You are previewing Handbook on Securing Cyber-Physical Critical Infrastructure.
O'Reilly logo
Handbook on Securing Cyber-Physical Critical Infrastructure

Book Description

The worldwide reach of the Internet allows malicious cyber criminals to coordinate and launch attacks on both cyber and cyber-physical infrastructure from anywhere in the world. This purpose of this handbook is to introduce the theoretical foundations and practical solution techniques for securing critical cyber and physical infrastructures as well as their underlying computing and communication architectures and systems. Examples of such infrastructures include utility networks (e.g., electrical power grids), ground transportation systems (automotives, roads, bridges and tunnels), airports and air traffic control systems, wired and wireless communication and sensor networks, systems for storing and distributing water and food supplies, medical and healthcare delivery systems, as well as financial, banking and commercial transaction assets. The handbook focus mostly on the scientific foundations and engineering techniques - while also addressing the proper integration of policies and access control mechanisms, for example, how human-developed policies can be properly enforced by an automated system.



*Addresses the technical challenges facing design of secure infrastructures by providing examples of problems and solutions from a wide variety of internal and external attack scenarios

    *Includes contributions from leading researchers and practitioners in relevant application areas such as smart power grid, intelligent transportation systems, healthcare industry and so on.

      *Loaded with examples of real world problems and pathways to solutions utilizing specific tools and techniques described in detail throughout

