Schedule randomization based countermeasures against timing attacks in real-time wireless networks
Cyber-physical systems are realized as those systems where the computation, communication and physical processes interact with each other (e.g., robotic systems, automotives, etc). A large class of cyber-physical systems are associated with strict timeliness requirements. They are known as ‘real-tim...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis-Doctor of Philosophy |
| Language: | English |
| Published: |
Nanyang Technological University
2022
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/158421 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | Cyber-physical systems are realized as those systems where the computation, communication and physical processes interact with each other (e.g., robotic systems, automotives, etc). A large class of cyber-physical systems are associated with strict timeliness requirements. They are known as ‘real-time systems’ (e.g., smart grids, avionics, etc).
Industrial control systems (ICS) are real-time systems that consist of several closed-loop controls. The main components of a control loop are — a physical plant, sensors, actuators and a controller. The sensors transmit the measurement data to the controller that generates appropriate control signals to actuate the physical plant. Large-scale wireless sensor actuator networks form the main communication framework among the network devices in ICS. Most of the communications between each of these devices are periodic real-time flows with hard deadlines. To ensure reliability, the communication in these
systems are time-division multiple access (TDMA) based. Dedicated network resources (time-slots and frequencies) are allocated to these devices in advance and the communication schedule is pre-computed to satisfy the hard deadlines of the real-time flows. The same schedule is repeated over time which makes the schedule predictable in nature. However, a malicious attacker can exploit this predictable time-slots in the schedules to launch timing attacks. Since these applications are time-critical, timing attacks can
completely undermine the system performance leading the system to an unsafe state.
Schedule randomization is a popular defense mechanism to mitigate timing attacks. Although a few works exist in the literature that use schedule randomization as a countermeasure against timing attacks in real-time uniprocessor systems, none of them are applicable for real-time wireless networks. Schedule randomization as a countermeasure against timing attacks in real-time wireless networks remained largely unexplored. With this objective in focus, this thesis addresses some schedule randomization techniques to
mitigate timing attacks in real-time wireless networks.
Among the existing wireless network protocols that are in use, the WirelessHART is the most suitable and widely adopted protocol in ICS. A WirelessHART protocol supports centralized architecture, TDMA based communication, multiple channels, etc. All of these characteristics of a WirelessHART network facilitate reliable and predictable communication with real-time flow guarantees in ICS. However, the predictable communication exposes the system to timing attacks, such as selective jamming attacks. Selective jamming attacks are stealthy attacks, however, it can lead the system to an unstable state and can disrupt the safety of the system. As a countermeasure against such attack in WirelessHART network, we propose a centralized schedule randomization technique that randomizes the time-slots and channels in the schedule over every hyperperiod (least common multiple of the periods of the real-time flows) without violating the hard deadlines of the real-time flows, while still satisfying the feasibility constraints of a schedule in a WirelessHART network. The centralized technique generates the schedules offline
and distributes the schedules online, hence, cannot support any change in topology in the network. Further, this technique has energy overheads in distributing the schedules to all the network devices at runtime. Hence, we propose a distributed online schedule randomization technique that can generate random feasible schedules at runtime in each network device without affecting the closed-loop control stability. To increase the extent of randomization of time-slots in the schedules, this online distributed technique adopts a period adaptation strategy that can adjust the transmission periods of the real-time flows at runtime depending on the stability of the closed-loop controls.
To support an ever-growing number of devices and dense connectivity, the fifth generation (5G) cellular networks is expected to serve as the main communication standard in the future wireless sensor networks. Among the different service categories supported by 5G, the ultra-reliable low-latency communication (URLLC) is mostly suitable for time-critical applications such as the ICS. The communication in 5G is organized into slots over multiple frequencies. To satisfy the hard deadlines of the URLLC flows in
ICS, a part of the resources (slots and frequencies) in 5G are reserved for URLLC traffic and the same schedule is repeated over time. The repetition of the same schedule over time makes the slots in the schedules predictable. This, in turn, makes the 5G networks vulnerable to timing attacks. However, the proposed schedule randomization techniques for WirelessHART networks are not applicable for dynamic networks like 5G where the number of flows and the amount of available network resources for URLLC flows vary at runtime. Moreover, the feasibility of the real-time flows need to be guaranteed at runtime. Hence, we propose an online schedule randomization technique that randomizes the slots and the frequencies of the periodic URLLC flows while guaranteeing the feasibility of the flows at runtime. |
|---|