Ph.D. Dissertation Defense: Syed Owais Athar
Monday, April 13
4 PM
115 Avery Hall
Zoom: https://unl.zoom.us/j/93107038650
"Lightweight Attestation Techniques for Industrial Internet of Things"
The Industrial Internet of Things (IIoT) has transformed critical infrastructure by integrating programmable logic controllers (PLCs) with connected sensors, actuators, and supervisory systems. While these advancements enhance operational efficiency, they also increase exposure to sophisticated cyber-physical threats, particularly through malicious modifications of PLC programs. Existing attestation methods either impose significant computational burdens by performing continuous verification or rely on detailed physical models that are often impractical to maintain across heterogeneous environments.
The first part of this thesis focuses on DuAtt, a dual-layer attestation scheme that integrates a physical process–based anomaly detection mechanism with a targeted attestation of the PLC program. DuAtt achieves comprehensive detection of both output and program manipulation attacks while reducing overhead through dependency graph–driven selective attestation of the manipulated sections of the PLC program. Designed with scalability in mind, it lowers computational complexity and minimizes redundant checks, making it well-suited for large and diverse industrial deployments.
The second part of this thesis develops RapidAtt, a fast attestation technique tailored for modern and legacy PLCs that employs periodic, randomized verification of selected code sections. By tuning the attestation interval and region size, RapidAtt aligns verification cost with process criticality and device capability, maintaining high detection probability with minimal overhead. This design choice enables practical deployment across heterogeneous IIoT environments without requiring specialized hardware.
The third part of this thesis presents TwinAttest, a digital twin-driven attestation framework for PLC swarms in IIoT. TwinAttest uses a synchronized digital twin to predict expected control behavior, identify mismatches between predicted and observed actions, and trigger selective attestation only for suspicious PLCs. It further incorporates selective self-repair by restoring compromised controllers from a trusted golden reference, thereby extending attestation from integrity verification to recovery-aware protection in distributed industrial environments.
Experimental evaluations conducted on soft-PLC testbeds controlling traffic-light and railroad-crossing systems demonstrate the practicality of the proposed frameworks. DuAtt achieves up to 37.31% lower verification delay compared to state-of-the-art techniques with 100% detection accuracy, while RapidAtt attains a total verification time of 11.93 ms and reduces execution latency by up to 17.67%. TwinAttest demonstrates low selective-attestation latency, preserves controller availability during recovery, and achieves linear computational and communication scalability for PLC swarms. Together, DuAtt, RapidAtt, and TwinAttest provide complementary attestation strategies spanning anomaly-guided selective verification, lightweight randomized periodic attestation, and digital twin-driven swarmlevel monitoring and recovery. Future work will further extend these directions toward more advanced collaborative protection mechanisms and toward quantum-encoding-based attestation to strengthen randomness, unpredictability, and efficiency in verification, paving the way for robust next-generation mechanisms for Industry 5.0.
Committee:
Dr. Muhammad Naveed Aman, Advisor
Dr. Sasitharan Balasubramaniam
Dr. Hongzhi Guo
Dr. Aemal Khattak