TY - GEN
T1 - Low-complexity secure protocols to defend cyber-physical systems against network isolation attacks
AU - Shin, Dong Hoon
AU - Koo, Jinkyu
AU - Yang, Lei
AU - Lin, Xiaojun
AU - Bagchi, Saurabh
AU - Zhang, Junshan
PY - 2013/1/1
Y1 - 2013/1/1
N2 - This paper studies the network isolation attack, a devastating type of attacks on cyber-physical systems. In this attack, an adversary compromises a set of nodes that enclose a region in order to isolate the region from the rest of the network. Assuming that the compromised nodes wish not to be detected, we propose a solution to defend against the network isolation attack. Our goal is to achieve the following security guarantee: either a legitimate node can successfully deliver a message to another legitimate node, or the network control center can identify a small set of suspect nodes, which are guaranteed to contain a compromised node. Toward achieving this goal, we develop two protocols: one is for secure delivery of messages among nodes and the other is for secure collection of messages from nodes at the network control center. We show that our proposed protocols are provably secure, i.e., attain the aforementioned security guarantee. Further, our protocols achieve this guarantee with overhead that is orders-of-magnitude smaller than existing baseline protocols. Our proposed protocols are thus scalable for large networks.
AB - This paper studies the network isolation attack, a devastating type of attacks on cyber-physical systems. In this attack, an adversary compromises a set of nodes that enclose a region in order to isolate the region from the rest of the network. Assuming that the compromised nodes wish not to be detected, we propose a solution to defend against the network isolation attack. Our goal is to achieve the following security guarantee: either a legitimate node can successfully deliver a message to another legitimate node, or the network control center can identify a small set of suspect nodes, which are guaranteed to contain a compromised node. Toward achieving this goal, we develop two protocols: one is for secure delivery of messages among nodes and the other is for secure collection of messages from nodes at the network control center. We show that our proposed protocols are provably secure, i.e., attain the aforementioned security guarantee. Further, our protocols achieve this guarantee with overhead that is orders-of-magnitude smaller than existing baseline protocols. Our proposed protocols are thus scalable for large networks.
UR - http://www.scopus.com/inward/record.url?scp=84893581477&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84893581477&partnerID=8YFLogxK
U2 - 10.1109/CNS.2013.6682696
DO - 10.1109/CNS.2013.6682696
M3 - Conference contribution
AN - SCOPUS:84893581477
SN - 9781479908950
T3 - 2013 IEEE Conference on Communications and Network Security, CNS 2013
SP - 91
EP - 99
BT - 2013 IEEE Conference on Communications and Network Security, CNS 2013
PB - IEEE Computer Society
T2 - 1st IEEE International Conference on Communications and Network Security, CNS 2013
Y2 - 14 October 2013 through 16 October 2013
ER -