Experimental Validation of the Attack-Detection Capability of Encrypted Control Systems Using Man-in-the-Middle Attacks

In this study, the effectiveness of encrypted control systems in detecting attacks is experimentally demonstrated using a networked control system testbed that allows for man-in-the-middle (MITM) attacks. The developed testbed is a networked position control system for an industrial-use linear stage. Generally, an attacker can reroute and modify packet data via a wireless router, harnessing the address-resolution-protocol-spoofing technique, which allows for the execution of MITM attacks, such as falsification and replay attacks. The deployed MITM-attack-detection method is grounded on a threshold-based method that monitors control inputs. The demonstration examines falsification- and replay-attack scenarios across unencrypted, static-key, and key-updatable encrypted control systems. The results confirm that encrypted control systems are both effective and apt in detecting attacks in real time. Furthermore, the potential for developing alternative attack-detection schemes based on variations in processing times is discussed.