Information Security Research Group

Exploiting Digital Twins to Launch Covert Attacks on Cyber-Physical Systems: An Abuse Case of Digital Twins

Supervisor: Sabah Suhail

Contact: sabah.suhail ät ut dot ee

Motivation. Digital Twins are the virtual replicas of the underlying product, process, or service where all operations must be analyzed, predicted, and optimized before their real-world implementation [1]. Being the virtual replicas of their physical counterparts, digital twins share functionalities and operational behavior of the underlying systems. Based on this fact, digital twins may act as a potential source of data breaches, leading to the abuse case of digital twins. The attackers may exploit the system behavior and valuable knowledge accessible through digital twins to launch advanced covert attacks on the underlying physical system [2], for example, manipulated updates to put the digital twin into a malicious state. Furthermore, the digital thread that links data throughout various phases of the lifecycle represents an attractive target for such attacks as the whole product lifecycle can be exposed to the data breach.

Research Objectives. The above-mentioned problem may raise the following challenges that are worth pursuing:

Identifying the vulnerabilities or threats that can be exploited by the wrongdoers to launch attacks through digital twins on cyber-physical systems (CPSs)?
Measuring the consequences of attacks against digital twins?
How to access the security level of digital twins?
How to mitigate attacks on digital twins? Are blockchain-based digital twins are enough to avoid such attacks? What are other supporting measures?

References

[1] Sabah Suhail, Rasheed Hussain, Raja Jurdak, Alma Oracevic, Khaled Salah, Raimundas Matulevičius, and Choong Seon Hong. Blockchain-based digital twins: Research trends, issues, and future challenges. arXiv: 1709.10000. [Online]. Available: https://arxiv.org/abs/2103.11585.

[2] Sabah Suhail, Raja Jurdak, Raimundas Matulevicius, and Choong Seon Hong. Securing cyber-physical systems through blockchain-based digital twins and threat intelligence. CoRR, abs/2105.08886, 2021.