Cyber-Physical Systems, or Smart-Embedded Systems, are co-engineered for
the integration of physical, computational and networking resources. These
resources are used to develop an efficient base for enhancing the quality of
services in all areas of life and achieving a classier life in terms of a required
service’s functionality and timing. Cyber-Physical Systems (CPSs)
complement the need to have smart products (e.g., homes, hospitals, airports,
cities). In other words, regulate the three kinds of resources available: physical,
computational, and networking. This regulation supports communication
and interaction between the human word and digital word to find the required
intelligence in all scopes of life, including Telecommunication, Power
Generation and Distribution, and Manufacturing. Data Security is among the
most important issues to be considered in recent technologies. Because Cyber-Physical Systems consist of interacting complex components and middle-ware, they face real challenges in being secure against cyber-attacks while
functioning efficiently and without affecting or degrading their performance.
This study gives a detailed description of CPSs, their challenges (including
cyber-security attacks), characteristics, and related technologies. We also focus
on the tradeoff between security and performance in CPS, and we present
the most common Side Channel Attacks on the implementations of cryptographic
algorithms (symmetric: AES and asymmetric: RSA) with the countermeasures
against these attacks.
Cite this paper
AlDosari, F. (2017) Security and Privacy Challenges in Cyber-Physical Systems. Journal of Information Security, 8, 285-295. doi: 10.4236/jis.2017.84019.
 Al Faruque, M.A. and Ahourai, F. (2014) A Model-Based Design of Cyber-Physical Energy Systems. 2014 19th Asia and South Pacific Design Automation Conference (ASP-DAC), Singapore, 20-23 January 2014, 97-104.
 Klesh, A.T., Cutler, J.W. and Atkins, E.M. (2012) Cyber-Physical Challenges for Space Systems. Cyber-Physical Systems (ICCPS), 2012 IEEE/ACM Third International Conference, Beijing, 17-19 April 2012, 45-52.
 Sztipanovits, J., Ying, S., Cohen, I., Corman, D., Davis, J., Khurana, H., Mosterman, P.J., Prasad, V. and Stormo, L. (2012) Strategic R&D Opportunities for 21st Century Cyber-Physical Systems. Technical Report for Steering Committee for Foundation in Innovation for Cyber-Physical Systems: Chicago, IL, USA, 13 March 2012.
 Zhang, H., Shu, Y.C., Cheng, P. and Chen, J.M. (2016) Privacy and Performance Trade-Off in Cyber-Physical Systems. IEEE Network, 30, 62-66.
 Tawalbeh, L.A. and Al-Haija, Q.A. (2011) Enhanced FPGA Implementations for Doubling Oriented and Jacobi-Quartics Elliptic Curves Cryptography. Journal of Information Assurance and Security, 6, 167-175, Dynamic Publishers, Inc., USA.
 Marburger, J.H., Kvamme, E.F., Scalise, G. and Reed, D.A. (2007) Leadership under Challenge: Information Technology R&D in a Competitive World. An Assessment of the Federal Networking and Information Technology R&D Program. Executive Office of the President Washington DC President’s Council of Advisors on Science and Technology.
 Wang, E.K., Ye, Y.M., Xu, X.F., Yiu, S.-M., Hui, L.C.K. and Chow, K.-P. (2010) Security Issues and Challenges for Cyber-Physical System. Proceedings of the 2010 IEEE/ACM Int’l Conference on Green Computing and Communications & Int’l Conference on Cyber, Physical and Social Computing, Hangzhou, 18-20 December 2010, 733-738. https://doi.org/10.1109/GreenCom-CPSCom.2010.36
 Zeng, W.T. and Chow, M.-Y. (2012) Optimal Tradeoff between Performance and Security in Networked Control Systems Based on Coevolutionary Algorithms. IEEE Transactions on Industrial Electronics, 59, 3016-3025.
 Sun, M., Mohan, S., Sha, L. and Gunter, C. (2009) Addressing Safety and Security Contradictions in Cyber-Physical Systems. Proceedings of the 1st Workshop on Future Directions in Cyber-Physical Systems Security (CPSSW’09), Newark, NJ, July 2009, 1-5.
 Tawalbeh, L.A., Haddad, Y., Khamis, O., Aldosari, F. and Benkhelifa, E. (2015) Efficient Software-Based Mobile Cloud Computing Framework. Cloud Engineering (IC2E), 2015 IEEE International Conference on IEEE, 317-322.
 Al Faruque, M., Regazzoni, F. and Pajic, M. (2015) Design Methodologies for Securing Cyber-Physical Systems. Proceedings of the 10th International Conference on Hardware/Software Codesign and System Synthesis, Amsterdam, 4-9 October 2015, 30-36.
 Eisenbarth, T., Kumar, S., Paar, C., Poschmann, A. and Uhsadel, L. (2007) A Survey of Lightweight-Cryptography Implementations. IEEE Design & Test of Computers, 24, 522-533. https://doi.org/10.1109/MDT.2007.178
 Panasenko, S. and Smagin, S. (2011) Lightweight Cryptography: Underlying Principles and Approaches. International Journal of Computer Theory and Engineering, 3, 516. https://doi.org/10.7763/IJCTE.2011.V3.360
 Song, H., Fink, G.A., Jeschke, S. and Rosner, G.L. (2017) Security and Privacy in Cyber-Physical Systems: Foundations and Application. Wiley Publisher, Hoboken, NJ, 243-281.
 Tawalbeh, L.A., Mowafi, M. and Aljoby, W. (2013) Use of Elliptic Curve Cryptography for Multimedia Encryption. IET Information Security, 7, 67-74.
 Rungger, M. and Tabuada, P. (2013) A Notion of Robustness for Cyber-Physical Systems.
