Welcome to Web Connectivity and Security in Cyber Physical Systems! In this course, we will explore several technologies that bring modern devices together, facilitating a network of connected things and making devices internet enabled. We will discuss rules, protocols, and standards for these devices to communicate with each other in the network. We will also go through security and privacy issues and challenges in cyber physical systems (CPS). We will explore measures and techniques for securing systems from different perspectives. Possible attack models are introduced and solutions to tackle such attacks are discussed. Moreover, some basic concepts related to privacy in cyber physical systems are presented. The course comprises altogether five modules and is split up into two main sections. The first section contains three modules and centers on the problem of web connectivity in cyber physical systems. The second section consist of two modules focusing on security measures in such systems. Each module ends with a graded quiz, and there is a final peer reviewed exam at the end of the course covering the two main sections of the course. After completing this course, you will have the basic knowledge and capacity for designing the network architecture of your cyber physical system. This includes putting together different components, selecting suitable communication protocols, and utilizing these protocols in your system. You will also be able to define security requirements for your system and choose and implement a proper security and privacy technique to protect it.
Key Concepts in Cyber Physical Systems
Loading...
Del curso dictado por EIT Digital
Web Connectivity and Security in Embedded Systems
40 calificaciones
De la lección
CPS Security and Privacy
In this module you will learn the basic concepts about security and privacy in cyber physical systems. More specifically the learning objectives include:
Conoce a los instructores
Juha PlosilaAssociate Professor
Information Technology
Farhoud HosseinpourDoctoral Researcher
Information Technology
[MUSIC]
Hello, welcome back.
In the previous lesson,
we looked at security requirements of cyber-physical systems.
In this video lecture, we will learn about fundamental security concepts and
methods that provide security for cyber physical systems.
Confidentiality is one of the most important aspect of security.
Confidentiality refers to protecting personal privacy and
proprietary information from unauthorized access.
It is very important to protect such information from being disclosed to people
who are not eligible to access it.
In most of the cases, confidentiality is roughly equivalent to privacy.
In cyber-physical systems due to the heterogeneous nature of the system and
physically observable outputs or events, information flow is complex,
resulting in a greater risk of confidentiality and privacy violations.
Encryption is one of the most efficient methods of protecting
confidentiality of data in systems.
Cryptographic solutions, however, involves complex computations that
require sufficient amount of computing power to be applicable in the system.
Using encryption in cyber-physical systems has some restrictions
due to limited computing and storage capacity of devices.
And in some cases, also limited energy available for devices.
So in order to deal with this problem,
lightweight cryptographic mechanisms should be applied.
Data and cyber-physical systems must be encrypted when it is stored or
transferred.
In addition to encrypting data, it is also important to limit access to data.
The proper access control system will guarantee that data is accessible
only to authorized people or devices.
Besides controlling logical access to computings, resources, network and data.
Also physical access to system components, such as computing hardware, sensors,
actuators and even monitor environment if possible needs to be restricted.
Logical access control is accomplished by an access control policy.
Some well-known access control policies are Role Based Access Control or RBAC.
Mandatory Access Control or MAC and Identity based Access Control or IBAC.
Confidentiality could be compromised in different ways.
For example, a physical network line could be attacked by wire
tapping the line to monitor and record network communication.
In this case, if the communication is not encrypted,
the data will be accessible to the attacker.
A password attack is another type of confidentiality attack,
which exploits passwords using different cracking tools.
Such tools try several different combinations of most commonly used words
to crack a password.
This is why choosing a strong password is very important.
A strong password is more difficult to crack for the tools.
You can find some good tips on choosing a strong password on the internet.
Phishing or pharming is another way of acquiring passwords and
other sensitive information.
In a phishing attack, the victim receives an email or
another type of message that appears to be send by unknown contact.
The email might contain malware infected attachments or
provide a link to a fake looking page
Integrity is another aspect of security.
Integrity involves maintaining the consistency, accuracy and
trustworthiness of data over its entire lifecycle.
