Content uploaded by Adamu Hussaini
Author content
All content in this area was uploaded by Adamu Hussaini on Oct 10, 2022
Content may be subject to copyright.
A Taxonomy of Security and Defense Mechanisms in Digital Twins-based
Cyber-Physical Systems
Adamu Hussaini, Cheng Qian, Weixian Liao, and Wei Yu
Dept. of Computer & Information Sciences, Towson University, USA
Emails: {ahussa7, cqian1}@students.towson.edu, {wliao, wyu}@towson.edu
Abstract—The (IoT) paradigm’s fundamental goal is to
massively connect the “smart things” through standardized
interfaces, providing a variety of smart services. Cyber-Physical
Systems (CPS) include both physical and cyber components
and can apply to various application domains (smart grid,
smart transportation, smart manufacturing, etc.). The Digital
Twin (DT) is a cyber clone of physical objects (things), which
will be an essential component in CPS. This paper designs
a systematic taxonomy to explore different attacks on DT-
based CPS and how they affect the system from a four-layer
architecture perspective. We present an attack space for DT-
based CPS on four layers (i.e., object layer, communication
layer, DT layer, and application layer), three attack objects
(i.e., confidentiality, integrity, and availability), and attack
types combined with strength and knowledge. Furthermore,
some selected case studies are conducted to examine attacks
on representative DT-based CPS (smart grid, smart trans-
portation, and smart manufacturing). Finally, we propose a
defense mechanism called Secured DT Development Life Cycle
(SDTDLC) and point out the importance of leveraging other
enabling techniques (intrusion detection, blockchain, modeling,
simulation, and emulation) to secure DT-based CPS.
Keywords-Digital Twin, Security, Internet of Things, Cyber-
Physical Systems.
I. INTRODUCTION
The goal of the (IoT) paradigm is to massively con-
nect the “smart things” surrounding us and provide diverse
smart services [1]. Connected gadgets (IoT devices) interact
with their physical environment and communicate across
wireless networks in social contexts to offer a human-
centric application value [2]. Due to the recent advances in
IoT technologies, a variety of smart-world systems can be
supported [3], [4], [5], [6]. IoT-based systems are sometimes
called cyber-physical systems (CPS), an integrated system
that synthesizes physical and cyber components. The vision
of IoT and CPS tend to change the way we live, interact and
communicate with one another. It is expected to provide
ubiquitous information exchange and connectivity through
various things (physical devices, sensors, actuators, and
mobile phones, among others). It also allows things with
sensing, computational, and learning capabilities to work
efficiently. IoT-based devices have recently become more
intelligent since they can think, hear, see, and collaborate [7].
Depending on the purpose of a smart device, it may record
essential features of things to improve the efficiency and
intelligence of CPS. Some examples of IoT/CPS systems
include smart grid, smart manufacturing, smart transporta-
tion, smart healthcare, smart homes, and smart cities, among
others [8], [1], [9], [10], [11], [12]. For instance, consider-
ing smart manufacturing, extensive data analysis can assist
system administrators and engineers in identifying system
vulnerabilities in smart manufacturing systems [13]. System
administrators and engineers can also update designs based
on comprehensive data analysis to improve supply chain
and manufacturing performance [13], [14]. Nonetheless,
directly changing or upgrading the entire system carries
some significant hazards. As a result, developing a cyber
clone (called Digital Twin) of real physical systems to
simulate real-world scenarios in those physical systems will
drastically improve efficiency and reliability [4]. The DT
differs in meaning depending on its application areas. One
of the comprehensive definitions is given by IBM [15],
stating that the DT, as a mirror copy of an object, process
or system that spans its lifecycle, is updated with real-
time data, and supports decision-making through simulation,
machine learning/deep learning (ML/DL), and reasoning.
During these phases, the DT collects data about its physical
counterpart and enriches it with updates. As a result, the
DT can represent its counterpart accurately and serves as a
solid basis for simulations and other data analytics. In recent
years, artificial intelligence, big data analytics and other
technologies have been used to acquire valuable insights into
data, which led to the emergence of the DT model [16], [4],
[17].
While the DT approach is gaining popularity due to its
capabilities to make advanced simulations and optimizations,
the possibilities for enhanced security have recently received
growing attention [18]. The use of DT introduces additional
security problems in industry 4.0 [1], [16]. For instance,
each layer of the industrial IoT is vulnerable to various
threats inside and outside of the network [19]. Thus, security
shall be maintained when transferring DT data between non-
trusting parties[20]. Consider the DT of a smart grid as an
example, synchronizing tasks between the twin and the phys-
ical system should uphold integrity to avoid manipulated
operations on the power plant [16]. Another example is the
smart transportation sector, where autonomous vehicles are
susceptible to cyber-attacks [21], [22]. Autonomous vehicles
597
2022 IEEE International Conferences on Internet of Things (iThings) and IEEE Green Computing & Communications
(GreenCom) and IEEE Cyber, Physical & Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress
978-1-6654-5417-9/22/$31.00 ©2022 IEEE
DOI 10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics55523.2022.00112
2022 IEEE International Conferences on Internet of Things (iThings) and IEEE Green Computing & Communications (GreenCom) and IEEE Cyber, Physical & Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress on Cybermatics (Cybermatics) | 978-1-6654-5417-9/22/$31.00 ©2022 IEEE | DOI: 10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics55523.2022.00112
Authorized licensed use limited to: Towson University. Downloaded on October 10,2022 at 19:44:50 UTC from IEEE Xplore. Restrictions apply.
