Journal of Information Processing Systems

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

A Survey on Cyber Physical System Security for IoT: Issues, Challenges, Threats, Solutions

  • Kim, Nam Yong (Dept. of Computer Science and Engineering, Seoul National University of Science and Technology (SeoulTech)) ;
  • Rathore, Shailendra (Dept. of Computer Science and Engineering, Seoul National University of Science and Technology (SeoulTech)) ;
  • Ryu, Jung Hyun (Dept. of Computer Science and Engineering, Seoul National University of Science and Technology (SeoulTech)) ;
  • Park, Jin Ho (Dept. of Computer Science, School of Software, Soongsil University) ;
  • Park, Jong Hyuk (Dept. of Computer Science and Engineering, Seoul National University of Science and Technology (SeoulTech))
  • Received : 2018.09.03
  • Accepted : 2018.10.30
  • Published : 2018.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, Cyber Physical System (CPS) is one of the core technologies for realizing Internet of Things (IoT). The CPS is a new paradigm that seeks to converge the physical and cyber worlds in which we live. However, the CPS suffers from certain CPS issues that could directly threaten our lives, while the CPS environment, including its various layers, is related to on-the-spot threats, making it necessary to study CPS security. Therefore, a survey-based in-depth understanding of the vulnerabilities, threats, and attacks is required of CPS security and privacy for IoT. In this paper, we analyze security issues, threats, and solutions for IoT-CPS, and evaluate the existing researches. The CPS raises a number challenges through current security markets and security issues. The study also addresses the CPS vulnerabilities and attacks and derives challenges. Finally, we recommend solutions for each system of CPS security threats, and discuss ways of resolving potential future issues.

Keywords

E1JBB0_2018_v14n6_1361_f0001.png 이미지

Fig. 1. The fundamental concept of CPS.

E1JBB0_2018_v14n6_1361_f0002.png 이미지

Fig. 2. Global market damage and security solution spending of CPS. (a) Ponemon Institute data breaches and (b) Gartner information security solutions.

E1JBB0_2018_v14n6_1361_f0003.png 이미지

Fig. 3. Classification of CPS security threats.

E1JBB0_2018_v14n6_1361_f0004.png 이미지

Fig. 4. Security and privacy solutions for CPS.

Table 1. Contribution of our study related with existing surveys

E1JBB0_2018_v14n6_1361_t0001.png 이미지

Table 2. Summary of CPS security solutions, description, and related studies

E1JBB0_2018_v14n6_1361_t0002.png 이미지

Table 3. The list of latest CPS security projects

E1JBB0_2018_v14n6_1361_t0003.png 이미지

Table 4. CPS security threats and their corresponding solutions

E1JBB0_2018_v14n6_1361_t0004.png 이미지

Table 2. (Continued)

