Industrial Control Systems (ICS) incorporate automated control and monitoring into the industrial objectives of production, manufacturing and distribution. Programmable Logic Controllers (PLCs) are the nucleus of this framework, with control programs constituting the decision-making layer that bring about desirable changes in the process measurements. In this paper, we study the significance of pre-requisite knowledge of process control in tailoring targeted attacks. We identify a Man-At-The-End (MATE) adversary who aims at extracting the process semantics by obtaining a copy of the control program downloaded from an engineering workstation to a PLC. We focus on preventing such efforts, and present a formalization of control program abstraction and its assets, the secret values in the program that give away the operational semantics of the process. Finally, we propose , a platform that makes use of cryptographic obfuscation to secure the assets in a control program. We demonstrate an end-to-end case-study of control program formalization and present a proof-of-concept implementation of the proposed construction over two example testbeds. Our micro-benchmarks indicate that the proposed platform incurs an overall increase of 4% in the execution time for a single scan cycle, with guarantees of computational security.
ACM Cyber-Physical System Security Workshop (CPSS)
2023-07-19
2024-07-18