high speed. This chapter reviews the existing algorithms that offer bounded running time and small memory footprints– that is, algorithms that are feasible to be used in real-time distributed monitoring systems. This chapter also shows various analytical applications that these algorithms enable over a continuous stream of sensory data – for example, online PCA, n-gram analysis, time-decaying aggregation, etc.
Chapter 19 addresses the next step – that is, how to discover and track patterns of interest from the input data. In particular, it discusses how to identify input sequences that represent normal behavior, how to exploit machine learning to generate abstract models of such input sequences, and how to detect abnormal behavior. This chapter also describes an implementation of the discussed techniques on a fully automated smart home project that detects anomalies in a person's living environments.
Chapter 20 considers the construction of a semantics foundation and flexible programming environment in order to enable the human-centric deployment of a robust sensing system that supports hierarchical modeling and reasoning of monitored events. It outlines the major design principles for creating a sensing/monitoring middleware, and also discusses the roles of formal methods and reasoning in the realization of such a middleware framework. A system featuring such a middleware framework, SATWARE, is discussed as a case study in this chapter.
Chapter 21 considers how a sensing system can detect and respond to rapidly evolving threats such as earthquakes, tsunamis, etc. An important issue here is how to leverage the vast amount of sensors controlled by individual members of the community, e.g., phone sensors controlled by individuals, camera sensors controlled by businesses. This chapter considers three broad categories of threat detection and mitigation tasks: warning of impending threats, responding to disasters immediately after they occur, and characterizing the sensing infrastructure and environment using data measured during normal times. The chapter also compares community-based threat detection/mitigation with the traditional agency-based method, and finds that while the community-based solution often excels in scalability and (low) cost, it also incurs concerns on the privacy of sensor owners and the security of system operation.
I-3.7 Part VII: Policy Issues in Security Management
Policy takes an important role in most security management systems including critical cyber-physical infrastructure. Since policies are specified by the administrators of the system, the specification must consider human factors such as ease of understanding. Policies should also be analyzable formally so that it is possible to verify policy implementations and detect potential conflicts and inconsistencies. Part VII consists of three chapters on policy issues and configuration management.
Chapter 22 considers the use of high-level semantic policies to manage the trust relationship among entities involved in a cyber-physical infrastructure, in particular, when detecting, evaluating, and responding to threats. Specifically, it shows how the policies can be used to protect the traditional Internet backbone by automatically configuring BGP (border gateway protocol) routers. It also describes how the same framework can be used to secure information and devices in a mobile network.
Chapter 23 focuses on security policies for access control. Specifically, it covers several access control models (mandatory, discretionary, role-based, and attribute-based) as well as a number of tools for analyzing access control policies and determining conflicts and redundancies. In addition, this chapter discusses various case studies of using formal methods to support access control as well as security in general. It also outlines the current trend in access control methods, especially in the context of critical cyber-physical infrastructures.
Chapter 24 addresses the enforcement of security policies. It discusses a formal verification methodology for analyzing various types of security policies and configurations – for example, access control lists, IPSec security policy configurations, etc. In particular, this chapter describes a binary decision diagram-based approach for analyzing IPSec configurations and a graph mining-based approach for analyzing the correctness of access control list configurations.
I-3.8 Part VIII: Security Issues in Real-World Systems
Part VIII examines security in several real-world systems. Each of these systems has its own unique attributes, security threats and requirements, and unique challenges in securing it while minimizing loss of privacy. This part of the handbook consists of six chapters dealing with security in three very different cyber-physical systems (smart grid, automobiles, and mobile healthcare delivery), and three cyber systems (Internet infrastructure, vehicular networks, and peer-to-peer telecommunication networks).
Chapter 25 discusses the security of smart grid. The key to success of smart grid is wide-spread monitoring of energy consumption behaviors so that energy generation and distribution can be managed intelligently, and the consumers can be given feedback how to use the energy more efficiently. However, this is fraught with privacy and security risks, which the chapter exposes along with potential solutions.