E1JBB0_2018_v14n6_1361_t0005.png 이미지

References

  1. Y. Ashibani and Q. H. Mahmoud, "Cyber physical systems security: analysis, challenges and solutions," Computers & Security, vol. 68, pp. 81-97, 2017. https://doi.org/10.1016/j.cose.2017.04.005
  2. J. S. Kumar and D. R. Patel, "A survey on internet of things: Security and privacy issues," International Journal of Computer Applications, vol. 90, no. 11, pp. 20-26, 2014. https://doi.org/10.5120/15764-4454
  3. R. Mahmoud, T. Yousuf, F. Aloul, and I. Zualkernan, "Internet of Things (IoT) security: current status, challenges and prospective measures," in Proceedings of 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), London, UK, 2015, pp. 336-341.
  4. T. Lu, J. Lin, L. Zhao, Y. Li, and Y. Peng, "A security architecture in cyber‐physical systems: security theories, analysis, simulation and application fields," International Journal of Security and Its Applications, vol. 9, no. 7, pp. 1-16, 2015. https://doi.org/10.14257/ijsia.2015.9.7.01
  5. R. Khan, S. U. Khan, R. Zaheer, and S. Khan, "Future internet: the internet of things architecture, possible applications and key challenges," in Proceedings of 2012 10th International Conference on Frontiers of Information Technology (FIT), Islamabad, India, 2012, pp. 257-260.
  6. R. Rajkumar, I. Lee, L. Sha, and J. Stankovic, "Cyber-physical systems: the next computing revolution," in Proceedings of 2010 47th ACM/IEEE Design Automation Conference (DAC), Anaheim, CA, 2010, pp. 731-736.
  7. Y. Peng, T. Lu, J. Liu, Y. Gao, X. Guo, and F. Xie, "Cyber-physical system risk assessment," in Proceedings of 2013 9th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, Beijing, China, 2013, pp. 442-447.
  8. B. Zhang, X. X. Ma, and Z. G. Qin, "Security architecture on the trusting internet of things," Journal of Electronic Science and Technology, vol. 9, no. 4, pp. 364-367, 2011.
  9. L. Wang, M. Torngren, and M. Onori, "Current status and advancement of cyber-physical systems in manufacturing," Journal of Manufacturing Systems, vol. 37, pp. 517-527, 2015. https://doi.org/10.1016/j.jmsy.2015.04.008
  10. E. R. Griffor, C. Greer, D. A. Wollman, and M. J. Burns, "Framework for cyber-physical systems: Volume 1, overview," National Institute of Standards and Technology, Gaithersburg, MD, Report No. 1500-201, 2017.
  11. E. K. Wang, Y. Ye, X. Xu, S. M. Yiu, L. C. K. Hui, and K. P. Chow, "Security issues and challenges for cyber physical system," in Proceedings of 2010 IEEE/ACM International Conference on Green Computing (GreenCom) and Communications & International Conference on Cyber, Physical and Social Computing (CPSCom), Hangzhou, China, 2010, pp. 733-738.
  12. J. Shi, J. Wan, H. Yan, and H. Suo, "A survey of cyber-physical systems," in Proceedings of 2011 International Conference on Wireless Communications and Signal Processing (WCSP), Nanjing, China, 2011, pp. 1-6.
  13. P. Maheshwari, "Security issues of cyber physical system: a review," International Journal of Computer Applications, pp. 7-11, 2016.
  14. Ponemon Institute, "2017 cost of data breach study: global overview," 2017 [Online]. Available: https://info.resilientsystems.com/hubfs/IBM_Resilient_Branded_Content/White_Papers/2017_Global_CODB_Report_Final.pdf.
  15. Gartner, "Gartner says worldwide information security spending will grow 7 percent to reach $86.4 billion in 2017," 2017 [Online]. Available: https://www.gartner.com/newsroom/id/3784965.
  16. C. Konstantinou, M. Maniatakos, F. Saqib, S. Hu, J. Plusquellic, and Y. Jin, "Cyber-physical systems: a security perspective," in Proceedings of 2015 20th IEEE European Test Symposium (ETS), Cluj-Napoca, Romania, 2015, pp. 1-8.
