[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.3745/JIPS.03.0105

A Survey on Cyber Physical System Security for IoT: Issues, Challenges, Threats, Solutions

Kim, Nam Yong (Dept. of Computer Science and Engineering, Seoul National University of Science and Technology (SeoulTech))
Rathore, Shailendra (Dept. of Computer Science and Engineering, Seoul National University of Science and Technology (SeoulTech))
Ryu, Jung Hyun (Dept. of Computer Science and Engineering, Seoul National University of Science and Technology (SeoulTech))
Park, Jin Ho (Dept. of Computer Science, School of Software, Soongsil University)
Park, Jong Hyuk (Dept. of Computer Science and Engineering, Seoul National University of Science and Technology (SeoulTech))

Publication Information

Journal of Information Processing Systems / v.14, no.6, 2018 , pp. 1361-1384 More about this Journal

Abstract

Recently, Cyber Physical System (CPS) is one of the core technologies for realizing Internet of Things (IoT). The CPS is a new paradigm that seeks to converge the physical and cyber worlds in which we live. However, the CPS suffers from certain CPS issues that could directly threaten our lives, while the CPS environment, including its various layers, is related to on-the-spot threats, making it necessary to study CPS security. Therefore, a survey-based in-depth understanding of the vulnerabilities, threats, and attacks is required of CPS security and privacy for IoT. In this paper, we analyze security issues, threats, and solutions for IoT-CPS, and evaluate the existing researches. The CPS raises a number challenges through current security markets and security issues. The study also addresses the CPS vulnerabilities and attacks and derives challenges. Finally, we recommend solutions for each system of CPS security threats, and discuss ways of resolving potential future issues.

Keywords

Cyber Physical System; Internet of Things; Security Analysis; Security Threats;

Citations & Related Records

Times Cited By KSCI : 2 (Citation Analysis)

