JIS  Vol.8 No.4 , October 2017
Security and Privacy Challenges in Cyber-Physical Systems
Cyber-Physical Systems, or Smart-Embedded Systems, are co-engineered for the integration of physical, computational and networking resources. These resources are used to develop an efficient base for enhancing the quality of services in all areas of life and achieving a classier life in terms of a required service’s functionality and timing. Cyber-Physical Systems (CPSs) complement the need to have smart products (e.g., homes, hospitals, airports, cities). In other words, regulate the three kinds of resources available: physical, computational, and networking. This regulation supports communication and interaction between the human word and digital word to find the required intelligence in all scopes of life, including Telecommunication, Power Generation and Distribution, and Manufacturing. Data Security is among the most important issues to be considered in recent technologies. Because Cyber-Physical Systems consist of interacting complex components and middle-ware, they face real challenges in being secure against cyber-attacks while functioning efficiently and without affecting or degrading their performance. This study gives a detailed description of CPSs, their challenges (including cyber-security attacks), characteristics, and related technologies. We also focus on the tradeoff between security and performance in CPS, and we present the most common Side Channel Attacks on the implementations of cryptographic algorithms (symmetric: AES and asymmetric: RSA) with the countermeasures against these attacks.
Cite this paper: AlDosari, F. (2017) Security and Privacy Challenges in Cyber-Physical Systems. Journal of Information Security, 8, 285-295. doi: 10.4236/jis.2017.84019.

[1]   Al Faruque, M.A. and Ahourai, F. (2014) A Model-Based Design of Cyber-Physical Energy Systems. 2014 19th Asia and South Pacific Design Automation Conference (ASP-DAC), Singapore, 20-23 January 2014, 97-104.

[2]   Klesh, A.T., Cutler, J.W. and Atkins, E.M. (2012) Cyber-Physical Challenges for Space Systems. Cyber-Physical Systems (ICCPS), 2012 IEEE/ACM Third International Conference, Beijing, 17-19 April 2012, 45-52.

[3]   Sztipanovits, J., Ying, S., Cohen, I., Corman, D., Davis, J., Khurana, H., Mosterman, P.J., Prasad, V. and Stormo, L. (2012) Strategic R&D Opportunities for 21st Century Cyber-Physical Systems. Technical Report for Steering Committee for Foundation in Innovation for Cyber-Physical Systems: Chicago, IL, USA, 13 March 2012.

[4]   Zhang, H., Shu, Y.C., Cheng, P. and Chen, J.M. (2016) Privacy and Performance Trade-Off in Cyber-Physical Systems. IEEE Network, 30, 62-66.

[5]   Tawalbeh, L.A. and Al-Haija, Q.A. (2011) Enhanced FPGA Implementations for Doubling Oriented and Jacobi-Quartics Elliptic Curves Cryptography. Journal of Information Assurance and Security, 6, 167-175, Dynamic Publishers, Inc., USA.

[6]   Marburger, J.H., Kvamme, E.F., Scalise, G. and Reed, D.A. (2007) Leadership under Challenge: Information Technology R&D in a Competitive World. An Assessment of the Federal Networking and Information Technology R&D Program. Executive Office of the President Washington DC President’s Council of Advisors on Science and Technology.

[7]   Wang, E.K., Ye, Y.M., Xu, X.F., Yiu, S.-M., Hui, L.C.K. and Chow, K.-P. (2010) Security Issues and Challenges for Cyber-Physical System. Proceedings of the 2010 IEEE/ACM Int’l Conference on Green Computing and Communications & Int’l Conference on Cyber, Physical and Social Computing, Hangzhou, 18-20 December 2010, 733-738.

[8]   Zeng, W.T. and Chow, M.-Y. (2012) Optimal Tradeoff between Performance and Security in Networked Control Systems Based on Coevolutionary Algorithms. IEEE Transactions on Industrial Electronics, 59, 3016-3025.

[9]   Sun, M., Mohan, S., Sha, L. and Gunter, C. (2009) Addressing Safety and Security Contradictions in Cyber-Physical Systems. Proceedings of the 1st Workshop on Future Directions in Cyber-Physical Systems Security (CPSSW’09), Newark, NJ, July 2009, 1-5.

[10]   Tawalbeh, L.A., Haddad, Y., Khamis, O., Aldosari, F. and Benkhelifa, E. (2015) Efficient Software-Based Mobile Cloud Computing Framework. Cloud Engineering (IC2E), 2015 IEEE International Conference on IEEE, 317-322.

[11]   Al Faruque, M., Regazzoni, F. and Pajic, M. (2015) Design Methodologies for Securing Cyber-Physical Systems. Proceedings of the 10th International Conference on Hardware/Software Codesign and System Synthesis, Amsterdam, 4-9 October 2015, 30-36.

[12]   Eisenbarth, T., Kumar, S., Paar, C., Poschmann, A. and Uhsadel, L. (2007) A Survey of Lightweight-Cryptography Implementations. IEEE Design & Test of Computers, 24, 522-533.

[13]   Panasenko, S. and Smagin, S. (2011) Lightweight Cryptography: Underlying Principles and Approaches. International Journal of Computer Theory and Engineering, 3, 516.

[14]   Song, H., Fink, G.A., Jeschke, S. and Rosner, G.L. (2017) Security and Privacy in Cyber-Physical Systems: Foundations and Application. Wiley Publisher, Hoboken, NJ, 243-281.

[15]   Tawalbeh, L.A., Mowafi, M. and Aljoby, W. (2013) Use of Elliptic Curve Cryptography for Multimedia Encryption. IET Information Security, 7, 67-74.