Chapter 26 discusses security of automotive systems that deploy increasingly complex embedded computing systems to control a variety of aspects including fuel injection, speed control, smart braking, collision avoidance, fuel efficiency optimization, theft deterrence, equipment monitoring (e.g., tire condition and air pressure), participation in vehicular networks, etc. This increasing sophistication creates ample opportunities for misconfiguration and security attacks. This chapter provides a comprehensive coverage of the vulnerabilities and approaches to making automotive systems more robust.
Chapter 27 discusses security and privacy issues in mobile healthcare systems. Because of the numerous advantages of maintaining and exchanging healthcare information electronically, healthcare is rapidly moving away from paper-based systems to electronic health record- (EHR) based technologies. The ubiquitous availability of mobile devices has the potential to exploit this and truly revolutionize healthcare delivery to the masses. This chapter presents the design of security architecture, called HIPS, for EHR systems based on cryptographic tools. The proposed system attempts to provide full privacy for patients and can handle emergency situations.
Chapter 28 discusses security and robustness of the current Internet infrastructure including name resolution and various communication layers. In particular, the chapter discusses the vulnerabilities of both plain domain name system (DNS), security enhanced DNS, and robustness of interdomain routing under both isolated and large-scale failures. The chapter also discusses robustness of various other commonly deployed network protocols. As computer systems and networks become more sophisticated and complex, they experience increasing impact on functionality, performance, reliability, and security due to configuration errors and attack opportunities provided by them. Thus, hardening the configuration management and detecting misconfigurations becomes a vital problem, which is also addressed in this chapter.
Chapter 29 discusses application of vehicular ad-hoc networks (VANETs) to handle disaster and emergency scenarios where the normal communication infrastructure is partially or fully obliterated. The chapter considers two goals: support of emergency vehicles, and establishment of a general purpose
V2V (Vehicle to Vehicle) emergency network that can survive large-scale disasters. The emergency vehicle network in this context can be used to provide critical infrastructure to provide access to remote resources, interconnection of multiple rescue teams, urban surveillance, and vehicle evacuation. The security and privacy of such a network and ways to test such networks during normal conditions are also addressed in the chapter.
Chapter 30 discusses the security of Voice over Internet Protocol (VoIP) telecommunication networks. Such networks offer a number of opportunities for hackers to spread spam, to steal services and personal information, illegal wiretapping, and disrupting communications. The chapter shows that various commercial VoIP services in existence today are vulnerable to exploitations. It then details a variety of attack scenarios and offers solutions for mitigating vulnerabilities.
I-4 How to Use The Handbook
The intended audience of this handbook includes different sectors of the society such as researchers, engineers, professionals, teachers, and undergraduate/graduate students interested in the fundamentals of security in cyber and physical systems, as well as how they apply to important applications in daily lives, such as smart power grid, emergency and disaster management, intelligent transportation systems, healthcare industry, cyber-security, etc. In the following, we list a number of scenarios on how to use this handbook as a text or a reference.
I-4.1 Advanced Undergraduate or Graduate Course
We recommend structuring a semester- or quarter-long course on cyber-physical infrastructure security into three major components: theoretical foundations, infrastructure security techniques, and real-world case studies. The first component covers Part I of the handbook. The second component covers Parts II–VII, whereas the last component covers Part VIII.
Specifically, for a semester-long course, we recommend covering all parts in the book, whereas leaving Chapters 4, 8, 11, 17, 20, and 24 as optional readings. The real-world applications of interest can be picked up from Part VIII as needed.
For a quarter-long course, on the other hand, we recommend covering Part I, selected chapters from Parts II–VII, and appropriate application areas from Part VIII. The selection of parts and chapters therein depends on the emphasis area of the course.
Some possibilities include:
(a) A course on security and robustness of computer networks could involve Parts II (wireless networks) and 3 (sensor networks), along with Chapters 28 (Internet), 29 (vehicular networks), and 30 (SIP-based VoIP). If needed, this coverage can be augmented with external material on network resilience and dependability.
(b) A course geared towards security in physical infrastructure could include Chapter 3, Parts III (sensor networks), 6 (situation awareness), and 7 (policies), and application topics in Chapters 25, 26, 27 and 29. The coverage can be enhanced with additional applications such as security of airports or other public infrastructures.