Reference
Cited By KSCI

1	J. S. Kumar and D. R. Patel, "A survey on internet of things: Security and privacy issues," International Journal of Computer Applications, vol. 90, no. 11, pp. 20-26, 2014. DOI
2	R. Mahmoud, T. Yousuf, F. Aloul, and I. Zualkernan, "Internet of Things (IoT) security: current status, challenges and prospective measures," in Proceedings of 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), London, UK, 2015, pp. 336-341.
3	T. Lu, J. Lin, L. Zhao, Y. Li, and Y. Peng, "A security architecture in cyber‐physical systems: security theories, analysis, simulation and application fields," International Journal of Security and Its Applications, vol. 9, no. 7, pp. 1-16, 2015. DOI
4	R. Khan, S. U. Khan, R. Zaheer, and S. Khan, "Future internet: the internet of things architecture, possible applications and key challenges," in Proceedings of 2012 10th International Conference on Frontiers of Information Technology (FIT), Islamabad, India, 2012, pp. 257-260.
5	R. Rajkumar, I. Lee, L. Sha, and J. Stankovic, "Cyber-physical systems: the next computing revolution," in Proceedings of 2010 47th ACM/IEEE Design Automation Conference (DAC), Anaheim, CA, 2010, pp. 731-736.
6	Y. Peng, T. Lu, J. Liu, Y. Gao, X. Guo, and F. Xie, "Cyber-physical system risk assessment," in Proceedings of 2013 9th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, Beijing, China, 2013, pp. 442-447.
7	B. Zhang, X. X. Ma, and Z. G. Qin, "Security architecture on the trusting internet of things," Journal of Electronic Science and Technology, vol. 9, no. 4, pp. 364-367, 2011.
8	L. Wang, M. Torngren, and M. Onori, "Current status and advancement of cyber-physical systems in manufacturing," Journal of Manufacturing Systems, vol. 37, pp. 517-527, 2015. DOI
9	D. Oliveira, N. Wetzel, M. Bucci, J. Navarro, D. Sullivan, and Y. Jin, "Hardware-software collaboration for secure coexistence with kernel extensions," ACM SIGAPP Applied Computing Review, vol. 14, no. 3, pp. 22- 35, 2014. DOI
10	O. Al Ibrahim and S. Nair, "Cyber-physical security using system-level PUFs," in Proceedings of 2011 7th International Wireless Communications and Mobile Computing Conference (IWCMC), Istanbul, Turkey, 2011, pp. 1672-1676.
11	P. Maheshwari, "Security issues of cyber physical system: a review," International Journal of Computer Applications, pp. 7-11, 2016.
12	E. R. Griffor, C. Greer, D. A. Wollman, and M. J. Burns, "Framework for cyber-physical systems: Volume 1, overview," National Institute of Standards and Technology, Gaithersburg, MD, Report No. 1500-201, 2017.
13	E. K. Wang, Y. Ye, X. Xu, S. M. Yiu, L. C. K. Hui, and K. P. Chow, "Security issues and challenges for cyber physical system," in Proceedings of 2010 IEEE/ACM International Conference on Green Computing (GreenCom) and Communications & International Conference on Cyber, Physical and Social Computing (CPSCom), Hangzhou, China, 2010, pp. 733-738.
14	J. Shi, J. Wan, H. Yan, and H. Suo, "A survey of cyber-physical systems," in Proceedings of 2011 International Conference on Wireless Communications and Signal Processing (WCSP), Nanjing, China, 2011, pp. 1-6.
15	Ponemon Institute, "2017 cost of data breach study: global overview," 2017 [Online]. Available: https://info.resilientsystems.com/hubfs/IBM_Resilient_Branded_Content/White_Papers/2017_Global_CODB_Report_Final.pdf.
16	Gartner, "Gartner says worldwide information security spending will grow 7 percent to reach $86.4 billion in 2017," 2017 [Online]. Available: https://www.gartner.com/newsroom/id/3784965.
17	C. Konstantinou, M. Maniatakos, F. Saqib, S. Hu, J. Plusquellic, and Y. Jin, "Cyber-physical systems: a security perspective," in Proceedings of 2015 20th IEEE European Test Symposium (ETS), Cluj-Napoca, Romania, 2015, pp. 1-8.
18	J. Al-Jaroodi, N. Mohamed, I. Jawhar, and S. Lazarova-Molnar, "Software engineering issues for cyberphysical systems," in Proceedings of 2016 IEEE International Conference on Smart Computing (SMARTCOMP), St. Louis, MO, 2016, pp. 1-6.
19	P. Kathiravelu and L. Veiga, "SD-CPS: taming the challenges of cyber-physical systems with a softwaredefined approach," 2017 [Online]. Available: https://arxiv.org/abs/1701.01676.
20	L. Vegh and L. Miclea, "Secure and efficient communication in cyber-physical systems through cryptography and complex event processing," in Proceedings of 2016 International Conference on Communications (COMM), Bucharest, Romania, 2016, pp. 273-276.
21	A. A. Cardenas, S. Amin, Z. S. Lin, Y. L. Huang, C. Y. Huang, and S. Sastry, "Attacks against process control systems: risk assessment, detection, and response," in Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, Hong Kong, China, 2011, pp. 355-366.
