Security and Privacy in Cyber-Physical Systems


Security and Privacy in Cyber-Physical Systems
Foundations, Principles, and Applications

Edited by
Houbing Song
Embry-Riddle Aeronautical University
Daytona Beach, FL, US

Glenn A. Fink
Pacific Northwest National Laboratory
Richland, WA, US

Sabina Jeschke
RWTH Aachen University
Aachen, GM


This edition first published 2018
© 2018 John Wiley & Sons Ltd
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or
transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise,
except as permitted by law. Advice on how to obtain permision to reuse material from this title is available at
/>The right of Houbing Song, Glenn A. Fink and Sabina Jeschke to be identified as the Editors of the editorial
material in this work has been asserted in accordance with law.
Registered Offices
John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USA
John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, UK
Editorial Office

The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, UK
For details of our global editorial offices, customer services, and more information about Wiley products
visit us at www.wiley.com.
Wiley also publishes its books in a variety of electronic formats and by print-on-demand. Some content that
appears in standard print versions of this book may not be available in other formats.
Limit of Liability/Disclaimer of Warranty
While the publisher and authors have used their best efforts in preparing this work, they make no
representations or warranties with respect to the accuracy or completeness of the contents of this work and
specifically disclaim all warranties, including without limitation any implied warranties of merchantability or
fitness for a particular purpose. No warranty may be created or extended by sales representatives, written
sales materials or promotional statements for this work. The fact that an organization, website, or product is
referred to in this work as a citation and/or potential source of further information does not mean that the
publisher and authors endorse the information or services the organization, website, or product may provide
or recommendations it may make. This work is sold with the understanding that the publisher is not engaged
in rendering professional services. The advice and strategies contained herein may not be suitable for your
situation. You should consult with a specialist where appropriate. Further, readers should be aware that
websites listed in this work may have changed or disappeared between when this work was written and when
it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial
damages, including but not limited to special, incidental, consequential, or other damages.
Library of Congress Cataloging-in-Publication Data
Names: Song, Houbing, editor. | Fink, Glenn A., editor. | Jeschke, Sabina,
editor.
Title: Security and privacy in cyber-physical systems : foundations, principles, and applications /
edited by Houbing Song, Glenn A. Fink, Sabina Jeschke.
Description: First edition. | Chichester, UK ; Hoboken, NJ : John Wiley &
Sons, 2017. | Includes bibliographical references and index. |
Identifiers: LCCN 2017012503 (print) | LCCN 2017026821 (ebook) | ISBN
9781119226055 (pdf ) | ISBN 9781119226062 (epub) | ISBN 9781119226048
(cloth)
Subjects: LCSH: Computer networks–Security measures. | Data protection.

Classification: LCC TK5105.59 (ebook) | LCC TK5105.59 .S43923 2017 (print) |
DDC 005.8–dc23
LC record available at />Hardback: 9781119226048
Cover design: Wiley
Cover image: © fztommy/Shutterstock
Set in 10/12pt WarnockPro by SPi Global, Chennai, India
10 9 8 7 6 5 4 3 2 1


v

Contents
List of Contributors xvii
Foreword xxiii
Preface xxv
Acknowledgments xxix
1

Overview of Security and Privacy in Cyber-Physical Systems 1
Glenn A. Fink, Thomas W. Edgar, Theora R. Rice, Douglas G. MacDonald and
Cary E. Crawford

1.1
1.2
1.2.1
1.2.2
1.3
1.3.1
1.3.1.1
1.3.2

1.3.2.1
1.3.3
1.4
1.4.1
1.4.1.1
1.4.1.2
1.4.1.3
1.4.1.4
1.4.2
1.4.2.1
1.4.2.2
1.4.2.3
1.4.3
1.5
1.5.1
1.5.2
1.5.3
1.5.4

Introduction 1
Defining Security and Privacy 1
Cybersecurity and Privacy 2
Physical Security and Privacy 3
Defining Cyber-Physical Systems 4
Infrastructural CPSs 5
Example: Electric Power 5
Personal CPSs 5
Example: Smart Appliances 6
Security and Privacy in CPSs 6
Examples of Security and Privacy in Action 7

Security in Cyber-Physical Systems 7
Protecting Critical Infrastructure from Blended Threat 8
Cyber-Physical Terrorism 8
Smart Car Hacking 9
Port Attack 10
Privacy in Cyber-Physical Systems 11
Wearables 11
Appliances 12
Motivating Sharing 12
Blending Information and Physical Security and Privacy 12
Approaches to Secure Cyber-Physical Systems 14
Least Privilege 14
Need-to-Know 15
Segmentation 15
Defensive Dimensionality 16


vi

Contents

1.5.4.1
1.5.4.2
1.5.5
1.5.6
1.5.7
1.5.8
1.6
1.6.1
1.6.2

1.6.3
1.6.4
1.7

Defense-in-Depth 16
Defense-in-Breadth 16
User-Configurable Data Collection/Logging 17
Pattern Obfuscation 17
End-to-End Security 17
Tamper Detection/Security 18
Ongoing Security and Privacy Challenges for CPSs 18
Complexity of Privacy Regulations 18
Managing and Incorporating Legacy Systems 19
Distributed Identity and Authentication Management 20
Modeling Distributed CPSs 20
Conclusion 21
References 21

2

Network Security and Privacy for Cyber-Physical Systems 25
Martin Henze, Jens Hiller, René Hummen, Roman Matzutt, Klaus Wehrle and
Jan H. Ziegeldorf

2.1
2.2
2.2.1
2.2.1.1
2.2.1.2
2.2.1.3

2.2.2
2.2.3
2.3
2.3.1
2.3.1.1
2.3.1.2
2.3.2
2.3.2.1
2.3.2.2
2.3.2.3
2.3.2.4
2.4
2.4.1
2.4.2
2.4.3
2.4.3.1
2.4.3.2
2.5
2.5.1
2.5.1.1
2.5.1.2
2.5.2
2.5.3

