Implementation of a Testbed with SDN-enabled Communication Networks to Experiment on Physical Function Virtualization that Disrupts Reconnaissance of Cyber-Physical Infrastructures

Loading...
Thumbnail Image

Authors

Zhuang, Jianing

Issue Date

2020

Type

Thesis

Language

Keywords

defense of reconnaissance , Industrial control system , power grid , SDN-enabled testbed , software-defined networking

Research Projects

Organizational Units

Journal Issue

Alternative Title

Abstract

Industrial control systems (ICSs) have been extensively deployed in the real world. Large ICSs, such as smart power grids, consist of the supervisory control and data acquisition (SCADA) systems and the programmable logic controllers (PLCs). PLCs and SCADA exchange control signals and measurement data through a communication network. As an ICS scales, the geographical span of the communication network increases dramatically such that it is impossible to deploy a closed local area network (LAN) to support the communication network, and the communication network has to be connected to the Internet. However, such connection introduces vulnerabilities to ICS because of the exposure of the network to sophisticated adversaries, who may be capable of causing severe physical damage to ICS after extensive reconnaissance. One intuitive defense idea is to disrupt the reconnaissance or to increase the cost of such reconnaissance.To achieve this, we propose physical function virtualization (PFV), in which we introduce a certain amount of lightweight virtual nodes. The virtual nodes are designed to follow the actual implementation of network stacks, system invariants, and physical state variations: they work just like real nodes from adversaries’ perspective.In order to measure the effectiveness of the proposed defense mechanism, we implemented PFV in a testbed based on software-defined networking (SDN). We implemented ONOS network operating system, and use this testbed to measure the performance of the proposed defense mechanism. The experimental results show that PFV can accurately follow the behavior of real nodes with negligible overhead. The author of this thesis has contributed in the building of the testbed from scratch, the operation of the experiments and the analysis of experimental data. In the present thesis, I will elaborate the implementation of the testbed as well as related experiments.

Description

Citation

Publisher

License

Journal

Volume

Issue

PubMed ID

DOI

ISSN

EISSN