Publication Date

2014

Document Type

Dissertation

Committee Members

Jonathan Butts (Advisor), Krishnaprasad Thirunarayan (Advisor), Bin Wang (Committee Member), Junjie Zhang (Committee Member)

Degree Name

Doctor of Philosophy (PhD)

Abstract

Industrial Control Systems are vulnerable to integrity attacks because of connectivity to the external Internet and trusted internal networking components that can become compromised. Integrity attacks can be modeled, analyzed, and sometimes remedied by exploiting properties of physical devices and reasoning about the trust worthiness of ICS communication components.

Industrial control systems (ICS) monitor and control the processes of public utility that society depends on - the electric power grid, oil and gas pipelines, transportation, and water facilities. Attacks that impact the operations of these critical assets could have devastating consequences. The complexity and desire to interconnect ICS components have introduced vulnerabilities and attack surfaces that previously did not exist.

Cyber attacks against ICS are increasing and have demonstrated an ability to create effects in the physical domain. The numerous communication paths, various ingress and egress points, diversity of technology and operating requirements provide myriad opportunities for a motivated adversary. Current defense strategies and guidelines focus on defense-in-depth to protect critical resources at network boundaries by presenting an attacker with various challenges to overcome. Our findings indicate a paradigm shift is required to thwart advanced threats in ICS. ICS operations focus on availability, safety, and reliability. Current ICS attacks can penetrate or circumvent external barriers recommended by defense-in-depth strategies to facilitate integrity attacks. Inside these boundaries, internal network traffic and components are trusted, which can be manipulated by an attacker to compromise the integrity of network traffic. The automatic evaluation of integrity is a difficult problem in the ICS environment with fundamental issues that are yet to be adequately addressed, including: (a) sufficient methods for detecting integrity errors, and (b) interpretation and correlation of interdependent data to improve trustworthiness. This research investigates how to detect and locate integrity errors in a system by correlating state values from network devices. The specific problem to be addressed is how to use physical properties of independent sensors to derive a holistic view of the system to discern system state. A method capable of detecting intentional and unintentional integrity issues, which can result from cyber attacks, is necessary to supplement current strategies that blindly trust internal network data. This research examines the theory, application and results for a new Byzantine Industrial Control System (BICS) algorithm that provides security for an ICS in a hostile environment. BICS provides a method to: • Detect and locate integrity errors in an ICS using properties of devices that do not communicate directly. • Enable a holistic view of the system in a fashion that automatically correlates untrusted system parameters from compromised nodes to detect integrity errors. • Allow operators of networks to function securely and confidently without degrading overall system performance by improving trustworthiness of data and providing an ability to isolate compromised nodes.

Page Count

177

Department or Program

Department of Computer Science and Engineering

Year Degree Awarded

2014

Download


Share

COinS