ebook img

Security-Aware Design for Cyber-Physical Systems: A Platform-Based Approach PDF

106 Pages·2017·4.099 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Security-Aware Design for Cyber-Physical Systems: A Platform-Based Approach

Chung-Wei Lin Alberto Sangiovanni-Vincentelli Security-Aware Design for Cyber-Physical Systems A Platform-Based Approach Security-Aware Design for Cyber-Physical Systems Chung-Wei Lin Alberto Sangiovanni-Vincentelli (cid:129) Security-Aware Design for Cyber-Physical Systems A Platform-Based Approach 123 Chung-Wei Lin AlbertoSangiovanni-Vincentelli University of California, Berkeley University of California, Berkeley Berkeley, CA Berkeley, CA USA USA ISBN978-3-319-51327-0 ISBN978-3-319-51328-7 (eBook) DOI 10.1007/978-3-319-51328-7 LibraryofCongressControlNumber:2016960716 ©SpringerInternationalPublishingAG2017 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpart of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission orinformationstorageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilar methodologynowknownorhereafterdeveloped. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publicationdoesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfrom therelevantprotectivelawsandregulationsandthereforefreeforgeneraluse. The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authorsortheeditorsgiveawarranty,expressorimplied,withrespecttothematerialcontainedhereinor foranyerrorsoromissionsthatmayhavebeenmade. Printedonacid-freepaper ThisSpringerimprintispublishedbySpringerNature TheregisteredcompanyisSpringerInternationalPublishingAG Theregisteredcompanyaddressis:Gewerbestrasse11,6330Cham,Switzerland Contents 1 Introduction... .... .... ..... .... .... .... .... .... ..... .... 1 2 Security Threats in Cyber-Physical Systems.. .... .... ..... .... 5 3 Security-Aware Design Methodology.... .... .... .... ..... .... 9 3.1 Security-Aware Mapping .. .... .... .... .... .... ..... .... 9 3.2 Security Mechanism Selection .. .... .... .... .... ..... .... 11 3.3 Architecture Selection..... .... .... .... .... .... ..... .... 12 3.4 Examples of Security-Aware Design . .... .... .... ..... .... 13 3.5 Summary . .... .... ..... .... .... .... .... .... ..... .... 15 4 Security Mechanisms for CAN Protocol . .... .... .... ..... .... 17 4.1 System Model and Attacker Model .. .... .... .... ..... .... 18 4.2 Security Mechanisms ..... .... .... .... .... .... ..... .... 21 4.2.1 Basic Authentication.... .... .... .... .... ..... .... 22 4.2.2 Advanced Mechanism... .... .... .... .... ..... .... 24 4.3 Counter Implementation... .... .... .... .... .... ..... .... 26 4.4 Counter Reset Mechanisms. .... .... .... .... .... ..... .... 28 4.4.1 Self-healing Reset Mechanism .... .... .... ..... .... 28 4.4.2 Network-Wide Reset Mechanisms.. .... .... ..... .... 29 4.5 Analysis .. .... .... ..... .... .... .... .... .... ..... .... 32 4.6 Summary . .... .... ..... .... .... .... .... .... ..... .... 34 5 Security-Aware Mapping for CAN-Based Systems. .... ..... .... 35 5.1 System Model and Formulation . .... .... .... .... ..... .... 36 5.1.1 System Model..... .... .... .... .... .... ..... .... 36 5.1.2 Security Constraints and Key Distribution.... ..... .... 37 5.1.3 Safety Constraints.. .... .... .... .... .... ..... .... 39 v vi Contents 5.2 Mapping Algorithm . ..... .... .... .... .... .... ..... .... 40 5.2.1 Constraints .. ..... .... .... .... .... .... ..... .... 41 5.2.2 Objective Function . .... .... .... .... .... ..... .... 47 5.2.3 MILP-Based Algorithm.. .... .... .... .... ..... .... 47 5.3 Extension . .... .... ..... .... .... .... .... .... ..... .... 49 5.3.1 Path-Based Security Constraints ... .... .... ..... .... 49 5.3.2 Objective Function . .... .... .... .... .... ..... .... 50 5.3.3 Algorithm ... ..... .... .... .... .... .... ..... .... 50 5.4 Experimental Results ..... .... .... .... .... .... ..... .... 52 5.4.1 Comparison with a Greedy Heuristic.... .... ..... .... 53 5.4.2 Comparison with Non-integrated Approaches. ..... .... 54 5.4.3 Extension ... ..... .... .... .... .... .... ..... .... 55 5.5 Summary . .... .... ..... .... .... .... .... .... ..... .... 56 6 Security-Aware Mapping for TDMA-Based Systems ... ..... .... 57 6.1 System Model and Formulation . .... .... .... .... ..... .... 58 6.2 Time-Delayed Release of Keys.. .... .... .... .... ..... .... 60 6.3 Mapping Algorithm . ..... .... .... .... .... .... ..... .... 