Blockchain, Cyber-Physical Systems and Cybersecurity

Cyber-physical systems combine physical objects (such as smart TVs) or systems (such as autonomous cars) with integrated computing facilities and data storage.


Ben van Lier
Such cyber-physical systems can be interconnected in networks, within which they can exchange and share data and information with other objects and systems. Siemens refers to this sort of network of distributed and autonomous systems as a Web of Systems.

Cyber-physical systems are increasingly used in networks like smart grids, health-care systems and logistics or industrial production processes. According to the US National Institute of Standards and Technology (NIST), the development of cyber-physical systems needs to include an explicit focus on the cybersecurity of these systems and therefore on increasing resilience against cyberattacks. Blockchains and their inherent combination of consensus algorithms, distributed data storage and secure protocols can be used to increase the robustness and reliability of these networks. This will, in turn, increase confidence in autonomously executed information transactions between cyber-physical systems not resulting in undesired transactions, behaviour or operation of these systems.

Cyber-physical systems and consensus

Given the critical nature of cyber-physical systems, NIST believes that there must be a constant focus on the uninterrupted and correct operation of these cyber-physical systems in the event of a cyberattack. NIST states that[1] “cybersecurity for CPS must address how a system can continue to function correctly when under attack, provide mechanisms that support fault-tolerance and/or graceful degradation in accordance with mission- or business-driven priorities, and enable the system to fail-safe in those circumstances in which resilience cannot be provided in the face of threat”. As I have explained previously[2], the achievement of fault tolerance using software is one of the core elements of distributed computing and therefore also of the functioning of a blockchain.

Fault tolerance

Fault tolerance can be achieved by using consensus algorithms that establish consensus between cyber-physical systems on information transactions that are to be executed jointly with one or more other systems. In order to reach consensus on the information transactions to be executed, separate cyber-physical systems exchange and share reliable messages. For Shostak, Pearce and Lamport[3], one of the main prerequisites for establishing consensus is that “a reliable computer system must be able to cope with the failure of one or more of its components. A failed component may exhibit a type of behavior that is often overlooked – namely sending conflicting information to different parts of the system”. Lamport[4] also points out that a reliably functioning distributed system can be developed if it is based on communication between at least three cyber-physical systems which jointly exchange at least six reliable messages in order to reach consensus on the information transaction to be executed.

Consensus and distributed ledgers

Alchieri and Bellami[5] state the following on consensus algorithms: “In a distributed system, the consensus problem consists of ensuring that all correct processes eventually decide the same value, previously proposed by some processes in the system” (2008:26). When separate systems have reached consensus on the basis of a consensus algorithm and the information transaction has been executed using a secure protocol, each individual system can independently record the value of the decision made and the way in which the decision was made. The individual systems record this data using the same protocol as the one they used to execute the information transaction. The total of the individually stored values must be consistent and accessible at all times for the systems involved in the decision-making.

By having the protocol used require all systems involved to adhere to the consistency and method of distributed recording of the agreed information transactions, an interconnected information base recorded in distributed ledgers is created. Each distributed recorded decision can be considered to be a block. Once recorded and stored, the block forms the basis for new decisions about new transactions. Basing subsequent decisions on values from previously made decisions, automatically results in a chain of interconnected but distributed recorded decisions about agreed and executed information transactions. As well as agreements on, for instance, ballot procedures or monitoring of the consistency of the stored decisions, the protocol used can also include security features, such as cryptography.

As stated in a recent document published by the European Commission[6], encryption could play a crucial role in the development of a reliable and secure digital environment “which is impacted by new trends as for instance: the Internet of Things may require more compact and efficient encryption. Without encryption, data in the cloud remains fragile and a target for hackers and criminals”. The use of a combination of consensus algorithms, distributed storage and cryptography to execute information transactions between cyber-physical systems can prevent the occurrence of single points of failure susceptible to cyberattacks that could cause the system as a whole to malfunction.

Cybersecurity

As posited by Singer[7] and Friedman, one of the risk factors in the development of the Internet of Things is “that it also enables cyberattackers to penetrate far deeper into our lives than ever before. If everything around us makes important decisions based on computerized data, we’ll need to work long and hard to make sure that data is not corrupted”.

As well as creating new opportunities, the development of the Internet of Things, the Industrial Internet of Things and cyber-physical systems gives rise to new threats. Cardenas, Amin and Sastry[8] identify a number of conditions that are necessary in order to guarantee the security and reliability of interconnected systems:
- authentication of the systems involved in order to make it clear which system wants to execute an information transaction with other systems;
- access control so that a system can determine which other systems are authorised to execute information transactions with each other;
- a reliable, secure means of communication that enables execution of the information transactions.