generate a massive amount of privacy-sensitive information
transmitted over the network and stored in the cloud. These
are data produced by cars, traffic sensors, and other traffic
cameras. Such data is crucial for the safety of vehicle
platforms and communication systems. As a result, any
vulnerability or failure from the cloud infrastructures [23] in
those systems could result in catastrophic events, especially
if hackers discover it [24]. Thus, the need to protect against
malicious attacks becomes widely recognized [25]. In this
paper, we propose a taxonomy of DT-based CPS security
and defense. The work will help structure the DT security
field and provide a global picture of the problem and solution
space. Furthermore, researchers can utilize our designed tax-
onomy to answer various essential pressing security issues
by separating vital elements of the different attacks on DT-
based CPS and defense mechanisms.
Our major contributions are as follows: (i) We design
a systematic taxonomy to explore different attacks on DT-
based CPS. We present an attack space for DT-based CPS
based on four targets (i.e., object layer, communication layer,
DT layer, and application layer) and three attack objects (i.e.,
confidentiality, integrity, and availability). We introduce at-
tacks according to attack strength and knowledge (i.e., slow-
unknown attack, slow-known attack, strong-unknown attack,
and strong-known attack). (ii) We explore attack examples
on the different layers of three representative DT-based CPS
(e.g., smart grid, smart transportation, smart manufacturing).
For example, in the object layer, attacks (e.g., distributed
denial of service (DDoS), spoofing, eavesdropping, and mal-
ware propagation, among others) are investigated, and their
impacts on other layers directly/indirectly. In the DT Layer,
attacks such as DoS attacks, data injection attacks, and
Man-in-the-middle (MITM) attacks and their impacts are
considered. Finally, we propose a DT-defence mechanism
called Secured DT Development Life Cycle (SDTDLC) and
discuss how other enabling techniques (intrusion detection,
blockchain, modeling, simulation, and emulation) could be
leveraged to secure DT-based CPS.
The remainder of this paper is organized as follows.
Section II introduces the background of CPS security and
the integration of DT into CPS. Section III explores the
attack space based on attack objectives, attack target, and
attack types. Section IV introduces attacks on three specific
DT-based CPS (smart grid, smart transportation, and smart
manufacturing). Finally, the defense to security DT-based
CPS is introduced in Section V, along with final remarks in
Section VI.
II. BACKGROUND
This section briefly discusses the security of CPS and how
to integrate DT into CPS.
CPS Security: CPS allows us to incorporate physical
and virtual components. While IoT devices (sensors and
actuators) enable these systems to interact with the physical
world, computational and networking aspects allow them
to operate in the digital space. Considering that CPS can
affect both the physical and digital worlds, ensuring that
they work securely and safely is critical [3], [5], [26],
[27], [21], [28], [22]. In the last decade alone, there have
been a number of reported attacks against CPS, which
shows how devastating any threats to CPS could be in the
nearest future. For example, an attack on the power grid
of Ukraine in 2015 caused a total power blackout in the
country, affecting approximately 225,000 households [29].
Integrating DT in CPS: According to our prior research [4],
recent research interests towards DT applications are smart
grid, smart transportation, and smart manufacturing. We take
these three as applications to further illustrate the integration
of DT and CPS in practical applications. The DT-assisted
physical systems are consist of two components, physical
system and DT. The physical system contains sensor and
actuators which assist the operation of the system. The
DT subsystem consists of AI models and DT model. To
leverage the DT subsystem, the physical system and all
components inside will be converted into digital components
and mapped to DT. Based on the digital components and data
of the physical system, a simplified model of the physical
system can be generated using the AI model and stored in
the DT model after training. Also, the ML model will be
updated frequently when there is any change in the physical
system or new data is collected. In this case, with the
help of ML technology, DT can make a faster and more
accurate response to assist the stable and effective operation
of the system. Additionally, ML models can predict potential
scenarios based on historical data and send instructions to
physical systems to take action.
III. DT ATTACK SPA CE
In this section, we present an attack space towards DT-
based CPS from the perspective of four layers, three attack
objects, and attack types as shown in Fig. 1. Additionally,
combined with attack strength and the level of knowledge,
we introduce attacks according to four different attack types.
A. Targets
In Fig. 1, we propose four layers for the DT-based CPS: (i)
Object Layer: It contains all the physical components that
enable the physical system to function. Sensors in the object
layer collect data and send information to the DT layer.
Actuators take actions based on instructions from the DT
layer. (ii) DT Layer: It contains AI model and DT model.
Given the data from the object layer, the DT subsystem
trains a ML model as a DT model to send instructions to the
object layer when the physical system environment changes.
At the same time, the ML model is continuously updated
based on the data transmitted by the physical system at the
object layer, so that the ML model can guide the physical
system to operate effectively. (iii) Application Layer: The
598
Authorized licensed use limited to: Towson University. Downloaded on October 10,2022 at 19:44:50 UTC from IEEE Xplore. Restrictions apply.
