Cyber-Physical System Security School

Speakers

Prof. Cristina Alcaraz

University of Malaga, Spain

Prof. Cristina Alcaraz

Talk title: New Security Trends in IIoT and Cyber Physical Systems

Abstract:

Increasingly, we are witnessing how today's Industry, also known as Industry 4.0, is adapting the new technologies (e.g., IoT, Robotic, virtualization, Big data, machine-learning, etc.) to traditional operational processes so as to (i) optimize industrial operat...ions and (ii) get great economical benefits. In this modernization attempt, new stakeholders, such as customers or international organizations, also deal with promoting efficient and effective operations to create complex ecosystems based on "smart services” (e.g., smart energy, smart health, smart transportation, etc.), the core of which are mainly feeded up by evidences coming from CPS/IIoT devices. The interconnection of these systems, the multiple IT-OT connections and the interaction of diverse stakeholders may, however, imply a significant increase of vulnerabilities and risks, exposing the system to diverse penetrations and sophisticated cyber-attacks. For this reason, Industry, Governments and Academy in general, are interested in proposing and deploying advanced protection measures such as remote attestation, isolation of IT-OT domains, advanced prevention and response systems, resilience mechanisms, traceability, trust management or privacy, among others. All these aspects will widely be discussed throughout the course, exploring the new protection trends and needs.

Dr. Giuseppe Bernieri

University of Padova, Italy

Dr. Giuseppe Bernieri

Talk title: Covert channels: threats and security implementations for cyber-physical and industrial systems

Abstract:

Covert channels are complex attacks that create capabilities to transfer information between network nodes exploiting normal communication. In cyber-physical and industrial scenarios, covert channels are difficult to detect and through the analy...sis of these advanced threats it is possible to develop effective detection methodologies.
In this talk, I will present an architecture for the security of cyber-physical and industrial systems. Moreover, I will discuss potential covert channel attack techniques and how covert channels can also be used for security purposes.

Luca Bizzotto

IBM, Italy

Luca Bizzotto

Industry talk: Industrial and Critical Infrastructures Security

Abstract: Power plants, telecommunications, hospitals, ATM, everything are doomed by PLC and today attackers are very interested to gain their control, let’s see how simple is to hacking those systems and the strategies to protect them.

Prof. Mauro Conti

University of Padova, Italy

Prof. Mauro Conti
  • Welcome Message: Introducing the School and the SPRITZ Security and Privacy Research Group together with its activities in the area of cyber-physical system.

  • Final Remarks

Prof. Nicola Laurenti

University of Padova, Italy

Prof. Nicola Laurenti

Talk title: Securing GNSS positioning, navigation and timing by signal integrity protection

Abstract:

Many of the cyber-physical systems and services employed in our society rely on precise positioning and timing provided by the so called "civilian" GNSS systems. However, the currently available services do not offer a guarantee on the integ...rity of the position, velocity and time information provided.
In this talk we shall review the principles of GNSS positioning and timing, describe its vulnerabilities and the many threats that affect them. We will present and discuss several mechanisms that have been proposed in the literature and discussed within regulatory bodies, in order to increase the level of assurance for civilian GNSS, and show how customary solutions from other contexts, such as digital signatures may not be sufficient in this case. Finally, we will outline open problems and future challenging lines of research that are worth pursuing in order to guarantee secure positioning navigation and timing services that will benefit our whole society.

Prof. Aditya P. Mathur

Purdue University, USA and SUTD, Singapore

Prof. Aditya P. Mathur

Talk title: Detecting and avoiding process anomalies in critical infrastructure

Abstract:

Critical infrastructure, such as electric power grid and water treatment systems, have become the targets of cyber-attacks. Though successful attacks are few and far apart, attempts are many and on the rise. A successful cyber-attack leads an opera...tional plant into an anomalous state and, in the absence of timely action, results in plant damage and disruption of essential services. Stuxnet and Ukraine power plant are two well-known examples of such attacks. Thus, it is important to install mechanisms for preventing attackers from getting into a plant, as well as those for detecting and avoiding anomalies that arise when the firewalls are breached.
This talk focuses on methods for detecting process anomalies with high confidence, and for avoiding certain types of anomalies that lead to service disruption. Practical implementation of such techniques in large operational plants, and the associate challenges, will be discussed.

