A Cyber-Physical Approach to Securing Urban Transportation Systems - - PowerPoint PPT Presentation

a cyber physical approach to securing urban
SMART_READER_LITE
LIVE PREVIEW

A Cyber-Physical Approach to Securing Urban Transportation Systems - - PowerPoint PPT Presentation

Aug 16, 2022 301 likes •497 views

A Cyber-Physical Approach to Securing Urban Transportation Systems Lead PI: Prof. Jianying Zhou (SUTD) SG-CRC18, 28 March 2018 Urban Transportation System Security Cyber-Physical Systems Transportation Energy Water Rail Auto

slide-1
SLIDE 1

A Cyber-Physical Approach to Securing Urban Transportation Systems

Lead PI: Prof. Jianying Zhou (SUTD) SG-CRC’18, 28 March 2018

slide-2
SLIDE 2

Cyber-Physical Systems Transportation Rail Auto Aviation Maritime Urban Transportation Systems Challenges:

  • Complexity inherent in the

cyber-physical nature

  • Deep involvement of

humans

Energy Water

Urban Transportation System Security

slide-3
SLIDE 3

Project Framework

Modeling with Cyber-Physical Constraints & Human Factors Model-based Tools for Resilience Evaluation & Safety-Security Reconciliation

Modeling

Legacy System Protection

Model-driven Security Measures

Adaptive Attack Mitigation Persistent Access Control Secure Communications SMRT Integrated Supervisory Control System (ISCS)

Case Study

slide-4
SLIDE 4

Selected Security Technologies

  • 1. ATS log analysis tools (Testing and trial in SMRT)

– Context-aware ATS log diagnosis tool – Ontology-driven alarm prediction tool

  • 2. Two-factor authentication for ITS devices using historical data
  • 3. Virtually isolated network
  • 4. Controllable secure configuration of network devices (Testing

and trial in SMRT)

  • 5. Low-cost location integrity protection for railway systems
  • 6. SecureRails: an open simulation platform for analysing cyber-

physical attacks in railways

  • 7. Advanced SCADA firewall (Testing and trial in SMRT)
slide-5
SLIDE 5

5

  • Anomalies in Automatic Train Supervision (ATS) system
  • ATS system supervises all important assets in a metro system
  • Asset anomalies are recorded as alarms and mixed with huge amount of other

logs

  • Diagnosis of the alarms
  • Log data is complex and high-dimensional
  • Manual investigation into log data is inefficient and error-prone
  • Prediction of the alarms
  • There are huge number of assets with various functionalities at different geo-

locations in a metro system

  • It is unrealistic to maintain all assets frequently
  • Alarm prediction is important for preventive maintenance and provides

suggestions on the priority of these assets to be maintained

ATS Log Analysis Tools

slide-6
SLIDE 6

Refine Event Categorization

Raw Logs

Preprocessing Model System Context Feature vector Extraction Analyze Correlation

Correlated Assets/Events

Statistical analysis

Asset ID Category Description Duration Asset ID Category Refined Category DT Duration feature1 feature2 … featurem Correlated Asset/event1 Correlated Asset/event2 … Correlated Asset/eventn

  • Expedite diagnosis

process

– Without relying on substantial prior knowledge or accurate process model of subsystems

  • System context

awareness

– Model system context by a series of features based on system logs

  • Identify assets and

events correlated with target alarms

– Find out potential causes of the target alarms

Context-Aware Diagnosis Tool

slide-7
SLIDE 7
  • Prediction of alarms for

assets

– When a given asset A will have what alarm – Without relying on substantial prior knowledge

