Современные методы обеспечения целостности данных в протоколах управления киберфизических систем

Роман Валерьевич Мещеряков; Андрей Юнусович Исхаков; Олег Олегович Евсютин

doi:10.15622/ia.2020.19.5.7

Роман Валерьевич Мещеряков Федеральное государственное бюджетное учреждение науки Институт проблем управления им. В.А. Трапезникова Российской академии наук (ИПУ РАН)
Андрей Юнусович Исхаков Федеральное государственное бюджетное учреждение науки Институт проблем управления им. В.А. Трапезникова Российской академии наук (ИПУ РАН)
Олег Олегович Евсютин Московский институт электроники и математики (МИЭМ НИУ ВШЭ)

DOI:

https://doi.org/10.15622/ia.2020.19.5.7

Ключевые слова:

киберфизическая система, интернет вещей, протокол, блокчейн, цифровые водяные знаки, аутентификация

Аннотация

В настоящее время остро стоит проблема создания методологического обеспечения безопасности киберфизических систем, в частности проектирования и реализации подсистем информационной безопасности. При этом ландшафт угроз и уязвимостей, характерных для применяемого в киберфизических системах широкого спектра аппаратных и программных технологий, чрезвычайно широк и сложен. В этом контексте безопасность протоколов прикладного уровня имеет первостепенное значение, поскольку эти протоколы лежат в основе взаимодействия между приложениями и службами, работающими на различных устройствах, а также в облачных инфраструктурах. В условиях постоянного взаимодействия исследуемых систем с реальной физической инфраструктурой актуальна проблема определения эффективных мер по обеспечению целостности передаваемых команд управления, поскольку нарушение выполняемых критически важных процессов может затрагивать жизнь и здоровье людей. Представлен обзор основных методов обеспечения целостности данных в протоколах управления киберфизических систем, а также обзор уязвимостей протоколов прикладного уровня, широко используемых в различных киберфизических системах. Рассмотрены классические методы обеспечения целостности и новые методы, в частности блокчейн, а также основные направления повышения эффективности протоколов обеспечения целостности данных в киберфизических системах. Анализ уязвимостей прикладного уровня проведен на примере наиболее популярных спецификаций MQTT, CoAP, AMQP, DDS, XMPP, а также их реализаций. Установлено, что несмотря на наличие во всех перечисленных протоколах базовых механизмов обеспечения безопасности, исследователи продолжают регулярно выявлять уязвимости в популярных реализациях, что зачастую ставит под угрозу сервисы критической инфраструктуры. В ходе подготовки обзора существующих методов обеспечения целостности данных для исследуемого класса систем были определены ключевые проблемы интеграции этих методов и способы их решения.