Eng. Enrico Mercadante

CISCO, Italy

Eng. Enrico Mercadante

Industry talk: Cybersecurity in a changing world (threats should be opportunities)

Abstract: The way new companies are build is completely different.
Companies will be Open and Connected are Programmable and are Automated with a completely new focus on Cybersecurity.

Prof. Henrik Sandberg

KTH Royal Institute of Technology, Sweden

Prof. Henrik Sandberg

Talk title: Control-Engineering Approach to Cyber-Physical Security

Abstract:

In this talk, we discuss how control engineering can contribute to the analysis and design of secure cyber-physical systems. We start by reviewing conditions for detectability and impact of data attacks targeting feedback control loops running over communication networks. We investig...ate three different attack scenarios: Sensor attacks, actuator attacks, and coordinated actuator and sensor attacks. In particular, we highlight how a physical understanding of the controlled process can guide us in the allocation of counter measures and limit the possible impact of attacks. We will also discuss two case studies of resilient control in smart electrical power grids.

Prof. Nils Ole Tippenhauer

CISPA, Germany

Prof. Nils Ole Tippenhauer

Talk title: A Systems Security Perspective On ICS

Abstract:

Industrial Control Systems are complex engineering systems, designed for safe and efficient operations. Due to their long lifetime and availability requirements, real-world systems struggle to implement basic cybersecurity measures.
We introduce networks and devic...es in real-world ICS, and discuss common security challenges. In particular, challenges related to industrial protocols, veracity of sensor readings, and host security are considered. In addition, options for (complementary) security countermeasures to address those challenges are proposed and compared.

Prof. Selcuk Uluagac

Floride International University, USA

Prof. Selcuk Uluagacr

Talk title: Securing Devices and Applications in the Internet of Things and Cyber-Physical Systems Era

Abstract:

Cyber space is expanding fast with the introduction of new Internet of Things (IoT) and CPS devices. Wearables, smart watches, smart glasses, fitness trackers, medical devices, Internet-connected house/off...ice appliances and vehicles have grown exponentially in a short period of time. Given the increasingly critical nature of the cyberspace of these IoT devices and applications, it is imperative that they are secured against malicious activities. In the 2019 version of the University of Padova International PhD Summer School on "Cyber-Physical System Security" (CPS, I will teach the participants some of the state-of-the-art research results related to the security of IoT and CPS devices and applications in the Cyber-Physical Systems Security Lab (CSL) (http://csl.fiu.edu): (1) The first topic will introduce the sensor threats to CPS and IoT systems. I will discuss how using sensors (e.g., light, temperature, infrared) on CPS/IoT devices, an adversary can successfully attack IoT/CPS applications and devices. (2) The second topic will introduce the design of a novel IoT device fingerprinting and identification framework to complement existing security solutions (e.g., authentication and access control) in identifying CPS and IoT devices (i.e., ensuring the devices are actually who they are). (3) The third topic will focus on the threat of compromised smart grid devices (e.g., PMUs, IEDs). Such devices may exist in the deployment region without a priori knowledge and may leak important information to malicious entities. (4) I will introduce a usable wearable-assisted continuous authentication framework where a wearable device (e.g., smartwatch) is used to authenticate a computer user continuously utilizing the motion sensors of the wearable. Finally, (5) I will introduce a novel framework for analyzing sensitive data leakage from different IoT applications and implementations.

Prof. Giuseppe Vallone

University of Padua, Italy

Prof. Giuseppe Vallone

Talk title: Quantum Technologies: a new frontier in cyber-security

Abstract:

Within the last two decades, Quantum Technologies have made tremendous progress, from proof-of-principle demonstrations to real life applications: Quantum-Key-Distribution (QKD) and Quantum Random Number Generators (QRNGs) represent two paradigmatic examples. QKD allows the excha...nge of secure cryptographic keys between two authorized users with the guarantee of unconditional secrecy thanks to quantum mechanical principles. QRNG are based on the intrinsic randomness of quantum measurements.
Here we first review the basic principles of QKD and QRNGs. We then discuss the state-of-the art, the challenges and the perspectives of quantum technologies for cyber-security.

With the support of:

UniPD logo

Mathematical department logo

SPRITZ group logo

CINI Cybersecurity National Lab

Human inspired technology logo

CISCO logo

CISPA logo

KTH logo

FIU logo

Malaga logo

SUTD logo