Introduction 25
Security and Privacy Issues in CPSs 26
CPS Reference Model 27
Device Level 27
Control/Enterprise Level 27
Cloud Level 28

CPS Evolution 28
Security and Privacy Threats in CPSs 30
Local Network Security for CPSs 31
Secure Device Bootstrapping 32
Initial Key Exchange 33
Device Life Cycle 33
Secure Local Communication 34
Physical Layer 34
Medium Access 34
Network Layer 35
Secure Local Forwarding for Internet-Connected CPSs 35
Internet-Wide Secure Communication 36
Security Challenges for Internet-Connected CPS 37
Tailoring End-to-End Security to CPS 38
Handling Resource Heterogeneity 39
Reasonable Retransmission Mechanisms 39
Denial-of-Service Protection 40
Security and Privacy for Cloud-Interconnected CPSs 41
Securely Storing CPS Data in the Cloud 42
Protection of CPS Data 43
Access Control 43
Securely Processing CPS Data in the Cloud 44
Privacy for Cloud-Based CPSs 45


Contents

2.6
2.7


Summary 46
Conclusion and Outlook 47
Acknowledgments 48
References 48

3

Tutorial on Information Theoretic Metrics Quantifying Privacy in
Cyber-Physical Systems 57
Guido Dartmann, Mehmet Ö. Demir, Hendrik Laux, Volker Lücken, Naim Bajcinca,
Gunes K. Kurt, Gerd Ascheid and Martina Ziefle

3.1
Social Perspective and Motivation 57
3.1.1
Motivation 59
3.1.2
Scenario 60
3.2
Information Theoretic Privacy Measures 62
3.2.1
Information Theoretic Foundations 62
3.2.2
Surprise and Specific Information 63
3.3
Privacy Models and Protection 64
3.3.1
k-Anonymity 65
3.4
Smart City Scenario: System Perspective 67

3.4.1
Attack without Anonymization 68
3.4.2
Attack with Anonymization of the ZIP 70
3.4.3
Attack with Anonymization of the Bluetooth ID 71
3.5
Conclusion and Outlook 71
Appendix A Derivation of the Mutual Information Based on the KLD 72
Appendix B Derivation of the Mutual Information In Terms of Entropy 73
Appendix C Derivation of the Mutual Information Conditioned on x 73
Appendix D Proof of Corollary 3.1 74
References 74
4

Cyber-Physical Systems and National Security Concerns 77
Jeff Kosseff

4.1
4.2
4.2.1
4.2.2
4.2.3
4.3
4.3.1

Introduction 77
National Security Concerns Arising from Cyber-Physical Systems 79
Stuxnet 80
German Steel Mill 81

Future Attacks 82
National Security Implications of Attacks on Cyber-Physical Systems 82
Was the Cyber-Attack a “Use of Force” That Violates
International Law? 83
If the Attack Was a Use of Force, Was That Force Attributable
to a State? 86
Did the Use of Force Constitute an “Armed Attack” That Entitles the
Target to Self-Defense? 87
If the Use of Force Was an Armed Attack, What Types of Self-Defense Are
Justified? 88
Conclusion 89
References 90

4.3.2
4.3.3
4.3.4
4.4

vii


viii

Contents

5

Legal Considerations of Cyber-Physical Systems and the Internet of
Things 93
Alan C. Rither and Christopher M. Hoxie


5.1
5.2
5.3
5.3.1
5.3.2
5.3.3
5.3.4
5.3.4.1
5.3.4.2
5.3.4.3
5.3.4.4
5.3.4.5
5.3.4.6
5.4

Introduction 93
Privacy and Technology in Recent History 94
The Current State of Privacy Law 96
Privacy 98
Legal Background 98
Safety 99
Regulatory 100
Executive Branch Agencies 101
The Federal Trade Commission 101
The Federal Communications Commission 105
National Highway and Traffic Safety Administration 106
Food and Drug Administration 108
Federal Aviation Administration 109
Meeting Future Challenges 111

References 113

6

Key Management in CPSs 117
Yong Wang and Jason Nikolai

6.1
6.2
6.2.1
6.2.2
6.2.3
6.3
6.3.1
6.3.2
6.3.3
6.3.4
6.3.5
6.4
6.4.1
6.4.2
6.4.2.1
6.4.2.2
6.4.3
6.4.4
6.4.5
6.4.6
6.4.7
6.5
6.6


Introduction 117
Key Management Security Goals and Threat Model 117
CPS Architecture 118
Threats and Attacks 119
Security Goals 120
CPS Key Management Design Principles 121
Heterogeneity 122
Real-Time Availability 122
Resilience to Attacks 123
Interoperability 123
Survivability 123
CPS Key Management 124
Dynamic versus Static 124
Public Key versus Symmetric Key 125
Public Key Cryptography 125
Symmetric Key Cryptography 127
Centralized versus Distributed 128
Deterministic versus Probabilistic 129
Standard versus Proprietary 130
Key Distribution versus Key Revocation 131
Key Management for SCADA Systems 131
CPS Key Management Challenges and Open Research Issues
Summary 133
References 133

132


Contents


7

Secure Registration and Remote Attestation of IoT Devices Joining the
Cloud: The Stack4Things Case of Study 137
Antonio Celesti, Maria Fazio, Francesco Longo, Giovanni Merlino and Antonio Puliafito

7.1
7.2
7.2.1
7.2.2
7.2.3
7.2.3.1
7.2.3.2
7.2.3.3
7.3
7.4
7.4.1
7.4.2
7.4.3
7.5
7.5.1
7.5.2
7.5.3
7.6
7.6.1
7.6.2
7.6.3
7.6.3.1
7.6.3.2