Литература

1. Suastegui Jaramillo L.E. Malware Detection and Mitigation Techniques: Lessons Learned from Mirai DDOS Attack // Journal of Information Systems Engineering & Management. 2018. vol. 3(3). no. 19. pp. 1–6.
2. Mahbub M. Progressive researches on IoT security: An exhaustive analysis from the perspective of protocols, vulnerabilities, and preemptive architectonics // Journal of Network and Computer Applications. 2020. vol. 168. no. 102761. pp. 1–26.
3. Luo J.-Z., Shan C., Cai J., Liu Y. IoT Application-Layer Protocol Vulnerability Detec-tion using Reverse Engineering // Symmetry. 2018. vol. 10. no. 561. pp. 1–13.
4. Johnson D., Ketel M. IoT: Application Protocols and Security // International Journal of Computer Network and Information Security. 2019. vol. no. 11. pp. 1–8.
5. Nebbione G. Calzarossa M.C. Security of IoT Application Layer Protocols: Challeng-es and Findings // Future Internet. 2020. vol. 12. no. 55. pp. 1–20.
6. Alghamdi T., Lasebae A., Aiash M. Security Analysis of the Constrained Application Protocol in the Internet of Things // Second International Conference on Future Gen-eration Communication Technologies (FGCT 2013). 2013. pp. 163–168.
7. Ватаманюк И.В., Яковлев Р.Н. Обобщенные теоретические модели киберфизи-ческих систем // Известия Юго-Западного государственного университета. 2019. № 23(6). С. 161–175.
8. Korzun D. et al. Ambient Intelligence Services in IoT Environments: Emerging Re-search and Opportunities // IGI Global. 2019.
9. Zavyalova Y.V., Korzun D.G., Meigal A.Y., Borodin A.V. Towards the Development of Smart Spaces-Based Socio-Cyber-Medicine Systems // International Journal of Em-bedded and Real-Time Communication Systems (IJERTCS). 2017. pp. 45–63
10. Kayal P. Perros H. A comparison of IoT application layer protocols through a smart parking implementation // 2017 20th Conference on Innovations in Clouds, Internet and Networks. 2017. pp. 331–336.
11. Dizdarevic J., Carpio F., Jukan A., Masip X. A Survey of Communication Protocols for Internet of Things and Related Challenges of Fog and Cloud Computing Integra-tion // ACM Computing Surveys. 2019. vol. 51. no. 6. pp. 1–29.
12. Naik N. Choice of effective messaging protocols for IoT systems: MQTT, CoAP, AMQP and HTTP // Proceedings of the 2017 IEEE International Systems Engineering Symposium. 2017. pp. 1–7.
13. Селезнёв С.П., Яковлев В.В. Архитектура промышленных приложений IoT и протоколы AMQP, MQTT, JMS, REST, COAP, XMPP, DDS // International Journal of Open Information Technologies. 2019. № 5. С. 17–28.
14. Dinculean D. Vulnerabilities and Limitations of MQTT Protocol Used between IoT Devices // Applied Sciences. 2019. vol. 9. no. 848. pp. 1–10.
15. Andy S., Rahardjo B., Hanindhito B. Attack scenarios and security analysis of MQTT communication protocol in IoT system // 2017 4th International Conference on Elec-trical Engineering, Computer Science and Informatics. 2017. pp. 1–6.
16. Firdous S.N., Baig Z., Valli C., Ibrahim A. Modelling and Evaluation of Malicious Attacks against the IoT MQTT Protocol // Proceedings of the 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). 2017. pp. 748–755.
17. Jarvinen I., Raitahila I., Cao Z., Kojo M. Is CoAP Congestion Safe? // ANRW '18: Proceedings of the Applied Networking Research Workshop. 2018. pp. 43–49.
18. Roselin A.G. et al. Exploiting the Remote Server Access Support of CoAP Protocol // IEEE Internet of Things Journal. 2019. pp. 9338–9349.
19. Park C. Security Architecture for Secure Multicast CoAP Applications // IEEE Inter-net of Things Journal. 2020. vol. 7. no. 4. pp. 3441–3452.
20. Wani S.Y. Internet of Things(IoT) Security and Vulnerability // Research proposal. 2018. pp. 1–9.
21. White R. et al. Network Reconnaissance and Vulnerability Excavation of Secure DDS Systems // Proceedings of the 2019 IEEE European Symposium on Security and Pri-vacy Workshops. 2019. pp. 57–66.
