CROSS-DOMAIN SECURITY ISSUES OF EMBEDDED AND CYBER-PHYSICAL SYSTEMS

A Cyber-Physical System (CPS) is a cross-domain system integrating sub systems from multiple domains connected through communication networks. Today, CPSs can be found in security-sensitive areas such as aerospace, automotive, energy, healthcare, manufacturing transportation, entertainment, and consumer appliances. Compared to the traditional information and embedded systems, due to the tight interactions between cyber and physical domains in CPSs, new vulnerabilities emerge from the boundary between cyber and physical domains. This enables new types of “cross-domain attacks” which include the following two concepts. First, observable energy flows from physical domain such as the analog emissions from acoustics, power flow, electromagnetic (EM), thermal, etc. provide the attackers new ways to access the critical information in the cyber domain. We call these types of attack as “Side Channel Attacks.” Second, the classic cyber domain attacks on CPS may cause direct physical damage on them. The second types of attack in the scope of this talk will be called “Kinetic Cyber Attack.” In my talk I will be presenting our recent work on additive manufacturing systems (3Dprinters), where we have demonstrated the vulnerability of a 3D- printer to confidentiality attacks. An additive manufacturing system is attacked through observable acoustic analog emissions in this work. See recent articles at Science (http://science.sciencemag.org/content/352/6282/132) and at ACM Communications (http://cacm.acm.org/news/199406-badvibrations-
uci-researchers-find-security-breach-in-3d-printing-process/fulltext) about our work. Moreover, in this talk, I will also cover few research topics in the area of automotive and transportation systems security. Finally, before concluding the talk, I will discuss the challenges of Hardware security (Hardware Trojan detection and localization) from a cross-domain security point of view.