Figure 1. DT Attack Space
application layer provides services for multiple users to
control, monitor, and obtain data from the physical system.
These services can also be combined with the user interface
to give users a clearer understanding of the physical system’s
operating status and data. (iv) Communication Layer: The
communication layer acts as a hidden layer, integrated into
the connections between the three layers we mentioned
earlier. This layer mainly focuses on data transfer between
different layers, enabling the entire DT system to operate.
B. Objectives
The IoT sensors and actuators are located at the physical
layer. Generally speaking, adversaries can attack physical
systems from three aspects: (i) Confidentiality: For confi-
dentiality, adversaries can gain unauthorized access to sensor
data. Adversaries collect system operational data from the
physical layer by accessing sensor data. Adversaries then can
quickly discover vulnerable nodes and target critical nodes
to compromise the system. (ii) Integrity: For integrity,
the general attack strategy is to manipulate sensor data
that can affect the model and dataset in the DT layer.
Meanwhile, adversaries can compromise physical facilities
through integrity attacks, causing industrial systems to be-
have incorrectly. (iii) Availability: For availability, the main
attack tactic is to disrupt the data transmission of sensors
and actuators that prohibit DTs from getting the latest data
to perform simulations. Thus, the accuracy of the DT system
can be affected. For more advanced attacks, adversaries can
only compromise the operation of the physical layer by sim-
ply sabotaging key sensors and actuators and using malicious
data to mislead the DT to make incorrect adjustments.
C. Attack Types
We classify attacks into four types based on the strength
and knowledge of DT-based CPS: (i) Slow-Unknown at-
tack: Slow-unknown attacks take long time to damage the
system and are not easily discovered by administrators. This
attack can be accomplished through a variety of attack
methods, including man-in-the-middle (MITM), injection
attacks, replay attacks, and more. Adversaries modify or
steal data and cause damage to the operation of physical
systems without being detected. (ii) Slow-known attack:
Slow-known attacks are long-lasting attacks that target crit-
ical components of a system through known vulnerabilities.
These critical nodes can be controlled using vulnerability-
based attacks. After a node is compromised, data leakage
and system corruption occurs. (iii) Strong-unknown attack:
These attacks are high-intensity attacks against multiple
targets. One of the most common types of attacks is a
DDoS attack, targeting multiple physical components in
a short period of time and rendering system inoperable.
As a high-volume attack, it is effective without knowing
the critical nodes of physical systems. (iv) Strong known
attack: It is a high-intensity attack against a specific target.
Adversaries perform a variety of brute-force attacks on DT’s
components, including password attacks, DDoS attacks, and
more. Since the adversary knows the system, brute-force
attacks can be used to directly affect the DT services.
D. Attack Surface
We consider multiple attack surfaces for different targets.
Fig. 2 illustrates eight attack surfaces against four attack
targets. The first is the attack towards the connection be-
tween devices within the object layers. Adversaries use slow
attacks to eavesdrop on the communication between sen-
sors, or launch strong attacks to block connections, thereby
restricting data transfer within the layer. The second attack
surface directly targets the sensors and actuators themselves.
For example, DDoS attacks affects the availability of sensors
and actuators to affect physical systems. Meanwhile, slow
attacks can be used to compromise these devices to steal
data or launch high-intensity attacks.
The third attack surface is on the communication between
the DT layer and the object layer. Strong attacks such as
DDoS could delay the data transmission between the two
layers, so that the DT layer cannot obtain information in
real-time, and the instructions of the DT layer cannot be
transmitted to the object layer. Also, slow attacks can break
the connection and modify the data of the object layer and
the instructions of the DT layer, misleading the physical
system to perform the wrong operation.
The fourth, fifth, and sixth attack surfaces are specific
attacks against DT. Slow attacks can target the fourth and
fifth attack surfaces to manipulate the data of the IoT data
service and the data transferred between the IoT data service
and the DT model. At the same time, strong attacks can
be used to affect the availability of IoT data services, as
well as affect the data transmission of IoT data services and
DT models. As DT models use ML techniques to process
data and build a digital model of the physical system. Slow
attacks can be exploited to modify the trained data and attack
599
Authorized licensed use limited to: Towson University. Downloaded on October 10,2022 at 19:44:50 UTC from IEEE Xplore. Restrictions apply.
the ML model to affect the accuracy of the model and affect
the instructions sent by the DT to the physical system.
The seventh attack surface targets the application layer.
A strong attack renders the service unavailable and keeps
user from understanding the current working state of the
physical system. Slow attacks can be used to destroy data
confidentiality and integrity that could mislead users into
taking the wrong action. The eighth attack surface is towards
the communication layer between the DT layer and the
application layer. When a strong attack targets this layer,
the application layer may not be able to provide real-time
information to the user. At the same time, slow attacks on
the communication layer can tamper with data and affect the
integrity of the services provided by the application layer.
Figure 2. Attack Surfaces Towards DT-based CPS
IV. A TAXONOMY OF CYBER-AT TA C K S O N DT-BAS ED
CPS
This section introduces a various type of attacks on three
specific DT applications of smart grid, smart transportation,
and smart manufacturing based on four attack targets and
three security objectives, respectively, to analyze the impact
of attacks on representative DT-based CPS.
