Академический Документы
Профессиональный Документы
Культура Документы
Bibliography
Alves, T., Morris, T., & Yoo, S. (2017). Securing SCADA Applications Using Open PLC With
End-To-End Encryption. ICSS 2017 Proceedings of the 3rd Annual Industrial Control
The authors, the researchers at the Electrical and Computer Engineering department of the
University of Alabama in Huntsville, point the issue of robust Programmable Logic Controllers
(PLC) in SCADA systems, and appearing the vulnerabilities and threats along with it. They state
that with the rise of "Smart Grid" and connection to the enterprise network, the critical
infrastructure become exposed to the cyber-attacks. The authors provide the examples of cyber-
attacks in sewage treatment plant in Australia, where hacker weaken the control system and
spilled sewage water in local parks and river; and the cyber-attack by SQL warm at nuclear
power plant in Ohio that turned off the safety monitoring system for five hours. The authors state
that the cryptography method will eliminate vulnerabilities, but they point the issue that current
PLCs are not capable to run the encryption link. They suggest using the open source PLC with
AES-256 encryption and decryption, that can encrypt the communication link before sending it
to the network. To prove this method, the authors provide the examples of other researches using
cryptography to protect SCADA system. The paper proposes to use new architecture for Open
PLC Hardware that will be able to perform AES-256 encryption and decryption modules. The
authors, also provide an experimental result of encrypted communication in the UAH SCADA
lab. The paper strongly state the importance of encryption in SCADA environment and provide
Process Semantics. CISRC'16 Proceedings of the 11th Annual Cyber and Information
The authors, Jayasingam Nivethan and Mauricio Papa from Tandy School of Computer Science
University of Tulsa, address the issue of unawareness of process level constraints in monitoring
the network. The SCADA's protocols communicate over TCP/IP network, and according to the
paper it is vulnerable to cyber attacks. The authors state that current techniques to protect
network protocols are traditional solutions, and the attackers can easily match signatures or try to
determine anomalies by machine learning algorithms. They propose a new technique that can
determine changes in constraints by employees that are not related to network, but will make
them able to determine and secure ICS. The authors suggest the framework consisted of two
components such as system description language and compiler that produce network monitoring
rules. This framework allows the IDS to audit the variables and alert the system operator if
abnormal values occurred. The proposed algorithm that translates monitoring needs will consist
of seven stages such as reading the system description and objects, reading and processing a
single monitoring definition, searching for the extracted process, searching for the involved
process variable, extracting the PLC from processing the mapping object, fetching the IP address
from PLC object, extracting the memory mapping from Modbus, repeating the second stage till
monitoring have been processed. Besides the filtering methods, the authors also suggest to create
Bro script that can match request and replies. The suggested method unites operational
requirements at the process level with monitoring requirements at network level that decrease the
on Intelligent Systems and Technology (TIST) - Special Issue: Cyber Security and
The authors, Amit Kleinmann and Avishai Wool from Tel Aviv University, propose new method
to decrease number of false-alarm rate and DFA during the modeling network traffic. They offer
a new approach that called Statechart DFA, that demonstrate automatic construction of statechart
from captured traffic stream. The authors present the importance of this approach by proving that
Industrial Control System (ICS) does not have measures to defend against potential attacks, and
deploying the Intrusion Detection System( IDS) in ICS network. The paper provides an example
from previous studies of Byres, Mukherjee, Yang, Atassi, Hadziosmanovic, Favino and etc. The
authors provide two scenarios to show the areas of improvement needed in DFA modeling. One
scenario is related when HMI is multi-threaded, and each thread is scanned independently. The
other scenario appears when SCADA protocols allows the HMI to "subscribe" to a particular
range. The authors use Siemens SIMATIC S7 platform, and they experiment with the S7-0x72
Data. The paper proves the importance of developing and evaluation Statechart DFA model. The
authors provided three reasons to use this methodology. The reasons are low false-positive rates,
efficiency and modular architecture to protect multiplexed ICS streams. Despite the success of
this methodology, the improvement of algorithms testing should be implemented on real traces.
