TY - GEN
T1 - Identifying Near-Optimal Single-Shot Attacks on ICSs with Limited Process Knowledge
AU - Esquivel-Vargas, Herson
AU - Castellanos, John Henry
AU - Caselli, Marco
AU - Tippenhauer, Nils Ole
AU - Peter, Andreas
N1 - Publisher Copyright:
© 2022, Springer Nature Switzerland AG.
PY - 2022
Y1 - 2022
N2 - Industrial Control Systems (ICSs) rely on insecure protocols and devices to monitor and operate critical infrastructure. Prior work has demonstrated that powerful attackers with detailed system knowledge can manipulate exchanged sensor data to deteriorate performance of the process, even leading to full shutdowns of plants. Identifying those attacks requires iterating over all possible sensor values, and running detailed system simulation or analysis to identify optimal attacks. That setup allows adversaries to identify attacks that are most impactful when applied on the system for the first time, before the system operators become aware of the manipulations. In this work, we investigate if constrained attackers without detailed system knowledge and simulators can identify comparable attacks. In particular, the attacker only requires abstract knowledge on general information flow in the plant, instead of precise algorithms, operating parameters, process models, or simulators. We propose an approach that allows single-shot attacks, i.e., near-optimal attacks that are reliably shutting down a system on the first try. The approach is applied and validated on two use cases, and demonstrated to achieve comparable results to prior work, which relied on detailed system information and simulations.
AB - Industrial Control Systems (ICSs) rely on insecure protocols and devices to monitor and operate critical infrastructure. Prior work has demonstrated that powerful attackers with detailed system knowledge can manipulate exchanged sensor data to deteriorate performance of the process, even leading to full shutdowns of plants. Identifying those attacks requires iterating over all possible sensor values, and running detailed system simulation or analysis to identify optimal attacks. That setup allows adversaries to identify attacks that are most impactful when applied on the system for the first time, before the system operators become aware of the manipulations. In this work, we investigate if constrained attackers without detailed system knowledge and simulators can identify comparable attacks. In particular, the attacker only requires abstract knowledge on general information flow in the plant, instead of precise algorithms, operating parameters, process models, or simulators. We propose an approach that allows single-shot attacks, i.e., near-optimal attacks that are reliably shutting down a system on the first try. The approach is applied and validated on two use cases, and demonstrated to achieve comparable results to prior work, which relied on detailed system information and simulations.
UR - https://www.scopus.com/pages/publications/85134305500
U2 - 10.1007/978-3-031-09234-3_9
DO - 10.1007/978-3-031-09234-3_9
M3 - Contribución a la conferencia
AN - SCOPUS:85134305500
SN - 9783031092336
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 170
EP - 192
BT - Applied Cryptography and Network Security - 20th International Conference, ACNS 2022, Proceedings
A2 - Ateniese, Giuseppe
A2 - Venturi, Daniele
PB - Springer Science and Business Media Deutschland GmbH
T2 - 20th International Conference on Applied Cryptography and Network Security, ACNS 2022
Y2 - 20 June 2022 through 23 June 2022
ER -