Feb 26, 2013: Frank Kargl: The Challenge of Provable Security of Misbehavior Detection in Cyber-physical Systems

February 26, 2013The Challenge of Provable Security of Misbehavior Detection in Cyber-physical Systems
Room: Zi 5126Frank Kargl

Cyber-Physical Systems are system that interact with their physical environment by sensing information, then disseminating and processing this information and in the end closing the loop by manipulating the world surrounding them using actuators. Examples include smart factories, wireless sensor networks, intelligent transport systems, and many more. CPS are often composed of a large number of devices and exhibit some form of self-organization to form and control the network. Security is an important aspect, as CPS are often controlling and manipulating critical processes and failure or attacks could result in high losses or risk of life. Classical (cryptographic) security for authentication, integrity protection, or confidentiality only provide a partial protection. Often it is also of high relevancy to check whether some system entities disseminate bogus sensor information or send malicious commands to actuators. This is where misbehavior detection mechanisms come into the picture. They constantly monitor the system, check the plausibility of information, try to detect inconsistencies in information reported from different entities, or check whether information still confirms to some model of the real world. This is inherently similar to anomaly-based intrusion detection. While there is a significant body of work in this area, such mechanisms have the implicit drawback that the security they provide has only a best-effort nature. They are most often evaluated using simulations where some simulated attacker tries to modify the system and the misbehavior detection should try to contain this attack, e.g., by excluding the attacker or filtering out manipulated information. However, there are no formal proves to show the effectiveness of such mechanisms, e.g., proving that the information deviation that can be caused by a specific attacker are actually contained within certain limits. In this talk I explain the ideas of misbehavior detection (mostly in the area of Intelligent Transport Systems), provide some examples, and then highlight the challenges that I see to trigger a discussion about potentials directions for development of formal methods for enabling such analysis.