A. Attacks On Object Layer
The object layer consists of physical objects such as
sensors and actuators. It provides data and information for
different CPS. It contains all the parts that constitute the
physical system [20]. Many edge gateways, for example,
can be utilized to collect and aggregate data from sensors
before sending it to the application layer.
Similarly, real-time DT relies heavily on availability. As
a result, sensors and gateways at the object layer can be
targeted by attacks such as DDoS, spoofing, eavesdropping,
and malware propagation. Thus, mitigation strategies must
be established on the gateways to filter malicious traffic and
decrease the impact of the attacks. An adversary can lever-
age the attacks listed below as an example to accomplish
nefarious activities on representative CPS listed in Table I.
Attacks on Object Layer in Smart Grid: Adversaries
can obtain unauthorized access and modify the measurement
data from various meters and sensors regarding spoofing
attacks. An adversary could capture or deploy damaged
devices to access IoT devices, listen to communication, or
inject malicious data in spoofing attacks. An adversary can
maliciously steal electric energy through a compromised
smart meter, which its record was earlier tampered. Fur-
thermore, tampering with many hacked smart meters might
result in significant financial losses for the system.
Regarding DoS on the smart grid, adversaries infect IoT
devices and seize control of IoT sensors to send data
continuously to the smart grid’s sensors by delivering in-
formation that causes a shut down of the internet service or
overwhelming the target devices. It may become inaccessible
to its intended consumers as a result of this. Also, concerning
eavesdropping attacks on smart grid systems, adversaries
eavesdrop on the messages by intercepting the transmitted
data shared between sensors, especially if it is exchanged
through unsecured network communication.
Attacks on Object Layer in Smart Transportation:
Using smart transportation as an example, according to
Almeaibed et al. [30], there are several types of attacks
on a autonomous driving vehicle. Across the sensing layer,
there is a high degree of coupling, cohesion, and interac-
tions among the vehicle’s CPS components (sensors and
devices). Advanced vehicular sensors are the primary means
autonomous cars sense the world. These sensors detect the
road, recognize road signs, spot probable collisions, and
calculate the distance between vehicles and other objects.
Attacks at the object layer (sensors) can jeopardize the au-
tonomous car control layer’s security. Additionally, vehicle
sensors allow a malicious actor to have the greatest impact
with the least amount of work. Vehicle manufacturers are
becoming increasingly aware that hackers can fool vehicular
sensors into generating chaos on roadways as they try to
improve the ability of vehicular sensors to spot threats and
react promptly. Furthermore, the network and information
infrastructure (e.g., vehicular ad hoc networks, global posi-
tioning system (GPS)) in transportation CPS can be subject
to various threats.
Attacks on Object Layer in Smart Manufacturing:
Spoofing attacks on the smart manufacturing system can
have severe consequences for manufacturing facilities and
manufacturers. Suppose an adversary can get illegitimate
access to manufacturing process sensors, actuators, and con-
trollers. Any change to the control system information will
affect control signals, severely influencing product quality,
damaging manufacturing equipment, and even putting work-
ers’ and the environment’s safety in jeopardy. In another
instance, adversaries can use DoS attacks to prevent smart
manufacturing sensors’ data from reaching their destina-
tions, which will render the data unavailable to the manufac-
turing circle. Additionally, to launch an eavesdropping attack
600
Authorized licensed use limited to: Towson University. Downloaded on October 10,2022 at 19:44:50 UTC from IEEE Xplore. Restrictions apply.
Table I
ATTACK IN OBJECT LAYER TOWARDS SMART SYSTEMS
Attack Type Smart Grid Smart Transportation Smart Manufacturing Cyber-Security
Objectives
Spoofing
Attack
Adversaries can get unauthorized
access and modify the measure-
ment data collected from various
meters and sensors.
Adversaries can get unauthorized
access to TPMSs and modify tire
pressure sensor measurements by
spoofing tire pressure sensors.
Adversaries can get illegitimate ac-
cess to manufacturing process sen-
sors, actuators, and controllers
Integrity
DoS Attack Adversaries infect IoT devices and
seize control of IoT sensors to
send data continuously to the smart
grid’s sensors
Adversaries can carry out DoS at-
tacks against LiDARS by insert-
ing many false objects through
jamming or spoofing. Adversaries
launching a DDoS attack could aim
to harm the vehicles and RSUs.
Adversaries can use DoS attacks to
prevent smart manufacturing sen-
sors’ data from reaching their desti-
nations, which will render the data
unavailable.
Availability
Eavesdropping
Attack
Adversaries eavesdrop on the mes-
sages shared between smart grid
sensors.
Adversaries can conduct eaves-
dropping attacks by monitoring au-
tonomous vehicles’ sensor readings
and transmissions
Adversaries can gain sensitive
information about the sensor’s
behavior by monitoring the smart
manufacturing network through
passive surveillance
Confidentiality
on smart manufacturing, an adversary can gain sensitive
information about the sensor’s behavior by monitoring the
smart manufacturing network through passive surveillance.