22. Michaud M., Dean T., Leblanc S. Attacking OMG Data Distribution Service (DDS) Based Real-Time Mission Critical Distributed Systems // Proceedings of the 2018 13th International Conference on Malicious and Unwanted Software. 2018. pp. 68–77.
23. Malik I. et al. XMPP architecture and security challenges in an IoT ecosystem // Pro-ceedings of the 16th Australian Information Security Management Conference. 2019. pp. 62–73.
24. Blahut R.E. Principles and practice of information theory. Part 1 // Addison-Wesley. 1987. 458 p.
25. Ivanov F., Kabatiansky G., Krouk E., Rumenko N. A New Code-Based Cryptosystem // Code-Based Cryptography Workshop. 2020. pp. 41–49.
26. Bahl L., Cocke J., Jelinek F., Raviv J. Optimal decoding of linear codes for minimizing symbol error rate (Corresp.) // IEEE Transactions on Information Theory. 1974. vol. 20. no. 2. pp. 284–287.
27. Ivanov F., Kreshchuk A., Zyablov V. On the Local Erasure Correction Capacity of Convolutional Codes // 2018 International Symposium on Information Theory and Its Applications. 2018. pp. 296–300.
28. Zyablov V.V., Ivanov F.I., Potapov V.G. Comparison of various constructions of bina-ry LDPC codes based on permutation matrices // Journal of Communications Tech-nology and Electronics. 2012. vol. 57. pp. 932–945.
29. Berrou C. et al. An overview of turbo codes and their applications // The European Conference on Wireless Technology. 2005. pp. 1–9.
30. Arikan E. Channel Polarization: A Method for Constructing Capacity-Achieving Codes for Symmetric Binary-Input Memoryless Channels // IEEE Transactions on Information Theory. vol. 55. no. 7. pp. 3051–3073.
31. Zhilin I., Ivanov F., Zyablov V. Generalized Error Locating Codes with Soft Decoding of Inner Codes // Proceedings of European Wireless 2015; 21th European Wireless Conference. 2015. pp. 1–5.
32. ГОСТ Р 34.11–2012. Информационная технология. Криптографическая защита информации. Функция хэширования // М.: Госстандарт России. 2012.
33. ГОСТ Р 34.13–2015. Информационная технология. Криптографическая защита информации. Режимы работы блочных шифров // М.: Госстандарт России. 2015.
34. ГОСТ Р 34.10–2012. Информационная технология. Криптографическая защита информации. Процессы формирования и проверки электронной цифровой под-писи // М.: Госстандарт России. 2012.
35. Bali R.S., Jaafar F., Zavarasky P. Lightweight Authentication for MQTT to Improve the Security of IoT Communication // Proceedings of the 3rd International Conference on Cryptography, Security and Privacy. 2019. pp. 6–12.
36. Malina L. et al. A Secure Publish/Subscribe Protocol for Internet of Things // Pro-ceedings of the 14th International Conference on Availability, Reliability and Securi-ty. 2019. pp. 1–10.
37. Singh M., Rajan M.A., Shivraj V.L., Balamuralidhar P. Secure MQTT for Internet of Things (IoT) // Proceedings of the 2015 Fifth International Conference on Communi-cation Systems and Network Technologies. 2015. pp. 746–751.
38. Dinculeana D., Cheng X. Vulnerabilities and Limitations of MQTT Protocol Used between IoT Devices // Applied Sciences. 2019. vol. 9. no. 848. pp. 1–10.
39. Niruntasukrat A. et al. Authorization mechanism for MQTT-based Internet of Things // Proceedings of the 2016 IEEE International Conference on Communications Workshops. 2016. pp. 290–295.
40. Calabretta M., Pecori R., Veltri L. A Token-based Protocol for Securing MQTT Communications // Proceedings of the 2018 26th International Conference on Soft-ware, Telecommunications and Computer Networks. 2018. pp. 1–6.
41. Bisne L., Parmar M. Composite secure MQTT for Internet of Things using ABE and dynamic S-box AES // Proceedings of the 2017 Innovations in Power and Advanced Computing Technologies. 2017. pp. 1–5.
42. Aumasson J.P., Neves S., Wilcox-O’Hearn Z., Winnerlein C. BLAKE2: Simpler, Smaller, Fast as MD5 // Proceedings of the Applied Cryptography and Network Secu-rity. 2013. pp. 119–135.
43. Kuchta V., Sharma G. Lattice‐Based Cryptography and Internet of Things // IoT Security: Advances in Authentication. 2020. pp. 101–118.