(c) A course geared towards security in cyber-infrastructure could include Parts IV (platform security) and 7 (policies), Chapters 15 and 16 (cloud computing), and application Chapters 28 and 30. Additional coverage could include physical security in data centers and other IT infrastructure.
I-4.2 A Training Course
The book can be used for focused training courses on various aspects of cyber-physical infrastructure security. The specific parts and chapters would depend on the duration and focus of the training. For example, some topics for short courses (a week or less) that could be based on this handbook include wireless network security, internet robustness and security, database security, cloud computing security, smart grid security, computing platform security, sensor network security, vehicular network security, etc.
Acknowledgements
This idea of the handbook grew out of a one week workshop on infrastructure security organized by two of the editors (Das and Kant) and attended by all three editors as well as some of the chapter contributors. This workshop was hosted by the Indian Institute of Science, Bangalore, India from January 9 to January 13, 2010, and was jointly sponsored by the US National Science Foundation (NSF) and the Indo-US Science and Technology Forum (IUS-STF). We would like to acknowledge the support of these organizations and Dr. Arabinda Mitra, the then Executive Director of IUS-STF. We would like to acknowledge the support of the staff of Morgan Kauffman, particularly Rick Adams, David Bevans and Danielle Miller, for their excellent support throughout the production of this handbook.
Thanks are also due to all the authors for contributing excellent chapters on exciting topics and for their timely cooperation, without which this handbook would not be possible.
Finally, we would like to thank our family members for their encouragement and support.
TABLE OF CONTENTS
Cover Image
Title
Copyright
Dedication
About the Authors
Contributors
Foreword
Securing Cyber-Physical Infrastructure Perspectives and Overview of the Handbook
PART I. Theoretical Foundations
Introduction
Chapter 1. Security and Vulnerability of Cyber-Physical Infrastructure Networks
1.1 Introduction
1.2 Definitions for Security and Vulnerability of Network Dynamics
1.3 Network Control Tools for Characterizing and Designing Security and Vulnerability
1.4 Conclusions and Future Work
Chapter 2. Game Theory for Infrastructure Security
2.1 Introduction
2.2 Preliminaries
2.3 Intent-based Adversary Model for Anomaly Detection
2.4 Intent-based Adversary Model for Anonymous Communication Systems
2.5 Conclusion
Chapter 3. An Analytical Framework for Cyber-Physical Networks
3.1 Introduction
3.2 Spatial Dispersion Models
3.3 CPN Design and Analysis
3.4 CPN Infrastructure Robustness
3.5 Conclusions
Acknowledgments
Chapter 4. Evolution of Widely Spreading Worms and Countermeasures
4.1 Introduction
4.2 Objectives and strategies of Worm propagator and defender
4.3 Worm Initial Attacks
4.4 Defense against initial attacks
4.5 Worm Evolution
4.6 Defense Evolution versus Worm Evolution
4.7 Final Remarks
PART II. Security for Wireless Mobile Networks
Introduction
Chapter 5. Mobile Wireless Network Security
5.1 Introduction
5.2 Wireless Communications Security
5.3 Mobility Support Security
5.4 Conclusion and Future Research
Chapter 6. Robust Wireless Infrastructure against Jamming Attacks
6.1 Introduction
6.2 Design Vulnerabilities of Wireless Infrastructure
6.3 Resiliency to Outsider Cross-Layer Attacks
6.4 Resiliency to Insider Cross-Layer Attacks
6.5 Game-Theoretic Models and Mechanisms
6.6 Conclusions
Chapter 7. Security for Mobile Ad Hoc Networks
7.1 Introduction
7.2 Basic Features of Manet
7.3 Security Challenges
7.4 Security Attacks
7.5 Providing Basic Security Infrastructure
7.6 Security Solutions
7.7 Secure AD HOC Routing
7.8 Intrusion Detection and Response
7.9 Conclusions and Future work
