Trusted hardware sensors for anomaly detection in critical infrastructure systems

Fournaris, Apostolos P.; Λαμπρόπουλος, Κωνσταντίνος; Koufopavlou, O.

doi:10.1109/mocast.2018.8376629

Cited by 6 publications

(9 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They follow a broad range of different, not IT related, control protocols like ISA 100, Modbus, CAN, etc. Some of these devices and protocols have proprietary software or standards that may make IT countermeasures unfitting [2,5]. This reason along with the fact that a successful CIS attack has high impact and thus high payoff, attracts very skilled attackers that can mount very sophisticated attacks on CPSs and CIS [13].…”

Section: Critical Infrastructure Security Monitoring System Anomaly Detection Sensorsmentioning

confidence: 99%

“…There is a critical need to fortify CIs to the maximum possible, since a major cyberattack in one of them may cause severe problems not only at a technical level but also in the economy, public safety, etc. [2].…”

Section: Introductionmentioning

confidence: 99%

“…In this paper, we review the option of using hardware means in order to secure sensors' ADS/SIEM transmitted data, instilling trust in the overall process. In addition, extending the work in [2], we propose a Hardware Security Token to be physically connected to legacy CI devices and act as a trusted ADS sensor for failed access attempts as well as a mechanism for providing authentication and integrity to sensor's collected data. In the paper, we analyze the HST architecture and approach and we describe how it can achieve a level of trust in the associated host device using an appropriate security protocol.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Anomaly Detection Trusted Hardware Sensors for Critical Infrastructure Legacy Devices

Fournaris

Dimopoulos

Λαμπρόπουλος

et al. 2020

Sensors

Self Cite

View full text Add to dashboard Cite

Critical infrastructures and associated real time Informational systems need some security protection mechanisms that will be able to detect and respond to possible attacks. For this reason, Anomaly Detection Systems (ADS), as part of a Security Information and Event Management (SIEM) system, are needed for constantly monitoring and identifying potential threats inside an Information Technology (IT) system. Typically, ADS collect information from various sources within a CI system using security sensors or agents and correlate that information so as to identify anomaly events. Such sensors though in a CI setting (factories, power plants, remote locations) may be placed in open areas and left unattended, thus becoming targets themselves of security attacks. They can be tampering and malicious manipulated so that they provide false data that may lead an ADS or SIEM system to falsely comprehend the CI current security status. In this paper, we describe existing approaches on security monitoring in critical infrastructures and focus on how to collect security sensor–agent information in a secure and trusted way. We then introduce the concept of hardware assisted security sensor information collection that improves the level of trust (by hardware means) and also increases the responsiveness of the sensor. Thus, we propose a Hardware Security Token (HST) that when connected to a CI host, it acts as a secure anchor for security agent information collection. We describe the HST functionality, its association with a host device, its expected role and its log monitoring mechanism. We also provide information on how security can be established between the host device and the HST. Then, we introduce and describe the necessary host components that need to be established in order to guarantee a high security level and correct HST functionality. We also provide a realization–implementation of the HST overall concept in a FPGA SoC evaluation board and describe how the HST implementation can be controlled. In addition, in the paper, two case studies where the HST has been used in practice and its functionality have been validated (one case study on a real critical infrastructure test site and another where a critical industrial infrastructure was emulated in our lab) are described. Finally, results taken from these two case studies are presented, showing actual measurements for the in-field HST usage.

show abstract

Section: Critical Infrastructure Security Monitoring System Anomaly Detection Sensorsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Anomaly Detection Trusted Hardware Sensors for Critical Infrastructure Legacy Devices

Fournaris

Dimopoulos

Λαμπρόπουλος

et al. 2020

Sensors

Self Cite

View full text Add to dashboard Cite

show abstract

“…In [41] a method for authentication of smart sensor with a router which has associated a TPM is presented, in order to provide a solution for machine-to-machine communication in an IoT Environment. Literature is also approaching the enhancement of the SCADA and automation system by using the TPM in order to ensure hardware security along with the software security, an action necessary due to the evolution of the systems towards Industry 4.0 [42,43].…”