62 6.3.1 Overview.... ..... .... .... .... .... .... ..... .... 62 6.3.2 Task Allocation and Priority Assignment .... ..... .... 63 6.3.3 Signal Mapping.... .... .... .... .... .... ..... .... 64 6.3.4 Network Scheduling .... .... .... .... .... ..... .... 64 6.3.5 Worst-Case Transmission Delay Analysis.... ..... .... 68 6.3.6 Interval Length Exploration... .... .... .... ..... .... 71 6.3.7 Network Scheduling Refinement... .... .... ..... .... 72 6.4 Experimental Results ..... .... .... .... .... .... ..... .... 72 6.5 Summary . .... .... ..... .... .... .... .... .... ..... .... 75 7 Security-Aware Design for V2V Communication .. .... ..... .... 77 7.1 Formulation and Formulation... .... .... .... .... ..... .... 78 7.2 Algorithm. .... .... ..... .... .... .... .... .... ..... .... 81 7.3 Experimental Results ..... .... .... .... .... .... ..... .... 83 7.4 Summary . .... .... ..... .... .... .... .... .... ..... .... 86 8 FSM-Based Security-Aware Design . .... .... .... .... ..... .... 87 9 Graph-Based Security-Aware Design.... .... .... .... ..... .... 91 9.1 Multiple Paths for Security. .... .... .... .... .... ..... .... 91 9.2 Network Partitioning for Security.... .... .... .... ..... .... 93 9.3 Summary . .... .... ..... .... .... .... .... .... ..... .... 95 10 Conclusions ... .... .... ..... .... .... .... .... .... ..... .... 97 References.... .... .... .... ..... .... .... .... .... .... ..... .... 99 Acronyms ADS-B Automatic Dependent Surveillance Broadcast BSM Basic Safety Message CAN Controller Area Network CAN-FD Controller Area Network with Flexible Data Rate CSMA/CA Carrier Sense Multiple Access with Collision Avoidance DoS Denial-of-Service DSRC Dedicated Short-Range Communications ECDSA Elliptic Curve Digital Signature Algorithm ECU Electronic Control Unit FSM Finite-State Machine HMAC Keyed-Hash Message Authentication Code ILP Integer Linear Programming IP ATN Internet-Protocol-Based Aeronautical Telecommunication Network MAC Message Authentication Code MILP Mixed Integer Linear Programming PUF Physical Unclonable Function RC Rate-Constrained SA Simulated Annealing TDMA Time Division Multiple Access TESLA Timed Efficient Stream Loss-Tolerant Authentication TT Time-Triggered V2I Vehicle-to-Infrastructure V2V Vehicle-to-Vehicle WAVE Wireless Access for Vehicular Environments WSU Wireless Safety Unit WSMP WAVE Short Message Protocol vii Chapter 1 Introduction Ascomputationaltechnologyadvances,moreandmoresystemsindailylifearecon- trolledorsupportedbyalgorithmsandcomputers.Themostrepresentativeevolution includes the fly-by-wire and the drive-by-wire of aircraft and automotive systems whicharenolongerpuremechanicalsystems.Thiskindofsystemscombiningcom- putationsandphysicalbehaviorsarecalledcyber-physical systems,where“cyber” represents the computational part, and “physical” represents the physical behav- ior.Besidesaircraftandautomotivesystems,othercommoncyber-physicalsystems includemedicaldevices,smartgrids,androbotics.Manyofthemaresafety-critical systems, and a fault may cause serious consequences or even endanger users in extremecircumstances. Besidesregularsystemfaults,cyber-securityattacksareevenmorecriticalasthey canalsotriggerdifferentkindsofsystemsfaults,andattackersaremalicioustofind outsecurityholesofsystems.Theymayaccesssecretinformation,controlsystem behavior,orparalyzesystems.Differenttypesofcyber-attackshavebeenidentified inautomotivesystems[6,13,25–27,39],aircraftsystems[5,46],globalpositioning systems [8, 58],medical devices [10, 29],and smart grids [24, 30].These attacks become even more threatening as systems are becoming more connected with the surrounding environment, infrastructures, and other systems as these connections providebreedinggroundsandaccesspointsforcyber-attacks. Securitymechanismscanbedesignedtoprotectagainstcyber-attacksandmeet securityrequirements,suchasintegrity,authenticity,confidentiality,oravailability. However, there are many challenges of applying security mechanisms to cyber- physicalsystems,suchasopenenvironments(e.g.,wirelesscommunication),limited resources(e.g.,networkbandwidth,computationalresource,andpower),stricttiming requirements,andlargenumberofdevices[10, 23, 24, 27, 46]. Thesechallengesabovemakeitverydifficultandsometimesimpossibletoadd securitymechanismsafterinitialdesignstageswithoutviolatingothersystemcon- straints.ThesystemdevelopmentprocessisusuallydescribedastheV-modelshown inFig.1.1[35].Ifsecurityisnotconsideredbeforedetaileddesignorimplementation, thechallengesaboveareverydifficulttoberesolved.Forexample,remainingnet- workbandwidthorcomputationalresourceisnotenoughforsecuritymechanisms, ©SpringerInternationalPublishingAG2017 1 C.