Chapter 8. Defending Against Identity-Based Attacks in Wireless Networks
8.1 Introduction
8.2 Feasibility of Launching Identity-Based Attacks
8.3 Preventing Identity-Based Attacks via Authentication
8.4 Defending Against Spoofing Attacks
8.5 Defending Against Sybil Attacks
8.6 A Generalized Identity-Based Attack Detection Model
8.7 Challenges and Research Directions
8.8 Conclusion
PART III. Security for Sensor Networks
Introduction
Chapter 9. Efficient and Distributed Access Control for Sensor Networks
9.1 Introduction
9.2 Existing Schemes
9.3 System Models and Assumptions
9.4 Scheme I: Uni-Access Query
9.5 Scheme II: Multi-Access Query
9.6 Evaluation
9.7 Conclusion and Future Work
Chapter 10. Defending Against Physical Attacks in Wireless Sensor Networks
10.1 Introduction
10.2 Related Work
10.3 Physical Attacks in Sensor Networks
10.4 Challenges in Defending Against Physical Attacks
10.5 Case Study
10.6 Open Issues
10.7 Conclusions and Future Work
Chapter 11. Node Compromise Detection in Wireless Sensor Networks
11.1 Introduction
11.2 Related Work
11.3 Preliminaries
11.4 Limited Node Compromise Detection
11.5 Wide-spread Node Compromise Detection
11.6 Conclusion and Future Work
PART IV. Platform Security
Introduction
Chapter 12. Hardware and Security
12.1 Introduction
12.2 Hardware Supply Chain Security
12.3 Hardware Support for Software Security
12.4 Conclusions and Future Work
Chapter 13. Languages and Security
13.1 Introduction
13.2 Compiler Techniques for Copyrights and Watermarking
13.3 Compiler Techniques for Code Obfuscation
13.4 Compiler Techniques for Code Integrity
13.5 Proof-Carrying Code and Authentication
13.6 Static Analysis Techniques and Tools
13.7 Information Flow Techniques
13.8 Rule checking, Verification, and Run-time Support
13.9 Language Modifications for Increased Safety and Security
13.10 Conclusions and Future Work
PART V. Cloud Computing and Data Security
Introduction
Chapter 14. Protecting Data in Outsourcing Scenarios
14.1 Introduction
14.2 Data Encryption
14.3 Fragmentation for Protecting Data Confidentiality
14.4 Protecting Data Integrity
14.5 Open Issues
14.6 Conclusions
Acknowledgments
Chapter 15. Data Security in Cloud Computing
15.1 Overview
15.2 Data Security in Cloud Computing
15.3 Commercial and Organizational Practices
15.4 Summary
Chapter 16. Secure Mobile Cloud Computing
16.1 Introduction
16.2 Cloud Computing
16.3 Mobile Cloud Computing Security
16.4 Virtual Node Security
16.5 Virtual Network Security
16.6 Mobile Application Security
16.7 Research Challenges and Open Issues
16.8 Summary and Conclusion
Chapter 17. Relation Privacy Preservation in Publishing Online Social Networks
17.1 Introduction
17.2 Complete Identity Anonymization
17.3 Partially Exposing User Identity
17.4 Completely Disclosing User Identity
17.5 Utility Loss and Privacy Preservation Measures
17.6 Conclusion
PART VI. Event Monitoring and Situation Awareness
Introduction
Chapter 18. Distributed Network and System Monitoring for Securing Cyber-Physical Infrastructure
18.1 Overview
18.2 System Model and Design Principles
18.3 Recent Progress and Major Milestone Results
18.4 Open Problems
18.5 Summary and Future Directions
Chapter 19. Discovering and Tracking Patterns of Interest in Security Sensor Streams
19.1 Introduction
19.2 Sensor Event Analysis for Health Monitoring
19.3 Related Work
19.4 Discovering Activities
19.5 Recognizing Activities
19.6 Validation of Activity Discovery and Tracking Algorithms
19.7 Anomaly Detection
19.8 Conclusions
Chapter 20. Pervasive Sensing and Monitoring for Situational Awareness
20.1 Introduction
20.2 Hierarchical Modeling and Reasoning in Cyber-Physical Systems
20.3 Adaptive Middleware for Cyber-Physical Spaces
20.4 Enabling Scalability in Cyber-Physical Spaces
20.5 Dependability in Sentient Spaces
20.6 Privacy in Pervasive Spaces
20.7 Conclusions
Chapter 21. Sense and Response Systems for Crisis Management
21.1 Introduction
21.2 Decentralized Event Detection
