Cyber Physical Systems Security

Cyber Physical Systems Security

Learning Outcomes:

On successful completion of this module, you will be able to:

  • LO1: Develop a systematic understanding and critical awareness of the security threats affecting Cyber Physical Systems and the mechanisms to prevent, detect and mitigate attacks.
  • LO2: Identify and evaluate appropriate solutions for building secure Cyber Physical Systems; apply advanced techniques and tools to deal with cross-cutting security concerns in different domains.
  • LO3: Demonstrate advanced skills in research, problem solving and communication; be a selfdirected, independent learner showing initiative and personal responsibility.

Assessment Methods: 

Coursework – This consists of five laboratory reports highlighting your understanding of Cyber Physical Systems Security in a practical laboratory.

Please take note of the following regulations/advice where appropriate:

  • Check the assignment guidelines/marking criteria when doing your assessment.
  • See your academic tutor for academic support whenever required.

Guidelines: Prepare a report based on the guidelines explained below. Include a cover sheet with your name and UoB number. The coursework must be submitted using Canvas by the deadline. Please name your file with your name and UoB number. If you have problems with Canvas, please contact the Module Coordinator as soon as possible.

Assessment Brief 

Section 1: Security analysis of CPS systems (20%)

Cyber Physical Systems (CPS) have been deployed into critical infrastructures in industry, healthcare, military, etc. As attacks to CPS can have very serious consequences for the integrity of these infrastructures and the confidentiality of their data, it is essential to develop robust solutions to protect CPS by identifying their security threats and preventing, detecting and mitigating attacks. However, securing CPS is not a straightforward task due to the heterogeneity of connected cyber and physical elements. With a wide variety of CPS elements, the framework of each may not be the same — there may be different physical barriers, computational capacity, network protocols, etc. An organisation needs to identify critical components, functions and operational procedures and ensure that each is secure.

Discuss CPS security threats, focusing on the IoT domain, and critically analyse typical solutions for preventing and mitigating attacks. Support your analysis by demonstrating a technique, procedure or tool useful for securing, e.g., a smart home device, a Raspberry Pi or other (Linux) device. You can do this on a physical device or using a virtual machine, IoT or cloud platform. Provide a description of the setup, including relevant configurations, commands and screenshots.

Section 2: Wireshark analysis (20%)

Protocol analysis involves the identification of basic knowledge objects within a protocol. Protocol analysts know how to employ esoteric hardware and software tools to examine traffic in motion across a network. Furthermore, they know how to decode and understand the implications of what they see in that data stream, where network pathologies, outside or inside attacks, poorly designed applications, and strange network layouts, among many other causes, can make life interesting.  

Protocol definition can be expanded, abused or violated. For this report, choose an interesting protocol behaviour relevant to CPS security, such as an unusual flag combination, a protocol abuse or violation, a recognisable behavioural pattern (e.g. a connectivity problem), an attack, a virus, etc., for analysis. A comprehensive list of capture files that can be opened in Wireshark is available, for example, at http://www.netresec.com/?page=PcapFiles. Use one of these captures (from, e.g., the section on Industrial Control Systems) to support your analysis. Alternatively, generate and capture network traffic with one of the aforementioned behaviours. Using the capture file and Wireshark to support your analysis, write on the topic chosen with at least 2 academic references or books. The document you upload on Canvas should contain some extracts of the file you have used for your analysis. All references should be in conformity with the Harvard referencing style.

Section 3: Firewalls (20%)

This section consists of two parts: part 1 requires you to answer a set of questions on firewalls; part 2 is a practical exercise that involves setting up a firewall.

Part 1: Answer the following questions using diagrams where appropriate: 

  1. What is a firewall? Briefly explain how it works and its advantages and disadvantages.
  2. What is the difference between a gateway and a firewall?
  3. Briefly explain the different types of firewalls.
  4. What are the characteristics of a strong firewall?

Part 2: Firewall setup 

This part requires you to set up a firewall to restrict access to a networked computer. A sample firewall setup has been provided in the lab, which will help you accomplish this task. The lab materials are available on Canvas. There is no restriction on how you can set up the firewall – the example presented in the lab runs multiple virtual machines and networks in Oracle VirtualBox, but you could also set up a firewall on a physical network using your own equipment. Describe the firewall setup, including all the commands used, and demonstrate the functionality of the firewall with appropriate screenshots.

Section 4: Intrusion detection systems (20%) Use Snort to carry out the following tasks:

  1. Run Snort in packet logger mode. While Snort is running, launch a web browser and open www.bradford.ac.uk. Now use Snort with Berkeley Packet Filters (BPF) to filter the generated log file and output only HTTPS traffic. Describe the Snort parameters that you used for logging and filtering, and provide a screenshot of the Snort output with some filtered traffic.
  2. Create a rule to generate an alert when ICMP traffic is detected. Run Snort with the appropriate parameter to provide alerts on the console screen. Describe the rule and command. Which file should local rules be put in? Generate some ICMP traffic (using the ‘ping’ command) and take a screenshot of the alerts produced by Snort.
  3. Create a rule to generate an alert when someone is connecting via SSH to your machine. Run Snort with the appropriate parameter to provide alerts on the console screen. Describe and demonstrate the rule, taking a screenshot of the alerts produced by Snort.

Section 5: Virtual private networks (20%)

This task requires you to set up a Virtual Private Network (VPN) with a server and at least one client. A sample VPN setup has been provided in the lab, which will help you accomplish this task. The lab materials are available on Canvas. Write a short report containing the following:

  1. Description of the VPN setup process with screenshots of the main steps (key and certificate generation, server and client configuration, etc.). Provide a diagram of your VPN structure, including IP addresses of client(s) and server, gateway, netmask etc.
  2. Answers to the following questions:
    1. Describe the functionality of a VPN, highlighting its specific security mechanisms, advantages and disadvantages.
  1. What are the different protocols that can be used for creating a VPN? Describe the protocol that you chose for your setup and explain your reasoning.
  2. What is the relationship between a firewall and a VPN? What firewall issues are related to VPN deployment?
  3. What is the IP tunnel of a VPN?
  4. How did you support the routing of packets between client and server?
  1. Conclusions containing your reflections (in your own words) about VPNs, network security using a VPN and this activity.
  2. Appendix containing configuration files (e.g. server.conf, client.conf) and any relevant log files.