Table of Contents

  1. Cover Image
  2. Content
  3. Title
  4. Copyright
  5. Dedication
  6. About the Authors
  7. Contributors
  8. Foreword
  9. Securing Cyber-Physical Infrastructure Perspectives and Overview of the Handbook
  10. PART I. Theoretical Foundations
    1. Introduction
    2. Chapter 1. Security and Vulnerability of Cyber-Physical Infrastructure Networks
      1. 1.1 Introduction
      2. 1.2 Definitions for Security and Vulnerability of Network Dynamics
      3. 1.3 Network Control Tools for Characterizing and Designing Security and Vulnerability
      4. 1.4 Conclusions and Future Work
    3. Chapter 2. Game Theory for Infrastructure Security
      1. 2.1 Introduction
      2. 2.2 Preliminaries
      3. 2.3 Intent-based Adversary Model for Anomaly Detection
      4. 2.4 Intent-based Adversary Model for Anonymous Communication Systems
      5. 2.5 Conclusion
    4. Chapter 3. An Analytical Framework for Cyber-Physical Networks
      1. 3.1 Introduction
      2. 3.2 Spatial Dispersion Models
      3. 3.3 CPN Design and Analysis
      4. 3.4 CPN Infrastructure Robustness
      5. 3.5 Conclusions
      6. Acknowledgments
    5. Chapter 4. Evolution of Widely Spreading Worms and Countermeasures
      1. 4.1 Introduction
      2. 4.2 Objectives and strategies of Worm propagator and defender
      3. 4.3 Worm Initial Attacks
      4. 4.4 Defense against initial attacks
      5. 4.5 Worm Evolution
      6. 4.6 Defense Evolution versus Worm Evolution
      7. 4.7 Final Remarks
  11. PART II. Security for Wireless Mobile Networks
    1. Introduction
    2. Chapter 5. Mobile Wireless Network Security
      1. 5.1 Introduction
      2. 5.2 Wireless Communications Security
      3. 5.3 Mobility Support Security
      4. 5.4 Conclusion and Future Research
    3. Chapter 6. Robust Wireless Infrastructure against Jamming Attacks
      1. 6.1 Introduction
      2. 6.2 Design Vulnerabilities of Wireless Infrastructure
      3. 6.3 Resiliency to Outsider Cross-Layer Attacks
      4. 6.4 Resiliency to Insider Cross-Layer Attacks
      5. 6.5 Game-Theoretic Models and Mechanisms
      6. 6.6 Conclusions
    4. Chapter 7. Security for Mobile Ad Hoc Networks
      1. 7.1 Introduction
      2. 7.2 Basic Features of Manet
      3. 7.3 Security Challenges
      4. 7.4 Security Attacks
      5. 7.5 Providing Basic Security Infrastructure
      6. 7.6 Security Solutions
      7. 7.7 Secure AD HOC Routing
      8. 7.8 Intrusion Detection and Response
      9. 7.9 Conclusions and Future work
    5. Chapter 8. Defending Against Identity-Based Attacks in Wireless Networks
      1. 8.1 Introduction
      2. 8.2 Feasibility of Launching Identity-Based Attacks
      3. 8.3 Preventing Identity-Based Attacks via Authentication
      4. 8.4 Defending Against Spoofing Attacks
      5. 8.5 Defending Against Sybil Attacks
      6. 8.6 A Generalized Identity-Based Attack Detection Model
      7. 8.7 Challenges and Research Directions
      8. 8.8 Conclusion
  12. PART III. Security for Sensor Networks
    1. Introduction
    2. Chapter 9. Efficient and Distributed Access Control for Sensor Networks
      1. 9.1 Introduction
      2. 9.2 Existing Schemes
      3. 9.3 System Models and Assumptions
      4. 9.4 Scheme I: Uni-Access Query
      5. 9.5 Scheme II: Multi-Access Query
      6. 9.6 Evaluation
      7. 9.7 Conclusion and Future Work
    3. Chapter 10. Defending Against Physical Attacks in Wireless Sensor Networks
      1. 10.1 Introduction
      2. 10.2 Related Work
      3. 10.3 Physical Attacks in Sensor Networks
      4. 10.4 Challenges in Defending Against Physical Attacks
      5. 10.5 Case Study
      6. 10.6 Open Issues
      7. 10.7 Conclusions and Future Work
    4. Chapter 11. Node Compromise Detection in Wireless Sensor Networks
      1. 11.1 Introduction
      2. 11.2 Related Work
      3. 11.3 Preliminaries
      4. 11.4 Limited Node Compromise Detection
      5. 11.5 Wide-spread Node Compromise Detection
      6. 11.6 Conclusion and Future Work
  13. PART IV. Platform Security
    1. Introduction
    2. Chapter 12. Hardware and Security
      1. 12.1 Introduction
      2. 12.2 Hardware Supply Chain Security
      3. 12.3 Hardware Support for Software Security
      4. 12.4 Conclusions and Future Work
    3. Chapter 13. Languages and Security
      1. 13.1 Introduction
      2. 13.2 Compiler Techniques for Copyrights and Watermarking
      3. 13.3 Compiler Techniques for Code Obfuscation
      4. 13.4 Compiler Techniques for Code Integrity
      5. 13.5 Proof-Carrying Code and Authentication
      6. 13.6 Static Analysis Techniques and Tools
      7. 13.7 Information Flow Techniques
      8. 13.8 Rule checking, Verification, and Run-time Support
      9. 13.9 Language Modifications for Increased Safety and Security
      10. 13.10 Conclusions and Future Work
  14. PART V. Cloud Computing and Data Security
    1. Introduction
    2. Chapter 14. Protecting Data in Outsourcing Scenarios
      1. 14.1 Introduction
      2. 14.2 Data Encryption
      3. 14.3 Fragmentation for Protecting Data Confidentiality
      4. 14.4 Protecting Data Integrity
      5. 14.5 Open Issues
      6. 14.6 Conclusions
      7. Acknowledgments
    3. Chapter 15. Data Security in Cloud Computing
      1. 15.1 Overview
      2. 15.2 Data Security in Cloud Computing
      3. 15.3 Commercial and Organizational Practices
      4. 15.4 Summary
    4. Chapter 16. Secure Mobile Cloud Computing
      1. 16.1 Introduction
      2. 16.2 Cloud Computing
