In contemporary society, Smart Water Supply Systems (SWSS) are Cyber-Physical Systems whose deployment plays a pivotal role in ensuring the provision of high-quality water services. The imperative of safeguarding these systems against cyber-physical attacks cannot be overstated, as their security and reliability directly impact public health and safety. This study introduces a proactive security-by-design approach that abstracts SWSS as a Discrete Event System and verifies their vulnerability against power consumption tracking-malware attack by applying the principle of opacity. We assume that the malicious intruder can understand the system architecture and can access its power consumption information and aims at inferring one or more states in which the water provisioning is at risk, i.e, the system secret. The proposed approach consists in defining the Switching Output Automaton (SOA) of the designed SWSS and verify the current state opacity of the SWSS based on the definition of the evolution automaton and the observer of the defined SOA. In case the designed system results non-opaque, the SWSS can be redesigned prior its implementation. The method is applied to a testbed emulating a scaled-down SWSS for which the secret is a set of critical states whose attack can compromise the proper water provisioning to customers. The results demonstrate that our approach can effectively support the security-by-design of SWSS and enhance their resilience against sophisticated attacks.
Liu, T., Seatzu, C., Pascucci, F., Cavone, G., Giua, A. (2024). Security-by-Design of Smart Water Supply Systems: a Switching Output Automaton-based Approach. In 2024 IEEE 20th International Conference on Automation Science and Engineering (CASE) (pp.1532-1539) [10.1109/case59546.2024.10711328].
Security-by-Design of Smart Water Supply Systems: a Switching Output Automaton-based Approach
Pascucci, Federica;Cavone, Graziana
;
2024-01-01
Abstract
In contemporary society, Smart Water Supply Systems (SWSS) are Cyber-Physical Systems whose deployment plays a pivotal role in ensuring the provision of high-quality water services. The imperative of safeguarding these systems against cyber-physical attacks cannot be overstated, as their security and reliability directly impact public health and safety. This study introduces a proactive security-by-design approach that abstracts SWSS as a Discrete Event System and verifies their vulnerability against power consumption tracking-malware attack by applying the principle of opacity. We assume that the malicious intruder can understand the system architecture and can access its power consumption information and aims at inferring one or more states in which the water provisioning is at risk, i.e, the system secret. The proposed approach consists in defining the Switching Output Automaton (SOA) of the designed SWSS and verify the current state opacity of the SWSS based on the definition of the evolution automaton and the observer of the defined SOA. In case the designed system results non-opaque, the SWSS can be redesigned prior its implementation. The method is applied to a testbed emulating a scaled-down SWSS for which the secret is a set of critical states whose attack can compromise the proper water provisioning to customers. The results demonstrate that our approach can effectively support the security-by-design of SWSS and enhance their resilience against sophisticated attacks.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.