Identifying Near-Optimal Single-Shot Attacks on ICSs with Limited Process Knowledge

Herson Esquivel-Vargas; John Henry Castellanos; Marco Caselli; Nils Ole Tippenhauer; Andreas Peter

doi:10.1007/978-3-031-09234-3_9

Identifying Near-Optimal Single-Shot Attacks on ICSs with Limited Process Knowledge

Herson Esquivel-Vargas^*, John Henry Castellanos, Marco Caselli, Nils Ole Tippenhauer, Andreas Peter

^*Corresponding author for this work

Semantics, Cybersecurity & Services

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

2 Citations (Scopus)

55 Downloads (Pure)

Abstract

Industrial Control Systems (ICSs) rely on insecure protocols and devices to monitor and operate critical infrastructure. Prior work has demonstrated that powerful attackers with detailed system knowledge can manipulate exchanged sensor data to deteriorate performance of the process, even leading to full shutdowns of plants. Identifying those attacks requires iterating over all possible sensor values, and running detailed system simulation or analysis to identify optimal attacks. That setup allows adversaries to identify attacks that are most impactful when applied on the system for the first time, before the system operators become aware of the manipulations. In this work, we investigate if constrained attackers without detailed system knowledge and simulators can identify comparable attacks. In particular, the attacker only requires abstract knowledge on general information flow in the plant, instead of precise algorithms, operating parameters, process models, or simulators. We propose an approach that allows single-shot attacks, i.e., near-optimal attacks that are reliably shutting down a system on the first try. The approach is applied and validated on two use cases, and demonstrated to achieve comparable results to prior work, which relied on detailed system information and simulations.

Original language	English
Title of host publication	Applied Cryptography and Network Security 2022
Subtitle of host publication	20th International Conference, ACNS 2022
Editors	Giuseppe Ateniese, Daniele Venturi
Place of Publication	Rome, Italy
Pages	170-192
Number of pages	23
DOIs	https://doi.org/10.1007/978-3-031-09234-3_9
Publication status	Published - 18 Jun 2022
Event	20th International Conference on Applied Cryptography and Network Security, ACNS 2022 - Rome, Italy Duration: 20 Jun 2022 → 23 Jun 2022 Conference number: 20

Conference

Conference	20th International Conference on Applied Cryptography and Network Security, ACNS 2022
Abbreviated title	ACNS
Country/Territory	Italy
City	Rome
Period	20/06/22 → 23/06/22

Keywords

n/a OA procedure

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1007/978-3-031-09234-3_9

10.48550_arxiv.2204.09106Submitted version, 1.14 MB

Cite this

@inproceedings{aeecb43c7f80437f998d24ecaf3ab0e7,

title = "Identifying Near-Optimal Single-Shot Attacks on ICSs with Limited Process Knowledge",

abstract = "Industrial Control Systems (ICSs) rely on insecure protocols and devices to monitor and operate critical infrastructure. Prior work has demonstrated that powerful attackers with detailed system knowledge can manipulate exchanged sensor data to deteriorate performance of the process, even leading to full shutdowns of plants. Identifying those attacks requires iterating over all possible sensor values, and running detailed system simulation or analysis to identify optimal attacks. That setup allows adversaries to identify attacks that are most impactful when applied on the system for the first time, before the system operators become aware of the manipulations. In this work, we investigate if constrained attackers without detailed system knowledge and simulators can identify comparable attacks. In particular, the attacker only requires abstract knowledge on general information flow in the plant, instead of precise algorithms, operating parameters, process models, or simulators. We propose an approach that allows single-shot attacks, i.e., near-optimal attacks that are reliably shutting down a system on the first try. The approach is applied and validated on two use cases, and demonstrated to achieve comparable results to prior work, which relied on detailed system information and simulations.",

keywords = "n/a OA procedure",

author = "Herson Esquivel-Vargas and Castellanos, {John Henry} and Marco Caselli and Tippenhauer, {Nils Ole} and Andreas Peter",

year = "2022",

month = jun,

day = "18",

doi = "10.1007/978-3-031-09234-3_9",

language = "English",

isbn = "9783031092336",

pages = "170--192",

editor = "Giuseppe Ateniese and Daniele Venturi",

booktitle = "Applied Cryptography and Network Security 2022",

note = "20th International Conference on Applied Cryptography and Network Security, ACNS 2022, ACNS ; Conference date: 20-06-2022 Through 23-06-2022",

