An impact-aware defense against Stuxnet

Andrew Clark, Quanyan Zhu, Radha Poovendran, Tamer Basar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The Stuxnet worm is a sophisticated malware designed to sabotage industrial control systems (ICSs). It exploits vulnerabilities in removable drives, local area communication networks, and programmable logic controllers (PLCs) to penetrate the process control network (PCN) and the control system network (CSN). Stuxnet was successful in penetrating the control system network and sabotaging industrial control processes since the targeted control systems lacked security mechanisms for verifying message integrity and source authentication. In this work, we propose a novel proactive defense system framework, in which commands from the system operator to the PLC are authenticated using a randomized set of cryptographic keys. The framework leverages cryptographic analysis and control-and game-theoretic methods to quantify the impact of malicious commands on the performance of the physical plant. We derive the worst-case optimal randomization strategy as a saddle-point equilibrium of a game between an adversary attempting to insert commands and the system operator, and show that the proposed scheme can achieve arbitrarily low adversary success probability for a sufficiently large number of keys. We evaluate our proposed scheme, using a linear-quadratic regulator (LQR) as a case study, through theoretical and numerical analysis.

Original languageEnglish (US)
Title of host publication2013 American Control Conference, ACC 2013
Pages4140-4147
Number of pages8
StatePublished - 2013
Event2013 1st American Control Conference, ACC 2013 - Washington, DC, United States
Duration: Jun 17 2013Jun 19 2013

Other

Other2013 1st American Control Conference, ACC 2013
CountryUnited States
CityWashington, DC
Period6/17/136/19/13

Fingerprint

Control systems
Programmable logic controllers
Local area networks
Authentication
Telecommunication networks
Process control
Numerical analysis
Malware

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Cite this

Clark, A., Zhu, Q., Poovendran, R., & Basar, T. (2013). An impact-aware defense against Stuxnet. In 2013 American Control Conference, ACC 2013 (pp. 4140-4147). [6580475]

An impact-aware defense against Stuxnet. / Clark, Andrew; Zhu, Quanyan; Poovendran, Radha; Basar, Tamer.

2013 American Control Conference, ACC 2013. 2013. p. 4140-4147 6580475.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Clark, A, Zhu, Q, Poovendran, R & Basar, T 2013, An impact-aware defense against Stuxnet. in 2013 American Control Conference, ACC 2013., 6580475, pp. 4140-4147, 2013 1st American Control Conference, ACC 2013, Washington, DC, United States, 6/17/13.
Clark A, Zhu Q, Poovendran R, Basar T. An impact-aware defense against Stuxnet. In 2013 American Control Conference, ACC 2013. 2013. p. 4140-4147. 6580475
Clark, Andrew ; Zhu, Quanyan ; Poovendran, Radha ; Basar, Tamer. / An impact-aware defense against Stuxnet. 2013 American Control Conference, ACC 2013. 2013. pp. 4140-4147
@inproceedings{d06a6dc8c65c4487afe9eb24c66ea5d9,
title = "An impact-aware defense against Stuxnet",
abstract = "The Stuxnet worm is a sophisticated malware designed to sabotage industrial control systems (ICSs). It exploits vulnerabilities in removable drives, local area communication networks, and programmable logic controllers (PLCs) to penetrate the process control network (PCN) and the control system network (CSN). Stuxnet was successful in penetrating the control system network and sabotaging industrial control processes since the targeted control systems lacked security mechanisms for verifying message integrity and source authentication. In this work, we propose a novel proactive defense system framework, in which commands from the system operator to the PLC are authenticated using a randomized set of cryptographic keys. The framework leverages cryptographic analysis and control-and game-theoretic methods to quantify the impact of malicious commands on the performance of the physical plant. We derive the worst-case optimal randomization strategy as a saddle-point equilibrium of a game between an adversary attempting to insert commands and the system operator, and show that the proposed scheme can achieve arbitrarily low adversary success probability for a sufficiently large number of keys. We evaluate our proposed scheme, using a linear-quadratic regulator (LQR) as a case study, through theoretical and numerical analysis.",
author = "Andrew Clark and Quanyan Zhu and Radha Poovendran and Tamer Basar",
year = "2013",
language = "English (US)",
isbn = "9781479901777",
pages = "4140--4147",
booktitle = "2013 American Control Conference, ACC 2013",

}

TY - GEN

T1 - An impact-aware defense against Stuxnet

AU - Clark, Andrew

AU - Zhu, Quanyan

AU - Poovendran, Radha

AU - Basar, Tamer

PY - 2013

Y1 - 2013

N2 - The Stuxnet worm is a sophisticated malware designed to sabotage industrial control systems (ICSs). It exploits vulnerabilities in removable drives, local area communication networks, and programmable logic controllers (PLCs) to penetrate the process control network (PCN) and the control system network (CSN). Stuxnet was successful in penetrating the control system network and sabotaging industrial control processes since the targeted control systems lacked security mechanisms for verifying message integrity and source authentication. In this work, we propose a novel proactive defense system framework, in which commands from the system operator to the PLC are authenticated using a randomized set of cryptographic keys. The framework leverages cryptographic analysis and control-and game-theoretic methods to quantify the impact of malicious commands on the performance of the physical plant. We derive the worst-case optimal randomization strategy as a saddle-point equilibrium of a game between an adversary attempting to insert commands and the system operator, and show that the proposed scheme can achieve arbitrarily low adversary success probability for a sufficiently large number of keys. We evaluate our proposed scheme, using a linear-quadratic regulator (LQR) as a case study, through theoretical and numerical analysis.

AB - The Stuxnet worm is a sophisticated malware designed to sabotage industrial control systems (ICSs). It exploits vulnerabilities in removable drives, local area communication networks, and programmable logic controllers (PLCs) to penetrate the process control network (PCN) and the control system network (CSN). Stuxnet was successful in penetrating the control system network and sabotaging industrial control processes since the targeted control systems lacked security mechanisms for verifying message integrity and source authentication. In this work, we propose a novel proactive defense system framework, in which commands from the system operator to the PLC are authenticated using a randomized set of cryptographic keys. The framework leverages cryptographic analysis and control-and game-theoretic methods to quantify the impact of malicious commands on the performance of the physical plant. We derive the worst-case optimal randomization strategy as a saddle-point equilibrium of a game between an adversary attempting to insert commands and the system operator, and show that the proposed scheme can achieve arbitrarily low adversary success probability for a sufficiently large number of keys. We evaluate our proposed scheme, using a linear-quadratic regulator (LQR) as a case study, through theoretical and numerical analysis.

UR - http://www.scopus.com/inward/record.url?scp=84883538377&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84883538377&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84883538377

SN - 9781479901777

SP - 4140

EP - 4147

BT - 2013 American Control Conference, ACC 2013

ER -