B. Attacks On Communication Layer
The communication layer, implemented directly above
the object layer, acts as a link between physical items
and the cyberspace of the DT concept. Its primary goal
is to transmit and receive data collected by sensors and
actuators and the results of edge computing processing to
higher layers for further processing and analysis [3]. The
communication layer is susceptible to four different attack
types, DoS attacks, spoofing, sinkhole attacks, and MITM
attacks.
Attacks on Communication Layer in Smart Grid: Ad-
versaries can make the grid monitoring requests unavailable
by launching DoS attacks. This may lead to communication
breakdown from the power generation to the end consumer.
In case of a spoofing attack, adversaries can temper the
system’s confidentiality by admitting malicious meters into
the smart grid system. This may affect meter data, influence
billing costs, and potentially disclose customer personal
information. The sinkhole attack is the most destructive
routing attack in CPS. It creates network traffic and collapses
the network communication. Adversaries could get access
to smart meter record by luring all the traffic from nearby
devices. Another attack on the communication layer is the
MITM attack. A compromised device can be employed to
modify the smart meter record/data by an adversary.
Attacks on Communication Layer in Smart Trans-
portation: By launching DoS attacks on the DT commu-
nication layer, adversaries can shut down the network estab-
lished by roadside units (RSUs) and prevent communication
between vehicles and RSUs. Spoofing attacks on the smart
transportation system can cause catastrophic accidents. For
example, adversaries use malicious gateways to distort the
operations of the smart transportation system. Furthermore,
sensitive or private traffic data can be made public by
sinkhole attacks. Also, sensitive traffic and vehicle data can
be obtained and altered via MITM attacks.
Attacks on Communication Layer in Smart Manufac-
turing: The availability of smart manufacturing systems can
be affected by launching a DoS attack on the communication
layer of DT-based CPS. For instance, an adversary can
shut down instance communication in the control loop by
disrupting on-demand data supply. A spoofing attack is
another attack on the communication layer of the DT, which
compromises the confidentiality of a smart manufacturing
system. Also, malicious devices affect the regular operation
of control loops in the system. A sinkhole attack, which un-
dermines the secrecy or availability of the system, is another
crucial attack against the communication layer. For example,
adversaries can obtain sensitive industrial or manufacturing
secret data. Another critical attack on the communication
layer that affects the integrity of the system is via MITM
attacks so that sensitive and valuable manufacturing data
could be obtained and altered.
C. Attacks On DT Layer
Since DT updates the state of physical objects in real-
time through network communications, DT will be subjected
to different types of attacks (DOS, data injection, MITM
attacks, etc.). The adversary can directly inject false data
into the DT. Since the DT and physical objects are closely
connected, these attacks will significantly affect the integrity
of the entire system. Thus, ensuring the confidentiality,
integrity, and availability of data and exchanged with the
digital world must be addressed [4].
Attacks on DT Layer in Smart Grid: The smart grid
requires real-time data to create a digital model (DT system)
for data integrity. The DT layer is susceptible to three
different types of attacks: DoS, MITM, and data injection
601
Authorized licensed use limited to: Towson University. Downloaded on October 10,2022 at 19:44:50 UTC from IEEE Xplore. Restrictions apply.
attacks. For example, if an adversary launches a DoS attack
against the DT, it may destroy power transmission lines and
cause power outage. Additionally, regarding data injection
attacks, adversaries can modify customers’ metering data
from the DT model by injecting fake records, which may
lead to overcharging. Another cyber attack on the DT layer
is MITM attacks. In this scenario, adversaries can change the
metering data displayed to the customer differently from the
one generated by the DT update.
Attacks on DT Layer in Smart Transportation: DoS
attacks against DT of smart transportation systems can
have profound effects, including catastrophic accidents. For
example, if an adversary can stop the flow of data updates
between the DT and the physical objects, it may cause a
devastating traffic jam and car accident. Another attack on
DT of smart transportation is called data injection attacks.
In this scenario, adversaries can inject erroneous traffic data
into DT’s AI model, misleading autonomous cars to take
the wrong travel route. In a MITM attack, for instance,
adversaries can mislead an autonomous vehicle into a crash
by changing a signpost sent to the DT by physical objects.
Attacks on DT Layer in Smart Manufacturing: If
launched on the DT layer of smart manufacturing, DoS
or DDoS attacks can disrupt the production of goods and
services in the smart manufacturing setting. Under the data
injection attack on the DT of the smart manufacturing
system, adversaries can insert manufacturing data into the
DT’s AI model, causing the manufacturing machine to mis-
behave. For MITM attacks, adversaries can cause production
defects by modifying the manufacturing data collected by
the material things before reaching the DT model.
D. Attacks On Application Layer
The application layer is the DT architectural layer with
the most variety and complexity. Unfortunately, there is no
uniform standard for designing the application layer because
of many different products, devices, and manufacturers [20].
At the application layer, there are security problems such
as data access permissions, software vulnerabilities, and
identity authentication challenges [24]. The application layer
also complicates data protection and recovery. Securing data
and information has become more complex with increasing
devices and nodes. DT application layer will be subjected to
different types of attacks, such as phishing attacks, malicious
virus/worm attacks and malicious scripts attacks.
