Visible to the public Biblio

Filters: Author is Mehrpouyan, Hoda  [Clear All Filters]
2022-03-22
O’Toole, Sean, Sewell, Cameron, Mehrpouyan, Hoda.  2021.  IoT Security and Safety Testing Toolkits for Water Distribution Systems. 2021 8th International Conference on Internet of Things: Systems, Management and Security (IOTSMS). :1—8.

Due to the critical importance of Industrial Control Systems (ICS) to the operations of cities and countries, research into the security of critical infrastructure has become increasingly relevant and necessary. As a component of both the research and application sides of smart city development, accurate and precise modeling, simulation, and verification are key parts of a robust design and development tools that provide critical assistance in the prevention, detection, and recovery from abnormal behavior in the sensors, controllers, and actuators which make up a modern ICS system. However, while these tools have potential, there is currently a need for helper-tools to assist with their setup and configuration, if they are to be utilized widely. Existing state-of-the-art tools are often technically complex and difficult to customize for any given IoT/ICS processes. This is a serious barrier to entry for most technicians, engineers, researchers, and smart city planners, while slowing down the critical aspects of safety and security verification. To remedy this issue, we take a case study of existing simulation toolkits within the field of water management and expand on existing tools and algorithms with simplistic automated retrieval functionality using a much more in-depth and usable customization interface to accelerate simulation scenario design and implementation, allowing for customization of the cyber-physical network infrastructure and cyber attack scenarios. We additionally provide a novel in-tool-assessment of network’s resilience according to graph theory path diversity. Further, we lay out a roadmap for future development and application of the proposed tool, including expansions on resiliency and potential vulnerability model checking, and discuss applications of our work to other fields relevant to the design and operation of smart cities.

2020-09-18
Rasapour, Farhad, Serra, Edoardo, Mehrpouyan, Hoda.  2019.  Framework for Detecting Control Command Injection Attacks on Industrial Control Systems (ICS). 2019 Seventh International Symposium on Computing and Networking (CANDAR). :211—217.

This paper focuses on the design and development of attack models on the sensory channels and an Intrusion Detection system (IDS) to protect the system from these types of attacks. The encoding/decoding formulas are defined to inject a bit of data into the sensory channel. In addition, a signal sampling technique is utilized for feature extraction. Further, an IDS framework is proposed to reside on the devices that are connected to the sensory channels to actively monitor the signals for anomaly detection. The results obtained based on our experiments have shown that the one-class SVM paired with Fourier transformation was able to detect new or Zero-day attacks.

2019-05-09
Shrestha, Roshan, Mehrpouyan, Hoda, Xu, Dianxiang.  2018.  Model Checking of Security Properties in Industrial Control Systems (ICS). Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy. :164-166.

With the increasing inter-connection of operation technology to the IT network, the security threat to the Industrial Control System (ICS) is increasing daily. Therefore, it is critical to utilize formal verification technique such as model checking to mathematically prove the correctness of security and safety requirements in the controller logic before it is deployed on the field. However, model checking requires considerable effort for regular ICS users and control technician to verify properties. This paper, provides a simpler approach to the model checking of temperature process control system by first starting with the control module design without formal verification. Second, identifying possible vulnerabilities in such design. Third, verifying the safety and security properties with a formal method.