Integrity ensures that information is not modified by unauthorized entities.
In addition to data, integrity is also required for
physical components of systems.
Physical integrity of a system ensures that
the physical devices composing a system cannot be modified.
Tamper proof hardware is one way of ensuring physical integrity
in cyber-physical systems.
Such hardware is resistant against tampering or deliver a changes.
Physical tamper resistant systems are developed to process or
store critical information.
One way of ensuring data integrity is hashing.
Hashing is transforming a large amount of data, for example,
text into a short and a fixed length piece of data called a hash value.
The idea is that the initial data cannot be obtained based on the hash value.
This means that the hash function which does the transformation
is a one way algorithm.
If a single bit is changed in data,
the hash function will probably use a totally different hash value.
In order to ensure integrity of data, the hash value of data is computed and
kept secret.
To check if data has been modified at some point,
the hash value is computed and compared to the initial hash value.
If the two hash values are identical, then the data has not been altered.
Another aspect of integrity is configuration integrity.
We assume here that a system has a set of functional parameters
that can take different values in different operating scenarios.
For example, a sensor could be set to be read every ten seconds or
data could be set to be streamed to the cloud sever every five minutes.
If such configuration parameters are tampered with,
the system may behave unexpectedly or even crash.
Therefore, configuration integrity is a very important requirement for
security of cyber-physical systems.
A reliable way of ensuring configuration integrity is to implement
a dedicated secure configuration management system.
Code integrity is also of utmost importance.
It means ensuring that the embedded program code running on
the components of the system cannot be altered by an attacker.
Software at this station is a challenge response technique that enables checking
the integrity of the memory contents of devices against malicious modifications.
It could be used, for example, to verify code integrity of sensors and actuators.
Integrity attacks can have a significant impact on cyber-physical system.
A single integrity attack might be a minor attack, as such.
But if it runs over a long period of time or on multiple devices simultaneously,
it results in a larger and severe attack overall.
For example, in a salami attack,
only various small changes are made at the time.
But if such small changes are made in a large amount of data or
devices, it will have a severe impact.
A man-in-the-middle attack is another type of integrity attack in which
the attacker tries to intercept the communication between two devices in
order to manipulate data.
The man-in-the-middle attack can also be considered a confidentiality attack.
Availability is another important aspect of information security in
cyber-physical systems.
Availability refers to ensuring that authorized parties
are able to access information and resources whenever needed.
This means that all components of a cyber-physical system,
including the sensors, actuators, computing and storage systems,
security solutions and communication channels must be functioning correctly,
so that the system is available when needed.
In critical applications, systems need to be available basically all the time.
In some critical systems,
the tolerated system downtime can be less than a few seconds.
Imagine the impact of an interruption caused by availability attacks to
a critical infrastructure, such as a nuclear power plant.
Availability attacks can target different parts of the system.
Regarding cyber-physical systems, availability attacks can be highly
critical, because of the unsupervised and autonomous nature of such systems.
The most common availability attack is called a Denial of Service attack or
DoS attack.
DDoS attack, which stands for
Distributed Denial of Service attack is a more advanced form of DoS attack.
It is carried out from multiple sources, simultaneously.
DDoS has a higher impact and is more difficult to track, and tackle.
Another way of attacking availability of a system is to interrupt
electrical power of the system.
Lastly, since several physical systems are exposed to physical environments and
interact with them, physical protection of these systems
is also very important to avoid availability problems.
In this lesson,
we discuss the basic security concepts in cyber-physical systems.
Namely, confidentiality, integrity and availability.
We also learn about potential attacks against them.
In the next video lecture,
we will learn more about attack modules in the cyber-physical systems context.
[MUSIC]
Explora nuestro catálogo
Inscríbete de manera gratuita y obtén recomendaciones personalizadas, actualizaciones y ofertas.
Coursera brinda acceso universal a la mejor educación del mundo, al asociarse con las mejores universidades y organizaciones, para ofrecer cursos en línea.
© 2018 Coursera Inc. Todos los derechos reservados.