-W.LinandA.Sangiovanni-Vincentelli,Security-AwareDesign forCyber-PhysicalSystems,DOI10.1007/978-3-319-51328-7_1 2 1 Introduction Fig.1.1 Thesystem developmentprocess[35] or timing requirements are too tight to add security mechanisms. It is therefore importanttodevelopasystematicapproachtoaddresssecurityatearlydesignstages togetherwithallotherdesignconstraints. Inthisbook,ageneralsecurity-awaredesignmethodologyisfirstintroducedto addresssecuritytogetherwithotherdesignconstraintsatthedesignstagesforcyber- physicalsystems.ThemethodologyisbasedonPlatform-BasedDesign[47],where afunctionalmodelandanarchitecturalplatformareinitiallycapturedseparatelyand then brought together through a mapping process. During mapping, the functional modelisimplementedonthearchitecturalplatform,andconstraintsandobjectives aresatisfiedandoptimized,respectively.Themethodologyisdifferentfromthetra- ditionalmappingprocessbecauseitnotonlymapsfunctionalmodelstoarchitectural platformsbutalsoexploressecuritymechanismselectionandarchitectureselection. Then,thebookfocusesonthesecurityissuesforautomotivesystemsastheyrep- resentmanyofthecommonchallengesincyber-physicalsystems,suchasresource constraintsandtimingrequirements.TheControllerAreaNetwork(CAN)protocol, which is a very representative asynchronous protocol and currently the most used in-vehiclecommunicationprotocol,isfirststudied,andasecuritymechanismispro- posedfortheCANprotocol.Basedonthesecuritymechanisms,securityisaddressed duringthemappingfromfunctionalmodelstoarchitecturalplatforms,andsecurity andsafetyconstraintsareconsideredinanintegratedformulation.Withaflexiblekey distributionscheme,thesecurity-awaremappingproblemisformulatedasaMixed IntegerLinearProgramming(MILP)problem. Besides the CAN protocol, a Time Division Multiple Access (TDMA) based protocol for in-vehicle communication is also considered, which is a very rep- resentative synchronous protocol and an abstraction of many existing protocols suchastheFlexRay[7],theTime-TriggeredProtocol[45],andtheTime-Triggered 1 Introduction 3 Ethernet[44].Thiskindofprotocolsisincreasinglyadoptedinvarioussafety-critical systemsformorepredictabletimingbehavior.Thetime-delayedreleaseofkeys[2, 37, 38, 55]isappliedasthesecuritymechanism,andanalgorithmthatcombinesa simulatedannealingapproachwithasetofefficientoptimizationheuristicsisdevel- opedtosolvethesecurity-awaremappingproblem. The methodology is then applied to Vehicle-to-Vehicle (V2V) communications with the Dedicated Short-Range Communication (DSRC) technology. A security- awareoptimizationproblemwithconsiderationofbothsecurityandsafetyrequire- mentsisformulated,anditconsiderstheoverheadofdifferentsettingsoftheElliptic Curve Digital Signature Algorithm (ECDSA). The key decision variables are the sendingratesandtheauthenticationratesofBasicSafetyMessages(BSMs)which carry important information for safety applications and thus need security protec- tions,andtheirsendingratesandauthenticationratesplaydominantrolesinsystem performanceandsecurity,respectively[1, 23, 28].Thesecurity-awareoptimization problemissolvedbyanefficientalgorithm. Followingthestudiesofasynchronousandsynchronousprotocols,othergeneral security-awaredesignproblemsarealsopresentedinthisbook.Thefirsttypeisbased onFiniteStateMachines(FSMs),andasynthesisproblemisformulatedtomodela systemwithlimitedresources.Thesecondtypeisbasedongraphswheremessage duplicationandnetworkpartitioningareaddressedforsecurity. The rest of the book is organized as follows. Chapter2 provides some prelimi- naryknowledgeandexistingsecurityconcernsofcyber-physicalsystems.Chapter3 introduces the security-aware design methodology. Chapter4 presents the security mechanismsfortheCANprotocol.Thesecurity-awaremappingproblemsandalgo- rithmsforCAN-basedandTDMA-basedsystemsareinChaps.5and6,respectively. Chapter7presentsthesecurity-awareoptimizationproblemandalgorithmforV2V communications.TheFSM-basedandgraph-basedsecurity-awaredesignproblems are described in Chaps.8 and 9, respectively. Lastly, Chap.10 concludes the book andpointsoutsomefuturedirections.

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.