7.7

Introduction 137
Background 138
Cloud Integration with IoT 139
Security and Privacy in Cloud and IoT 139
Technologies 140
Hardware 140
Web Connectivity 141
Cloud 141
Reference Scenario and Motivation 142
Stack4Things Architecture 143
Board Side 144
Cloud-Side – Control and Actuation 145
Cloud-Side – Sensing Data Collection 146
Capabilities for Making IoT Devices Secure Over the Cloud 147
Trusted Computing 147
Security Keys, Cryptographic Algorithms, and Hidden IDs 148
Arduino YUN Security Extensions 149
Adding Security Capabilities to Stack4Things 149
Board-Side Security Extension 149
Cloud-Side Security Extension 150
Security Services in Stack4Things 150
Secure Registration of IoT Devices Joining the Cloud 151
Remote Attestation of IoT Devices 152
Conclusion 152
References 153

8


Context Awareness for Adaptive Access Control Management in IoT
Environments 157
Paolo Bellavista and Rebecca Montanari

8.1
8.2
8.2.1
8.2.2
8.3
8.3.1
8.3.2
8.3.3
8.4
8.4.1
8.4.2
8.5

Introduction 157
Security Challenges in IoT Environments 158
Heterogeneity and Resource Constraints 158
IoT Size and Dynamicity 160
Surveying Access Control Models and Solutions for IoT 160
Novel Access Control Requirements 160
Access Control Models for the IoT 162
State-of-the-Art Access Control Solutions 164
Access Control Adaptation: Motivations and Design Guidelines 165
Semantic Context-Aware Policies for Access Control Adaptation 166
Adaptation Enforcement Issues 167
Our Adaptive Context-Aware Access Control Solution for Smart
Objects 168


ix


x

Contents

8.5.1
8.5.2
8.5.2.1
8.5.2.2
8.6

The Proteus Model 168
Adapting the General Proteus Model for the IoT 170
The Proteus Architecture for the IoT 172
Implementation and Deployment Issues 173
Open Technical Challenges and Concluding Remarks 174
References 176

9

Data Privacy Issues in Distributed Security Monitoring Systems 179
Jeffery A. Mauth and David W. Archer

9.1
9.2
9.2.1
9.2.2

9.2.3
9.2.4
9.2.5
9.2.6
9.3
9.3.1
9.3.2
9.3.3
9.3.4
9.3.5
9.3.6
9.4

Information Security in Distributed Data Collection Systems 179
Technical Approaches for Assuring Information Security 181
Trading Security for Cost 182
Confidentiality: Keeping Data Private 182
Integrity: Preventing Data Tampering and Repudiation 186
Minimality: Reducing Data Attack Surfaces 188
Anonymity: Separating Owner from Data 188
Authentication: Verifying User Privileges for Access to Data 189
Approaches for Building Trust in Data Collection Systems 190
Transparency 190
Data Ownership and Usage Policies 191
Data Security Controls 191
Data Retention and Destruction Policies 192
Managing Data-loss Liability 192
Privacy Policies and Consent 192
Conclusion 193
References 193


10

Privacy Protection for Cloud-Based Robotic Networks 195
Hajoon Ko, Sye L. Keoh and Jiong Jin

10.1
10.2

Introduction 195
Cloud Robot Network: Use Case, Challenges, and Security
Requirements 197
Use Case 197
Security Threats and Challenges 199
Security Requirements 200
Establishment of Cloud Robot Networks 200
Cloud Robot Network as a Community 200
A Policy-Based Establishment of Cloud Robot Networks 201
Doctrine: A Community Specification 201
Attribute Types and User-Attribute Assignment (UAA) Policies 203
Authorization and Obligation Policies 203
Constraints Specification 205
Trusted Key Specification 206
Preferences Specification 206
Authentication in Cloud Robot Community 207
Service Access Control 207
Communication Security 207

10.2.1
10.2.2

10.2.3
10.3
10.3.1
10.3.2
10.3.3
10.3.3.1
10.3.3.2
10.3.3.3
10.3.3.4
10.3.3.5
10.3.3.6
10.3.3.7
10.4


Contents

10.4.1
10.4.2
10.4.3
10.4.4
10.4.5
10.4.6
10.5
10.5.1
10.5.2
10.5.3
10.5.4
10.6
10.7


Attribute-Based Encryption (ABE) 207
Preliminaries 208
Ciphertext-Policy Attribute-Based Encryption (CP-ABE) Scheme 208
Revocation Based on Shamir’s Secret Sharing 209
Cloud Robot Community’s CP-ABE Key Revocation 209
Integration of CP-ABE and Robot Community Architecture 210
Security Management of Cloud Robot Networks 212
Bootstrapping (Establishing) a Cloud Robot Community 212
Joining the Community 214
Leaving a Community 215
Service Access Control 216
Related Work 217
Conclusion 219
References 220

11

Toward Network Coding for Cyber-Physical Systems: Security
Challenges and Applications 223
Pouya Ostovari and Jie Wu

11.1
11.2
11.2.1
11.2.2
11.2.2.1
11.2.2.2
11.2.2.3
11.2.2.4

11.2.2.5
11.2.3
11.2.3.1
11.2.3.2
11.3
11.3.1
11.3.2
11.3.3
11.3.4
11.3.5
11.3.5.1
11.3.5.2
11.3.5.3
11.4
11.4.1
11.4.2
11.5
11.5.1
11.5.1.1
11.5.1.2
11.5.2

Introduction 223
Background on Network Coding and Its Applications 225
Background and Preliminaries 225
Network Coding Applications 226
Throughput/Capacity Enhancement 226
Robustness Enhancement 227
Protocol Simplification 228
Network Tomography 228

