Online Distributed Schedule Randomization to Mitigate Timing Attacks in Industrial Control Systems

Industrial control systems (ICSs) consist of a large number of control applications that are associated with periodic real-time flows with hard deadlines. To facilitate large-scale integration, remote control, and coordination, wireless sensor and actuator networks form the main communication framework in most ICSs. Among the existing wireless sensor and actuator network protocols, WirelessHART is the most suitable protocol for real-time applications in ICSs. The communications in a WirelessHART network are time-division multiple access based. To satisfy the hard deadlines of the real-time flows, the schedule in a WirelessHART network is pre-computed. The same schedule is repeated over every hyperperiod (i.e., lowest common multiple of the periods of the flows). However, a malicious attacker can exploit the repetitive behavior of the flow schedules to launch timing attacks (e.g., selective jamming attacks). To mitigate timing attacks, we propose an online distributed schedule randomization strategy that randomizes the time-slots in the schedules at each network device without violating the flow deadlines, while ensuring the closed-loop control stability. To increase the extent of randomization in the schedules further, and to reduce the energy consumption of the system, we incorporate a period adaptation strategy that adjusts the transmission periods of the flows depending on the stability of the control loops at runtime. We use Kullback-Leibler divergence and prediction probability of slots as two metrics to evaluate the performance of our proposed strategy. We compare our strategy with an offline centralized schedule randomization strategy. Experimental results show that the schedules generated by our strategy are 10% to 15% more diverse and 5% to 10% less predictable on average compared to the offline strategy when the number of base schedules and keys vary between 4 and 6 and 12 and 32, respectively, under all slot utilization (number of occupied slots in a hyperperiod). On incorporating period adaptation, the divergence in the schedules reduceat each period increase with 46% less power consumption on average.