44. Porambage P., Braeken A., Schmitt C. Public Key Based Protocols – EC Crypto // IoT Security: Advances in Authentication. 2020. pp. 85–99.
45. Hardt D. The OAuth 2.0 Authorization Framework. URL: https://tools.ietf.org/html/ rfc6749 (дата обращения: 15.03.2020).
46. Colombo P., Ferrari E. Access Control Enforcement Within MQTT-based Internet of Things Ecosystems // Proceedings of the 23nd ACM on Symposium on Access Con-trol Models and Technologies. 2018. pp. 223–234.
47. Guo L., Wu J., Xia Z., Li J. Proposed security mechanism for XMPP-based communi-cations of ISO/IEC/IEEE 21451 sensor networks // IEEE Sensors Journal. vol. 15. no. 5. pp. 2577–2586.
48. Iglesias-Urkia M., Orive A., Urbieta A., Casado-Mansilla D. Analysis of CoAP im-plementations for industrial Internet of Things: A survey // Procedia Computer Sci-ence. 2017. vol. 109. pp. 188–195.
49. Hussein A. Elhajj I., Chehab A., Kayssi A. Securing Diameter: Comparing TLS, DTLS, and IPSec // 2016 IEEE International Multidisciplinary Conference on Engineering Technology. 2016. pp. 1–8.
50. Boo E., Raza S, Höglund J., Ko J. Towards Supporting IoT Device Storage and Net-work Security Using DTLS // MobiSys '19: Proceedings of the 17th Annual Interna-tional Conference on Mobile Systems, Applications, and Services. 2019. pp. 570–571.
51. Shah V. Exploit DTLS Vulnerabilities & Provide a Novel approach to Protect DTLS in CoAP based IoT // International Journal for Research in Applied Science and Engi-neering Technology. 2020. vol. 8. pp. 216–221.
52. Albalas F., Al-Soud M., Almomani O., Almomani A. Security-aware CoAP Application Layer Protocol for the Internet of Things using Elliptic-Curve Cryptography // International Arab Journal of Information Technology. 2018. vol. 15. no. 3A. pp. 550–558.
53. Capossele A., Cervo V., Cicco G.D., Petrioli C. Security as a CoAP resource: An optimized DTLS implementation for the IoT // Proceedings of the 2015 IEEE Interna-tional Conference on Communications. 2015. pp. 549–554.
54. Banerjee U. et al. An Energy-Efficient Reconfigurable DTLS Cryptographic Engine for Securing Internet-of-Things Applications // IEEE Journal of Solid-State Circuits. 2019. vol. 54. no. 8. pp. 2339–2352.
55. Nakamoto S. Bitcoin: A Peer-to-Peer Electronic Cash System. URL: https://bitcoin.org/bitcoin.pdf (дата обращения: 15.05.2020).
56. Fernández-Caramés T.M., Fraga-Lamas P. A review on the application of blockchain to the next generation of cybersecure industry 4.0 smart factories // IEEE Access. 2019. vol. 7. pp. 45201–45218.
57. Alladi T., Chamola V., Parizi R.M., Choo K.-K.R. Blockchain Applications for Industry 4.0 and Industrial IoT: A Review // IEEE Access. 2019. vol. 7. pp. 176935–176951.
58. Aceto G., Persico V., Pescapé A. A Survey on Information and Communication Tech-nologies for Industry 4.0: State-of-the-Art, Taxonomies, Perspectives, and Challeng-es // IEEE Communications Surveys & Tutorials. 2019. vol. 21. no. 4. pp. 3467–3501.
59. Fernández-Caramés T.M., Fraga-Lamas P. A Review on the Use of Blockchain for the Internet of Things // IEEE Access. 2018. vol. 6. pp. 32979–33001.
60. Zhaofeng M. et al. Blockchain-Enabled Decentralized Trust Management and Secure Usage Control of IoT Big Data // IEEE Internet of Things Journal. 2020. vol. 7. no. 5. pp. 4000–4015.
61. Baniata H., Kertesz A. A Survey on Blockchain-Fog Integration Approaches // IEEE Access. 2020. vol. 8. pp. 102657–102668.
62. Bhushan B. et al. Blockchain for smart cities: A review of architectures, integration trends and future research directions // Sustainable Cities and Society. 2020. vol. 61. pp. 1–27.
63. Saberi S., Kouhizadeh M., Sarkis J., Shen L. Blockchain technology and its relation-ships to sustainable supply chain management // International Journal of Production Research. 2019. vol. 57. no. 7. pp. 2117–2135.
64. Fu Y., Zhu J. Big production enterprise supply chain endogenous risk management based on blockchain // IEEE Access. 2019. vol. 7. pp. 15310–15319.