}

Esquivel-Vargas, H, Castellanos, JH, Caselli, M, Tippenhauer, NO & Peter, A 2022, Identifying Near-Optimal Single-Shot Attacks on ICSs with Limited Process Knowledge. in G Ateniese & D Venturi (eds), Applied Cryptography and Network Security 2022: 20th International Conference, ACNS 2022. Rome, Italy, pp. 170-192, 20th International Conference on Applied Cryptography and Network Security, ACNS 2022, Rome, Italy, 20/06/22. https://doi.org/10.1007/978-3-031-09234-3_9

Identifying Near-Optimal Single-Shot Attacks on ICSs with Limited Process Knowledge. / Esquivel-Vargas, Herson; Castellanos, John Henry; Caselli, Marco et al.
Applied Cryptography and Network Security 2022: 20th International Conference, ACNS 2022. ed. / Giuseppe Ateniese; Daniele Venturi. Rome, Italy, 2022. p. 170-192.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Identifying Near-Optimal Single-Shot Attacks on ICSs with Limited Process Knowledge

AU - Esquivel-Vargas, Herson

AU - Castellanos, John Henry

AU - Caselli, Marco

AU - Tippenhauer, Nils Ole

AU - Peter, Andreas

N1 - Conference code: 20

PY - 2022/6/18

Y1 - 2022/6/18

N2 - Industrial Control Systems (ICSs) rely on insecure protocols and devices to monitor and operate critical infrastructure. Prior work has demonstrated that powerful attackers with detailed system knowledge can manipulate exchanged sensor data to deteriorate performance of the process, even leading to full shutdowns of plants. Identifying those attacks requires iterating over all possible sensor values, and running detailed system simulation or analysis to identify optimal attacks. That setup allows adversaries to identify attacks that are most impactful when applied on the system for the first time, before the system operators become aware of the manipulations. In this work, we investigate if constrained attackers without detailed system knowledge and simulators can identify comparable attacks. In particular, the attacker only requires abstract knowledge on general information flow in the plant, instead of precise algorithms, operating parameters, process models, or simulators. We propose an approach that allows single-shot attacks, i.e., near-optimal attacks that are reliably shutting down a system on the first try. The approach is applied and validated on two use cases, and demonstrated to achieve comparable results to prior work, which relied on detailed system information and simulations.

AB - Industrial Control Systems (ICSs) rely on insecure protocols and devices to monitor and operate critical infrastructure. Prior work has demonstrated that powerful attackers with detailed system knowledge can manipulate exchanged sensor data to deteriorate performance of the process, even leading to full shutdowns of plants. Identifying those attacks requires iterating over all possible sensor values, and running detailed system simulation or analysis to identify optimal attacks. That setup allows adversaries to identify attacks that are most impactful when applied on the system for the first time, before the system operators become aware of the manipulations. In this work, we investigate if constrained attackers without detailed system knowledge and simulators can identify comparable attacks. In particular, the attacker only requires abstract knowledge on general information flow in the plant, instead of precise algorithms, operating parameters, process models, or simulators. We propose an approach that allows single-shot attacks, i.e., near-optimal attacks that are reliably shutting down a system on the first try. The approach is applied and validated on two use cases, and demonstrated to achieve comparable results to prior work, which relied on detailed system information and simulations.

KW - n/a OA procedure

U2 - 10.1007/978-3-031-09234-3_9

DO - 10.1007/978-3-031-09234-3_9

M3 - Conference contribution

SN - 9783031092336

SP - 170

EP - 192

BT - Applied Cryptography and Network Security 2022

A2 - Ateniese, Giuseppe

A2 - Venturi, Daniele

CY - Rome, Italy

T2 - 20th International Conference on Applied Cryptography and Network Security, ACNS 2022

Y2 - 20 June 2022 through 23 June 2022

ER -

Identifying Near-Optimal Single-Shot Attacks on ICSs with Limited Process Knowledge

Abstract

Conference

Keywords

UN SDGs

Access to Document

Fingerprint

Cite this