Alina Turkevych (002846475)

Bibliography

Alves, T., Morris, T., & Yoo, S. (2017). Securing SCADA Applications Using Open PLC With

End-To-End Encryption. ICSS 2017 Proceedings of the 3rd Annual Industrial Control

System Security Workshop,1-6. doi:10.1145/3174776.3174777

The authors, the researchers at the Electrical and Computer Engineering department of the

University of Alabama in Huntsville, point the issue of robust Programmable Logic Controllers

(PLC) in SCADA systems, and appearing the vulnerabilities and threats along with it. They state

that with the rise of "Smart Grid" and connection to the enterprise network, the critical

infrastructure become exposed to the cyber-attacks. The authors provide the examples of cyber-

attacks in sewage treatment plant in Australia, where hacker weaken the control system and

spilled sewage water in local parks and river; and the cyber-attack by SQL warm at nuclear

power plant in Ohio that turned off the safety monitoring system for five hours. The authors state

that the cryptography method will eliminate vulnerabilities, but they point the issue that current

PLCs are not capable to run the encryption link. They suggest using the open source PLC with

AES-256 encryption and decryption, that can encrypt the communication link before sending it

to the network. To prove this method, the authors provide the examples of other researches using

cryptography to protect SCADA system. The paper proposes to use new architecture for Open

PLC Hardware that will be able to perform AES-256 encryption and decryption modules. The

authors, also provide an experimental result of encrypted communication in the UAH SCADA

lab. The paper strongly state the importance of encryption in SCADA environment and provide

methodologies how to implement it.

Nivethan, J., & Papa, M. (2016). A SCADA Intrusion Detection Framework that Incorporates

Process Semantics. CISRC'16 Proceedings of the 11th Annual Cyber and Information

Security Research Conference Article No. 6. doi:10.1145/2897795.2897814

The authors, Jayasingam Nivethan and Mauricio Papa from Tandy School of Computer Science

University of Tulsa, address the issue of unawareness of process level constraints in monitoring

the network. The SCADA's protocols communicate over TCP/IP network, and according to the

paper it is vulnerable to cyber attacks. The authors state that current techniques to protect

network protocols are traditional solutions, and the attackers can easily match signatures or try to

determine anomalies by machine learning algorithms. They propose a new technique that can

determine changes in constraints by employees that are not related to network, but will make

them able to determine and secure ICS. The authors suggest the framework consisted of two

components such as system description language and compiler that produce network monitoring

rules. This framework allows the IDS to audit the variables and alert the system operator if

abnormal values occurred. The proposed algorithm that translates monitoring needs will consist

of seven stages such as reading the system description and objects, reading and processing a

single monitoring definition, searching for the extracted process, searching for the involved

process variable, extracting the PLC from processing the mapping object, fetching the IP address

from PLC object, extracting the memory mapping from Modbus, repeating the second stage till

monitoring have been processed. Besides the filtering methods, the authors also suggest to create

Bro script that can match request and replies. The suggested method unites operational

requirements at the process level with monitoring requirements at network level that decrease the

vulnerabilities for SCADA.

Kleinmann, A., & Wool, A. (2017). Automatic Construction of Statechart-Based Anomaly

Detection Models for Multi-Threaded Industrial Control Systems. ACM Transactions

on Intelligent Systems and Technology (TIST) - Special Issue: Cyber Security and

Regular Papers,8(4), Article No.55. doi:10.1145/3011018

The authors, Amit Kleinmann and Avishai Wool from Tel Aviv University, propose new method

to decrease number of false-alarm rate and DFA during the modeling network traffic. They offer

a new approach that called Statechart DFA, that demonstrate automatic construction of statechart

from captured traffic stream. The authors present the importance of this approach by proving that

Industrial Control System (ICS) does not have measures to defend against potential attacks, and

deploying the Intrusion Detection System( IDS) in ICS network. The paper provides an example

from previous studies of Byres, Mukherjee, Yang, Atassi, Hadziosmanovic, Favino and etc. The

authors provide two scenarios to show the areas of improvement needed in DFA modeling. One

scenario is related when HMI is multi-threaded, and each thread is scanned independently. The

other scenario appears when SCADA protocols allows the HMI to "subscribe" to a particular

range. The authors use Siemens SIMATIC S7 platform, and they experiment with the S7-0x72

Data. The paper proves the importance of developing and evaluation Statechart DFA model. The

authors provided three reasons to use this methodology. The reasons are low false-positive rates,

efficiency and modular architecture to protect multiplexed ICS streams. Despite the success of

this methodology, the improvement of algorithms testing should be implemented on real traces.
Gerlock, L., & Parakh, A. (2016). Linear Cryptanalysis of Quasigroup Block Cipher. CISRC'16