  17. J. Al-Jaroodi, N. Mohamed, I. Jawhar, and S. Lazarova-Molnar, "Software engineering issues for cyberphysical systems," in Proceedings of 2016 IEEE International Conference on Smart Computing (SMARTCOMP), St. Louis, MO, 2016, pp. 1-6.
  18. A. A. Cardenas, S. Amin, and S. Sastry, "Secure control: towards survivable cyber-physical systems," in Proceedings of 28th International Conference on Distributed Computing Systems Workshops, Beijing, China, 2008, pp. 495-500.
  19. J. Lee, B. Bagheri, and H. A. Kao, "A cyber-physical systems architecture for industry 4.0-based manufacturing systems," Manufacturing Letters, vol. 3, pp. 18-23, 2015. https://doi.org/10.1016/j.mfglet.2014.12.001
  20. E. A. Lee and S. A. Seshia, Introduction to Embedded Systems: A Cyber-Physical Systems Approach. Cambridge, MA: MIT Press, 2016.
  21. A. Burg, A. Chattopadhyay, and K. Y. Lam, "Wireless communication and security issues for cyber-physical systems and the Internet-of-Things," Proceedings of the IEEE, vol. 106, no. 1, pp. 38-60, 2016. https://doi.org/10.1109/JPROC.2017.2780172
  22. E. Molina and E. Jacob, "Software-defined networking in cyber-physical systems: a survey," Computers & Electrical Engineering, vol. 66, pp. 407-419, 2018. https://doi.org/10.1016/j.compeleceng.2017.05.013
  23. A. L. Buczak and E. Guven, "A survey of data mining and machine learning methods for cyber security intrusion detection," IEEE Communications Surveys & Tutorials, vol. 18, no. 2, pp. 1153-1176, 2016. https://doi.org/10.1109/COMST.2015.2494502
  24. K. Sampigethaya and R. Poovendran, "Cyber-physical system framework for future aircraft and air traffic control," in Proceedings of 2012 IEEE Aerospace Conference, Big Sky, MT, 2012, pp. 1-9.
  25. G. Denker, N. Dutt, S. Mehrotra, M. O. Stehr, C. Talcott, and N. Venkatasubramanian, "Resilient dependable cyber-physical systems: a middleware perspective," Journal of Internet Services and Applications, vol. 3, no. 1, pp. 41-49, 2012. https://doi.org/10.1007/s13174-011-0057-4
  26. S. Sridhar, A. Hahn, and M. Govindarasu, "Cyber-physical system security for the electric power grid," Proceedings of the IEEE, vol. 100, no. 1, pp. 210-224, 2012. https://doi.org/10.1109/JPROC.2011.2165269
  27. Q. Shafi, "Cyber physical systems security: a brief survey," in Proceedings of 2012 12th International Conference on Computational Science and Its Applications (ICCSA), Salvador, Brazil, 2012, pp. 146-150.
  28. W. He, J. Breier, S. Bhasin, and A. Chattopadhyay, "Bypassing parity protected cryptography using laser fault injection in cyber-physical system," in Proceedings of the 2nd ACM International Workshop on Cyber- Physical System Security, Xian, China, 2016, pp. 15-21.
  29. P. Kocher, J. Jaffe, B. Jun, and P. Rohatgi, "Introduction to differential power analysis," Journal of Cryptographic Engineering, vol. 1, no. 1, pp. 5-27, 2011. https://doi.org/10.1007/s13389-011-0006-y
  30. F. Khelil, M. Hamdi, S. Guilley, J. L. Danger, and N. Selmane, "Fault analysis attack on an FPGA AES implementation," in Proceedings of 2008 New Technologies, Mobility and Security, Tangier, Morocco, 2008, pp. 1-5.
  31. M. Tehranipoor and F. Koushanfar, "A survey of hardware Trojan taxonomy and detection," IEEE Design & Test of Computers, vol. 27, no. 1, pp. 10-20, 2010.
  32. K. Zhao and L. Ge, "A survey on the internet of things security," in Proceedings of 2013 9th International Conference on Computational Intelligence and Security (CIS), Leshan, China, 2013, pp. 663-667.
  33. R. Bhattacharya, "A comparative study of physical attacks on wireless sensor networks," International Journal of Research in Engineering and Technology, vol. 2, no. 1, pp. 72-74, 2013. https://doi.org/10.15623/ijret.2013.0201014
