The Center for Education and Research in Information Assurance and Security (CERIAS)
The Center for Education and Research inInformation Assurance and Security (CERIAS)
Principal Investigator: Hany Abdel-Khalik
The Covert Cognizance (C2) paradigm has been developed in response to the growing frequency of cyberattacks, specifically insider threats and state-sponsored advanced persistent campaigns. In such scenarios, adversaries possess the technical know-how and financial resources to bypass IT-based security defenses such as firewalls, passwords, biometrics etc. as well as model-based defenses that rely on a physical model or a digital twin of the cyberphysical system (CPS). As such, there is a need for a human-free and deterministic solution to cybersecurity, a last line of defense, when all IT and OT defenses have been compromised.
C2 seeks to embed self-awareness in CPS at level 0 of the traditional Purdue model, i.e., at the level of the sensors and actuators which are the most critical and sensitive components in a CPS. Departing from protocols that shield the data flowing through these components by encasing it in a (penetrable) shell, C2 directly fingerprints the data at its source (level 0) by embedding information, called C2 parameters, about the system's operational history in the data. This effectively makes the components cognizant or "aware" of each other. In traditional models, these components are loosely coupled with each other through the physics of the CPS which are well-understood and may be learned and exploited using AI/ML. In C2-enabled CPS, these systems are tightly coupled through imperceptible perturbations that carry the C2 parameters. Any falsification of the data will necessarily destroy the presence of the C2 parameters, thus serving as a deterministic tool to intrusion detection.
Another key value of C2 is that the C2 parameters can also carry recovery information to prevent downtime of systems during cyberattacks. In essence, C2-enabled CPS are a system of systems that can detect cyberattacks deterministically and instantly self-heal to nullify their effect without needing human intervention. All these capabilities are endowed in a manner that cannot be reverse-engineered with security guarantees based on the Vernam-cipher/one-time-pad gold standard along with operational guarantees based on the criterion of zero-impact on system optimality.
Students: Arvind Sundaram
1. Arvind Sundaram, and Hany S. Abdel-Khalik, "Validation of Covert Cognizance Active Defenses", Nuclear Science and Engineering, April 2021.
2. Arvind Sundaram, and Hany S. Abdel-Khalik, "Covert Cognizance: A Novel Predictive Modeling Paradigm", Nuclear Technology, February 2021.
3. Arvind Sundaram, Hany S. Abdel-Khalik, and Oussama Ashy, "A data analytical approach for assessing the efficacy of Operational Technology active defenses against insider threats", Progress in Nuclear Energy, June 2020.
4. Arvind Sundaram, and Hany S. Abdel-Khalik, "Developing Covert Cognizance for Industrial Control Systems", International Conference on Mathematics and Computational Methods Applied to Nuclear Science and Engineering, M&C 2021, October 2021.
5. Arvind Sundaram, and Hany S. Abdel-Khalik, "Exploratory Study into the Effectiveness of Active Monitoring Techniqus", Transactions of the American Nuclear Society 2019 Winter Meeting, December 2019.
6. Arvind Sundaram, Hany S. Abdel-Khalik, Dakota Roberson, Mohamad El Hariri, "Data Recovery via Covert Cognizance for unattended operational resilience", Progress in Nuclear Energy, Sepetmeber 2022.
Keywords: active fingerprinting, cyber-physical systems, zero downtime