Security 229
Network Coding Classification 229
Stateless Network Coding Protocols 229
State-Aware Network Coding Protocols 229
Security Challenges 230
Byzantine Attack 230
Pollution Attack 230
Traffic Analysis 230
Eavesdropping Attack 231
Classification of the Attacks 232
Passive versus Active 232
External versus Internal 232
Effect of Network Coding 232
Secure Network Coding 233
Defense against Byzantine and Pollution Attack 233
Defense against Traffic Analysis 234
Applications of Network Coding in Providing Security 234
Eavesdropping Attack 234
Secure Data Transmission 234
Secure Data Storage 236
Secret Key Exchange 237

xi


xii

Contents

11.6


Conclusion 238
Acknowledgment 239
References 239

12

Lightweight Crypto and Security 243
Lo’ai A. Tawalbeh and Hala Tawalbeh

12.1
12.1.1
12.1.2
12.1.3
12.1.4
12.2
12.3
12.4

Introduction 243
Cyber-Physical Systems CPSs 243
Security and Privacy 243
Lightweight Cryptography (LWC) 243
Chapter Organization 244
Cyber-Physical Systems 244
Security and Privacy in Cyber-Physical Systems 245
Lightweight Cryptography Implementations for Security and Privacy in
CPSs 247
Introduction 247
Why Is Lightweight Cryptography Important? 249

Lightweight Symmetric and Asymmetric Ciphers Implementations 250
Hardware Implementations of Symmetric Ciphers 251
Software Implementations of Symmetric Ciphers 253
Hardware Implementations of Asymmetric Ciphers 254
Software Implementations of Asymmetric Ciphers 255
Secure Hash Algorithms (SHA) 256
Opportunities and Challenges 257
Conclusion 258
Acknowledgments 259
References 259

12.4.1
12.4.2
12.4.3
12.4.3.1
12.4.3.2
12.4.3.3
12.4.3.4
12.4.3.5
12.5
12.6

13

Cyber-Physical Vulnerabilities of Wireless Sensor Networks in Smart
Cities 263
Md. Mahmud Hasan and Hussein T. Mouftah

13.1
13.1.1

13.2
13.2.1
13.2.2
13.2.2.1
13.2.3
13.2.3.1
13.2.3.2
13.2.3.3
13.2.4
13.3
13.3.1
13.3.2
13.3.2.1
13.3.2.2

Introduction 263
The Smart City Concept and Components 263
WSN Applications in Smart Cities 265
Smart Home 265
Smart Grid Applications 267
Substation Monitoring 267
Intelligent Transport System Applications 268
Roadside Unit 268
Vehicular Sensor Network 269
Intelligent Sensor Network 269
Real-Time Monitoring and Safety Alert 270
Cyber-Physical Vulnerabilities 270
Possible Attacks 271
Impacts on Smart City Lives 272
Service Interruption 272

Damage to Property 273


Contents

13.3.2.3
13.3.2.4
13.4
13.4.1
13.4.2
13.4.3
13.4.4
13.4.5
13.4.6
13.5

Damage to Life 273
Privacy Infiltration 274
Solution Approaches 274
Cryptography 274
Intrusion Detection System 276
Watchdog System 277
Game Theoretic Deployment 277
Managed Security 277
Physical Security Measures 278
Conclusion 278
Acknowledgment 278
References 279

14


Detecting Data Integrity Attacks in Smart Grid 281
Linqiang Ge, Wei Yu, Paul Moulema, Guobin Xu, David Griffith and Nada Golmie

14.1
14.2
14.3
14.3.1
14.3.2
14.4
14.4.1
14.4.2
14.4.2.1
14.4.2.2
14.4.2.3
14.5
14.5.1
14.5.2
14.6
14.7

Introduction 281
Literature Review 283
Network and Threat Models 285
Network Model 285
Threat Model 286
Our Approach 287
Overview 287
Detection Schemes 289
Statistical Anomaly-Based Detection 289

Machine Learning-Based Detection 290
Sequential Hypothesis Testing-Based Detection 291
Performance Evaluation 292
Evaluation Setup 292
Evaluation Results 294
Extension 297
Conclusion 298
References 298

15

Data Security and Privacy in Cyber-Physical Systems for
Healthcare 305
ˇ
Aida Cauševi´
c, Hossein Fotouhi and Kristina Lundqvist

15.1
15.2
15.2.1
15.2.1.1
15.2.1.2
15.2.1.3
15.2.1.4
15.2.1.5
15.2.2
15.3
15.3.1

Introduction 305

Medical Cyber-Physical Systems 306
Communication within WBANs 307
Network Topology 307
Interference in WBANs 308
Challenges with LPWNs in WBANs 308
Feedback Control in WBANs 308
Radio Technologies 309
Existing WBAN-Based Health Monitoring Systems 310
Data Security and Privacy Issues and Challenges in WBANs 312
Data Security and Privacy Threats and Attacks 314

xiii


xiv

Contents

15.4
15.4.1
15.4.1.1
15.4.1.2
15.4.1.3
15.4.2
15.5

Existing Security and Privacy Solutions in WBAN 314
Academic Contributions 315
Biometric Solutions 315
Cryptographic Solutions 316

Solutions on Implantable Medical Devices 318
Existing Commercial Solutions 319
Conclusion 320
References 320

16

Cyber Security of Smart Buildings 327
Steffen Wendzel, Jernej Tonejc, Jaspreet Kaur and Alexandra Kobekova

16.1
16.1.1
16.1.2
16.1.3
16.1.4
16.1.5
16.2
16.2.1
16.2.2
16.2.3
16.2.4
16.2.5
16.2.6
16.3
16.3.1
16.3.2
16.3.3
16.4
16.4.1
16.4.2

16.4.3
16.4.3.1
16.4.3.2
16.4.3.3
16.4.4
16.4.4.1
16.4.4.2
16.4.4.3
16.4.5
16.5
16.5.1
16.5.2
16.5.2.1
16.5.2.2
16.5.2.3
16.6

What Is a Smart Building? 327
Definition of the Term 327
The Design and the Relevant Components of a Smart Building 328
Historical Development of Building Automation Systems 330
The Role of Smart Buildings in Smart Cities 330
Known Cases of Attacks on Smart Buildings 331
Communication Protocols for Smart Buildings 332
KNX/EIB 333
BACnet 335
ZigBee 336
EnOcean 338
Other Protocols 339
Interoperability and Interconnectivity 339