65. Kshetri N. 1 Blockchain’s roles in meeting key supply chain management objectives // International Journal of Information Management. 2018. vol. 39. pp. 80–89.
66. Yu C., Jiang X., Yu S., Yang C. Blockchain-based shared manufacturing in support of cyber physical systems: concept, framework, and operation // Robotics and Computer-Integrated Manufacturing. 2020. vol. 64. pp. 1–15.
67. Li M. et al. Blockchain-enabled Secure Energy Trading with Verifiable Fairness in Industrial Internet of Things // IEEE Transactions on Industrial Informatics. 2020. vol. 16. no. 10. pp. 6564–6574.
68. Han D., Zhang C., Ping J., Yan Z. Smart contract architecture for decentralized energy trading and management based on blockchains // Energy. 2020. vol. 199. pp. 1–14.
69. Lu H., Huang K., Azimi M., Guo L. Blockchain technology in the oil and gas industry: A review of applications, opportunities, challenges, and risks // IEEE Access. 2019. vol. 7. pp. 41426–41444.
70. Anwar H., Arasu M., Ahmed Q. Ensuring fuel economy performance of commercial vehicle fleets using blockchain technology // Proceedings of SAE World Congress Experience (WCX 2019). 2019. pp. 1510–1516.
71. Pan J. et al. EdgeChain: An edge-IoT framework and prototype based on blockchain and smart contracts // IEEE Internet of Things Journal. 2018. vol. 6. no. 3. pp. 4719–4732.
72. Seitz A. et al. Fog computing as enabler for blockchain-based IIoT app marketplaces-A case study // Proceedings of the 2018 Fifth international conference on internet of things: systems, management and security. 2018. pp. 182–188.
73. Koshy P., Babu S., Manoj B.S. Sliding Window Blockchain Architecture for Internet of Things // IEEE Internet of Things Journal. 2020. vol. 7. no. 4. pp. 3338–3348.
74. Luo J., Chen Q., Yu F.R., Tang L. Blockchain-enabled software-defined industrial internet of things with deep reinforcement learning // IEEE Internet of Things Journal. 2020. vol. 7. no. 6. pp. 5466–5480.
75. Ge C., Liu Z., Fang L. A blockchain based decentralized data security mechanism for the Internet of Things // Journal of Parallel and Distributed Computing. 2020. vol. 141. pp. 1–9.
76. Chi J. et al. A secure and efficient data sharing scheme based on blockchain in indus-trial Internet of Things // Journal of Network and Computer Applications. 2020. vol. 167. pp. 1–10.
77. Li D., Hu Y., Lan M. IoT device location information storage system based on block-chain // Future Generation Computer Systems. 2020. vol. 109. pp. 95–102.
78. Cebe M. et al. Block4Forensic: An Integrated Lightweight Blockchain Framework for Forensics Applications of Connected Vehicles // IEEE Communications Magazine. 2018. vol. 56. no. 10. pp. 50–57.
79. Rathee G. et al. A blockchain framework for securing connected and autonomous vehicles // Sensors. 2019. vol. 19. no. 14. pp. 1–15.
80. Qian Y. et al. Blockchain-Based Privacy-Aware Content Caching in Cognitive Inter-net of Vehicles // IEEE Network. 2020. vol. 34. no. 2. pp. 46–51.
81. Евсютин О.О., Кокурина А.С., Мещеряков Р.В. Обзор методов встраивания ин-формации в цифровые объекты для обеспечения безопасности в «интернете ве-щей» // Компьютерная оптика. 2019. Т. 43. № 1. С. 137–154.
82. Al-Shayea T.K., Mavromoustakis C.X., Batalla J.M., Mastorakis G. A hybridized methodology of different wavelet transformations targeting medical images in IoT in-frastructure // Measurement. 2019. vol. 148. pp. 1–14.
83. Prasetyo H., Hsia C.-H., Liu C.-H. Vulnerability attacks of SVD-based video watermarking scheme in an IoT environment // IEEE Access. 2020. vol. 8. pp. 69919–69936.
84. Liu J. et al. Robust Watermarking Algorithm for Medical Volume Data in Internet of Medical Things // IEEE Access. 2020. vol. 8. pp. 93939–93961.
85. Peng H., Yang B., Li L., Yang Y. Secure and Traceable Image Transmission Scheme Based on Semitensor Product Compressed Sensing in Telemedicine System // IEEE Internet of Things Journal. 2020. vol. 7. no. 3. pp. 2432–2451.
