Research Focus Class on Cyber-Physical System Security

Our Research Focus Classes (RFC) are a special kind of lecture: they are more interactive and research-oriented than typical lectures. Students participating in an RFC should be aware that they are not only getting in touch with real research but also have to expect doing independent work.

Organizational Information

  • SWS: V3/Ü2, ECTS: 6
  • Teaching Assistants: Markus Dahlmanns, Ina Fink, Jan Pennekamp, Martin Henze
  • Study programs: Master Informatik (Software und Kommunikation), Master Software Systems Engineering (Communication), Master Media Informatics
  • Language: English
  • Start: Tuesday, October 15 at 10:30
  • Lecture Slot: Tuesdays, 10:30 - 12:00
  • Location is announced via e-mail
  • Due to limited capacity, prior registration is required!
  • Registration and questions: contact Markus Dahlmanns

Motivation

Similar to the personal context, in the industrial scenario more and more systems get interconnected using the Internet. Furthermore, visions like the Internet of Production (IoP) show that this trend does not stop in the foreseeable future since the expected advantages are tremendous. For instance, cross-domain collaboration decreases costs, increases productivity, and boosts profit by allowing to share data from development, production, as well as usage.

However, interconnecting more and more systems introduces further surface for attacks. In the industrial context, this situation is even more critical than in the personal scenario since the lifetime of industrial devices is longer than that of personal devices, i.e., most of the devices currently used in factories and plants were developed without global security considerations in mind. Nevertheless, research has shown that these unprotected protocols are even used to communicate over the Internet [paper]. With human safety and reliable production in mind, this can end disastrous since communication can be altered and machines can be controlled by an attacker. The lack of security mechanism is not only a problem when legacy devices communicate over the Internet, but also whenever these devices share the same network with devices that communicate via the Internet, i.e., infected devices are able to attack these legacy devices even in the local network. Another threat is the possible loss of intellectual property, i.e., infected devices cannot only attack devices in the local network but can also be used to steal data from the company's network.

One solution to detect such attacks is the usage of Intrusion Detection Systems (IDSs). However, the high demand of dynamic communication in future industrial networks like described by the IoP makes a high false alarm rate expectable. Hence, research is needed to provide usable IDSs for the future.

Content

In this RFC, you will get in touch with current security problems in industrial networks, state-of-the-art security solutions and missing paradigms for security in future cyber-physical systems. The content comprises one of the following points — depending on your interests:

  • Security paradigms for legacy industrial control systems
    • On the way to modern production systems not all devices are exchanged once, i.e., devices that do not provide any security features reside in the same network that contains devices communicating via the Internet, e.g., with collaborators or smartphones. Here, you get in touch with already existing security paradigms and the lack of functions they have.
  • Intrusion detection and prevention in future industrial networks
    • Dynamic communication between collaborators in future industrial networks might interfere with current intrusion detection solutions, i.e., the rule sets of rule-based intrusion detection systems might explode and anomaly-based systems lead to a high false-positive rate. Hence, within this RFC you can ensure that intrusion detection and prevention systems are able to handle the upcoming dynamic communication patterns in future industrial networks.
  • Industrial Simulation Environment
    • Since testing and evaluating implemented security mechanisms in a running production environment is nearly impossible, a simulation environment is necessary. Thus, in this RFC you can get insight in already existing simulation environments and have the ability to improve and extend their functionality.

Structure

The RFCs are research-oriented courses following an interactive schema. To do so, we give a short introductory lecture about the topic (4/5 lecture slots). This lecture phase is accompanied by small homework tasks to familiarize yourself with the topic. Afterwards in the analysis phase, you identify interesting security projects within cyber-physical systems (if necessary, we will help you with this) and prepare a short presentation on the idea. Based on these findings, we will then develop new ideas to increase the security in cyber-physical systems. In the remainder of the class you then should realize your idea in the form of a mini project. Finally, you present your results to the other participants and the COMSYS group.

Overall Schedule

  1. Lecture Phase: 4 weeks
    • Getting up to speed!
    • Learn about examples, approaches, tools, ...
    • Hands-on supplementary homework tasks to practice what you learned
  2. Concept Phase: 4 weeks
    • Develop your idea
    • Present your idea to the other participants
  3. Mini Project: up to 16 weeks
    • Get your hands dirty!
    • Short presentation/demo at the end
    • Interesting/fruitful projects may even result in a paper

Prerequisites

This class will serve as an introduction on how to conduct research in communication systems. Besides learning about the actual topics, taking this course is an ideal preparation for doing a master thesis in our group. The course is only open for Master students. You should have prior knowledge at least in the basics of data communication and an interest in doing independent research. A background in cryptography is not mandatory, but encouraged. As this course is supposed to be highly interactive, seats are limited. Should we receive more registrations than seats available, we will select students based on their qualification for this course.

 

- Impressum -