Attacks 340
How Can Buildings Be Attacked? 340
Implications for the Privacy of Inhabitants and Users 340
Reasons for Insecure Buildings 341
Solutions to Protect Smart Buildings 342
Raising Security Awareness and Developing Security Know-How 342
Physical Access Control 343
Hardening Automation Systems 343
Secure Coding 343
Operating System Hardening 343
Patching 344
Network-Level Protection 344
Firewalls 345
Monitoring and Intrusion Detection Systems 345
Separation of Networks 345
Responsibility Matrix 345
Recent Trends in Smart Building Security Research 346
Visualization 346
Network Security 346
Traffic Normalization 346
Anomaly Detection 346
Novel Fuzzing Approaches 347
Conclusion and Outlook 347
References 348


Contents

17


The Internet of Postal Things: Making the Postal Infrastructure
Smarter 353
Paola Piscioneri, Jessica Raines and Jean Philippe Ducasse

17.1
17.2
17.2.1
17.2.1.1
17.2.1.2
17.2.1.3
17.2.1.4
17.2.2
17.2.2.1
17.2.2.2
17.2.2.3
17.2.2.4
17.3
17.3.1
17.3.1.1
17.3.1.2
17.3.1.3
17.3.1.4
17.3.1.5
17.3.1.6
17.3.1.7
17.3.2
17.3.2.1
17.3.2.2
17.3.3
17.3.3.1

17.3.3.2
17.3.4
17.3.4.1
17.3.4.2
17.3.5
17.4
17.4.1
17.4.2
17.4.3
17.5

Introduction 353
Scoping the Internet of Postal Things 354
The Rationale for an Internet of Postal Things 354
A Vast Infrastructure 354
Trust as a Critical Brand Attribute 355
Operational Experience in Data Collection and Analytics 356
Customer Demand for Information 356
Adjusting to a New Business Environment 356
Shifting from Unconnected to “Smart” Products and Services 357
Shifting from Competing on Price to Competing on Overall Value 357
Shifting from Industries to Ecosystems 357
Shifting from Workforce Replacement to Human-Centered Automation 357
Identifying Internet of Postal Things Applications 358
Transportation and Logistics 358
Predictive Maintenance 359
Fuel Management 359
Usage-Based Insurance 360
Driverless Vehicles 360
Load Optimization 360

Real-Time Dynamic Routing 360
Collaborative Last Mile Logistics 361
Enhanced Mail and Parcel Services: The Connected Mailbox 361
Concept and Benefits 362
The Smart Mailbox as a Potential Source of New Revenue 363
The Internet of Things in Postal Buildings 364
Optimizing Energy Costs 364
The Smarter Post Office 365
Neighborhood Services 365
Smart Cities Need Local Partners 365
Carriers as Neighborhood Logistics Managers 366
Summarizing the Dollar Value of IoPT Applications 367
The Future of IoPT 367
IoPT Development Stages 367
Implementation Challenges 368
Building a Successful Platform Strategy 371
Conclusion 371
References 372

18

Security and Privacy Issues in the Internet of Cows 375
Amber Adams-Progar, Glenn A. Fink, Ely Walker and Don Llewellyn

18.1
18.1.1
18.1.1.1
18.1.1.2
18.1.1.3


Precision Livestock Farming 375
Impact on Humans 376
Labor and Workforce Effects 377
Food Quality and Provenance 377
Transparency and Remote Management 378

xv


xvi

Contents

18.1.2
18.1.2.1
18.1.2.2
18.1.2.3
18.1.3
18.1.4
18.2
18.2.1
18.2.2
18.2.2.1
18.2.2.2
18.2.2.3
18.2.2.4
18.2.2.5
18.2.3
18.2.3.1
18.2.3.2

18.2.3.3
18.2.3.4
18.3

Impact on Animals 379
Estrus Monitoring 379
Rumen Health 380
Other Bovine Health Conditions 381
Impact on the Environment 382
Future Directions for IoT Solutions 383
Security and Privacy of IoT in Agriculture 384
Cyber-Physical System Vulnerabilities 385
Threat Models 386
Threat: Misuse of Video Data 386
Threat: Misuse of Research Data 387
Threat: Misuse of Provenance Data 387
Threat: Data Leakage via Leased Equipment and Software 388
Threat: Political Action and Terrorism 389
Recommendations for IoT Security and Privacy in Agriculture 390
Data Confidentiality 391
Data Integrity 393
System Availability 393
System Safety 393
Conclusion 395
References 395

19

Admission Control-Based Load Protection in the Smart Grid 399
Paul Moulema, Sriharsha Mallapuram, Wei Yu, David Griffith, Nada Golmie

and David Su

19.1
19.2
19.3
19.3.1
19.3.2
19.3.2.1
19.3.2.2
19.3.2.3
19.3.2.4
19.3.3
19.4
19.4.1
19.4.2
19.4.3
19.4.4
19.4.5
19.5

Introduction 399
Related Work 401
Our Approach 402
Load Admission Control 403
Load Shedding Techniques 404
Load-Size-Based Shedding – Smallest Load First: 405
Load-Size-Based Shedding – Largest Load First: 406
Priority-Based Load Shedding: 407
Fair Priority-Based Load Shedding: 408
Simulation Scenarios 410

Performance Evaluation 411
Scenario 1: Normal Operation 411
Scenario 2: Brutal Admission Control 413
Scenario 3: Load-Size-Based Admission Control 413
Scenario 4: Priority-Based Admission Control 416
Scenario 5: Fair Priority-Based Admission Control 417
Conclusion 419
References 419
Editor Biographies 423
Index 427


xvii

List of Contributors
Amber Adams-Progar

Antonio Celesti

Department of Animal Sciences
Washington State University
USA

Department of Engineering
University of Messina
Messina
Italy

David W. Archer


Galois, Inc.
USA
Gerd Ascheid

Institute for Communication
Technologies and Embedded Systems
RWTH Aachen University
Aachen
Germany
Naim Bajcinca

