| 1. |
- Lisova, Elena, et al.
(författare)
-
Game theory applied to secure clock synchronization with IEEE 1588
- 2016
-
Ingår i: IEEE International Symposium on Precision Clock Synchronization for Measurement, Control, and Communication, ISPCS. - 9781467396141
-
Konferensbidrag (refereegranskat)abstract
- Industrial applications usually have real-time requirements or high precision timing demands. For such applications, clock synchronization is one of the main assets that needs to be protected against malicious attacks. To provide sufficient accuracy for distributed time-critical applications, appropriate techniques for preventing or mitigating delay attacks that breach clock synchronization are needed. In this paper, we apply game theory to investigate possible strategies of an adversary, performing attacks targeting clock synchronization on the one hand and a network monitor, aiming to detect anomalies introduced by the adversary on the other. We investigate the interconnection of payoffs for both sides and propose the quarantine mode as a mitigation technique. Delay attacks with constant, linearly increasing, and randomly introduced delays are considered, and we show how the adversary strategy can be estimated by evaluating the detection coefficient, giving the network monitor the possibility to deploy appropriate protection techniques.
|
|
| 2. |
|
|
| 3. |
- Lisova, Elena, et al.
(författare)
-
Protecting Clock Synchronization : Adversary Detection through Network Monitoring
- 2016
-
Ingår i: Journal of Electrical and Computer Engineering. - : Hindawi Limited. - 2090-0147 .- 2090-0155.
-
Tidskriftsartikel (refereegranskat)abstract
- Today, industrial networks are often used for safetycritical applications with real-time requirements. The architecture of such applications usually has a time-triggered nature that has message scheduling as a core property. Real-time scheduling can be applied only in networks where nodes share the same notion of time, i.e., they are synchronized. Therefore, clock synchronization is one of the fundamental assets of industrial networks with real-time requirements. However, standards for clock synchronization, i.e., IEEE 1588, do not provide the required level of security. This raises the question about clock synchronization protection. In this paper we identify a way to break synchronization based on the IEEE 1588 standard by conducting a man-in-the-middle (MIM) attack followed by a delay attack. MIM attack can be accomplished through e.g., Address Resolution Protocol (ARP) poisoning. Using AVISPA tool we evaluate the potential to perform an ARP poisoning attack. Next, an analysis of the consequences of introducing delays is made, showing both that the attack can, indeed, break clock synchronization and that some design choices, such as a relaxed synchronization condition mode, delay bounding and using knowledge of environmental conditions, can be made to make the network more robust/resilient against these kinds of attacks. Lastly, network monitoring is proposed as a technique to detect anomalies introduced by an adversary performing attacks targeting clock synchronization. The monitoring capabilities are added to the network using a Configuration Agent, which, based on data obtained from the network, is able to detect an attack. The main contribution of the paper is a detailed problem description and evaluation of a security vulnerability in IEEE 1588 against delay attacks together with an evaluation of several approaches as possible mitigation techniques for the attack.
|
|
| 4. |
- Lisova, Elena, et al.
(författare)
-
Risk Evaluation of an ARP Poisoning Attack on Clock Synchronization for Industrial Applications
- 2016
-
Ingår i: Proceedings of the IEEE International Conference on Industrial Technology. ; , s. 872-878
-
Konferensbidrag (refereegranskat)abstract
- Nowadays, mixed wireless and wired networks are used everywhere in everyday life, including in industry where they often support time-critical applications. Industrial applications with high precision requirements are subject to real-time constraints, and thus one of the main assets, regardless of application area, is clock synchronization. Considering such networks, synchronization is the first thing to secure against a possible malicious adversary. In this paper, we consider ARP poisoning as a possible technique to disrupt clock synchronization and evaluate the effects of such an attack on the IEEE 1588 standard. We describe possible ways of performing ARP poisoning to disrupt synchronization and survey several mitigation techniques and their applicability within the industrial application area.
|
|
| 5. |
- Lisova, Elena, 1989-
(författare)
-
Securing Clock Synchronization in Industrial Heterogeneous Networks
- 2016
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Today, wireless solutions for industrial networks are becoming more and more appealing since they increase flexibility and enable the use of additional wireless sensors, but also bring such advantages as mobility and weight reduction. Wired networks, on the other hand, are reliable and, more importantly, already existing in most distributed control loops. Heterogeneous networks consisting of wireless as well as wired sub-networks are gaining attention as such networks combine the advantages of both approaches. However, wireless communication links are more vulnerable to security breaches because of their broadcast nature. For this reason, industrial heterogeneous networks require a new type of security solutions, since they have different system assets and security objectives. This thesis aims to secure industrial heterogeneous networks. Such networks have real-time requirements due to interaction with some physical process, and thus have a schedule with one or more deadlines for data delivery in order to comply with the timing requirements of the application. The necessity to follow the schedule implies that all network participants should share the same notion of time and be synchronized. This fact makes clock synchronization a fundamental asset for industrial networks. The first step towards developing a security framework for industrial heterogeneous networks with real-time requirements is therefore to investigate ways of breaching clock synchronization. Once the vulnerabilities of this asset have been identified, the next step is to propose solutions to detect malicious attacks and mitigate their influence. The thesis provides a vulnerability analysis of the asset synchronization based on the widely deployed IEEE 1588 standard, and identifies a possibility to break clock synchronization through a combination of a man-in-the-middle attack and a delay attack. This attack is appealing to an adversary as it can target any network requiring synchronization. Next, several mitigation techniques, such as a relaxed synchronization condition mode, delay bounding and using knowledge of existing environmental conditions, are identified, making the network more resilient against these kinds of attacks. Finally, a network monitor aiming to detect anomalies introduced by the adversary performing attacks targeting clock synchronization is proposed as a mean to detect the delay attack.
|
|
| 6. |
- Steiner, Wilfried, et al.
(författare)
-
Next Generation Real-Time Networks Based on IT Technologies
- 2016
-
Ingår i: 21st IEEE Conference on Emerging Technologies and Factory Automation ETFA'16. - 9781509013142 ; , s. Article number 7733580-
-
Konferensbidrag (refereegranskat)abstract
- Ethernet-based networks have found their way into industrial communication more than a decade ago. However, while industry and academia developed Ethernet variants to also meet real-time and fault-tolerant requirements, recent standardization efforts within the IEEE 802 will broadly bring standard IT switched Ethernet in future industrial communication networks. As first standards of IEEE 802.1 time-sensitive networking (TSN) are becoming published at the time of this writing, we review these standards and formulate further research challenges that still go beyond current standard developments. Furthermore, we report on recent research results from the RetNet project that target these research challenges.
|
|