      3. 16.3 Mobile Cloud Computing Security
      4. 16.4 Virtual Node Security
      5. 16.5 Virtual Network Security
      6. 16.6 Mobile Application Security
      7. 16.7 Research Challenges and Open Issues
      8. 16.8 Summary and Conclusion
    5. Chapter 17. Relation Privacy Preservation in Publishing Online Social Networks
      1. 17.1 Introduction
      2. 17.2 Complete Identity Anonymization
      3. 17.3 Partially Exposing User Identity
      4. 17.4 Completely Disclosing User Identity
      5. 17.5 Utility Loss and Privacy Preservation Measures
      6. 17.6 Conclusion
  15. PART VI. Event Monitoring and Situation Awareness
    1. Introduction
    2. Chapter 18. Distributed Network and System Monitoring for Securing Cyber-Physical Infrastructure
      1. 18.1 Overview
      2. 18.2 System Model and Design Principles
      3. 18.3 Recent Progress and Major Milestone Results
      4. 18.4 Open Problems
      5. 18.5 Summary and Future Directions
    3. Chapter 19. Discovering and Tracking Patterns of Interest in Security Sensor Streams
      1. 19.1 Introduction
      2. 19.2 Sensor Event Analysis for Health Monitoring
      3. 19.3 Related Work
      4. 19.4 Discovering Activities
      5. 19.5 Recognizing Activities
      6. 19.6 Validation of Activity Discovery and Tracking Algorithms
      7. 19.7 Anomaly Detection
      8. 19.8 Conclusions
    4. Chapter 20. Pervasive Sensing and Monitoring for Situational Awareness
      1. 20.1 Introduction
      2. 20.2 Hierarchical Modeling and Reasoning in Cyber-Physical Systems
      3. 20.3 Adaptive Middleware for Cyber-Physical Spaces
      4. 20.4 Enabling Scalability in Cyber-Physical Spaces
      5. 20.5 Dependability in Sentient Spaces
      6. 20.6 Privacy in Pervasive Spaces
      7. 20.7 Conclusions
    5. Chapter 21. Sense and Response Systems for Crisis Management
      1. 21.1 Introduction
      2. 21.2 Decentralized Event Detection
      3. 21.3 Agency-Based and Community-Based Systems
  16. PART VII. Policy Issues in Security Management
    1. Introduction
    2. Chapter 22. Managing and Securing Critical Infrastructure – A Semantic Policy- and Trust-Driven Approach
      1. 22.1 Introduction
      2. 22.2 Related Work
      3. 22.3 A Policy and Trust Framework to Secure CPS
      4. 22.4 Prototype Implementations
      5. 22.5 Conclusion and Future Work
    3. Chapter 23. Policies, Access Control, and Formal Methods
      1. 23.1 Introduction
      2. 23.2 Access Control Concepts and Models
      3. 23.3 Tools and Methods for Managing Access Control
      4. 23.4 Formal Methods
      5. 23.5 Access Control for Critical Infrastructures – Open Problems and Possible Approaches
      6. 23.6 Concluding Remarks
    4. Chapter 24. Formal Analysis of Policy-Based Security Configurations in Enterprise Networks
      1. 24.1 Introduction
      2. 24.2 State of the Art
      3. 24.3 Formal Verification of Security Policy Implementations
      4. 24.4 Verification of IPSec Policies
      5. 24.5 Conclusion
      6. 24.6 Open Research Problems
  17. PART VIII. Security in Real-World Systems
    1. Introduction
    2. Chapter 25. Security and Privacy in the Smart Grid
      1. 25.1 Introduction
      2. 25.2 The Smart Grid
      3. 25.3 Security and Privacy Challenges
      4. 25.4 Toward a Secure and Privacy-Preserving Smart Grid
      5. 25.5 Concluding Remarks
    3. Chapter 26. Cyber-Physical Security of Automotive Information Technology
      1. 26.1 Introduction
      2. 26.2 Automotive Security Analysis
      3. 26.3 ECU Reprogramming Security Issues
      4. 26.4 Conclusion
      5. Acknowledgments
    4. Chapter 27. Security and Privacy for Mobile Health-Care (m-Health) Systems
      1. 27.1 Introduction
      2. 27.2 Electronic Health Record (EHR)
      3. 27.3 Privacy and Security in E-Health Care
      4. 27.4 State of the Art Design for Health Information Privacy and Sharing (HIPS)
      5. 27.5 Security Analysis
      6. 27.6 Conclusion and Future Work
      7. Acknowledgments
    5. Chapter 28. Security and Robustness in the Internet Infrastructure
      1. 28.1 Introduction
      2. 28.2 Vulnerabilities in Domain Name Resolution
      3. 28.3 Security Solutions for the Domain Name System
      4. 28.4 Secure End-to-End Communication Protocols
      5. 28.5 Integrity of Internet Routing
      6. 28.6 Integrity Below the IP Layer
      7. 28.7 Configuration Management Security
      8. 28.8 Conclusions and Future Challenges
      9. Acknowledgments
    6. Chapter 29. Emergency Vehicular Networks
      1. 29.1 Introduction
      2. 29.2 Emergency Vehicle Support
      3. 29.3 The “Emergency” Vehicle Grid
      4. 29.4 Basic Urban Grid Routing
      5. 29.5 Delay-Tolerant Vehicular Routing
      6. 29.6 Mobimesh and Geo-Location Server: Finding the Destination Coordinates During the Emergency
      7. 29.7 Content Routing Across the Vanet
      8. 29.8 Emergency Video Dissemination
      9. 29.9 Vehicular Grid Surveillance
      10. 29.10 Map Updates Using Crowdsourcing
      11. 29.11 Security in the Emergency Vehicular Network
      12. 29.12 Conclusions
    7. Chapter 30. Security Issues in VoIP Telecommunication Networks
      1. 30.1 Introduction
      2. 30.2 Connection Establishment and Call Routing
      3. 30.3 Man-in-the-Middle Attacks
      4. 30.4 Voice Pharming
      5. 30.5 Billing Attacks
      6. 30.6 Security Requirements of a P2P Telecommunication Network
      7. 30.7 Small World VIP-P2PSIP-Based on Trust
      8. 30.8 Conclusion
      9. Acknowledgements
  18. Index