 Lo’ai, A.T., Mehmood, R., Benkhlifa, E. and Song, H. (2016) Mobile Cloud Computing Model and Big Data Analysis for Healthcare Applications. IEEE Access, 4, 6171-6180. https://doi.org/10.1109/ACCESS.2016.2613278
 Tawalbeh, L.A., Haddad, Y., Khamis, O., Benkhelifa, E., Jararweh, Y. and AlDosari, F. (2016) Efficient and Secure Software-Defined Mobile Cloud Computing Infrastructure. International Journal of High Performance Computing and Networking, 9, 328-341. https://doi.org/10.1504/IJHPCN.2016.077825
 Kocher, P.C. (1996) Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. Proceedings of CRYPTO, Santa Barbara, August 1996, 104-113. https://doi.org/10.1007/3-540-68697-5_9
 Boer, B.D., Lemke, K. and Wicke, G. (2003) A DPA Attack against the Modular Reduction within a CRT Implementation of RSA. Proceedings Cryptographic Hardware and Embedded Systems, 228-243.
 Boer, B., Lemke, K. and Wicke, G. (2011) Defeating RSA Multiply always and Message Blinding Countermeasure. Proceedings Topics in Cryptology, 77-88.
 Yen, S.-M., Lien, W.-C., Moon, S. and Ha, J. (2005) Power Analysis by Exploiting Chosen Message and Internal Collisions—Vulnerability of Checking Mechanism for RSA-Decryption. Progress in Cryptology, My Crypt, 183-195.
 Homma, N., Miyamoto, A., Aoki, T. and Satoh, A. (2010) Comparative Power Analysis of Modular Exponentiation Algorithms. IEEE Transactions on Computers, 59, 795-807. https://doi.org/10.1109/TC.2009.176
 Jong-Yeon, P., Dong-Guk, H., Okyeon, Y. and JeongNyeo, K. (2014) An Improved Side Channel Attack using Event Information of Subtraction. Journal of Network and Computer Applications, 38, 99-105.
 Kim, C., Ha, J., Moon, S., Yen, S.-M., Liena, W.-C. and Kim, S.-H. (2005) An Improved and Efficient Countermeasure against Power Analysis Attacks.
 Jararweh, Y., Tawalbeh, L.A., Tawalbeh, H. and Moh’d, A. (2013) 28 Nanometers FPGAs Support for High Throughput and Low Power Cryptographic Applications. Journal of Advances in Information Technology, 4, 84-90.
 Messerges, T.S., Daddish, E.A. and Sloan, R.H. (1999) Investigations of Power Analysis Attacks on Smartcards. Proceedings USENIX Workshop on Smartcard Technology, Berkeley.
 Yen, S.-M. and Joye, M. (2000) Checking before Output May Not Be Enough against Fault-Based Cryptanalysis. IEEE Transactions on Computers, 49, 967-970.
 Tawalbeh, L.A.A. and Sweidan, S. (2010) Hardware Design and Implementation of ElGamal Public-Key Cryptography Algorithm. Information Security Journal: A Global Perspective, 19, 243-252.
 Lu, J., Pan, J. and den Hartog, J. (2010) Principles on the Security of AES against First and Second-Order Differential Power Analysis. Proceedings 8th International Conference, Beijing, 22-25 June 2010.
 Messerges, T.S. (2000) Securing the AES Finalists against Power Analysis Attacks. 7th International Workshop Proceedings Fast Software Encryption, New York, 10-12 April 2000.
 Sokolov, D., Murphy, J., Bystrov, A. and Yakovlev, A. (2005) Design and Analysis of Dual-Rail Circuits for Security Applications. IEEE Transactions Computers, 54, 449-460. https://doi.org/10.1109/TC.2005.61
 Fan, J., Gierlichs, B. and Vercauteren, F. (2011) To Infinity and Beyond: Combined Attack on (ECC) using Points of Low Order. Proceedings Cryptographic Hardware and Embedded Systems, Berlin.
 Tawalbeh, L.A.A. (2004) A Novel Unified Algorithm and Hardware Architecture for Integrated Modular Division and Multiplication in gf (p) and gf (2n) Suitable for Public-Key Cryptography. 1-52.
 Tiri, K., Akmal, M. and Verbauwhede, I. (2002) A Dynamic and Differential CMOS Logic with Signal Independent Power Consumption to Withstand Differential Power Analysis on Smart Cards. Proceedings of the 2002 Solid-State Circuits Conference.
 Tiri, K. and Verbauwhede, I. (2004) A Logic Level Design Methodology for a Secure DPA Resistant ASIC or FPGA Implementation. Proceedings of the Conference on Design, Automation and Test in Europe, Washington DC.
 Tiri, K. and Verbauwhede, I. (2006) A Digital Design Flow for Secure Integrated Circuits. Computer-Aided Design of Integrated Circuits and Systems, 25, 1197-1208. https://doi.org/10.1109/TCAD.2005.855939
 Tawalbeh, L.A., Tenca, A., Park, S. and Koc, C. (2005) An Efficient Hardware Architecture of a Scalable Elliptic Curve Crypto-Processor over GF (2n). Optics and Photonics, 59, 100-105.
 Radu, M. and Gebotys, C. (2004) Current Flattening in Software and Hardware for Security Applications. Hardware/Software Codesign and System Synthesis, CODES + ISSS, 218-223.
 Arora, A., Ambrose, J.A., Peddersen, J. and Parameswaran, S. (2013) A Double-Width Algorithmic Balancing to Prevent Power Analysis Side Channel Attacks in AES. IEEE Computer Society Annual Symposium on VLSI, Natal, 5-7 August 2013, 76-83.