Cyberattacks are a growing reality that organizations have to face up to. In the framework of the German-French Academy for the Industry of the Future, researchers at IMT and Technische Universität München (TUM) show that there are solutions to this virtual threat. In particular, the ASSET project is studying responses to attacks that target communication between smart objects and affect the integrity of computer systems. Frédéric Cuppens, a researcher in cybersecurity on this project at IMT Atlantique and coordinator of the Cybersecurity of critical infrastructures chair, explains the state-of-the-art defenses to respond to these attacks.
Cybersecurity is an increasingly pressing subject for a number of organizations. Are all organizations concerned?
Fréderic Cuppens: The number of smart objects is growing exponentially, including in different organizations. Hospitals, industrial systems, services and transport networks are examples of places where the Internet of Things plays a major role and which are becoming increasingly vulnerable in terms of cybersecurity. We have already seen attacks on smart cars, pacemakers, smart meters etc. All organizations are concerned. To take the case of industry alone, since it is one of our fields of interest at IMT Atlantique, these new vulnerabilities affect production chains and water treatment just as much as agricultural processes and power generation.
What attacks are most often carried out against this type of target?
FC: We have classified the attacks carried out against organizations in order to study the threats. There are lots of attacks on the integrity of computer systems, affecting their ability to function correctly. This is what happens when, for example, an attacker takes control of a temperature sensor to make it show an incorrect value, leading to an emergency shutdown. Then there are also lots of attacks against the availability of systems, which consist in preventing access to services or data exchange. This is the case when an attacker interferes with communication between smart objects.
Are there responses to these two types of attack?
FC: Yes, we are working on measures to put in place against these types of attack. Before going into detail, we need to understand that cybersecurity is composed of three aspects: protection, which consists for example in filtering communication or controlling access to prevent attack; defense, which detects when an attack is being made and provides a response to stop it; and lastly resilience which allows systems to continue operating even during an attack. The research we are carrying out against attacks targeting availability or integrity include all three components, with special focus on resilience.
Confronted with attacks against the availability of systems, how do you guarantee this resilience?
FC: To interfere with communication, all you need is a jamming device. They are prohibited in France, but it is not hard to get hold on one on the internet. A jammer interferes with communication on certain frequencies only, depending on the type of jamming device used. Some are associated with Bluetooth frequencies, others with Wi-Fi networks or GPS frequencies. Our approach to fighting against jammers is based on direct-sequence spread spectrum. The signal is “buried in noise” and is therefore difficult to detect with a spectrum analyzer.
Does that allow you to effectively block an attack by interference?
FC: This is a real process of resilience. We assume that, to interfere with the signal, the attacker has to find the frequency the two objects are communicating on, and we want to ensure this does not jeopardize communication. By the time the attacker has found the frequency and launched the attack, the spread code has been updated. This approach is what we call “moving target defense”, in which the target of the attack — the sequence of propagation— is regularly updated. It is very difficult for an attacker to complete their attack before the target is updated.
Do you use the same approach to fight against attacks on integrity?
FC: Sort of, but the problem is not the same. In this case, we have an attacker who is able to integrate data in a smart way so that the intrusion is not detected. Take, for example, a tank being filled. The attacker corrupts the sensor so that it tells the system that the tank is already full. He will thus be able to stop the pumps in the treatment station or distillery. We assume that the attacker knows the system very well, which is entirely possible. The attacks on Iranian centrifuges for uranium enrichment showed that an attacker can collect highly sensitive data on the functioning of an infrastructure.
How do you fight against an attacker who is able to go completely unnoticed?
FC: State-of-the-art security systems propose to introduce physical redundancy. Instead of having one sensor for temperature or water level, we have several sensors of different types. This means the attacker has to attack several targets at once. Our research proposes to go even further by introducing virtual redundancy. There would be an auxiliary system that simulates the expected functioning of the machines or structures. If the data sent by the physical sensors differs from the data from the virtual model, then we know something abnormal is happening. This is the principal of a digital twin that provides a reference value in real time. It is similar to the idea of moving target defense, but with an independent virtual target whose behavior varies dynamically.
This work is being carried out in partnership with Technische Universität München (TUM) in the framework of the ASSET project by the German-French Academy for the Industry of the Future. What does this partnership contribute from a scientific point of view?
FC: IMT Atlantique and TUM each bring complementary skills. TUM is more focused on the physical layers and IMT Atlantique focuses more on the communication and service layers. Mines Saint-Étienne is also contributing and collaborating with TUM on attacks on physical components. They are working together on laser attacks on the integrity of components. Each party offers skills that the other does not necessarily have. This complementarity allows solutions to be designed to fight against cyberattacks at different levels and from different points of view. It is crucial in a context where computer systems are becoming more complicated: countermeasures must follow this level of complexity. Dialogue between researchers with different skills stimulates the quality of the protection we are developing.
Launched in January 2016 and after 3 years of operation, the Chair for the cybersecurity of critical infrastructures (Cyber CNI) is being renewed for another 3 years thanks to the commitment of its academic and industrial partners. The IMT chair led by IMT Atlantique benefits from partnerships with Télécom ParisTech and Télécom SudParis and support from the Brittany region – a region at the forefront of cutting-edge cybersecurity technology – in the framework of the Cyber Center of Excellence. In the context of a sponsor partnership led by Fondation Mines-Télécom, five industrial partners have committed to this new period: AIRBUS, AMOSSYS, BNP Paribas, EDF and Nokia Bell Labs. The official signing to renew the Chair took place at FIC (International Cybersecurity Forum) in Lille on 22 January 2019.
Read the news on I’MTech: Cyber CNI chair renewed for 3 years