  34. Y. Kim, V. Kolesnikov, and M. Thottan, "Resilient end-to-end message protection for cyber-physical system communications," IEEE Transactions on Smart Grid, vol. 9, no. 4, pp. 2478-2487, 2018. https://doi.org/10.1109/TSG.2016.2613545
  35. M. Wazid, A. K. Das, S. Kumari, and M. K. Khan, "Design of sinkhole node detection mechanism for hierarchical wireless sensor networks," Security and Communication Networks, vol. 9, no. 17, pp. 4596-4614, 2016. https://doi.org/10.1002/sec.1652
  36. G. Gupta, "Frequency based detection algorithm of wormhole attack in WSNs," International Journal of Advanced Research in Computer Engineering & Technology, vol. 4, no. 7, pp. 3057-3060, 2015.
  37. A. A. Pirzada and C. McDonald, "Circumventing sinkholes and wormholes in wireless sensor networks," in Proceedings of International Workshop on Wireless Ad-hoc Networks, London, UK, 2005.
  38. H. Suo, J. Wan, C. Zou, and J. Liu, "Security in the Internet of Things: a review," in Proceedings of 2012 International Conference on Computer Science and Electronics Engineering (ICCSEE), Hangzhou, China, 2012, pp. 648-651.
  39. B. Zhu, A. Joseph, and S. Sastry, "A taxonomy of cyber attacks on SCADA systems," in Proceedings of 2011 IEEE International Conferences on Internet of Things, and Cyber, Physical and Social Computing, Dalian, China, 2011, pp. 380-388.
  40. M. Yampolskiy, P. Horvath, X. D. Koutsoukos, Y. Xue, and J. Sztipanovits, "A language for describing attacks on cyber-physical systems," International Journal of Critical Infrastructure Protection, vol. 8, pp. 40- 52, 2015. https://doi.org/10.1016/j.ijcip.2014.09.003
  41. Y. Jin and D. Oliveira, "Trustworthy SoC architecture with on-demand security policies and HW-SW cooperation," in Proceedings of the 5th Workshop on SoCs, Heterogeneous Architectures and Workloads (SHAW-5), Orlando, FL, 2015.
  42. D. Oliveira, N. Wetzel, M. Bucci, J. Navarro, D. Sullivan, and Y. Jin, "Hardware-software collaboration for secure coexistence with kernel extensions," ACM SIGAPP Applied Computing Review, vol. 14, no. 3, pp. 22- 35, 2014. https://doi.org/10.1145/2670967.2670969
  43. O. Al Ibrahim and S. Nair, "Cyber-physical security using system-level PUFs," in Proceedings of 2011 7th International Wireless Communications and Mobile Computing Conference (IWCMC), Istanbul, Turkey, 2011, pp. 1672-1676.
  44. L. Vegh and L. Miclea, "Secure and efficient communication in cyber-physical systems through cryptography and complex event processing," in Proceedings of 2016 International Conference on Communications (COMM), Bucharest, Romania, 2016, pp. 273-276.
  45. P. Kathiravelu and L. Veiga, "SD-CPS: taming the challenges of cyber-physical systems with a softwaredefined approach," 2017 [Online]. Available: https://arxiv.org/abs/1701.01676.
  46. A. A. Cardenas, S. Amin, Z. S. Lin, Y. L. Huang, C. Y. Huang, and S. Sastry, "Attacks against process control systems: risk assessment, detection, and response," in Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, Hong Kong, China, 2011, pp. 355-366.
  47. B. B. Sanchez, R. Alcarria, D. S. De Rivera, and A. Sanchez-Picot, "Predictive algorithms for mobility and device lifecycle management in Cyber-Physical Systems," EURASIP Journal on Wireless Communications and Networking, vol. 2016, article no. 228, 2016.
  48. S. Rathore, P. K. Sharma, V. Loia, Y. S. Jeong, and J. H. Park, "Social network security: issues, challenges, threats, and solutions," Information Sciences, vol. 421, pp. 43-69, 2017. https://doi.org/10.1016/j.ins.2017.08.063
  49. W. Xu, F. Zhang, and S. Zhu, "Toward worm detection in online social networks," in Proceedings of the 26th Annual Computer Security Applications Conference, Austin, TX, 2010, pp. 11-20.
  50. S. Rathore, P. K. Sharma, and J. H. Park, "XSSClassifier: an efficient XSS attack detection approach based on machine learning classifier on SNSs," Journal of Information Processing Systems, vol. 13, no. 4, pp. 1014-1028, 2017. https://doi.org/10.3745/JIPS.03.0079
