Analysis of Security Threats in Cyber

Physical System
Saurav Verma

Student, B.E. Computer Science Engineering

Chitkara University

Rajpura,Punjab 140601 India

vermasaaab1@gmail.com

Cyber Physical System refers to the system in which procedure is monitored and controlled by
the software components. Cyber Physical System as the name suggests Cyber means the
attributes of culture of the computer, virtual reality and information technology and Physical
means the hardware components. So the system in which the Physical so called hardware
components are monitored by the software components is recognized as Cyber Physical System
(CPS). CPS is the concatenation of technology of Physical, Computation and Networking
domains. Physical processes are controlled and monitored by the embedded computers and
networks.[1-4] Administration, Endeavours and Research institution has played a great role in
the development of the CPS. The architecture of Cyber Physical systems has three layers:
Physical layer , Network layer and Application layer. Physical layer has sensors for sensing data
from the environment ,RFID tags for identification purpose,RFID readers ,actuators and other
hardware equipment which helps in fetching physical world data. After collecting all data, this
data is sent to the network layer. For real-time communication and information exchange,
Network layer is used. Internet and all types of network ( private network , communication
network, local area network ) are implemented by Network layer. The data then carries from
network layer to application layer through the network using technologies like WIFI, Bluetooth.
There are many applications of CPS in the application layer for example health care, Smart
Home, Smart Cars,Smart industry,Smart agriculture etc. Due to the heterogeneity and integrity of
data, security threats arise. However, Security threats and vulnerabilities restrict the development
of CPS. Each layer has its distinct kinds of security threats and vulnerabilities arise in it.
 A. Security Threats arise in Physical Layer

The approach to the data is first and the physical layer of the system. The devices linked with
this layer for example actuators, RFID tag, sensors etc. have finite memory capacity,
computational capacity and resources. Anyone can approach these devices due to an outdoor
environment. So, these devices becomes vulnerable to physical attacks like tampering the device,
replacement of component and physical damage.Popular attacks on the physical layer are
equipment failure which arises due to the external forces, environment or aging;[5] Line fault
which arises due to the failure of power lines; Denial Of Services( DOS) attack to stop/shutdown
the network to make its access unavailable for its intended users[6]; Sybil attack in which one
node make multiple identities which look like real and unique to attack the system by using
multiple identities[7]; Data interception in which data is accessed illegally by seized the
communication channels; Unauthorised access that is unauthorised users may access the data or
the resources illegally; Perception Data Destruction threat in which attacker falsely add , delete ,
modify or destruct the data illegally.

B. Security Threats arise in Network Layer

Attacks on this layer arise when the data is transmitted from the physical layer to the application
layer because the ​channels are insecure while sending the data mostly in the wireless
communication system. The common network layers attacks include Distributed Denial of
Services ( DDoS ) which includes the target server is attacked by group of malicious nodes as
the sources of Denial of Service at the same time; Sybil attack is a type of attacks in which the
data transmission is restricted by controlling most of the nodes illegally through malicious node
which has multiple identities; Routing loop attack is an attack in which an infinite routing loop is
caused to modify the data path through malicious node; Routing attack occurs when attacker
sends the forged routing information to interfere with its common routing process; Flooding
attack is done by SMURF and DDoS to exhaust the resources linked in the network servers;
traffic tampering is done with tampering the routing information using Malicious node;
Wormhole attack in which two attackers settle themselves in the network strategically then
controls and monitor data and hack the data by recording it; black hole malicious node make
routing connection with it falsely to cause the packet loss; Sinkhole attacks arise when the
normal nodes are attracted around as a point through malicious node in the routing path;
Collision attack is same as traffic manipulation and causes traffic blockage, distorted traffic [9].
 C. Security threats in Application Layer

Application layer is the heart of the Cyber Physical System which provides decision making and
control commands. Application layer helps in storing privacy data of users in different- different
domains such as health care in Medical CPS etc. So the common threats in the application layers
are leaking of privacy data of users due to the negligence , insecurity of storage etc;
Unauthorised accessing of System data illegally; Viruses and Trojan horses attacks which are
more often and common attacks on application layer; The forged commands are used
maliciously to damage the system; Loopholes Attack are used to attack the system in the
application; Buffer overflow is also the common attack used by hackers in the application layer;
SQL injection attack which is the most common attack on the database of the system.[5,9,10]

References

1. https://en.wikipedia.org/wiki/Cyber-physical_system#:~:text=A%20cyberphysical%20syst
em%20(CPS)%20is,monitored%20by%20computer%2Dbased%20algorithms.
2. https://ptolemy.berkeley.edu/projects/cps/
3. https://acodez.in/cyber-physical-systems/
4. https://www.google.com/search?q=cyber+means&rlz=1C1CHBD_enIN899IN899&oq=cy
ber+means&aqs=chrome..69i57j0l6.1651j1j7&sourceid=chrome&ie=UTF-8
5. Mehedi Hasan R., Mosabber Uddin A., Md. Atiqur Rahman A. “Security Analysis and a
Potential Layer to Layer Security Solution of Medical Cyber-Physical Systems”
Springer,2019: pp61-88
6. https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#:~:t
ext=A%20Denial%2Dof%2DService%20(,inaccessible%20to%20its%20intended%20use
rs.&text=Buffer%20overflow%20attacks%20%E2%80%93%20the%20most,built%20the
%20system%20to%20handle.
7. https://www.geeksforgeeks.org/sybil-attack/
8. https://www.geeksforgeeks.org/active-and-passive-attacks-in-information-security/
9. Yang G., Yong P., Feng X., Wei Z., Dejin W., Xuefeng H., Tianbo L., Zhao L. “Analysis
of Security Threats and Vulnerability for Cyber-physical Systems”. China: IEEE, 2013
10. YANG G., GENG G., DU J., et al. “Security threats and measures for the Internet of
Things”. J Tsinghua Univ (Sci and Tech), 2011: 1336-1340.