Attacks on Application Layer in Smart Grid: By
launching a phishing attack on the smart grid application
layer, adversaries can steal invaluable data from smart me-
ters. In another scenario, an adversary can steal a customer’s
user data or login credentials. Similarly, an adversary can
send a piece of fraudulent meter billing information that
appears to come from a reputable source to all registered
customers. Another noticeable attack on the smart grid
application layer is related to malicious virus/worm attacks
through malware propagation techniques. For example, an
adversary could infect smart meters via distributed or self-
propagating malicious software. In a similar scenario, ad-
versaries can execute malicious programs in smart meters to
trigger some changes.
Attacks on Application Layer of Smart Transporta-
tion: For instance, adversaries can get access to vehicle
information, road traffic sensor record, travel routes, etc.,
in the smart transportation system. Through the malicious
virus/worm attack can cause system malfunction. Also,
adversaries can execute malicious scripts after gaining ac-
cess to cause heavy traffic. Moreover, through a phishing
attack on the smart manufacturing application layer, the
confidentiality of the system can be compromised. For
example, adversaries can disclose confidential information
about the smart manufacturing system. Furthermore, a worm
attack can cause malware propagation, which endangers the
smart manufacturing services. Another prominent malware
propagation attack is a malicious script attack that could
disrupt smart manufacturing applications.
V. D EFENSE STRATEGIES
Based on the attacks discussed in Section IV, we propose
a defense mechanism called Secured DT Development Life
Cycle (SDTDLC) and discuss enabling techniques (intrusion
detection based on advanced data analytics techniques, etc.)
that are necessary to make DT-based CPS security.
A. Embedding Security into All Layers of the DTDLS
Defense in Object Layer: Each of the four classified DT
layers is vulnerable to multiple attacks. Physical attacks on
the used sensors, such as damaging, replacing, or stealing
them, are physical attacks on the object layer. Also, sensor
authentication and validation solutions are required to con-
firm that the original sensors are not tampered with, and that
accurate data could be produced.
Defense in Communication Layer: DoS attacks, sink-
hole attacks, MITM attacks, and spoofing attacks are all
attacks against the communication layer. This may affect
the vast volume of real-time data collected and transferred
to the DT. Thus, cryptography must be used to guarantee the
security and trustworthiness of transmitted data. To secure
DT from external and internal threats/attacks, firewalls,
antivirus, and intrusion detection systems must be in place.
Defense in Digital Twins Layer: DoS attacks, data
injection attacks, and changes to analytical algorithms are
all examples of attacks against the DT layer. Secure trans-
mission and data encryption are required to protect the DT
resources (AI model and data). Also, to keep the system safe,
vulnerability assessments shall be performed regularly. Users
must better understand security threats and vulnerabilities to
make the system more resilient to attacks. Finally, security
must be implemented from the ground up, with an awareness
of the security measures at each layer.
602
Authorized licensed use limited to: Towson University. Downloaded on October 10,2022 at 19:44:50 UTC from IEEE Xplore. Restrictions apply.
Defense in application Layer: Example attacks are
malicious scripts attack, Phishing attacks, and malicious
virus/worm attacks. As a result, reliable authentication
mechanisms should be used. Software must be carefully
developed to meet quality and security standards. Software
hardening is a strategy that makes the software more re-
sistant to attacks. At the same time, an anomaly detection
mechanism can be employed at the application layer to
detect any manipulated data and assure data integrity.
B. Integration of Enabled Techniques
Intrusion Detection Based on Advanced Data An-
alytics Techniques: DT could provide us with a new
opportunity of detecting anomalies in CPS by integrating
physical and virtual processes. Both behavior-based and
knowledge-based intrusion detection algorithms can be used
in a DT system. Furthermore, advanced data analytics using
ML/DL techniques apart from predicting growing malicious
threats/attacks such as evasion, inference, and model poi-
soning attacks [31]. With the support of ML/DL techniques,
the evaluation and monitoring capabilities of DT models
against various attacks can be strengthened. Nonetheless,
it is important to consider how to efficiently collect data
from DT-based CPS, support timely and reliable decisions
to recognize threats, as well as make ML/DL a core decision
engine resilience to attacks (e.g., data poisoning).
Blockchain Technology: Blockchain enables decentral-
ized digital records storage in real-time by preventing unau-
thorized data modification [32]. Blockchain can improve
DT security through data storage on block ledgers and
using unique hashes that cannot be modified in practice. In
addition, immutability features can provide the data integrity
of DT systems. Using a blockchain to create DTs can dras-
tically support their global identification and tracking with
great accuracy [33]. Furthermore, blockchain allows DTs to
securely access distributed databases from places without
the intervention of a third party. Another way to strengthen
DT security is by creating blockchain-based access control,
which can eliminate the risks of unauthorized data access.
Modeling, Simulation, and Emulation Platform: The
creation of DTs was started by generating virtual duplicate
systems of their physical counterpart models [34]. We can
use modeling, simulation, and emulation to see how damage
can be mitigated in the event of a compromise. Modeling
and simulating attack scenarios, particularly, may aid in
preparing a containment strategy for compromised CPS;
thereby, helping in incident response in the operational
phase. Additionally, security analyses on DT-based CPS
expose weak points in the architecture and other weaknesses
such as unprotected services and redundant devices’ func-
tionality that may allow an adversary to gain unauthorized
access. Apart from simulating attacks to assess whether
the system fails securely and safely, a virtual replica of
the CPS helps reduce the attack surface. Thus, modeling,
simulation, and emulation platforms are very critical to help
us to understand the impact of attacks on DT-based CPS
and design and evaluate countermeasures to defend against
attacks.