  51. A. Khalid, P. Kirisci, Z. Ghrairi, K. D. Thoben, and J. Pannek, "A methodology to develop collaborative robotic cyber physical systems for production environments," Logistics Research, vol. 9, article no. 23, 2016.
  52. N. Y. Kim, J. H. Ryu, B. W. Kwon, Y. Pan, and J. H. Park, "CF-CloudOrch: container fog node-based cloud orchestration for IoT networks," The Journal of Supercomputing, vol. 74, no. 12, pp. 7024-7045, 2018. https://doi.org/10.1007/s11227-018-2493-4
  53. P. K. Sharma, S. Rathore, and J. H. Park, "DistArch-SCNet: blockchain-based distributed architecture with Li-Fi communication for a scalable smart city network," IEEE Consumer Electronics Magazine, vol. 7, no. 4, pp. 55-64, 2018.
  54. P. K. Sharma, S. Singh, Y. S. Jeong, and J. H. Park, "DistBlockNet: a distributed blockchains-based secure SDN architecture for IoT networks," IEEE Communications Magazine, vol. 55, no. 9, pp. 78-85, 2017. https://doi.org/10.1109/MCOM.2017.1700041
  55. B. Li, R. Lu, W. Wang, and K. K. R. Choo, "Distributed host-based collaborative detection for false data injection attacks in smart grid cyber-physical system," Journal of Parallel and Distributed Computing, vol. 103, pp. 32-41, 2017. https://doi.org/10.1016/j.jpdc.2016.12.012
  56. Y. Zhang, M. Qiu, C. W. Tsai, M. M. Hassan, and A. Alamri, "Health-CPS: healthcare cyber-physical system assisted by cloud and big data," IEEE Systems Journal, vol. 11, no. 1, pp. 88-95, 2017. https://doi.org/10.1109/JSYST.2015.2460747
  57. Y. Eun, K. J. Park, M. Won, T. Park, and S. H. Son, "Recent trends in cyber-physical systems research," Communications of the Korean Institute of Information Scientists and Engineers, vol. 31, no. 12, pp. 8-15, 2013.
  58. D. Wang, "CRII: CPS: towards reliable cyber-physical systems using unreliable human sensors," 2017 [Online]. Available: https://cps-vo.org/award/1566465.
  59. S. Sundaram, "CAREER: towards secure large-scale networked systems: resilient distributed algorithms for coordination in networks under cyber attacks," 2017 [Online]. Available: https://cps-vo.org/award/1653648.
  60. W. Zhang, "CAREER: hierarchical control for large-scale cyber-physical systems," 2016 [Online]. Available: https://cps-vo.org/award/1552838.
  61. Community Research and Development Information Service of the European Commission, "European network of competencies and platforms for enabling SME from any sector building innovative CPS products to sustain demand for European manufacturing," [Online]. Available: https://cordis.europa.eu/ project/rcn/194150_en.html.
  62. Community Research and Development Information Service of the European Commission, "MODESEC (Model-based Design of Secure Cyber-Physical Systems)," [Online]. Available: https://cordis.europa.eu/result/rcn/195574_en.html.
  63. Community Research and Development Information Service of the European Commission, "CPSwarm," [Online]. Available: https://cordis.europa.eu/project/rcn/206005_en.html.
  64. P. K. Sharma, S. Y. Moon, and J. H. Park, "Block-VN: a distributed blockchain based vehicular network architecture in smart city," Journal of Information Processing Systems, vol. 13, no. 1, pp. 184-195, 2017. https://doi.org/10.3745/JIPS.03.0065
  65. Y. Sung, P. K. Sharma, E. M. Lopez, and J. H. Park, "FS-OpenSecurity: a taxonomic modeling of security threats in SDN for future sustainable computing," Sustainability, vol. 8, article no. 919, 2016.
  66. N. Y. Kim, K. Y. Park, and J. H. Park, "DOTP-AaaS: dynamic one time password matching-based authentication as a service," in Advances in Computer Science and Ubiquitous Computing. Singapore: Springer, 2017, pp. 962-966.