Conference:
3PGCIC 2015
10th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing
Title of the paper:
Security in Cloud-based Cyber-physical Systems
Authors:
Juha Puttonen, Samuel Olaiya Afolaranmi, Luis Gonzalez Moctezuma, Andrei Lobov, Jose L. Martinez Lastra
1. Security in Cloud-based Cyber-physical
Systems
•Date: November, 2015
•Linked to: RTD at FAST
Contact information
Tampere University of Technology,
FAST Laboratory,
P.O. Box 600,
FIN-33101 Tampere,
Finland
Email: fast@tut.fi
www.tut.fi/fast
Conference:
3PGCIC 2015
10th International Conference on P2P,
Parallel, Grid, Cloud and Internet
Computing
Title of the paper:
Security in Cloud-based Cyber-physical
Systems
Authors:
Juha Puttonen, Dr.Sc.
Samuel Olaiya Afolaranmi
Luis Gonzalez Moctezuma
Andrei Lobov, Dr.Sc.
Prof. Jose L. Martinez Lastra, Dr.Sc.
If you would like to receive a reprint of
the original paper, please contact us
2. Security in Cloud-based Cyber-
physical Systems
3PGCIC 2015
10th International Conference on P2P, Parallel, Grid, Cloud and Internet
Computing
Juha Puttonen
Samuel Olaiya Afolaranmi
Luis Gonzalez Moctezuma
Andrei Lobov
Jose L. Martinez Lastra
www.tut.fi/fast
http://www.youtube.com/user/fastlaboratory
3. Outline
• Recent Research on Security in Cloud-Based
Cyber-Physical Systems
• Security Challenges in Cyber-physical
Systems
–Factory Automation
–Smart Mobility Services
• Recapitulation
• Conclusions
4.11.20153PGCIC 2015 3
4. Recent Research on
Security in Cloud-Based
Cyber-Physical Systems (1/2)
• Cloud-based systems are accessed over the
internet → DoS and DDoS
–Pattern-based request filtering
Mobile Phone Networks [1] Smartphones [2]
● Availability of
Public services;
DoS
● Privacy; sensor
access
Vehicular Clouds [3]
● Context-awareness
● CVSMs
4.11.20153PGCIC 2015 4
5. Recent Research on
Security in Cloud-Based
Cyber-Physical Systems (2/2)
• Risk and threat analysis
– attack tree models considering
both the cyber and the physical
aspects [4]
– calculation of risk of each attack
path as a function of vulnerability
and threat [4]
• Object-oriented security requirements
analysis, specification, prioritization,
and policy development framework
[5]
Ultimate Goal
Sub Goal A Sub Goal B
Sub Goal C Sub Goal D
AND
[4]
User
Activities
Malicious
Activities
Prevention
Options
[5]
4.11.20153PGCIC 2015 5
OR
6. Smart Factory Automation
Systems: Introduction
• Provide production
operations as services
– Conveyor
• Transfer
– Robot
• Attach
• Load/Unload
• FASTory Simulator is also
available at
http://escop.rd.tut.fi:3000
4.11.20153PGCIC 2015 6
7. Smart Factory Automation
Systems: Software
Framework
4.11.20153PGCIC 2015 7
Conveyor Service
TransferStart
TransferStop
StateChanged
Service Orchestrator
AchieveGoal
CancelGoal
GoalStateChanged
Ontology Service
OntologyUpdated
ExecuteUpdate
ExecuteQuery
Cloud
8. Smart Factory Automation
Systems: Security
Challenges
4.11.20153PGCIC 2015 8
• Denial of service
–Central orchestrator service coordinates activities
•Unauthorized service requests
–Loss of material
–Production interruptions
•Unauthorized data manipulation
–Decisions based on system status model
•Confidentiality
–Production activities visible through service requests
9. Smart Mobility Services:
Introduction
• Provide mobility services to
citizens
• Promote environment-
friendly mobility habits
– Energy labels for
performance monitoring
• Trees
• Euros
• Energy (kWh)
– Point-based system for
incentives
Smart Mobility
Services
● Retrieve nearby transportation
facilities
● Retrieve journey options
● Retrieve energy consumption
status
● Journey option details
● User energy consumption
performance
4.11.20153PGCIC 2015 9
10. Smart Mobility Services:
System Components
Journey Planner Consumption Estimator
DetermineJourneyOptions CalculateJourneyProperties
Database Server
Weather ServiceTraffic ServiceDirection Service
Cloud 1
Cloud 2
GetBusDirections GetWeatherForecastGetTrafficStatus
● Provide journey plans for citizens
● Enable users to monitor their carbon footprint and physical exercise
● Users
● Journeys
4.11.20153PGCIC 2015 10
12. Smart Mobility Services:
Security Challenges (2/2)
• Unauthorized database access
–personal user information
–user journey selections
• Capturing of network traffic
–database operations
–API passphrases
• Unauthorized use of credentials
–user authentication and authorization
• DoS attacks
4.11.20153PGCIC 2015 12
13. Recapitulation
• Cyber-physical production systems can be
orchestrated by web services deployed on
cloud resources
• Smart mobility systems may be composed of
several components and services deployed
over various computing clouds
• Multi-cloud deployments require meticulous
security considerations
4.11.20153PGCIC 2015 13
14. Conclusions
• Despite the security implications, cloud
resources are frequently necessary for cyber-
physical systems
• The selection of cloud service providers is
critical in multi-cloud deployments
–applications
–resources
• Systematic methods should be applied to
address security threats in cloud-based
systems
4.11.20153PGCIC 2015 14
15. Acknowledgements
This research was carried out in the context of the research projects MUlti-
cloud Secure Applications (MUSA) and ICT Cloud-based Platform and
Mobility Services: Available, Universal and Safe for all Users (MoveUs).
MUSA is under the EU Research and Innovation programme Horizon 2020
(H2020), grant agreement number 644429, and MoveUs is under the
European Commission’s 7th framework programme, grant agreement
number 608885.
http://www.musa-project.eu/
http://www.moveus-project.eu/
4.11.20153PGCIC 2015 15
16. References
[1] L. Liu, X. Zhang, G. Yan, and S. Chen, “Exploitation and Threat Analysis of Open Mobile Devices,” in Proceedings
of the 5th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ser. ANCS ’09. New
York, NY, USA: ACM, 2009, pp. 20–29.
[2] L. Lei, Y. Wang, J. Zhou, D. Zha, and Z. Zhang, “A Threat to Mobile Cyber-Physical Systems: Sensor-Based
Privacy Theft Attacks on Android Smartphones,” in 2013 12th IEEE International Conference on Trust, Security and
Privacy in Computing and Communications (TrustCom), Jul. 2013, pp. 126–133.
[3] J. Wan, D. Zhang, S. Zhao, L. Yang, and J. Lloret, “Context-aware vehicular cyber-physical systems with cloud
support: architecture, challenges, and solutions,” IEEE Communications Magazine, vol. 52, no. 8, pp. 106–113, Aug.
2014.
[4] F. Xie, T. Lu, X. Guo, J. Liu, Y. Peng, and Y. Gao, “Security Analysis on Cyber-physical System Using Attack Tree,”
in 2013 Ninth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, Oct. 2013,
pp. 429–432.
[5] K. Fletcher and X. Liu, “Security Requirements Analysis, Specification, Prioritization and Policy Development in
Cyber-Physical Systems,” in 2011 5th International Conference on Secure Software Integration Reliability Improvement
Companion (SSIRI-C), Jun. 2011, pp. 106–113.
4.11.20153PGCIC 2015 16