Proceedings of the 11th Annual Cyber and Information Security Research

Conference,Article No.19. doi:10.1145/2897795.2897818

Leonora Gerlock and Abhishek Parakh from University of Nebraska conduct the analysis on

quasigroup block cipher (commonly used in SCADA system) to determine how the key bits

impact the ciphertext, and to find a linear approximation that is non-negligible. The authors

created the quasigroup block cipher and proved the confidence of it. They try to discover if

adoption of linear cryptoanalysis based on one-dimensional SPN ciphers can be used in

quasigroup. The authors use linear cryptoanalysis and lat design techniques along with pilling up

attempts for N=16, 32 and 64. They conclude that linear cryptanalytic attack is not enough for

quasigroup structure, and they suggest using Matsui's pilling-up lemma. The authors also

concluded that results for orders N=16, 32 and 64, is1/2. It determines if linear probability bias

stays at 1/2, the effectiveness of probability bias is zero. Therefore, they determine that the

efficient order quasigroup is N=16 for applications, and it requires less power and memory. The

authors consider that linear cryptoanalysis is sufficient method for indication of all possible

values in an S=box, however they suggest to conduct more research on construction of linear

approximation tables, and focus on quasigroups that are smaller in size.

Mahfouzi, R., Aminifar, A., Eles, P., Peng, Z., & Villani, M. (2016). Intrusion-Damage

Assessment and Mitigation in Cyber-Physical Systems for Control Applications. RTNS

'16 Proceedings of the 24th International Conference on Real-Time Networks and

Systems,141-150. doi: 10.1145/2997465.2997478

With the rise of cyber technologies in the world, the authors, R. Mahfouzi, A. Aminifar, P. Eles,

Z. Peng and M. Villani, address the issue of intrusion detection system in the physical

infrastructure like plants. They use the machine learning algorithms to unite the physical

requirements of plants with cyber requirements. At the same time, the authors state the need of

more allocated resources for the control application during an attack. They focus on security

measures that deal with anticipated and unaccounted attack in real life scenarios. To prove their

statements, the authors feature the unique properties of control applications, observation and

controllable attack model, intrusion damage assessment and mitigation. They create and test a

system model for plants, that can be used also for distributed system, and attack model that

describes performance-observable and resource-controllable attacks. The small system of two

control plants was used to test their methods. The authors described the three ways to detect

abnormal behavior such as description of abnormal observations, research of data samples and

anomaly detection. They used two phases of offline learning and online evaluation to conduct the

intrusion-damage detection. The authors applied two main components in intrusion-damage

mitigation such as desired sampling unit and resource management unit. The paper brings an

asset to cyber security studies by providing the evidence of importance of control application in

physical systems with examples on intrusion detection.

Chen, C., Xie, L., Tong, H., Ying, L., & He, Q. (2017). Cross-Dependency Inference in Multi-

Layered Networks: A Collaborative Filtering Perspective. ACM Transactions on

Knowledge Discovery from Data (TKDD) - Special Issue on KDD 2016 and Regular

Papers,11(4), Article No.42. doi:10.1145/3056562

With the rise of multi-layered network models, the authors, C. Chen, L. Xei, H.Tong, L.Ying,

Q.He, consider the problem of cross-layer dependency for the critical infrastructure networks,

biological systems, organization-level collaborations and etc. They propose the algorithm that

they call Fascinate and online variant Fascinate-ZERO, that perform extensive evaluations of

datasets. The difference between multi-layered network and other network is cross-layer

dependency that defines dependencies between nodes from different layers. Besides the

statement of problem and creating algorithms to solve it, the authors conduct evaluation by

performing extensive experiments on five real datasets. They proved that their Fascinate-ZERO

algorithm is able to achieve up to 10^7 speedup with no affect on accuracy. The authors also

pointed the problem of arrival new nodes to the system, for example new chemicals in biological

systems. They proved with real datasets example that Fascinate-ZERO algorithm can

approximate the dependencies of the newly added node with sub-linear complexity. The paper is

considered to bring a value in multi-layered network research and cross-layer dependency affect

on it. The authors tested new algorithm and proved their efficiency and effectiveness on real five

datasets.
Santos, B., Do, V. T., Feng, B., & Do, T. V. (2018). Identity Federation for Cellular Internet of

Things. ICSCA 2018 Proceedings of the 2018 7th International Conference on

Software and Computer Applications - ICSCA 2018,223-228.

doi:10.1145/3185089.3185132

The authors, B. Santos, B. Feng, V.T. Do, T.V. Do, present and Identity Federation solution that

enables single-sign-on for cellular IoT devices. The provided solution uses open source software

for LTE, identity management and IoT. The authors stated the problem of unsecure

communication in mobile environment. The current devices send clear unencrypted messages to

IoT platforms. The authors described that for IoT platforms to have its own access control,

authentication and encryption model is challenging and ineffective. To solve this problem, they

provided new cross layer Identity Federation, which offer confidentiality and single-sign-on to

IoT sectors such as transport, health, logistic and etc. The authors provided the architecture for

Identity Federation and scheme for registration and authentication of user. The method was

implemented in the Lab at Osio & Akershus University by using the open source software

OpenAirinterface. The authors propose to use the method of single sign on to eliminate cost and

improve efficiency. They consider that solution will help to support billions of IoT devices in

the new era of 5G network. The paper provides the Identity Federation solution, however there

should be done more research on this topic. The provided schema, architecture and test at the lab

do not provide the significant information on single sign on and vulnerabilities that will appear

with it.