University of Kaiserslautern
Kaiserslautern
Germany
Paolo Bellavista

Computer Science and Engineering
Department (DISI)
University of Bologna
Bologna
Italy
ˇ
Aida Cauševi´
c

Mälardalen University
Västerås
Sweden

Cary E. Crawford


Oak Ridge National Laboratory
Nuclear Science and Engineering
Directorate
USA
Guido Dartmann

Environmental Campus Birkenfeld
University of Applied Sciences Trier
Hoppstädten-Weiersbach
Germany
Mehmet Ö. Demir

Faculty of Electrical and Electronics
Engineering
Istanbul Technical University
Istanbul
Turkey
Jean Philippe Ducasse

Digital and Global Team
U.S. Postal Service Office of Inspector
General
Arlington, VA
USA
Thomas W. Edgar

Pacific Northwest National Laboratory
National Security Directorate
USA



xviii

List of Contributors

Maria Fazio

Jens Hiller

Department of Engineering
University of Messina
Messina
Italy

Communication and Distributed Systems
RWTH Aachen University
Aachen
Germany

Glenn A. Fink

Christopher M. Hoxie

Pacific Northwest National Laboratory
National Security Directorate
USA

Georgetown University School of Law
Washington, DC

USA

Hossein Fotouhi

René Hummen

Mälardalen University
Västerås
Sweden
Linqiang Ge

Department of Computer Science
Georgia Southwestern State University
USA
Nada Golmie

Wireless Network Division
National Institute of Standards and
Technology
USA
David Griffith

Wireless Network Division
National Institute of Standards and
Technology
USA
Md. Mahmud Hasan

School of Electrical Engineering and
Computer Science

University of Ottawa
Ottawa, ON
Canada
Martin Henze

Communication and Distributed Systems
RWTH Aachen University
Aachen
Germany

Communication and Distributed Systems
RWTH Aachen University
Aachen
Germany
Jiong Jin

School of Software and Electrical
Engineering
Swinburne University of Technology
Melbourne
Australia
Jaspreet Kaur

Department of Cyber Security
Fraunhofer FKIE
Bonn
Germany
Sye L. Keoh

School of Computing Science

University of Glasgow
Glasgow
UK
Hajoon Ko

Harvard John A. Paulson School of
Engineering and Applied Sciences
Harvard University
Cambridge, MA
USA
Alexandra Kobekova

Department of Cyber Security
Fraunhofer FKIE
Bonn
Germany


List of Contributors

Jeff Kosseff

Sriharsha Mallapuram

Cyber Science Department
United States Naval Academy
Annapolis, MD
USA

Department of Computer & Information

Sciences
Towson University
Maryland
USA

Gunes K. Kurt

Faculty of Electrical and Electronics
Engineering
Istanbul Technical University
Istanbul
Turkey

Roman Matzutt

Hendrik Laux

Jeffery A. Mauth

Institute for Communication
Technologies and Embedded Systems
RWTH Aachen University
Aachen
Germany

National Security Directorate
Pacific Northwest National Laboratory
USA

Don Llewellyn


Washington State University
Benton County Extension
USA

Communication and Distributed Systems
RWTH Aachen University
Aachen
Germany

Giovanni Merlino

Department of Engineering
University of Messina
Messina
Italy
Rebecca Montanari

Department of Engineering
University of Messina
Messina
Italy

Computer Science and Engineering
Department (DISI)
University of Bologna
Bologna
Italy

Volker Lücken


Hussein T. Mouftah

Institute for Communication
Technologies and Embedded Systems
RWTH Aachen University
Aachen
Germany

School of Electrical Engineering and
Computer Science
University of Ottawa
Ottawa, ON
Canada

Kristina Lundqvist

Paul Moulema

Mälardalen University
Västerås
Sweden

Department of Computer and
Information Technology
Western New England University
USA

Francesco Longo


Douglas G. MacDonald

Pacific Northwest National Laboratory
National Security Directorate
USA

xix


xx

List of Contributors

Jason Nikolai

David Su

College of Computing
Dakota State University
Madison, SD
USA

Wireless Network Division
National Institute of Standards and
Technology
Maryland
USA

Pouya Ostovari


Department of Computer and
Information Sciences
Temple University
Philadelphia, PA
USA

Hala Tawalbeh

Computer Engineering Department
Jordan University of Science and
Technology
Irbid
Jordan

Paola Piscioneri

Digital and Global Team
U.S. Postal Service Office of Inspector
General
Arlington, VA
USA
Antonio Puliafito

Department of Engineering
University of Messina
Messina
Italy

Lo’ai A. Tawalbeh


Computer Engineering Department
Umm Al-Qura University
Makkah
Saudi Arabia
and
Computer Engineering Department
Jordan University of Science and
Technology
Irbid
Jordan

Jessica Raines

Digital and Global Team
U.S. Postal Service Office of Inspector
General
Arlington, VA
USA

Jernej Tonejc

Theora R. Rice

Ely Walker

Pacific Northwest National Laboratory
National Security Directorate
USA

Department of Animal Sciences

Washington State University
USA

Alan C. Rither

Yong Wang

Pacific Northwest National Laboratory
operated by Battelle Memorial Institute
for the United States Department of
Energy
Richland, WA
USA