22	B. B. Sanchez, R. Alcarria, D. S. De Rivera, and A. Sanchez-Picot, "Predictive algorithms for mobility and device lifecycle management in Cyber-Physical Systems," EURASIP Journal on Wireless Communications and Networking, vol. 2016, article no. 228, 2016.
23	S. Rathore, P. K. Sharma, V. Loia, Y. S. Jeong, and J. H. Park, "Social network security: issues, challenges, threats, and solutions," Information Sciences, vol. 421, pp. 43-69, 2017. DOI
24	W. Xu, F. Zhang, and S. Zhu, "Toward worm detection in online social networks," in Proceedings of the 26th Annual Computer Security Applications Conference, Austin, TX, 2010, pp. 11-20.
25	A. Burg, A. Chattopadhyay, and K. Y. Lam, "Wireless communication and security issues for cyber-physical systems and the Internet-of-Things," Proceedings of the IEEE, vol. 106, no. 1, pp. 38-60, 2016. DOI
26	A. A. Cardenas, S. Amin, and S. Sastry, "Secure control: towards survivable cyber-physical systems," in Proceedings of 28th International Conference on Distributed Computing Systems Workshops, Beijing, China, 2008, pp. 495-500.
27	J. Lee, B. Bagheri, and H. A. Kao, "A cyber-physical systems architecture for industry 4.0-based manufacturing systems," Manufacturing Letters, vol. 3, pp. 18-23, 2015. DOI
28	E. A. Lee and S. A. Seshia, Introduction to Embedded Systems: A Cyber-Physical Systems Approach. Cambridge, MA: MIT Press, 2016.
29	E. Molina and E. Jacob, "Software-defined networking in cyber-physical systems: a survey," Computers & Electrical Engineering, vol. 66, pp. 407-419, 2018. DOI
30	A. L. Buczak and E. Guven, "A survey of data mining and machine learning methods for cyber security intrusion detection," IEEE Communications Surveys & Tutorials, vol. 18, no. 2, pp. 1153-1176, 2016. DOI
31	K. Sampigethaya and R. Poovendran, "Cyber-physical system framework for future aircraft and air traffic control," in Proceedings of 2012 IEEE Aerospace Conference, Big Sky, MT, 2012, pp. 1-9.
32	P. K. Sharma, S. Rathore, and J. H. Park, "DistArch-SCNet: blockchain-based distributed architecture with Li-Fi communication for a scalable smart city network," IEEE Consumer Electronics Magazine, vol. 7, no. 4, pp. 55-64, 2018.
33	S. Rathore, P. K. Sharma, and J. H. Park, "XSSClassifier: an efficient XSS attack detection approach based on machine learning classifier on SNSs," Journal of Information Processing Systems, vol. 13, no. 4, pp. 1014-1028, 2017. DOI
34	A. Khalid, P. Kirisci, Z. Ghrairi, K. D. Thoben, and J. Pannek, "A methodology to develop collaborative robotic cyber physical systems for production environments," Logistics Research, vol. 9, article no. 23, 2016.
35	N. Y. Kim, J. H. Ryu, B. W. Kwon, Y. Pan, and J. H. Park, "CF-CloudOrch: container fog node-based cloud orchestration for IoT networks," The Journal of Supercomputing, vol. 74, no. 12, pp. 7024-7045, 2018. DOI
36	P. K. Sharma, S. Singh, Y. S. Jeong, and J. H. Park, "DistBlockNet: a distributed blockchains-based secure SDN architecture for IoT networks," IEEE Communications Magazine, vol. 55, no. 9, pp. 78-85, 2017. DOI
37	B. Li, R. Lu, W. Wang, and K. K. R. Choo, "Distributed host-based collaborative detection for false data injection attacks in smart grid cyber-physical system," Journal of Parallel and Distributed Computing, vol. 103, pp. 32-41, 2017. DOI
38	Y. Zhang, M. Qiu, C. W. Tsai, M. M. Hassan, and A. Alamri, "Health-CPS: healthcare cyber-physical system assisted by cloud and big data," IEEE Systems Journal, vol. 11, no. 1, pp. 88-95, 2017. DOI
39	Y. Eun, K. J. Park, M. Won, T. Park, and S. H. Son, "Recent trends in cyber-physical systems research," Communications of the Korean Institute of Information Scientists and Engineers, vol. 31, no. 12, pp. 8-15, 2013.
40	D. Wang, "CRII: CPS: towards reliable cyber-physical systems using unreliable human sensors," 2017 [Online]. Available: https://cps-vo.org/award/1566465.
41	W. He, J. Breier, S. Bhasin, and A. Chattopadhyay, "Bypassing parity protected cryptography using laser fault injection in cyber-physical system," in Proceedings of the 2nd ACM International Workshop on Cyber- Physical System Security, Xian, China, 2016, pp. 15-21.
42	G. Denker, N. Dutt, S. Mehrotra, M. O. Stehr, C. Talcott, and N. Venkatasubramanian, "Resilient dependable cyber-physical systems: a middleware perspective," Journal of Internet Services and Applications, vol. 3, no. 1, pp. 41-49, 2012. DOI
43	S. Sridhar, A. Hahn, and M. Govindarasu, "Cyber-physical system security for the electric power grid," Proceedings of the IEEE, vol. 100, no. 1, pp. 210-224, 2012. DOI