86. Pu Y.-F., Zhang N., Wang H. Fractional-Order Spatial Steganography and Blind Ste-ganalysis for Printed Matter: Anti-Counterfeiting for Product External Packing in Internet-of-Things // IEEE Internet of Things Journal. 2019. vol. 6. no. 4. pp. 6368–6383.
87. Evsutin O. et al. Algorithm for Embedding Digital Watermarks in Wireless Sensor Networks Data with Control of Embedding Distortions // Proceedings of the 2nd In-ternational Conference on Distributed and Computer and Communication Networks (DCCN 2019). 2019. pp. 574–585.
88. Hoang T.-M., Bui V.-H., Vu N.-L., Hoang D.-H. A Lightweight Mixed Secure Scheme based on the Watermarking Technique for Hierarchy Wireless Sensor Networks // Proceedings of the 34th International Conference on Information Networking (ICOIN 2020). 2020. pp. 649–653.
89. Xiao X., Gao G. Digital Watermark-Based Independent Individual Certification Scheme in WSNs // EEE Access. 2019. vol. 7. pp. 145516–145523.
90. Wang B., Kong W., Li W., Xiong N.N. A dual-chaining watermark scheme for data in-tegrity protection in internet of things // Computers, Materials and Continua. 2019. vol. 58. no. 3. pp. 679–695.
91. Ferdowsi A., Saad W. Deep Learning for Signal Authentication and Security in Mas-sive Internet-of-Things Systems // IEEE Transactions on Communications. 2018. vol. 67. no. 2. pp. 1371–1387.
92. Hameed K. et al. Towards a for-mally verified zero watermarking scheme for data integrity in the Internet of Things based-wireless sensor networks // Future Generation Computer Systems. 2018. vol. 82. pp. 274–289.
93. Nguyen V.-T. et al. A lightweight watermark scheme utilizing MAC layer behaviors for wireless sensor networks // Proceedings of the 3rd International Conference on Recent Advances in Signal Processing, Telecommunications and Computing (SigTelCom 2019). 2019. pp. 176–180.
94. Huang H., Zhang L. Reliable and Secure Constellation Shifting Aided Differential Radio Frequency Watermark Design for NB-IoT Systems // IEEE Communications Letters. 2019. vol. 23. no. 12. pp. 2262–2265.
95. Rubio-Hernan J., De Cicco L., Garcia-Alfaro J. Adaptive control-theoretic detection of integrity attacks against cyber-physical industrial systems // Transactions on Emerging Telecommunications Technologies. 2018. vol. 29. no. 7. pp. 1–17.
96. Song Z., Skuric A., Ji K. A Recursive Watermark Method for Hard Real-Time Indus-trial Control System Cyber-Resilience Enhancement // IEEE Transactions on Automation Science and Engineering. 2020. vol. 17. no. 2. pp. 1030–1043.
97. Zhao B. et al. Y-DWMS: A Digital Watermark Management System Based on Smart Contracts // Sensors. 2019. vol. 19. no. 14. pp. 1–17.
98. Qian Y. et al. Blockchain-Based Privacy-Aware Content Caching in Cognitive Inter-net of Vehicles // IEEE Network. 2020. vol. 34. no. 2. pp. 46–51.
99. Zhang C. et al. Blockchain-Enabled Accountability Mechanism Against Information Leakage in Vertical Industry Services // IEEE Transactions on Network Science and Engineering. 2020.
100. Chen J., Gupta V., Quevedo D., Tesi P. Privacy and security of cyberphysical sys-tems // International Journal of Robust and Nonlinear Control. 2020. vol. 30. pp. 4165–4167.
101. Lin H., Alemzadeh H., Iyer R. Challenges and Opportunities in the Detection of Safety-Critical Cyberphysical Attacks // Computer. 2020. vol. 53. no. 3. pp. 26–37.
102. Iskhakov A., Meshcheryakov R. Intelligent System of Environment Monitoring on the Basis of a Set of IOT-Sensors // 2019 International Siberian Conference on Control and Communications. 2019. pp. 1–5.
103. Iskhakov A., Iskhakova A., Meshcheryakov R. Dynamic Container Virtualization as a Method of IoT Infrastructure Security Provision. Cyber-Physical Systems and Con-trol. Lecture Notes in Networks and Systems. 2020. vol. 95. pp. 482–490.

Просмотры	1930
Скачивания	1236

Информационная безопасность

Современные методы обеспечения целостности данных в протоколах управления киберфизических систем

DOI:

Ключевые слова:

Аннотация

Литература

Опубликован

Статистика

Как цитировать

Выпуск

Раздел

Импакт-фактор

Разделы

Мы в сети

Обратная связь