21.3 Agency-Based and Community-Based Systems
PART VII. Policy Issues in Security Management
Introduction
Chapter 22. Managing and Securing Critical Infrastructure – A Semantic Policy- and Trust-Driven Approach
22.1 Introduction
22.2 Related Work
22.3 A Policy and Trust Framework to Secure CPS
22.4 Prototype Implementations
22.5 Conclusion and Future Work
Chapter 23. Policies, Access Control, and Formal Methods
23.1 Introduction
23.2 Access Control Concepts and Models
23.3 Tools and Methods for Managing Access Control
23.4 Formal Methods
23.5 Access Control for Critical Infrastructures – Open Problems and Possible Approaches
23.6 Concluding Remarks
Chapter 24. Formal Analysis of Policy-Based Security Configurations in Enterprise Networks
24.1 Introduction
24.2 State of the Art
24.3 Formal Verification of Security Policy Implementations
24.4 Verification of IPSec Policies
24.5 Conclusion
24.6 Open Research Problems
PART VIII. Security in Real-World Systems
Introduction
Chapter 25. Security and Privacy in the Smart Grid
25.1 Introduction
25.2 The Smart Grid
25.3 Security and Privacy Challenges
25.4 Toward a Secure and Privacy-Preserving Smart Grid
25.5 Concluding Remarks
Chapter 26. Cyber-Physical Security of Automotive Information Technology
26.1 Introduction
26.2 Automotive Security Analysis
26.3 ECU Reprogramming Security Issues
26.4 Conclusion
Acknowledgments
Chapter 27. Security and Privacy for Mobile Health-Care (m-Health) Systems
27.1 Introduction
27.2 Electronic Health Record (EHR)
27.3 Privacy and Security in E-Health Care
27.4 State of the Art Design for Health Information Privacy and Sharing (HIPS)
27.5 Security Analysis
27.6 Conclusion and Future Work
Acknowledgments
Chapter 28. Security and Robustness in the Internet Infrastructure
28.1 Introduction
28.2 Vulnerabilities in Domain Name Resolution
28.3 Security Solutions for the Domain Name System
28.4 Secure End-to-End Communication Protocols
28.5 Integrity of Internet Routing
28.6 Integrity Below the IP Layer
28.7 Configuration Management Security
28.8 Conclusions and Future Challenges
Acknowledgments
Chapter 29. Emergency Vehicular Networks
29.1 Introduction
29.2 Emergency Vehicle Support
29.3 The Emergency
Vehicle Grid
29.4 Basic Urban Grid Routing
29.5 Delay-Tolerant Vehicular Routing
29.6 Mobimesh and Geo-Location Server: Finding the Destination Coordinates During the Emergency
29.7 Content Routing Across the Vanet
29.8 Emergency Video Dissemination
29.9 Vehicular Grid Surveillance
29.10 Map Updates Using Crowdsourcing
29.11 Security in the Emergency Vehicular Network
29.12 Conclusions
Chapter 30. Security Issues in VoIP Telecommunication Networks
30.1 Introduction
30.2 Connection Establishment and Call Routing
30.3 Man-in-the-Middle Attacks
30.4 Voice Pharming
30.5 Billing Attacks
30.6 Security Requirements of a P2P Telecommunication Network
30.7 Small World VIP-P2PSIP-Based on Trust
30.8 Conclusion
Acknowledgements
Index
PART I
Theoretical Foundations
Introduction
Chapter 1 Security and Vulnerability of Cyber-Physical Infrastructure Networks
Chapter 2 Game Theory for Infrastructure Security
Chapter 3 An Analytical Framework for Cyber-Physical Networks
Chapter 4 Evolution of Widely Spreading Worms and Countermeasures
As discussed in the previous introductory chapter, we live in a cyber–physical world which we desire to understand (sense), serve (via computation and communication), and control. With the technological advances of wireless communications, sensors, smart devices, embedded computing/control, and pervasive computing, it is possible to build complex cyber–physical infrastructure and smart environments, and these systems indeed abound in our daily lives. Due to their scale and complexity, such systems are vulnerable to a variety of attacks and threats. Therefore, robust design and secure management (monitoring and control) of cyber–physical infrastructure are crucial albeit extremely challenging.