44	Q. Shafi, "Cyber physical systems security: a brief survey," in Proceedings of 2012 12th International Conference on Computational Science and Its Applications (ICCSA), Salvador, Brazil, 2012, pp. 146-150.
45	P. Kocher, J. Jaffe, B. Jun, and P. Rohatgi, "Introduction to differential power analysis," Journal of Cryptographic Engineering, vol. 1, no. 1, pp. 5-27, 2011. DOI
46	F. Khelil, M. Hamdi, S. Guilley, J. L. Danger, and N. Selmane, "Fault analysis attack on an FPGA AES implementation," in Proceedings of 2008 New Technologies, Mobility and Security, Tangier, Morocco, 2008, pp. 1-5.
47	M. Tehranipoor and F. Koushanfar, "A survey of hardware Trojan taxonomy and detection," IEEE Design & Test of Computers, vol. 27, no. 1, pp. 10-20, 2010.
48	K. Zhao and L. Ge, "A survey on the internet of things security," in Proceedings of 2013 9th International Conference on Computational Intelligence and Security (CIS), Leshan, China, 2013, pp. 663-667.
49	R. Bhattacharya, "A comparative study of physical attacks on wireless sensor networks," International Journal of Research in Engineering and Technology, vol. 2, no. 1, pp. 72-74, 2013. DOI
50	W. Zhang, "CAREER: hierarchical control for large-scale cyber-physical systems," 2016 [Online]. Available: https://cps-vo.org/award/1552838.
51	Community Research and Development Information Service of the European Commission, "European network of competencies and platforms for enabling SME from any sector building innovative CPS products to sustain demand for European manufacturing," [Online]. Available: https://cordis.europa.eu/ project/rcn/194150_en.html.
52	Community Research and Development Information Service of the European Commission, "MODESEC (Model-based Design of Secure Cyber-Physical Systems)," [Online]. Available: https://cordis.europa.eu/result/rcn/195574_en.html.
53	Community Research and Development Information Service of the European Commission, "CPSwarm," [Online]. Available: https://cordis.europa.eu/project/rcn/206005_en.html.
54	P. K. Sharma, S. Y. Moon, and J. H. Park, "Block-VN: a distributed blockchain based vehicular network architecture in smart city," Journal of Information Processing Systems, vol. 13, no. 1, pp. 184-195, 2017. DOI
55	Y. Sung, P. K. Sharma, E. M. Lopez, and J. H. Park, "FS-OpenSecurity: a taxonomic modeling of security threats in SDN for future sustainable computing," Sustainability, vol. 8, article no. 919, 2016.
56	G. Gupta, "Frequency based detection algorithm of wormhole attack in WSNs," International Journal of Advanced Research in Computer Engineering & Technology, vol. 4, no. 7, pp. 3057-3060, 2015.
57	N. Y. Kim, K. Y. Park, and J. H. Park, "DOTP-AaaS: dynamic one time password matching-based authentication as a service," in Advances in Computer Science and Ubiquitous Computing. Singapore: Springer, 2017, pp. 962-966.
58	S. Sundaram, "CAREER: towards secure large-scale networked systems: resilient distributed algorithms for coordination in networks under cyber attacks," 2017 [Online]. Available: https://cps-vo.org/award/1653648.
59	Y. Kim, V. Kolesnikov, and M. Thottan, "Resilient end-to-end message protection for cyber-physical system communications," IEEE Transactions on Smart Grid, vol. 9, no. 4, pp. 2478-2487, 2018. DOI
60	M. Wazid, A. K. Das, S. Kumari, and M. K. Khan, "Design of sinkhole node detection mechanism for hierarchical wireless sensor networks," Security and Communication Networks, vol. 9, no. 17, pp. 4596-4614, 2016. DOI
61	A. A. Pirzada and C. McDonald, "Circumventing sinkholes and wormholes in wireless sensor networks," in Proceedings of International Workshop on Wireless Ad-hoc Networks, London, UK, 2005.
62	H. Suo, J. Wan, C. Zou, and J. Liu, "Security in the Internet of Things: a review," in Proceedings of 2012 International Conference on Computer Science and Electronics Engineering (ICCSEE), Hangzhou, China, 2012, pp. 648-651.
63	Y. Ashibani and Q. H. Mahmoud, "Cyber physical systems security: analysis, challenges and solutions," Computers & Security, vol. 68, pp. 81-97, 2017. DOI
64	B. Zhu, A. Joseph, and S. Sastry, "A taxonomy of cyber attacks on SCADA systems," in Proceedings of 2011 IEEE International Conferences on Internet of Things, and Cyber, Physical and Social Computing, Dalian, China, 2011, pp. 380-388.
65	M. Yampolskiy, P. Horvath, X. D. Koutsoukos, Y. Xue, and J. Sztipanovits, "A language for describing attacks on cyber-physical systems," International Journal of Critical Infrastructure Protection, vol. 8, pp. 40- 52, 2015. DOI
66	Y. Jin and D. Oliveira, "Trustworthy SoC architecture with on-demand security policies and HW-SW cooperation," in Proceedings of the 5th Workshop on SoCs, Heterogeneous Architectures and Workloads (SHAW-5), Orlando, FL, 2015.