TY - GEN
T1 - The leaky actuator
T2 - 5th ACM Workshop on Cyber-Physical Systems Security and PrivaCy, CPS-SPC 2019, in conjunction with the 26th ACM Conference on Computer and Communications Security, CCS 2019
AU - Herzberg, Amir
AU - Kfir, Yehonatan
N1 - Funding Information:
This research is in part supported by an endowment from the Comcast corporation. The opinions expressed in the paper are those of the researchers themselves and not of their universities or of Comcast. We would like to acknowledge Dvir Shemesh for his support in this research.
Funding Information:
ACKNOWLEDGEMENTS: This research is in part supported by an endowment from the Comcast corporation. The opinions expressed in the paper are those of the researchers themselves and not of their universities or of Comcast. We would like to acknowledge Dvir Shemesh for his support in this research.
Publisher Copyright:
© 2019 Association for Computing Machinery.
PY - 2019/11/11
Y1 - 2019/11/11
N2 - Strict regulations and security practices of critical cyber-physical systems, such as nuclear plants, require complete isolation between their data-acquisition zone and their safety and security zones. Isolation methods range from firewall devices, to 'data diodes' that only allow one-way communication. In this work we explore a possible threat bypassing existing isolation methods by communicating through the physical process. Specifically, we show how a corrupt actuator in one zone can send covert information to a sensor in a different zone, breaking the isolation. This may allow an attack where the actuator is intentionally malfunctioning, and the sensor is intentionally masking the malfunction. Furthermore, we show that under certain assumptions, such communication can be provably covert. Namely, it cannot be efficiently detected, by current and future detection systems. This has important implications for the design of security and safety mechanisms for critical cyber-physical systems.
AB - Strict regulations and security practices of critical cyber-physical systems, such as nuclear plants, require complete isolation between their data-acquisition zone and their safety and security zones. Isolation methods range from firewall devices, to 'data diodes' that only allow one-way communication. In this work we explore a possible threat bypassing existing isolation methods by communicating through the physical process. Specifically, we show how a corrupt actuator in one zone can send covert information to a sensor in a different zone, breaking the isolation. This may allow an attack where the actuator is intentionally malfunctioning, and the sensor is intentionally masking the malfunction. Furthermore, we show that under certain assumptions, such communication can be provably covert. Namely, it cannot be efficiently detected, by current and future detection systems. This has important implications for the design of security and safety mechanisms for critical cyber-physical systems.
KW - Covert channel
KW - Cyber physical systems
KW - Cyber security
KW - Intrusion detection
UR - http://www.scopus.com/inward/record.url?scp=85076102816&partnerID=8YFLogxK
U2 - 10.1145/3338499.3357358
DO - 10.1145/3338499.3357358
M3 - Conference contribution
AN - SCOPUS:85076102816
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 87
EP - 98
BT - CPS-SPC 2019 - Proceedings of the ACM Workshop on Cyber-Physical Systems Security and Privacy
PB - Association for Computing Machinery
Y2 - 11 November 2019
ER -