Defense mechanisms:
Traditional control system safety methods were
proposed to ensure that only physical system operations were safe.
Protection relays and circuit breakers, to cite an example, are used in power
systems to isolate transmission lines with excessively high current flow.
Furthermore, these processes only examine the physical component
engaged in the operation, rather than the action's entire system impact. They
are built to be dependable and durable in the face of mishaps or severe
situations. They do not, however, account for a malicious insider analyzing
operational changes in a system as it responds to problems and exploiting
this behavior to push the system even further into a hazardous condition.
For making systems safer, new resilient-to-faults control and estimating
algorithms are proposed. Traditionally, this has been accomplished by
comparing sensor values to an analytical model of the system and calculating
the so-called residual signal. After that, the residual signal is evaluated (e.g.,
using signal processing techniques) to see if a defect has occurred.
However, with such algorithms, there is usually only one residual signal per
THE 3
rd
INTERNATIONAL SCIENTIFIC CONFERENCES OF STUDENTS AND YOUNG RESEARCHERS
dedicated to the 99
th
anniversary of the National Leader of Azerbaijan Heydar Aliyev
140
failure scenario. In robust control, the goal is to provide control systems that
are resistant to model disturbances. However, these disturbances are
generally viewed as natural fault conditions and are assumed to be bounded.
This does not apply to security because the disturbances will always be
hostile and hence cannot be bounded. Most notably, research into secure
control estimates can contribute to the development of more resilient control
algorithms; nevertheless, these approaches are mostly theoretical and do
not account for operator errors or insider assaults. Security is also
considered to be sustained by utilizing cryptographic procedures such as
message authentication codes. Using the same cryptographic key for all
communications or a new key for each message can help secure
communication between the operator and the PLCs. Within this solution
framework, there are two feasible proactive cryptographic protection
strategies based on diversity: (a) lengthening cryptographic keys so that
high-impact messages are more computationally difficult to tamper with, and
(b) selecting the subset of messages authenticated by each key from a group
of keys so that the predicted impact of compromising any one key on the
physical system is minimized. Tampering with any message, however,
demands constant burden for the adversary in both techniques, even though
the impact of a tampered message changes depending on its effect on the
physical plant.
References
:
1. [“An Impact-Aware Defense against Stuxnet,” Andrew Clark, Quanyan Zhu, Radha
Poovendran and Tamer Basar]
2. [“CPAC: Securing Critical Infrastructure with Cyber-Physical Access Control,” Sriharsha
Etigowni, Dave Jing Tian, Grant Hernandez, Saman Zonouz, Kevin Butler]
3. [“Secure estimation and control for cyber-physical systems under adversarial attacks,”
Hamza Fawzi, Paulo Tabuada, Suhas Diggavi]
|