[16]   Rungger, M. and Tabuada, P. (2013) A Notion of Robustness for Cyber-Physical Systems.

[17]   Lo’ai, A.T., Mehmood, R., Benkhlifa, E. and Song, H. (2016) Mobile Cloud Computing Model and Big Data Analysis for Healthcare Applications. IEEE Access, 4, 6171-6180.

[18]   Tawalbeh, L.A., Haddad, Y., Khamis, O., Benkhelifa, E., Jararweh, Y. and AlDosari, F. (2016) Efficient and Secure Software-Defined Mobile Cloud Computing Infrastructure. International Journal of High Performance Computing and Networking, 9, 328-341.

[19]   Kocher, P.C. (1996) Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. Proceedings of CRYPTO, Santa Barbara, August 1996, 104-113.

[20]   Boer, B.D., Lemke, K. and Wicke, G. (2003) A DPA Attack against the Modular Reduction within a CRT Implementation of RSA. Proceedings Cryptographic Hardware and Embedded Systems, 228-243.

[21]   Boer, B., Lemke, K. and Wicke, G. (2011) Defeating RSA Multiply always and Message Blinding Countermeasure. Proceedings Topics in Cryptology, 77-88.

[22]   Yen, S.-M., Lien, W.-C., Moon, S. and Ha, J. (2005) Power Analysis by Exploiting Chosen Message and Internal Collisions—Vulnerability of Checking Mechanism for RSA-Decryption. Progress in Cryptology, My Crypt, 183-195.

[23]   Homma, N., Miyamoto, A., Aoki, T. and Satoh, A. (2010) Comparative Power Analysis of Modular Exponentiation Algorithms. IEEE Transactions on Computers, 59, 795-807.

[24]   Jong-Yeon, P., Dong-Guk, H., Okyeon, Y. and JeongNyeo, K. (2014) An Improved Side Channel Attack using Event Information of Subtraction. Journal of Network and Computer Applications, 38, 99-105.

[25]   Kim, C., Ha, J., Moon, S., Yen, S.-M., Liena, W.-C. and Kim, S.-H. (2005) An Improved and Efficient Countermeasure against Power Analysis Attacks.

[26]   Jararweh, Y., Tawalbeh, L.A., Tawalbeh, H. and Moh’d, A. (2013) 28 Nanometers FPGAs Support for High Throughput and Low Power Cryptographic Applications. Journal of Advances in Information Technology, 4, 84-90.

[27]   Messerges, T.S., Daddish, E.A. and Sloan, R.H. (1999) Investigations of Power Analysis Attacks on Smartcards. Proceedings USENIX Workshop on Smartcard Technology, Berkeley.

[28]   Yen, S.-M. and Joye, M. (2000) Checking before Output May Not Be Enough against Fault-Based Cryptanalysis. IEEE Transactions on Computers, 49, 967-970.

[29]   Tawalbeh, L.A.A. and Sweidan, S. (2010) Hardware Design and Implementation of ElGamal Public-Key Cryptography Algorithm. Information Security Journal: A Global Perspective, 19, 243-252.

[30]   Lu, J., Pan, J. and den Hartog, J. (2010) Principles on the Security of AES against First and Second-Order Differential Power Analysis. Proceedings 8th International Conference, Beijing, 22-25 June 2010.

[31]   Messerges, T.S. (2000) Securing the AES Finalists against Power Analysis Attacks. 7th International Workshop Proceedings Fast Software Encryption, New York, 10-12 April 2000.

[32]   Sokolov, D., Murphy, J., Bystrov, A. and Yakovlev, A. (2005) Design and Analysis of Dual-Rail Circuits for Security Applications. IEEE Transactions Computers, 54, 449-460.

[33]   Fan, J., Gierlichs, B. and Vercauteren, F. (2011) To Infinity and Beyond: Combined Attack on (ECC) using Points of Low Order. Proceedings Cryptographic Hardware and Embedded Systems, Berlin.

[34]   Tawalbeh, L.A.A. (2004) A Novel Unified Algorithm and Hardware Architecture for Integrated Modular Division and Multiplication in gf (p) and gf (2n) Suitable for Public-Key Cryptography. 1-52.

[35]   Tiri, K., Akmal, M. and Verbauwhede, I. (2002) A Dynamic and Differential CMOS Logic with Signal Independent Power Consumption to Withstand Differential Power Analysis on Smart Cards. Proceedings of the 2002 Solid-State Circuits Conference.

[36]   Tiri, K. and Verbauwhede, I. (2004) A Logic Level Design Methodology for a Secure DPA Resistant ASIC or FPGA Implementation. Proceedings of the Conference on Design, Automation and Test in Europe, Washington DC.

[37]   Tiri, K. and Verbauwhede, I. (2006) A Digital Design Flow for Secure Integrated Circuits. Computer-Aided Design of Integrated Circuits and Systems, 25, 1197-1208.

[38]   Tawalbeh, L.A., Tenca, A., Park, S. and Koc, C. (2005) An Efficient Hardware Architecture of a Scalable Elliptic Curve Crypto-Processor over GF (2n). Optics and Photonics, 59, 100-105.

[39]   Radu, M. and Gebotys, C. (2004) Current Flattening in Software and Hardware for Security Applications. Hardware/Software Codesign and System Synthesis, CODES + ISSS, 218-223.

[40]   Arora, A., Ambrose, J.A., Peddersen, J. and Parameswaran, S. (2013) A Double-Width Algorithmic Balancing to Prevent Power Analysis Side Channel Attacks in AES. IEEE Computer Society Annual Symposium on VLSI, Natal, 5-7 August 2013, 76-83.