With the goal of understanding and analyzing uncertainty in securing complex systems, Part I of this handbook consisting of four chapters attempts to build a solid theoretical foundation for security of cyber–physical networks and systems. The underlying concepts are developed on foundations in control theory, graph theory, game theory, and epidemic theory, and aim to provide a holistic perspective on security that considers both the cyber and physical worlds (see Figure 1). Other traditional techniques that do not explicitly consider cyber and physical aspects together (like cryptography or encryption of communications [3, 4, 6–8], robust control of physical components [2], or stochastic theory) are not in the scope of this part.
Figure 1 Foundations of cyber–physical systems.
Chapter 1 titled Security and Vulnerability of Cyber–Physical Infrastructure Networks: A Control-Theoretic Approach
is motivated by the increasing need for developing automated decision support tools for cyber–physical networks (e.g., transportation, electric power grid, and health care) that are subject to uncertainties and adversarial attacks at multiple spatial and temporal scales. This chapter develops a new control theoretic framework that defines and characterizes the interplay between security and vulnerability in such systems. More precisely, the framework proposes holistic definitions for security and vulnerability; broadly applicable models for natural adversaries (uncertainties), sentient adversaries, and their interactions with system planners; and pointers to network control theory tools that may help to evaluate security and vulnerability according to these definitions. In developing the framework, the adversaries are conceptualized as seeking to estimate and/or actuate the physical dynamics of the networks, through measurement or modification of only a few network components at the cyber or physical level. As such, the adversary's ability to estimate/actuate the network dynamics is critically dependent on its topology or graph structure, and understanding this dependence is central to mitigating the adversarial behavior. To this end, this chapter develops abstract linear dynamical network models specified on a graph, for the physical and information-flow dynamics of a network. Security and vulnerability are defined thereof, as an adversary's perhaps intertwined ability to estimate and actuate critical aspects of the network dynamics, respectively, using localized measurements. As a canonical case study, the proposed formalisms are applied to air traffic management systems, a prototypical complex cyber–physical network.
Chapter 2 titled Game Theory for Infrastructure Security: The Power of Intent-Based Adversary Models
deals with game formulations for modeling adversarial threats in distributed information sharing involving autonomous entities. Traditional adversary models are assumed to be behavior based or semi-honest – those that run the protocol exactly as specified (i.e., without any deviations), but may try to learn about the input of other entities from their views of the protocol. However, it is rather hard to determine whether an entity has the capability to change its input database or deviate from the protocol in real-world applications, thus making it difficult to defend against arbitrarily behaving adversaries. This chapter eliminates the constraints on the behavior of entities, and thereby formulates and analyzes the power of intent-based adversary model to obtain more accurate results without compromising other entities' private information. The developed game theory solution is applied to two important infrastructure security applications, namely anomaly detection and anonymous communication.
Chapter 3 titled An Analytical Framework for Cyber–Physical Networks
discusses an important class of detection, identification, and tracking of spatial phenomena (DITSP) tasks, whose network solutions are necessarily cyber–physical in nature. For these tasks, spatially distributed sensors measure
the physical phenomenon in space and time, and a network of computation, communication, and data nodes process the measurements to generate actionable information for decision making. This chapter presents an analytical framework to guide the design and implementation of Cyber–Physical Networks (CPN) in the aspects of modality selection of sensors; placement of sensors and computation modules for effective coverage; fusion of multimodal data in a unifying projective space for consolidated information; and robust estimation and optimization of model parameters by Bayesian and empirical methods. The robustness of the CPN, in the face of natural