Gerlock, L., & Parakh, A. (2016). Linear Cryptanalysis of Quasigroup Block Cipher. CISRC'16
Leonora Gerlock and Abhishek Parakh from University of Nebraska conduct the analysis on
quasigroup block cipher (commonly used in SCADA system) to determine how the key bits
impact the ciphertext, and to find a linear approximation that is non-negligible. The authors
created the quasigroup block cipher and proved the confidence of it. They try to discover if
quasigroup. The authors use linear cryptoanalysis and lat design techniques along with pilling up
attempts for N=16, 32 and 64. They conclude that linear cryptanalytic attack is not enough for
quasigroup structure, and they suggest using Matsui's pilling-up lemma. The authors also
concluded that results for orders N=16, 32 and 64, is1/2. It determines if linear probability bias
stays at 1/2, the effectiveness of probability bias is zero. Therefore, they determine that the
efficient order quasigroup is N=16 for applications, and it requires less power and memory. The
authors consider that linear cryptoanalysis is sufficient method for indication of all possible
values in an S=box, however they suggest to conduct more research on construction of linear
With the rise of cyber technologies in the world, the authors, R. Mahfouzi, A. Aminifar, P. Eles,
Z. Peng and M. Villani, address the issue of intrusion detection system in the physical
infrastructure like plants. They use the machine learning algorithms to unite the physical
requirements of plants with cyber requirements. At the same time, the authors state the need of
more allocated resources for the control application during an attack. They focus on security
measures that deal with anticipated and unaccounted attack in real life scenarios. To prove their
statements, the authors feature the unique properties of control applications, observation and
controllable attack model, intrusion damage assessment and mitigation. They create and test a
system model for plants, that can be used also for distributed system, and attack model that
control plants was used to test their methods. The authors described the three ways to detect
abnormal behavior such as description of abnormal observations, research of data samples and
anomaly detection. They used two phases of offline learning and online evaluation to conduct the
mitigation such as desired sampling unit and resource management unit. The paper brings an
asset to cyber security studies by providing the evidence of importance of control application in
Knowledge Discovery from Data (TKDD) - Special Issue on KDD 2016 and Regular
With the rise of multi-layered network models, the authors, C. Chen, L. Xei, H.Tong, L.Ying,
Q.He, consider the problem of cross-layer dependency for the critical infrastructure networks,
biological systems, organization-level collaborations and etc. They propose the algorithm that
they call Fascinate and online variant Fascinate-ZERO, that perform extensive evaluations of
datasets. The difference between multi-layered network and other network is cross-layer
dependency that defines dependencies between nodes from different layers. Besides the
statement of problem and creating algorithms to solve it, the authors conduct evaluation by
performing extensive experiments on five real datasets. They proved that their Fascinate-ZERO
algorithm is able to achieve up to 10^7 speedup with no affect on accuracy. The authors also
pointed the problem of arrival new nodes to the system, for example new chemicals in biological
systems. They proved with real datasets example that Fascinate-ZERO algorithm can
approximate the dependencies of the newly added node with sub-linear complexity. The paper is
considered to bring a value in multi-layered network research and cross-layer dependency affect
on it. The authors tested new algorithm and proved their efficiency and effectiveness on real five
datasets.
Santos, B., Do, V. T., Feng, B., & Do, T. V. (2018). Identity Federation for Cellular Internet of
doi:10.1145/3185089.3185132
The authors, B. Santos, B. Feng, V.T. Do, T.V. Do, present and Identity Federation solution that
enables single-sign-on for cellular IoT devices. The provided solution uses open source software
for LTE, identity management and IoT. The authors stated the problem of unsecure
communication in mobile environment. The current devices send clear unencrypted messages to
IoT platforms. The authors described that for IoT platforms to have its own access control,
authentication and encryption model is challenging and ineffective. To solve this problem, they
provided new cross layer Identity Federation, which offer confidentiality and single-sign-on to
IoT sectors such as transport, health, logistic and etc. The authors provided the architecture for
Identity Federation and scheme for registration and authentication of user. The method was
implemented in the Lab at Osio & Akershus University by using the open source software
OpenAirinterface. The authors propose to use the method of single sign on to eliminate cost and
improve efficiency. They consider that solution will help to support billions of IoT devices in
the new era of 5G network. The paper provides the Identity Federation solution, however there
should be done more research on this topic. The provided schema, architecture and test at the lab
do not provide the significant information on single sign on and vulnerabilities that will appear
with it.