Projects

Industrial control systems are an increasingly target-rich environment for cybercriminals, terrorists, and advanced persistent threats. Those entities who would wish to do harm to governments or corporations can exploit the complex nature of these systems to their advantage. As control technology becomes more connected through advances in networking and design, the physical systems underlying these control topologies also become more connected to clever malicious actors. Additionally, the critical nature of systems such as power plants or gas pipelines can make them high priority targets for those wishing to ransom, extort or cause damage to a nation’s critical infrastructure. As a result, the security of these systems is tremendously important. In order to ensure this security blue teams, white hat hackers, and those wishing to employ cyberdefenses must be able to anticipate and defend against possible attacks. The best way for them to do this is to probe these systems for flaws on their own.

Unfortunately, the testing of industrial control systems can be a complex, difficult and sometimes dangerous process. Traditional methods of testing these systems usually include some sort of traditional engineering validation methods. However, when testing the cyber-security of these systems previous research has shown that there are some serious risks. In one report, the use of ping sweeps caused a robotic arm to swing on a factory floor and in another caused a system failure that resulted in over $50,000 worth of damage to equipment [1]. As a result of the risks of cyber-security and non-physical testing, a recent paradigm in research has focused on simulating industrial control environments.

However, creating even these small scale models and physical test beds can be an expensive and time-intensive task. Our research focuses on finding ways to create accurate simulations that can be used to test the efficacy of certain cyber threats. Typically, the goal is to create simulations that are realistic enough to allow us to test certain hypothesized attacks. Even low fidelity simulations can provide insight as to how a system might be compromised, or how dangerous certain scenarios can be. Mainly our work has shown that fairly accurate models can be created for a low cost. By designing our simulations in a modular way we hope to iteratively add fidelity and accuracy to our models. This can be done in several ways: by including hardware in the loop or by exact modeling of real systems and validation against these real systems.

So far our simulation team has been able to successfully model a gas pipeline using Simulink’s MATLAB based gas models. We then extended these models by adding a control layer that interfaces with Simulink. We currently are able to demonstrate, on an elementary level, the feasibility of what we call a measurement attack. Measurement attacks focus on how the system is impacted by sensors intentionally manipulating readings to cause system damage.

The source for our model is available on Github. However, please note that this is a project in progress and it may be difficult to set up everything to the correct standards.

References

[1] D. P. Duggan, “Penetration Testing of Industrial Control Systems,” Sandia National Laboratories, p. 7, 2005.

[2] T. Morris, A. Srivastava, B. Reaves, W. Gao, K. Pavurapu, and R. Reddi, “A control system testbed to validate critical infrastructure protection concepts,” International Journal of Critical Infrastructure Protection, vol. 4, no. 2, pp. 88–103, Aug. 2011.

[3] T. H. Morris, Z. Thornton, and I. Turnipseed, “Industrial Control System Simulation and Data Logging for Intrusion Detection System Research,” 7th Annual Southeastern Cyber Security Summit, p. 6, 2012.

The problem WineChain aims to solve is the counterfeiting of wine. Counterfeit wine and spirits have been described as a “multi-billion” dollar problem by Forbes Magazine [1]. The reason counterfeiting wine is a prime objective is because wine industry leaders are dependent on their brand value in order to charge premium prices for their product [4]. Consumers need to be able to trust the seller. This becomes very challenging when the seller is advertising goods as being authentic, but are actually a product of counterfeiting and the seller may not even know it. Identifying counterfeit wine bottles can be challenging and expensive. WineChain is looking to create an environment that provides security and transparency when purchasing bottles of wine. From an abstract angle, WineChain aims to provide a digital certificate of authenticity (WineCoin) that maintains the integrity of a specific bottle of wine. For example, think of it like buying a car, if you were purchasing a car and the seller refused to give you the title, would you proceed with the purchase? Probably not. The idea is the same on the WineChain platform. As soon as a bottle is created, it receives a QR code and its information is entered into the blockchain by the manufacturer. This QR code represents the WineCoin (certificate of authenticity) because the code that it is assigned is unique. Every time the bottle exchanges hands, a transaction record is created and stored on the blockchain. The WineCoin then gets transferred to the new owner indicated by the transaction record. Once a bottle is consumed, the owner marks its corresponding WineCoin complete and receives a small reward to incentivize good behavior. Once a WineCoin is marked as complete, it can no longer be transferred. This allows the consumer to be suspicious of their purchase if the seller refuses to part ways with the WineCoin. Solving this problem for industry leaders becomes exigent in order to maintain their brand image and profits.

One allegory as to why counterfeit wine and spirits have been described as a “multi-billion” dollar problem was explored in the 2017 film Sour Grapes. The film told the story of a multi-million dollar wine counterfeiting mastermind [3]. Counterfeiting comes in several forms, the main two issues are the creation of bottles to look like their authentic counterparts or the refilling of authentic bottles with non-authentic material [2]. Issues arise that a consumer or collector may never know what is in the bottle until they open it. Preventing wines from being counterfeit involves professionals and experts to identify the counterfeit bottles. Clearly, these services are niche, expensive, and difficult to get a hold of. Making them non-accessible to small collectors, or vineyards who wish to maintain a reputation. In addition, many large wine producers are farmers from Italy or France who are more interested in creating a great product than they do in tracking down and prosecuting counterfeiters. As a result, wine counterfeiting has been a problem that’s been ignored by many. Despite this, many experts on the problem estimate that the value of counterfeit wines in circulation may exceed a billion dollars [1].

Solving this problem requires a low barrier to entry technology that can address the counterfeiting issue at a low cost. This would make it easy for new producers, importers, sellers, and wine/spirit customers to track where their wines and spirits have been. Additionally, allowing them to be tracked in an immutable ledger would make it easy to verify that the wines have been handled with care. Knowing that expensive or vintage wines have been cared for by reputable cellars or distributors allows the consumer to be more confident in what they are buying. This adds value for the consumer, and for the reputation of the importer, distributor, or seller.

The goal of WineChain is to provide verification of genuine products and the means to identify counterfeit wine bottles at a low barrier to entry. Utilizing a decentralized public blockchain, such as Ethereum, enables anyone to verify the authenticity of a bottle of wine and review its complete history. As a final result, users should expect the ability to verify authenticity, transfer ownership, and update the consumption status of genuine wine bottles registered with WineChain. We hope to achieve this through the design of a WineChain Token (WineCoin), react application, and incentivizing a tracked economy of scale for wine collectors.

References

[1] Macallef, V Joseph. What’s In Your Cellar? Counterfeit Wines Are a Multi-Billion Dollar Problem. Forbes Magazine Online. December 2018. https://www.forbes.com/sites/joemicallef/2018/12/01/whats-in-your-cellar-counterfeit-wines-are-a-multi-billion-dollar-problem/#66e5c7741c83

[2] Hellman, Peter. How an illegal immigrant pulled off the greatest wine scam in US history. New York Post Online. October 2017. https://nypost.com/2017/10/07/how-an-illegal-immigrant-pulled-off-the-greatest-wine-scam-in-us-history/

[3] Bosker, Bianca. A True-Crime Documentary About the Con That Shook the World of Wine. The New Yorker Online. October 2016. https://www.newyorker.com/culture/culture-desk/a-true-crime-documentary-about-the-con-that-shook-the-world-of-wine

[4] Nickel, H Janice. Sang, Henry Jr. The Cost of Counterfeits. HP Laboratories Palo Alto. August 2007. https://www.hpl.hp.com/techreports/2007/HPL-2007-133.pdf