Securing Cyber-Physical Systems Securing Cyber-Physical Systems Edited by Al-Sakib Khan Pathan MATLAB® and Simulink® are trademarks of The MathWorks, Inc. and are used with permission. The MathWorks does not warrant the accuracy of the text or exercises in this book. This book’s use or discussion of MATLAB® and Simulink® software or related products does not constitute endorsement or sponsorship by The MathWorks of a particular peda- gogical approach or particular use of the MATLAB® and Simulink® software. CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2016 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Version Date: 20150805 International Standard Book Number-13: 978-1-4987-0099-3 (eBook - PDF) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the valid- ity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or uti- lized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopy- ing, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright.com (http:// www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com Dedicated to my beloved daughter, Rumaysa. Contents Preface .......................................................................................................................................ix Acknowledgment.......................................................................................................................xi Editor ......................................................................................................................................xiii Contributors .............................................................................................................................xv 1 Securing Power Systems ...............................................................................................1 MARTIN SAINT, JUAN HOYOS, AND TIMOTHY X. BROWN 2 ICT Modeling for Cosimulation of Integrated Cyberpower Systems .........................27 ALEXANDRU STEFANOV, CHEN-CHING LIU, AND KITHSIRI LIYANAGE 3 Moving Target Defense Mechanisms in Cyber-Physical Systems ...............................63 SHIH-WEI FANG, ANTHONY PORTANTE, AND MOHAMMAD IFTEKHAR HUSAIN 4 Ontological Framework–Assisted Embedded System Design with Security Consideration in a Cyber-Physical Power System Environment ................................91 BO XING 5 WSNProtectLayer: Security Middleware for Wireless Sensor Networks .................119 VASHEK MATYÁŠ, PETR ŠVENDA, ANDRIY STETSKO, DUŠAN KLINEC, FILIP JURNEČKA, AND MARTIN STEHLÍK 6 Securing Transportation Cyber-Physical Systems ....................................................163 NNANNA EKEDEBE, HOUBING SONG, WEI YU, CHAO LU, AND YAN WAN 7 Securing the Future Autonomous Vehicle: A Cyber-Physical Systems Approach .....197 MARIO GERLA AND PETER REIHER 8 A Study of Security Issues, Vulnerabilities, and Challenges in the Internet of Things .....221 KASHIF LAEEQ AND JAWWAD A. SHAMSI 9 Security and Privacy in the IPv6-Connected Internet of Things .............................241 SHAHID RAZA, CHAMATH KEPPITIYAGAMA, AND THIEMO VOIGT 10 Security Issues and Approaches in M2M Communications .....................................259 YUE QIU AND MAODE MA 11 Securing Embedded Systems: Cyberattacks, Countermeasures, and Challenges.................................................................................................279 MOHAMED AMINE FERRAG, NASSIRA CHEKKAI, AND MEHDI NAFA vii viii ◾ Contents 12 Using Software-Defined Networking to Mitigate Cyberattacks in Industrial Control Systems .......................................................................................305 BÉLA GENGE, HUNOR SÁNDOR, PIROSKA HALLER, ADELA BEREȘ, AND ISTVÁN KISS 13 Tackling Cross-Site Scripting (XSS) Attacks in Cyberspace ....................................331 AL-SAKIB KHAN PATHAN AND IMRAN YUSOF 14 Trojan-Resilient Circuits ..........................................................................................349 JEAN-PIERRE SEIFERT AND CHRISTOPH BAYER 15 Intrusion Detection, Prevention, and Response System (IDPRS) for Cyber- Physical Systems (CPSs) ...........................................................................................371 JIANGUO DING 16 Security-Integrated Quality-of-Service Paradigm for Cyber-Physical Systems ........393 ZUBAIR MD. FADLULLAH Index ................................................................................................................................409 Preface Cyber-physical system (CPS) is a relatively new term, coined in the field of interconnected devices and networks that enhances the notion of cyberspace. It offers a kind of cyberspace based on several interconnected physical devices, each of which is run by sophisticated embedded systems and software. Checking the history, we find that the initial promoters of this idea had a strong background in software engineering technologies for embedded software, working on stand-alone systems. Hence, from their perspective, they focused on a single embedded system. When the idea of CPS was being developed, it considered how to make it possible for multiple embedded control systems to interact among themselves through communications and physical environments (e.g., from one’s actuators to another one’s sen- sors). Apart from this, many other networking and software development issues were raised, such as how to model, design, implement, and test software, how to consider and reflect uncertainty and heterogene- ity due to the integration within the development phase, how to provide reliability and dependability on such systems, how to maintain such systems, and so on. Recently, security topics in CPS have emerged. The question, however, is whether a CPS’s structure changes the security requirements of those present in the areas of the Internet of Things (IoT), machine to machine (M2M), and similar communications. With multiple definitions of CPS today, the security issue is still an open field and many link CPS secu- rity with their own field of research—some from a programming or software engineering point of view, some from a middleware/operating system (OS) point of view, and some with IoT, M2M, or similar technologies. In fact, the security techniques in other fields would also help CPS security. The term is indeed attractive, but the core of the technology is similar to that of other security technologies. General works on IoT, for instance, would also be relevant to such an interconnected system. This book aims to address these issues covering different mechanisms related to CPS security. A total of 16 chapters have been included in this book. As expected, the authors have addressed different aspects of CPS, often with slightly different definitions. Most of the chapters were selected based on a rigorous review, while some were invited from the experts in the field. All these chapters are arranged within three parts in the book. Though each part does not address a common topic within (or related to) CPS, the sequence is such that readers should find it easy to understand the contents of the later chapters. The concept and various facets of CPS are still being developed. Hence, this attempt to com- pile works specifically focused on the security issues of CPS has been difficult to accomplish. With multiple different meanings of the same term, the book still binds all the chapters with a single thread, which is supposed to be beneficial for the readers. The overall content may help researchers in finding future direction and scope for their research as well. With best wishes, Al-Sakib Khan Pathan International Islamic University Malaysia ix x ◾ Preface MATLAB® is a registered trademark of The MathWorks, Inc. For product information, please contact: The MathWorks, Inc. 3 Apple Hill Drive Natick, MA 01760-2098 USA Tel: 508 647 7000 Fax: 508-647-7001 E-mail: [email protected] Web: www.mathworks.com