  • r accurate process model of

subsystems

  • Ontology-driven modeling

– Model behaviors of assets based on ontology information

  • System context and

temporal awareness

– Model system context by a series of features based on system logs

Ontology-Driven Alarm Prediction Tool

slide-8
SLIDE 8

Context Aware Diagnosis Tool Ontology-Driven Alarm Prediction Tool

  • The two tools are tested on real-world ATS log dataset provided by Circle Line of SMRT
  • The tools will be improved based the experts’ suggestions and tested on more ATS log

dataset

Current Status of the Tools

slide-9
SLIDE 9

9

Train Location Integrity Protection

Eurobalise Spot Transmission

  • Between on-board Balise Transmission

Module (BTM) and balise

  • Transmit location data via wireless links
  • Use coding to protect data integrity and

detect corruption

  • Widely deployed

– Europe, China, Australia, Malaysia, Singapore, etc. – Vendors: Alstom, Siemens, Thales, etc.

balise

Track

slide-10
SLIDE 10

10

Threats and Challenges

  • Threats to Eurobalise

– Modification of location data – Installation of rogue balises

  • Potential consequences

– Disruptions of train service – Passenger alarm (e.g., sudden stop)

  • Challenges

– Short telegram, short latency – No hand-shake is allowed, ruling out challenge-response – Legacy support (Eurobalise telegrams have fixed data format and structure)

slide-11
SLIDE 11

11

  • Bind user data to scrambling bits (sb) and LFSR key (S)
  • Binding is based on secret keys (k0 , k1)
  • Set authentication tag as (sb, S)

Low-cost Location Integrity Protection

Shaped data (913 or 231 bits) cb (3 bits) sb (12 bits) esb (10 bits) Check bits (85 bits)

Generate Authentication Tag (sb, S) Verify Authentication Tag (sb, S)

slide-12
SLIDE 12

12

  • Embed two-level authentication code into two parameters

used for scrambling user data

  • Only small update to existing encoding scheme
  • No data expansion or modification to current telegram format
  • Low-cost and lightweight method to improve integrity of

location data

  • Does not require additional hardware or sensors
  • Resistant to false data injection or data modification
  • Suitable for subway or underground railway systems which

rely on passive transponders

Features of Our Solution

slide-13
SLIDE 13

13

  • ITS applies information

and communication technologies to transport.

  • Many field devices are

deployed as a part of the ITS infrastructure.

  • ITS infrastructure is

subject to cyber attacks.

How to secure ITS field devices to provide the first line of defense to the ITS infrastructure?

Two-Factor Authentication for ITS Devices

slide-14
SLIDE 14

Historical Data as Authentication Factor:

Tag Generation for Data

Verifier Prover

(K, K’) Tag Ti = K⋅ h(Di ) + fK’ (i)

D1 T1 D2 T2

: :

Di Ti

: :

DL TL

Data Di

h (): a cryptographic hash function f (): a PRF (Pseudorandom Function)

Arithmetic in binary extension field with minimal polynomial:

(K) ITS Device ITS Server

slide-15
SLIDE 15

Historical Data as Authentication Factor:

Verification

Verifier

To generate (X, Y), Prover must have knowledge of all Di and Ti

X = ∑ fr’ (i)⋅h(Di) Y = ∑ fr’ (i)⋅Ti

i∈I i∈I

Y = K⋅X+∑ fr’ (i) ⋅ fK’ (i) ?

i∈I

D1 T1 D2 T2

: :

Di Ti

: :

DL TL

Prover

Verify:

Verification only needs K, K’, r’, I. No need to store Di and Ti

r’= fK(c) (K, K’) (K)

slide-16
SLIDE 16

17

Features of Our Solution

  • Effectively prevent unauthorized remote control of ITS field

devices

  • Device is secure as long as one of the authentication factors is not

compromised

  • Fully automation
  • Support machine-to-machine authentication without human involvement
  • Highly scalable and lightweight for various ITS devices with

resource constraints

  • Only small and constant amount of data (two secret keys) need to be stored
  • n ITS device
slide-17
SLIDE 17

Thank You !

  • Prof. Jianying Zhou (SUTD)

Email: jianying_zhou@sutd.edu.sg Thanks to the support from NRF. Thanks to all the project team members.