Redundancy and Diversity to Increase the Cyber Resilience of Critical Systems

Domain and scientific/technical context

In critical cyber-physical environments, it is common to be unable to guarantee the integrity between the sensors/actuators and control commands. Indeed, the information is transmitted over a 4-20mA line which can be subject to different types of attacks including the addition of a noise chosen precisely to modify the integrity of the signal.This thesis project proposes to secure critical infrastructures against this type of attack by

1. optimizing the use of redundancy and sensor diversity to ensure system safety and security while limiting the financial cost of these mechanisms and
2. detecting sensors under byzantine attacks to isolate them from the system.

Project goals :

Goal 1 : Consider Cyber-resilience criteria in sensor selection and configuration: Redundancy and diversity mechanisms are not sufficient to ensure information integrity. Indeed, most research work assumes a maximum number of Byzantine nodes. This is true if there is no dependency on access or exploitation of a node vulnerability. In practice, this is far from being the case. For more integrated and reliable information, we need to consider diversifying the metrics within a redundant component, thus enabling more dynamic defense paths. The aim of cyber-resilience criteria is to respect the goals of anticipation, defense and maintainability (repairing and upgrading the system), in order to achieve the objectives linked to these criteria as closely as possible.

Goal 2 : Ensuring the validity of captured information despite the presence of Byzantine nodes: This involves finding a compromise between redundancy and diversity approaches, distinguishing for which type of attack you need redundancy only or diversity only, or both together. The system must also be able to detect and isolate Byzantine nodes to ensure high accuracy of the captured data.

Goal 3 : Scaling the proposed solution: cyber-physical systems are complex systems with large data sets. The formulation of optimization problems related to these systems often refers to non-polynomial problems in terms of algorithmic complexity. Considering approaches such as redundancy and diversity, we need to be vigilant about combinatorial explosion, and choose solution methods that will allow us to reduce the scale of the computational space without impacting the quality of the solution.

References

[1] L. M. Castiglione and E. C. Lupu, “Which Attacks Lead to Hazards? Combining Safety and Security Analysis for Cyber-Physical Systems,” IEEE Trans Dependable Secure Comput, vol. 21, no. 4, pp. 2526–2540, 2024, doi: 10.1109/TDSC.2023.3309778.

[2] H. Harkat, L. M. Camarinha-Matos, J. Goes, and H. F. T. Ahmed, “Cyber-physical systems security: A systematic review,” Comput Ind Eng, vol. 188, Feb. 2024, doi: 10.1016/j.cie.2024.109891.

[3] Laszka, A., Abbas, W., Vorobeychik, Y., & Koutsoukos, X. (2020). Integrating redundancy, diversity, and hardening to improve security of industrial internet of things. Cyber-Physical Systems, 6(1), 1–32. https://doi.org/10.1080/23335777.2019.1624620

[4] D. R. Keppler, M. F. Karim, M. S. Mickelson, and J. S. Mertoguno, “Experimentation and Implementation of BFT++ Cyber-attack Resilience Mechanism for Cyber Physical Systems,” ACM Transactions on Cyber Physical Systems, Jul. 2024, doi: 10.1145/3639570.

[5] O. Lemeshko, O. Yeremenko, M. Yevdokymenko, and D. Ageyev, “Redundancy Cyber Resiliency Technique Based on Fast ReRouting under Security Metric,” in 2020 IEEE International Conference on Problems of Infocommunications Science and Technology, PIC S and T 2020 - Proceedings, Institute of Electrical and Electronics Engineers Inc., Oct. 2021, pp. 815–818.

[6] M. Lezoche and H. Panetto, “Cyber-Physical Systems, a new formal paradigm to model redundancy and resiliency.”

[7] Liu, Y., Feng, H., & Hatziargyriou, N. D. (2023). Multi-stage collaborative resilient enhancement strategy for in distribution cyber https://doi.org/10.1016/j.apenergy.2023.121560 physical systems. Applied Energy, 348.

[8] I. Bessa, C. Trapiello, V. Puig, and R. M. Palhares, “Dual-Rate Control Framework With Safe Watermarking Against Deception Attacks,” IEEE Trans Syst Man Cybern Syst, vol. 52, no. 12, pp. 7494–7506, Dec. 2022, doi: 10.1109/TSMC.2022.3160791.

[9] R. Watrigant, “Approximation et complexité paramétrée de problèmes d’optimisation dans les graphes : partitions et sous-graphes,” 2017.

[10] P.-O. Ribet, “Vérification formelle de systèmes. Contribution à la réduction de l’explosion combinatoire,” INSA de Toulouse, 2005.

[11] A. Chaves, M. Rice, S. Dunlap, and J. Pecarina, “Improving the cyber resilience of industrial control systems,” International Journal of Critical Infrastructure Protection, vol. 17, pp. 30–48, Jun. 2017, doi: 10.1016/j.ijcip.2017.03.005.

[12] Soikkeli, J., Casale, G., Munoz-Gonzalez, L., & Lupu, E. C. (2023). Redundancy Planning for Cost Efficient Resilience to Cyber Attacks. IEEE Transactions on Dependable and Secure Computing, 20(2), 1154–1168. https://doi.org/10.1109/TDSC.2022.3151462

[13] Masood, A. Bin, Hasan, A., Vassiliou, V., & Lestas, M. (2023). A Blockchain-Based Data-Driven Fault Tolerant Control System for Smart Factories in Industry 4.0. Computer Communications, 204, 158–171. https://doi.org/10.1016/j.comcom.2023.03.017 Event

[14] Pujol, F. A., Mora, H., Ramirez, T., Rocamora, C., & Bedón, A. (2024). Blockchain-Based Framework for Traffic Verification in Smart https://doi.org/10.1109/ACCESS.2024.3352738 Vehicles. IEEE Access, 12, 9251–9266.

[15] Umran, S. M., Lu, S. F., Abduljabbar, Z. A., & Nyangaresi, V. O. (2023). Multi-chain blockchain based secure data-sharing framework for industrial IoTs smart devices in petroleum industry. Internet of Things (Netherlands), 24. https://doi.org/10.1016/j.iot.2023.100969

[16] A. Jamieson, C. Few, K. Awuson-David, and T. Al-Hadhrami, “HVA_CPS proposal: a process for hazardous vulnerability analysis in distributed cyber-physical systems,” PeerJ Comput Sci, vol. 9, 2023, doi: 10.7717/PEERJ-CS.1249.

Research teams involved in this project are :

• Security and resilience of systems information (IRIS - Labsticc)  https://labsticc.fr/en/teams/iris
• IMT Nord Europe’s Centre for Education, Research and Innovation in Digital Systems (CERI SN) - https://research.imt-nord-europe.fr/digital-systems/
• Research Center for Supervision, Safety and Automatic Control - Universitat Politècnica de Catalunya (UPC) - Barcelona Tech https://cs2ac.upc.edu/en

This thesis project is co-financed by France and Spain. The PhD student will stay 18 months respectively at UBO (France) and at UPC (Spain).

The PhD student will be supervised by :

• Phd. Director : Prof. David ESPES (Université de Bretagne Occidentale)

• Co-supervisor : Prof. Fatiha Nejjari (Universitat Politècnica de Catalunya)
• Co-supervisor : Prof. Vicenc Puig (Universitat Politècnica de Catalunya)
• Co-supervisor : Dr. Houda Nouasse (IMT Nord-Europe)

Candidates must have a Master's degree in mathematics or computer science.