Section: Related Workmentioning

confidence: 99%

Cryptographic Considerations for Automation and SCADA Systems Using Trusted Platform Modules

Tidrea

Korodi

Silea

2019

Sensors

View full text Add to dashboard Cite

The increased number of cyber threats against the Supervisory Control and Data Acquisition (SCADA) and automation systems in the Industrial-Internet-of-Things (IIoT) and Industry 4.0 era has raised concerns in respect to the importance of securing critical infrastructures and manufacturing plants. The evolution towards interconnection and interoperability has expanded the vulnerabilities of these systems, especially in the context of the widely spread legacy standard protocols, by exposing the data to the outside network. After gaining access to the system data by launching a variety of attacks, an intruder can cause severe damage to the industrial process in place. Hence, this paper attempts to respond to the security issue caused by legacy structures using insecure communication protocols (e.g., Modbus TCP, DNP3, S7), presenting a different perspective focused on the capabilities of a trusted platform module (TPM). Furthermore, the intent is to assure the authenticity of the data transmitted between two entities on the same (horizontal interoperation) or different (vertical interoperation) hierarchical levels communicating through Modbus TCP protocol based on functionalities obtained by integrating trusted platform modules. From the experimental results perspective, the paper aims to show the advantages of integrating TPMs in automation/SCADA systems in terms of security. Two methods are proposed in order to assure the authenticity of the messages which are transmitted, respectively the study presents the measurements related to the increased time latency introduced due to the proposed concept.

show abstract

“…The overall concept adopted in the TCG solution, and expanded, differentiated in more processor-oriented approaches is to achieve a level of isolation on the security critical operations on the smart sensor/actuator end node. Following the above directives, as described in [11], there are two approaches that may be introduced to a smart city end node to achieve trust. The first technology to be used is related to a lightweight version of TCG's TPM specification like the Device Identifier Composition Engine (DICE) proposal, which is ideal for Low energy and Low resources devices without a TPM (most commercial embedded systems do not yet have a TPM chip).…”

Section: Introducing Trust To Smart City End Nodesmentioning

confidence: 99%

End Node Security and Trust vulnerabilities in the Smart City Infrastructure

2018

Self Cite

View full text Add to dashboard Cite

As cities gradually introduce intelligence in their core services and infrastructure thus becoming “smart cities”, they are deploying new Information Technology devices in the urban grid that are interconnected to a broad network. The main focus of widely implemented smart cities' services was the operation of sensors and smart devices across city areas that need low energy consumption and high connectivity. However, as 5G technologies are gradually been adopted in the smart city infrastructure thus solving that problem, the fundamental issue of addressing security becomes dominant. While latest network topologies and standards include security functions thus giving an illusion of security, there is little focus on the fact that many smart city end nodes cannot realize all security specifications without additional help. In this paper, we discuss briefly smart city security issues and focus on problem and security requirement that need to be address in the smart city end nodes, the sensors and actuators deployed within the city's grid. In this paper, attacks that cannot be thwarted by traditional cybersecurity solutions are discussed and countermeasures based on hardware are suggested in order to achieve a high level of trust. Also, the danger of microarchitectural and side channel attacks on these devices is highlighted and protection approaches are discussed.

show abstract

Trusted hardware sensors for anomaly detection in critical infrastructure systems

Cited by 6 publications

References 8 publications

Anomaly Detection Trusted Hardware Sensors for Critical Infrastructure Legacy Devices

Anomaly Detection Trusted Hardware Sensors for Critical Infrastructure Legacy Devices

Cryptographic Considerations for Automation and SCADA Systems Using Trusted Platform Modules

End Node Security and Trust vulnerabilities in the Smart City Infrastructure

Contact Info

Product

Resources

About