TY - GEN
T1 - PAtt
T2 - 22nd International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2019
AU - Ghaeini, Hamid Reza
AU - Chan, Matthew
AU - Bahmani, Raad
AU - Brasser, Ferdinand
AU - Garcia, Luis
AU - Zhou, Jianying
AU - Sadeghi, Ahmad Reza
AU - Tippenhauer, Nils Ole
AU - Zonouz, Saman
N1 - Funding Information:
The authors would like to thank the Singapore University of Technology and Design (SUTD), TU Darmstadt, DAAD, Rutgers University, CISPA-Helmholtz Center for Information Security, and UCLA for supporting this research by providing financial means and access to the laboratories. This work has been supported by the German Research Foundation (DFG) as part of projects HWSec, P3 and S2 within the CRC 1119 CROSSING, by the German Federal Ministry of Education and Research (BMBF) and the Hessen State Min- istry for Higher Education, Research and the Arts (HMWK) within CRISP, by BMBF within the projects iBlockchain and CloudProtect, and by the Intel Collaborative Research Institute for Collaborative Autonomous & Resilient Systems (ICRI-CARS). Jianying Zhou’s work is supported by the National Research Foundation (NRF), Prime Minister’s Office, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-31) and administered by the National Cybersecurity R&D Directorate. This research is also funded in part by the National Science Foundation under awards CNS-1703782 and CNS-1705135. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of NSF, or the U.S. Government. We thank the National Science Foundation (NSF) - Cyber-Physical Systems (CPS) program - for their support of this project. Additionally, This material is partially based upon work supported by the Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response and the Department of Homeland Security’s Security Science & Technology Directorate under Award Number DE-OE0000780.
Publisher Copyright:
© 2019 RAID 2019 Proceedings - 22nd International Symposium on Research in Attacks, Intrusions and Defenses. All rights reserved.
PY - 2019
Y1 - 2019
N2 - Ensuring the integrity of embedded programmable logic controllers (PLCs) is critical for the safe operation of industrial control systems. In particular, a cyber-attack could manipulate control logic running on the PLCs to bring the process of safety-critical application into unsafe states. Unfortunately, PLCs are typically not equipped with hardware support that allows the use of techniques such as remote attestation to verify the integrity of the logic code. In addition, so far remote attestation is not able to verify the integrity of the physical process controlled by the PLC. In this work, we present PAtt, a system that combines remote software attestation with control process validation. PAtt leverages operation permutations—subtle changes in the operation sequences based on integrity measurements—which do not affect the physical process but yield unique traces of sensor readings during execution. By encoding integrity measurements of the PLC’s memory state (software and data) into its control operation, our system allows us to remotely verify the integrity of the control logic based on the resulting sensor traces. We implement the proposed system on a real PLC, controlling a robot arm, and demonstrate its feasibility. Our implementation enables the detection of attackers that manipulate the PLC logic to change process state and/or report spoofed sensor readings (with an accuracy of 97% against tested attacks).
AB - Ensuring the integrity of embedded programmable logic controllers (PLCs) is critical for the safe operation of industrial control systems. In particular, a cyber-attack could manipulate control logic running on the PLCs to bring the process of safety-critical application into unsafe states. Unfortunately, PLCs are typically not equipped with hardware support that allows the use of techniques such as remote attestation to verify the integrity of the logic code. In addition, so far remote attestation is not able to verify the integrity of the physical process controlled by the PLC. In this work, we present PAtt, a system that combines remote software attestation with control process validation. PAtt leverages operation permutations—subtle changes in the operation sequences based on integrity measurements—which do not affect the physical process but yield unique traces of sensor readings during execution. By encoding integrity measurements of the PLC’s memory state (software and data) into its control operation, our system allows us to remotely verify the integrity of the control logic based on the resulting sensor traces. We implement the proposed system on a real PLC, controlling a robot arm, and demonstrate its feasibility. Our implementation enables the detection of attackers that manipulate the PLC logic to change process state and/or report spoofed sensor readings (with an accuracy of 97% against tested attacks).
UR - http://www.scopus.com/inward/record.url?scp=85077820510&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85077820510&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85077820510
T3 - RAID 2019 Proceedings - 22nd International Symposium on Research in Attacks, Intrusions and Defenses
SP - 165
EP - 180
BT - RAID 2019 Proceedings - 22nd International Symposium on Research in Attacks, Intrusions and Defenses
PB - USENIX Association
Y2 - 23 September 2019 through 25 September 2019
ER -