VI. FINAL REMARKS
In this paper, we addressed the security issue of DT-based
CPS. The DT is a cyber replica of an existing physical
system and regarded as a promising digital platform to
replicate lifecycle use cases for CPS, thanks to the rapid ad-
vancement of big data and ML/DL approaches. We explored
an attack space for DT-based CPS based on four layers (i.e.,
object layer, communication layer, DT layer, and application
layer), three attack objects (i.e., confidentiality, integrity,
and availability), and four types of attacks combined by
attack strength and knowledge level of the system. We
also show example threats against different layers of three
representative DT-based CPS. Finally, we discussed how
to defend against attacks that security shall be integrated
into all layers and other techniques shall be incorporated to
improve the overall security and robustness.
REFERENCES
[1] J. E. Rubio, R. Roman, and J. Lopez, “Analysis of cy-
bersecurity threats in industry 4.0: the case of intrusion
detection,” in International conference on critical information
infrastructures security. Springer, 2017, pp. 119–130.
[2] S. Bagchi, T. F. Abdelzaher, R. Govindan, P. Shenoy,
A. Atrey, P. Ghosh, and R. Xu, “New frontiers in iot:
Networking, systems, reliability, and security challenges,”
IEEE Internet of Things Journal, vol. 7, no. 12, pp. 11 330–
11 346, 2020.
[3] J. Lin, W. Yu, N. Zhang, X. Yang, H. Zhang, and W. Zhao, “A
survey on internet of things: Architecture, enabling technolo-
gies, security and privacy, and applications,” IEEE internet of
things journal, vol. 4, no. 5, pp. 1125–1142, 2017.
[4] C. Qian, X. Liu, C. Ripley, M. Qian, F. Liang, and W. Yu,
“Digital twin—cyber replica of physical things: Architecture,
applications and future research directions,” Future Internet,
vol. 14, no. 2, p. 64, 2022.
[5] X. Liu, C. Qian, W. G. Hatcher, H. Xu, W. Liao, and W. Yu,
“Secure internet of things (iot)-based smart-world critical in-
frastructures: Survey, case study and research opportunities,”
IEEE Access, vol. 7, pp. 79 523–79 544, 2019.
[6] Y. Sun, H. Song, A. J. Jara, and R. Bie, “Internet of things
and big data analytics for smart and connected communities,”
IEEE Access, vol. 4, pp. 766–773, 2016.
[7] A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, and
M. Ayyash, “Internet of things: A survey on enabling tech-
nologies, protocols, and applications,” IEEE communications
surveys & tutorials, vol. 17, no. 4, pp. 2347–2376, 2015.
[8] G. Xu, W. Yu, D. Griffith, N. Golmie, and P. Moulema,
“Toward integrating distributed energy resources and storage
devices in smart grid,” IEEE Internet of Things Journal,
vol. 4, no. 1, pp. 192–204, 2017.
603
Authorized licensed use limited to: Towson University. Downloaded on October 10,2022 at 19:44:50 UTC from IEEE Xplore. Restrictions apply.
[9] J. Lin, W. Yu, X. Yang, Q. Yang, X. Fu, and W. Zhao,
“A novel dynamic en-route decision real-time route guidance
scheme in intelligent transportation systems,” in 2015 IEEE
35th International Conference on Distributed Computing Sys-
tems, 2015, pp. 61–72.
[10] N. Y. Philip, J. J. P. C. Rodrigues, H. Wang, S. J. Fong, and
J. Chen, “Internet of things for in-home health monitoring
systems: Current advances, challenges and future directions,”
IEEE Journal on Selected Areas in Communications, vol. 39,
no. 2, pp. 300–310, 2021.
[11] M. Mohammadi, A. Al-Fuqaha, S. Sorour, and M. Guizani,
“Deep learning for iot big data and streaming analytics: A
survey,” IEEE Communications Surveys Tutorials, vol. 20,
no. 4, pp. 2923–2960, 2018.
[12] Z. Cai, X. Zheng, and J. Yu, “A differential-private framework
for urban traffic flows estimation via taxi companies,” IEEE
Transactions on Industrial Informatics, vol. 15, no. 12, pp.
6492–6499, 2019.
[13] H. Xu, W. Yu, D. Griffith, and N. Golmie, “A survey on indus-
trial internet of things: A cyber-physical systems perspective,”
Ieee access, vol. 6, pp. 78 238–78 259, 2018.
[14] W. Kritzinger, M. Karner, G. Traar, J. Henjes, and W. Sihn,
“Digital twin in manufacturing: A categorical literature review
and classification,” IFAC-PapersOnLine, vol. 51, no. 11, pp.
1016–1022, 2018.
[15] IBM, “How does a digital twin work?” https://www.ibm.com/
topics/what-is-a-digital- twin.
