Visible to the public An Impact-Aware Defense against StuxnetConflict Detection Enabled

TitleAn Impact-Aware Defense against Stuxnet
Publication TypeConference Paper
Year of Publication2013
AuthorsAndrew Clark, Quanyan Zhu, University of Illinois at Urbana-Champaign, Radha Poovendran, Tamer Başar, University of Illinois at Urbana-Champaign
Conference NameIFAC American Control Conference (ACC 2013)
Date Published06/2013
Conference LocationWashington, DC
KeywordsNSA SoS Lablets Materials, Toward a Theory of Resilience in Systems: A Game-Theoretic Approach, UIUC
Abstract

The Stuxnet worm is a sophisticated malware designed to sabotage industrial control systems (ICSs). It exploits vulnerabilities in removable drives, local area communication networks, and programmable logic controllers (PLCs) to penetrate the process control network (PCN) and the control system network (CSN). Stuxnet was successful in penetrating the control system network and sabotaging industrial control processes since the targeted control systems lacked security mechanisms for verifying message integrity and source authentication. In this work, we propose a novel proactive defense system framework, in which commands from the system operator to the PLC are authenticated using a randomized set of cryptographic keys. The framework leverages cryptographic analysis and controland game-theoretic methods to quantify the impact of malicious commands on the performance of the physical plant. We derive the worst-case optimal randomization strategy as a saddle-point equilibrium of a game between an adversary attempting to insert commands and the system operator, and show that the proposed scheme can achieve arbitrarily low adversary success probability for a sufficiently large number of keys. We evaluate our proposed scheme, using a linear-quadratic regulator (LQR) as a case study, through theoretical and numerical analysis.

Citation Keynode-31840

Other available formats:

An Impact-Aware Defense against Stuxnet
AttachmentSize
bytes