Finally, they conclude that “fault tolerant control designs have been developed in order to increase the reliability and maintainability of systems prone to failures”. The aforementioned developments, which see an increasing number of everyday and industrial systems become interconnected in networks and perform information transactions with each other in these networks, naturally give rise to questions about security and reliability. In the years to come, our lives and our work will increasingly depend on the data and information that these systems exchange and share with each other and with us and security and reliability will therefore become crucial, if not existential, themes.

Conclusion

Thinking in terms of interconnected systems is nothing new. Ashby[9] stated, as far back as 1957, that “a fundamental property of machines is that they can be coupled. Two or more whole machines can be coupled to form one machine; and any one machine can be regarded as formed by the coupling of its parts, which can themselves be regarded as formed by the coupling of their parts”. This interconnectedness gives rise to a new, complex entity, whose properties cannot be directly traced back to the separate components. Ashby points out that “such complex systems cannot be treated as an interlaced set of more or less independent feedback circuits, but only as a whole”.

Just like in Ashby's day, we need new insights in order to make the complex entity of people and objects interconnected in networks reliable and safe and to ensure it stays that way. An approach based on distributed and interconnected components that make consensus-based decisions about information transactions to be executed and that ensure distributed, secure and transparent storage of these transactions seems to be a perspective worthy of further research.

[1] National Institute for Standards and Technology. Cyber-Physical Systems Public Working Group (2015) Draft Framework for Cyber-Physical Systems Release 0.8. September 2015
[2] Lier, B. van (2016) Blockchain, distributed ledgers and learning machines, 8 April 2016 http://www.centric.eu/NL/Default/Themas/Blogs/2016/04/08/Blockchain-distributed-ledgers-and-learning-machines- and Lier, B. van (2016) Blockchain, distributed ledgers and the PAXOS protocol, 29 January 2016 http://www.centric.eu/NL/Default/Themas/Blogs/2016/02/29/Blockchain-distributed-ledgers-and-the-Paxos-protocol-
[3] Lamport, L. and Melliar-Smith, P. M. (1984) Proceeding PODC '84, Proceedings of the third annual ACM symposium on Principles of distributed computing, pp. 68-74
[4] Lamport, L., Shostak, R. & Pease, M. (1982) The Byzantine Generals Problem. ACM Transactions on Programming languages and Systems, Vol. 4, No. 3, July 1982, pp. 382-401
[5] Alchieri, E., Bessani, A., Silva Fraga, J. da and Gireve, F.(2008) Byzantine Consensus with Unknown Participants. Baker, T. P., Bui, A. and Tixeuil, S. (eds.) Principles of Distributed Computing, 12th International Conference, OPODIS 2008, Luxor, Egypt, December 15-18 2008. Proceedings, Springer, pp 22-40
[6] European Commission. Scientific Advice Mechanism. Scoping paper: Cybersecurity, 29 January 2016 (Revised)
[7] Singer, P. W. and Friedman, A (2014) Cybersecurity and Cyberwar. What everyone needs to know. New York, Oxford University Press. ISBN 978-0199918119
[8] Cardenas, A., Amin, S. and Sastry, S. (2008) Secure Control: Towards Survivable Cyber-Physical Systems. Distributed Computing Systems Workshops, ICDCS'08. 28th International Conference on (2008), pp. 495–500
[9] Ashby, R. (1957) An introduction to Cybernetics. Second impression. Chapman & Hall Ltd., London.

Ben van Lier works at Centric as Director Strategy & Innovation and, in that function, is involved in research and analysis of developments in the areas of overlap between organisation and technology within the various market segments.

Pour lire tous les articles Finyear dédiés Blockchain rendez-vous sur www.finyear.com/search/Blockchain/

Participez aux prochaines conférences Blockchain éditées par Finyear :
Blockchain Vision #4 + Blockchain Pitch Day #1 (28 juin 2016)
Blockchain Hackathon #1 (octobre 2016)

Les médias du groupe Finyear

Lisez gratuitement :

Le quotidien Finyear :
- Finyear Quotidien

La newsletter quotidienne :
- Finyear Newsletter
Recevez chaque matin par mail la newsletter Finyear, une sélection quotidienne des meilleures infos et expertises en Finance innovation, Blockchain révolution & Digital transformation.

Les 6 lettres mensuelles digitales :
- Le Directeur Financier
- Le Trésorier
- Le Credit Manager
- The Chief FinTech Officer
- The Chief Blockchain Officer
- The Chief Digital Officer

Le magazine trimestriel digital :
- Finyear Magazine

Un seul formulaire d'abonnement pour recevoir un avis de publication pour une ou plusieurs lettres

Mercredi 1 Juin 2016


Articles similaires