College of Computing
Dakota State University
Madison, SD
USA

Department of Cyber Security
Fraunhofer FKIE
Bonn
Germany


List of Contributors

Klaus Wehrle

Wei Yu


Communication and Distributed Systems
RWTH Aachen University
Aachen
Germany

Department of Computer and
Information Sciences
Towson University
USA

Steffen Wendzel

Martina Ziefle

Department of Cyber Security
Fraunhofer FKIE
Bonn
Germany

Human-Computer Interaction Center
RWTH Aachen University
Aachen
Germany

Jie Wu

Jan H. Ziegeldorf

Department of Computer and

Information Sciences
Temple University
Philadelphia, PA
USA

Communication and Distributed Systems
RWTH Aachen University
Aachen
Germany

Guobin Xu

Department of Computer Science and
Information Technologies
Frostburg State University
USA

xxi


xxiii

Foreword
Over the past years, my students and I have been looking for a reference book that can
provide comprehensive knowledge on security and privacy issues in cyber-physical systems (CPSs). Our fruitless search did not make us feel disappointed as we understand
that the subject areas are full of unique challenges stemming from various application
domains such as healthcare, smart grids, and smart homes, making nonexistent the
“one-size-fits-all” type of solutions, and that the integration of “cyber” and “physical”
worlds opens the doors for insidious and smart attackers to manipulate extraordinarily,
leading to new cyber-attacks and defense technologies other than those originated from

the traditional computer and network systems.
Thanks to this book edited by three distinguished scholars in cybersecurity and privacy, we finally get access to first-hand and state-of-the-art knowledge in security and
privacy of CPSs. Dr. Houbing Song brings his multidisciplinary background spanning
communications and networking, signal processing and control. He has worked on
authentication, physical layer security, and differential privacy, and their applications in
transportation, healthcare, and emergency response. Dr. Glenn A. Fink is a cybersecurity researcher who specializes in bioinspired security and privacy technologies. He has
worked for the US government on a variety of military and national security projects.
Dr. Sabina Jeschke is an expert in Internet of Things (IoT) and AI-driven control
technologies in distributed systems. She has worked on safeguarding the reliability and
trustworthiness of cyber manufacturing systems.
The term “cyber-physical systems,” CPSs in short, was coined 10 years ago (in 2006) by
several program officers at the National Science Foundation (NSF) in the United States.
According to the NSF CPS program solicitation, CPS is defined to be “engineered systems that are built from, and depend upon, the seamless integration of computational
algorithms and physical components.” It is strongly connected to the popular term IoT,
which emphasizes more on implementation than on foundation of the conjoining of
our physical and information worlds. One can use three words to summarize CPS as
“connected,” “sensing,” and “control,” corresponding to the three intermingled aspects
of CPSs: the physical world itself is connected via networking technologies and it is integrated with the cyberspace via sensing and control, typically forming a closed loop. Just
like the Internet, which has been suffering from various attacks from the very beginning (an early warning of intrusion was raised in 1973, only 4 years after ARPANET was
built), the system vulnerabilities of CPSs can be easily exploited maliciously, threatening
the safety, efficiency, and service availability of CPSs.


xxiv

Foreword

Security and privacy are the most critical concerns that may hinder the wide deployment of CPSs if not properly addressed, as highlighted in the Federal Cybersecurity
Research and Development Strategic Plan (RDSP) and the National Privacy Research
Strategy (NPRS) released by the National Science and Technology Council (NSTC) in

2016. The connected physical world suffers from not only the attacks targeting today’s
networked systems but also new ones such as sensitive device (e.g., a controller of a
power plant) discovery; the fine-grained, heterogeneous, and massive sensing data
are vulnerable to various inference attacks, causing privacy disclosure and data safety
violations; and the control signals can be manipulated to launch various attacks such
as the device state inference attack, leading to system instability. Therefore, any effort
toward securing the emerging CPSs and protecting their data privacy is of paramount
importance. Nevertheless, to the larger CPS community, building economically successful CPSs seems to be the priority, since traditionally security and privacy issues
can be resolved via patching. This obviously is inappropriate as security and privacy
protection must be considered from the very beginning when building a CPS – an
important lesson we have learned from the evolution of the Internet. To educate today’s
CPS engineers as well as the next-generation CPS players, materials summarizing the
state-of-the-art techniques and potential challenges in security and privacy of CPS are
desperately needed.
This timely book provides a comprehensive overview on security and privacy of CPSs.
It positions itself uniquely from the following aspects based on its contents/technical
contributions:
• It is the most far-ranging one that covers all-around knowledge of CPS cyber-attacks
and defenses, from both technical and policy/operational perspectives, making it suitable for all readers with diverse backgrounds and interests.
• It stresses the importance of privacy protection in CPSs, covering privacy-preserving
algorithms and privacy metrics for modern CPS and IoT applications.
• It addresses the impact of security and privacy on the quality of data in CPSs, which
is strongly related to the system performance and user experience.
• It covers traditional CPSs such as smart grids and smart cities as well as emerging
CPSs such as postal infrastructures and precision agriculture, investigating their
unique cybersecurity challenges and trade-offs between service availability and
security.
This book contains 19 self-contained chapters authored by experts in academia, industry, and government. By reading this book, readers can gain thorough knowledge on
security and privacy in CPSs, preparing them for furthering their in-depth security and
privacy research, enhancing the attack resistance of their own CPS, and enabling them

to identify and defend potential security violations and system vulnerabilities.
Xiuzhen (Susan) Cheng
Professor, IEEE Fellow,
Department of Computer Science,
The George Washington University


xxv

Preface
The idea of automation is as old as mankind and has produced a wide range of artifacts from simple tools to complex robotic control systems. In the 1940s, work-saving
machinery began to evolve from the purely mechanical to information systems, starting
with the birth of computers and the emerging discipline of cybernetics. The idea behind
cybernetics was to have machines conduct sensing and control operations that exceeded
human capabilities for warfare applications. Robotics (machines to semiautonomously
manipulate the physical world) was the natural outgrowth of this field of inquiry. In
the 1960s, the Internet was conceived, bringing new ways for humans to communicate
worldwide across computer networks. The blending of mechanical power, information
processing, and global communications was perhaps inevitable, but the applications and
implications of this merger are yet to be fully understood.
Cyber-physical systems (CPSs) are engineered systems that are built from, and
depend upon, the seamless integration of sensing, computation, control, and networking in physical objects and infrastructures. This integration of communication,
sensing, and control is enabling highly adaptable, scalable, resilient, secure, and usable
applications whose capabilities far exceed stand-alone embedded systems. The CPS
revolution is transforming the way people interact with engineered systems and is driving innovation and competition in sectors such as agriculture, energy, transportation,
building design and automation, healthcare, and manufacturing.
The number of Internet-connected devices already outnumbers the human population of the planet. By 2020, some expect the number of these devices to exceed 50
billion. Many of these devices are CPSs that control automobiles, airplanes, appliances,
smart electric grids, dams, industrial systems, and even multinational infrastructures
such as pipelines, transportation, and trade. This trend toward distributed systems of