[16] M. Dietz, B. Putz, and G. Pernul, “A distributed ledger
approach to digital twin secure data sharing,” in IFIP Annual
Conference on Data and Applications Security and Privacy.
Springer, 2019, pp. 281–300.
[17] W. G. Hatcher and W. Yu, “A survey of deep learning:
Platforms, applications and emerging research trends,” IEEE
Access, vol. 6, pp. 24 411–24 432, 2018.
[18] M. Vielberth, M. Glas, M. Dietz, S. Karagiannis, E. Magkos,
and G. Pernul, “A digital twin-based cyber range for soc ana-
lysts,” in IFIP Annual Conference on Data and Applications
Security and Privacy. Springer, 2021, pp. 293–311.
[19] B. Zahran, A. Hussaini, and A. Ali-Gombe, “Iiot-aras:
Iiot/ics automated risk assessment system for prediction and
prevention,” ser. CODASPY ’21. New York, NY, USA:
Association for Computing Machinery, 2021, p. 305–307.
[Online]. Available: https://doi.org/10.1145/3422337.3450320
[20] A. R. Al-Ali, R. Gupta, T. Zaman Batool, T. Landolsi,
F. Aloul, and A. Al Nabulsi, “Digital twin conceptual
model within the context of internet of things,” Future
Internet, vol. 12, no. 10, 2020. [Online]. Available:
https://www.mdpi.com/1999-5903/12/10/163
[21] J. Lin, W. Yu, N. Zhang, X. Yang, and L. Ge, “Data integrity
attacks against dynamic route guidance in transportation-
based cyber-physical systems: Modeling, analysis, and de-
fense,” IEEE Transactions on Vehicular Technology, vol. 67,
no. 9, pp. 8738–8753, 2018.
[22] W. Li and H. Song, “Art: An attack-resistant trust manage-
ment scheme for securing vehicular ad hoc networks,” IEEE
Transactions on Intelligent Transportation Systems, vol. 17,
no. 4, pp. 960–969, 2016.
[23] H. Adamu, B. Mohammed, A. B. Maina, A. Cullen, H. Ugail,
and I. Awan, “An approach to failure prediction in a cloud
based environment,” in 2017 IEEE 5th International Confer-
ence on Future Internet of Things and Cloud (FiCloud), 2017,
pp. 191–197.
[24] E. Matthias and E. Andreas, “Digital twins for cyber-physical
systems security: State of the art and outlook,” Security
and Quality in Cyber-Physical Systems Engineering: With
Forewords by Robert M. Lee and Tom Gilb, pp. 383–412,
2019.
[25] K. Alshammari, T. Beach, and Y. Rezgui, “Cybersecurity
for digital twins in the built environment: current research
and future directions,” Journal of Information Technology in
Construction, vol. 26, pp. 159–173, 2021.
[26] I. Butun, P. ¨
Osterberg, and H. Song, “Security of the inter-
net of things: Vulnerabilities, attacks, and countermeasures,”
IEEE Communications Surveys Tutorials, vol. 22, no. 1, pp.
616–644, 2020.
[27] M. Sookhak, H. Tang, Y. He, and F. R. Yu, “Security and
privacy of smart cities: A survey, research issues and chal-
lenges,” IEEE Communications Surveys Tutorials, vol. 21,
no. 2, pp. 1718–1743, 2019.
[28] Q. Yang, J. Yang, W. Yu, D. An, N. Zhang, and W. Zhao,
“On false data-injection attacks against power system state
estimation: Modeling and countermeasures,” IEEE Transac-
tions on Parallel and Distributed Systems, vol. 25, no. 3, pp.
717–729, 2014.
[29] A. Rastogi and K. E. Nygard, “Threats and alert analytics in
autonomous vehicles.” in CATA, 2020, pp. 48–59.
[30] S. Almeaibed, S. Al-Rubaye, A. Tsourdos, and N. P. Avde-
lidis, “Digital twin analysis to promote safety and security
in autonomous vehicles,” IEEE Communications Standards
Magazine, vol. 5, no. 1, pp. 40–46, 2021.
[31] F. Liang, W. G. Hatcher, W. Liao, W. Gao, and W. Yu,
“Machine learning for security and the internet of things:
The good, the bad, and the ugly,” IEEE Access, vol. 7, pp.
158 126–158 147, 2019.
[32] W. Gao, W. G. Hatcher, and W. Yu, “A survey of blockchain:
Techniques, applications, and challenges,” in 2018 27th In-
ternational Conference on Computer Communication and
Networks (ICCCN), 2018, pp. 1–11.
[33] I. Yaqoob, K. Salah, M. Uddin, R. Jayaraman, M. Omar, and
M. Imran, “Blockchain for digital twins: Recent advances and
future research challenges,” IEEE Network, vol. 34, no. 5, pp.
290–298, 2020.
[34] Q. Qi, F. Tao, T. Hu, N. Anwer, A. Liu, Y. Wei, L. Wang, and
A. Nee, “Enabling technologies and tools for digital twin,”
Journal of Manufacturing Systems, vol. 58, pp. 3–21, 2021.
604
Authorized licensed use limited to: Towson University. Downloaded on October 10,2022 at 19:44:50 UTC from IEEE Xplore. Restrictions apply.
