Cyber Stealth Attacks in Critical Information Infrastructures

Cazorla, Lorena; Alcaraz, Cristina; López, Javier

doi:10.1109/jsyst.2015.2487684

Cited by 47 publications

(24 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Since ICSs opened their systems to adapt the new ICTs, multiple and potential attacks have not stopped appearing [7,8,9]. A simple way to address these of attacks is by means of covert channels, through which attackers might exfiltrate data and/or remotely execute commands in order to falsify or modify critical states or variables.…”

Section: Discussionmentioning

confidence: 99%

“…Many of these challenges generally come from typical vulnerabilities of the cyber domains (e.g., accessible critical ports and services, irregular access control, lacks of isolation measures or uncontrolled network sections, lacks of auditing and accountability, irregularity in the governance processes, incompatibilities) [4], and they need to be properly managed 24/7 through security controls as specified by standards (e.g., the NISTIR 8183 [5]) or specific cybersecurity frameworks (e.g., [6]). Clear examples (Stuxnet, TRISIS, Flame, Night Dragon, BlackEnergy or Ex-Petr, Duqu [7,8,9]) have already shown the weak nature of the current ICSs to detect furtiveness attacks [9]. This paper envisages how OT networks may be compromised through specific IT techniques based on covert channels.…”

Section: Introductionmentioning

confidence: 96%

See 1 more Smart Citation

Covert Channels-Based Stealth Attacks in Industry 4.0

Alcaraz

Bernieri

Pascucci

et al. 2019

IEEE Systems Journal

Self Cite

View full text Add to dashboard Cite

Industry 4.0 advent opens several cyber-threats scenarios originally designed for classic information technology, drawing the attention to serious risks for the modern industrial control networks. To cope with this problem, in this paper we address the security issues related to covert channels applied to industrial networks, identifying the new vulnerability points when information technologies converge with operational technologies such as edge computing infrastructures. Specifically, we define two signaling strategies where we exploit the Modbus/TCP protocol as target to set up a covert channel. Once the threat channel is established, passive and active offensive methodologies are further exploited by implementing and testing them on a real Industrial Internet of Things testbed. The experimental results highlight the potential damage of such specific threats and the easy extrapolation of the attacks to other types of channels in order to show the new risks for the Industry 4.0. Related to this, we discuss some countermeasures offering an overview of possible mitigation and defensive measures.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 96%

Covert Channels-Based Stealth Attacks in Industry 4.0

Alcaraz

Bernieri

Pascucci

et al. 2019

IEEE Systems Journal

Self Cite

View full text Add to dashboard Cite

show abstract

“…Dependability and survivability: The possibility of managing risks from a proactive and reactive perspective, allows the system to detect anomalies and response accordingly, ensuring availability of resources at all time and reliability of their services. Many of the anomalies come from the malfunctions or unsuitable configurations of systems or networks, or deficiencies in the coexistence of multiple systems [8], which may consequently bring about numerous security problems [15,50]. Moreover, this manner of offering automatic fault detection also adds a significant reduction of maintenance costs and benefits the future Industry 4.0 services allocated in the cloud, such as predictive maintenance and the optimization of operational services and equipment.…”

Section: Suitability Of the Architecture For Industry 40 Scenariosmentioning

confidence: 99%

Secure Interconnection of IT-OT Networks in Industry 4.0

Alcaraz

2019

Advanced Sciences and Technologies for Security Applications

Self Cite

View full text Add to dashboard Cite

Increasingly, the society is witnessing how today's industry is adapting the new technologies and communication protocols to offer more optimal and reliable services to end-users, with support for inter-domain communication belonging to diverse critical infrastructures. As a consequence of this technological revolution, interconnection mechanisms are required to offer transparency in the connections and protection in the different application domains, without this implying a significant degradation of the control requirements. Therefore, this book chapter presents a reference architecture for the new Industry 4.0 where the interconnection core is mainly concentrated in the Policy Decision Points (PDP), which can be deployed in high volume data processing and storage technologies such as cloud and fog servers. Each PDP authorizes actions in the field/plant according to a set of factors (entities, context and risks) computed through the existing access control measures, such as RBAC+ABAC+Risk-BAC (Role/Attribute/Risk-Based Access Control, respectively), to establish coordinated and constrained accesses in extreme situations. Part of these actions also includes proactive risk assessment measures to respond to anomalies or intrusive threats in time.

show abstract

“…Several studies have been performed for assessing the security or mitigating the effects of an attack in a IoT-based CPS. In particular, secure control theory is used to estimate the impact of cyber threats on the physical plant [9]. Given the complexity of the problem, the methods proposed in literature are usually dedicated to counteract attacks that can be roughly classified in two groups: DoS and deception-based attacks.…”

Section: Related Workmentioning

confidence: 99%

Detecting Integrity Attacks in IoT-based Cyber Physical Systems: a Case Study on Hydra Testbed

Battisti

Bernieri

Carli

et al. 2018

2018 Global Internet of Things Summit (GIoTS)

View full text Add to dashboard Cite

The Internet of Things paradigm improves the classical information sharing scheme. However, it has increased the need for granting the security of the connected systems. In the industrial field, the problem becomes more complex due to the need of protecting a large attack surface while granting the availability of the system and the real time response to the presence of threats. In this contribution, we deal with the injection of tampered data into the communication channel to affect the physical system. The proposed approach relies on designing a secure control system by coding the output matrices according to a secret pattern. This pattern is created by using the Fibonacci p-sequences, numeric sequence depending on a key. The proposed method is validated on the Hydra testbed, emulating the industrial control network of a water distribution system.

show abstract

Cyber Stealth Attacks in Critical Information Infrastructures

Cited by 47 publications

References 28 publications

Covert Channels-Based Stealth Attacks in Industry 4.0

Covert Channels-Based Stealth Attacks in Industry 4.0

Secure Interconnection of IT-OT Networks in Industry 4.0

Detecting Integrity Attacks in IoT-based Cyber Physical Systems: a Case Study on Hydra Testbed

Contact Info

Product

Resources

About