Internet-connected smart devices has recently accelerated with the rise of the Internet
of Things (IoT) as its backbone. A goal of the IoT is to connect any device to any other at
any time via any protocol from anywhere in the world. Today this goal is only partially
realized.
CPS technologies blur the lines between infrastructural and personal spaces. This
blurring is being engineered into the IoT where personal CPSs (such as phones, appliances, and automobiles) bearing personal data can reach up into public infrastructures
to access services. Infrastructural technologies such as smart roads, e-government, and
city services have become personal by providing private portals into public services.
Thus, personal technologies, enabled by the IoT, have vastly extended the scope of


xxvi

Preface

critical infrastructures and even created new ones. Unlike the embedded systems of
a decade ago, modern CPSs incorporate components from different providers using
interface standards that specify communication protocols and physical operation
requirements.
While a CPS can be thought of as a blend of cybernetics and telecommunications,
every CPS is much greater than the sum of its parts. The cyber and physical components cannot be analyzed separately. Malfunctions in the software portion of the system
may cause unexpected physical behaviors. Unanticipated physical sensations may trigger untested parts of the system software. Beyond cyber or physical failures, problems
can arise from communications between devices that are allowed to interact in ways
that will be harmful or allow sensitive data to fall into the wrong hands. Further, a
CPS typically involves real-time sensing and human operators who make their decisions informed by real-time data. Thus, humans, too, can be a major source of failure in
these complex systems. Holistic system analysis is critical to ensure security, integrity,
and conformance to the expected behavior profile.
The blended nature of CPSs simultaneously offers new uses of technology and enables
new abuses of it. The increasing intelligence and awareness of physical devices such as
medical devices, cars, houses, and utilities can dramatically increase the adverse consequences of misuse. Cybersecurity and privacy have emerged as major concerns in

human rights, commerce, and national security that affect individuals, governments,
and society as a whole. New degrees of connectivity between personal and infrastructural systems can result in leakage of personal data producing serious privacy concerns.
Integration with private devices may threaten infrastructure by expanding its attack
surface. CPSs are subject to security threats that exploit their increased complexity
and connectivity to critical infrastructure systems and may introduce new societal risks
to economy, public safety, and health. Some of these concerns are “existential threats”
to individual lives and society. The potentially global nature of CPSs has produced a
need for trust in cyber-physical (and other) systems that transcend national regulatory
authorities.
To address these cybersecurity and privacy challenges, novel, transformative, and
multidisciplinary approaches are needed at the confluence of cybersecurity, privacy,
and CPSs. We are at a critical juncture where the growth and ubiquity of CPSs is
accelerating exponentially. We must understand these systems and engineer them
thoughtfully to prevent anticipated and unknown problems.
The purpose of the book is to help readers expand and refine their understanding of
the key technical, social, and legal issues at stake, to understand the range of technical issues affecting hardware and software in infrastructure components, and to assess
the impacts of the blended nature of these systems on individuals, infrastructures, and
society. Especially, this book will present the state of the art and the state of the practice of how to address a number of unique security and privacy challenges facing CPSs
including the following:
1) The irreversible nature of the interactions of CPSs with the physical world
2) The rapidly increasing scale of deployment


Preface

3) The amalgamated nature of CPS-enabled infrastructures
4) The deep embedding and long projected lifetimes of CPS components
5) The interaction of CPSs with users at different scales, degrees of control, and expertise levels
6) The economic and policy constraints that are needed to govern CPS design and
deployment

7) The accelerated degree of sensing and collection of information related to a large
range of everyday human activities
8) The asymmetric ability of adversaries to attack physical-world targets through cyber
means and vice versa.
This edited book aims at presenting the scientific foundations and engineering principles needed to ensure cybersecurity and privacy in CPSs in general and in various
innovative domain-specific applications. The reader will gain an understanding of how
the principles of security and privacy must be rethought for Internet-connected CPSs.
Our hope is that this book will enhance the capability of the technical workforce to
understand the less obvious implications of CPSs and to improve civil and economic
security.
This book will challenge the research community to advance research and education
at the confluence of security, privacy, and CPSs and to transition its findings into
engineering practice. However, our desire is to provide useful information even for
readers without any prior domain knowledge. Thus, most chapters are in tutorial/survey
style. We anticipate many of our readers will be involved in research and development
of technologies to better the lives of others, and, thus, they would be interested to
gain an understanding of the security and privacy implications of their work. We
also address the CPS design workforce and aim to provide an important source of
comprehensive foundations and principles of cybersecurity and privacy as it applies
to CPSs. Toward these goals, this book is organized into three parts: Foundations,
Principles, and Applications.
Part 1 is composed of six chapters. In addition to presenting an overview of the
opportunities and challenges of cybersecurity and privacy (Chapter 1), this part
presents scientific foundations of cybersecurity and privacy in various subdomains,
including networks (Chapter 2), information theory (Chapter 3), national security
(Chapter 4), legal aspects (Chapter 5), and cryptographic key management (Chapter 6).
Part 2 is composed of six chapters. This part presents engineering principles of
cybersecurity and privacy as applied to the IoT (Chapter 7), access control (Chapter 8),
privacy (Chapters 9 and 10), network coding (Chapter 11), and lightweight cryptography
(Chapter 12).

Part 3 is composed of seven chapters. This part presents application areas of CPSs
along with domain-specific cybersecurity and privacy recommendations. The several
diverse application areas include smart cities (Chapter 13), energy (Chapters 14 and 19),
healthcare (Chapter 15), building design and automation (Chapter 16), postal infrastructure (Chapter 17), and agriculture (Chapter 18).

xxvii