TY - GEN
T1 - An impact-aware defense against Stuxnet
AU - Clark, Andrew
AU - Zhu, Quanyan
AU - Poovendran, Radha
AU - Basar, Tamer
PY - 2013
Y1 - 2013
N2 - The Stuxnet worm is a sophisticated malware designed to sabotage industrial control systems (ICSs). It exploits vulnerabilities in removable drives, local area communication networks, and programmable logic controllers (PLCs) to penetrate the process control network (PCN) and the control system network (CSN). Stuxnet was successful in penetrating the control system network and sabotaging industrial control processes since the targeted control systems lacked security mechanisms for verifying message integrity and source authentication. In this work, we propose a novel proactive defense system framework, in which commands from the system operator to the PLC are authenticated using a randomized set of cryptographic keys. The framework leverages cryptographic analysis and control-and game-theoretic methods to quantify the impact of malicious commands on the performance of the physical plant. We derive the worst-case optimal randomization strategy as a saddle-point equilibrium of a game between an adversary attempting to insert commands and the system operator, and show that the proposed scheme can achieve arbitrarily low adversary success probability for a sufficiently large number of keys. We evaluate our proposed scheme, using a linear-quadratic regulator (LQR) as a case study, through theoretical and numerical analysis.
AB - The Stuxnet worm is a sophisticated malware designed to sabotage industrial control systems (ICSs). It exploits vulnerabilities in removable drives, local area communication networks, and programmable logic controllers (PLCs) to penetrate the process control network (PCN) and the control system network (CSN). Stuxnet was successful in penetrating the control system network and sabotaging industrial control processes since the targeted control systems lacked security mechanisms for verifying message integrity and source authentication. In this work, we propose a novel proactive defense system framework, in which commands from the system operator to the PLC are authenticated using a randomized set of cryptographic keys. The framework leverages cryptographic analysis and control-and game-theoretic methods to quantify the impact of malicious commands on the performance of the physical plant. We derive the worst-case optimal randomization strategy as a saddle-point equilibrium of a game between an adversary attempting to insert commands and the system operator, and show that the proposed scheme can achieve arbitrarily low adversary success probability for a sufficiently large number of keys. We evaluate our proposed scheme, using a linear-quadratic regulator (LQR) as a case study, through theoretical and numerical analysis.
UR - http://www.scopus.com/inward/record.url?scp=84883538377&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84883538377&partnerID=8YFLogxK
U2 - 10.1109/acc.2013.6580475
DO - 10.1109/acc.2013.6580475
M3 - Conference contribution
AN - SCOPUS:84883538377
SN - 9781479901777
T3 - Proceedings of the American Control Conference
SP - 4140
EP - 4147
BT - 2013 American Control Conference, ACC 2013
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2013 1st American Control Conference, ACC 2013
Y2 - 17 June 2013 through 19 June 2013
ER -