CPS Information Security Risk Evaluation Based on Blockchain and Big Data

CPS (Cyber Physical Systems) have got wide application and research, and information security risk evaluation became the key for CPS greatly developing. In view of the physical structure and business characteristics of CPS, this paper constructs an information security risk evaluation system for CPS. In the process of risk evaluation, colligating the analysis results from experts and the analysis results of external data sources’ related big data for information security risk evaluation of CPS, by experts confirming the index system and indexes’ weight values for CPS information security risk evaluation, further through using evaluation model to realize the quantitative calculation to CPS information security risks. This paper proposes using blockchain technology to construct the data’s authenticity and reliability guarantee system for CPS and CPS related external systems, and constructing blockchain’s layered model structure based on CPS. In the part of case analysis, comparing and analysing the evaluation system based on blockchain and big data and the evaluation system based on traditional mode, to confirm the research value of this paper.


INTRODUCTION
The deepening of the integration for Informationization and Industrialization, and the development of cloud computing, real-time transmission, credible service, network communication and control technology, artificial intelligence technology etc., promote the traditional physical systems gradually integrate the functions of control, computing, communication, remote collaboration etc., and form the Cyber Physical Systems (CPS) that integrate 3C technology (Control technology, Computation technology, and Communication technology) as a whole [1][2][3].
As the proposer of CPS, Helen Gill thought: Cyber-Physical Systems were physical, biological, and engineered systems whose operations were integrated, monitored, and/or controlled by a computational core.
Components were networked at every scale.Computing was deeply embedded into every physical component, possibly even into materials.The computational core was an embedded system, usually demanding real-time response, and was most often distributed [4].The National Natural Science Foundation Committee (NSF) of United States thought: CPS were engineered systems that were built from, and depended upon, the seamless integration of computational algorithms and physical components [5].After colligating and analyzing the classical CPS definitions, this paper thinks: CPS are complex integrated systems, that not only are technology systems, but also management and control systems.For the technology systems, CPS integrate network and information technology, control technology, communication technology, storage technology, etc.For the management and control systems, CPS integrate management science, decision analysis, control method, etc.The construction objects of CPS are real-timely and dynamically realizing high integration and interaction among computing and control units and embedded physical devices.So, with the change of network environment and information technology level, CPS will also appear in different application modes.
Comparing with other network systems or information systems, CPS embody more complexity in physical structure and technology constitution, at the same time, because data communication and processing are the important contents of CPS operating, so it is not feasible for using service isolation method to implement the security management to CPS' data.In fact, because of using traditional information and network security management measures, CPS had encountered more prominent security threats than other information systems, that brought great troubles to the application and development of CPS.For these, CPS' research and application experts all over the world paid high attention to the information security problems of CPS.In the process of integration of informationization and industrialization, the authenticity and reliability of information, the security and supervisability of information transmission, and the stability of information resource and information service operation are the premise and foundation for the good application and development of CPS.Therefore, information security is the key problem needed to be solved in the development of CPS.While to measure the information security level of CPS operation, it is necessary to establish a proprietary information security risk evaluation system based on CPS architecture, business characteristics and data flow, and the evaluation system not only needed to make the existing information security risk evaluation criteria and methods as the foundation, but also needed to embody the characteristics of CPS themselves.
As CPS have got wide attention from all the world, and China is a classical application and research country, so, in the following research, we mainly make the CPS information security risk evaluation in China the object to expand research, and the research results have the same guidance significances to the other countries.Technical Gazette 25, 6(2018), 1843-1850 providing reference basis for improving system security protection measures [6].
At present, information security risk evaluation criteria can be mainly divided into two series: CC and ISO17799, the two series' emphasis is different.CC series evaluate information security risk from two angles as technology and management, while ISO17799 mainly evaluates information security risk from the angle of management.GB/T20984-2007 from China are the basis criteria for the country's information security risk evaluation, the criteria set content, structure, and process for information security risk evaluation, which belong to the CC series, at the same time cite some of the clauses in ISO17799 series.
According to GB/T20984-2007, the content of information security risk evaluation mainly includes three parts: asset identification, threat identification, and vulnerability identification.Information system asset's security attributes include availability, integrity, confidentiality, and information system asset facing threats, asset's vulnerability, and adopted security measures directly influence the asset's security attribute reached degree.
In academic circles, the research results on information security risk evaluation mainly include information security risk evaluation's theory discussion, architecture design, value analysis and evaluation model construction, etc.
Because at present information security risk evaluation has already formed a relatively complete theoretical system, so, in recent years, information security risk evaluation's theoretical discussion, architecture design, value analysis aspects' research results are relatively less, but these research results still have very important promotion function to information security risk evaluation implementation and theoretical perfection.
The research results on evaluation model construction are relatively numerous.This aspect's research results include the research based on situational awareness theory, the research based on neural network model, support vector machine model, the research based on fault tree, fault graph method, the research based on ANP+DEMATEL method, the research based on Markov chain, the research based on Delphi method, the research based on fuzzy theory, the research based on entropy weight theory, the research on evaluation model index construction, etc.Some of the existing literature researches are to analyze from qualitative point of view, and some of the existing literature researches are from quantitative point of view to construct operational model, and more researches are from the view of combining qualitative analysis and quantitative model to implement.Most of the world countries' research focused more on the concrete fields' application.The research of China focused more on making GB/T20984-2007 the theory and technology basis, making asset identification, threat identification, and vulnerability identification as the subjects of research.The research methods and contents are suited to most of the existing information systems.In this paper, we also make GB/T20984-2007 the research basis.

THE SYSTEM FOR CPS INFORMATION SECURITY RISK EVALUATION
At present, the research and application on CPS information security risk evaluation embody the following deficiencies: blindly copying the traditional information risk evaluation system, insufficiently understanding the characteristics of CPS, inadequately describing the generation and correlation of CPS information security problems, and not ensuring the authenticity and security of data related to CPS information security risk evaluation, etc.
The complexity of the structure and business content of CPS leads to the complexity of information security problems of CPS.Therefore, the generality of qualitative analysis cannot accurately reflect the specific content of information security risks of CPS.At the same time, quantitative analysis also cannot well reflect the forming causes, casual relationships, and the characteristics of information security risks of CPS.So, it is necessary to combine qualitative analysis with quantitative calculation to comprehensively evaluate the information security risks of CPS.
Petri net is used to describe the causality relationships of asynchronous and concurrent computer system events.Petri net model has strong simulation ability to complex system events, so it is widely used in the fields of workflow management, data analysis and fault diagnosis, etc.The proposer of Petri net was Dr. Carl A. Petri, and the proposed year was 1962 [7].Petri net model consists of Place, Transition, Connection and Token, etc. Petri net has the characteristics of dynamicity, extendibility, time series and logicality etc., and can describe the correlation among system events well.So, it is suitable for accurately describing the rich business and data relationships with Petri net.For the definition and principle of Petri net, the readers can see the related literature; in here we don't discuss it any more.
So, this paper proposes to use Petri net model to describe the evaluation process of the internal information security risks of CPS, and the formed initial index system and the indexes' initial weights, and combines the evaluation results from the external related multi data sources' big data for information security risk evaluation of CPS, by experts discussing, analyzing and finally confirming the structure of evaluation index system and each index's weight value.Here, it needs to be emphasized, each index value and different layered (corresponding to system, subsystem, asset, etc.) risk values for CPS sample are got through colligating the analysis results from Petri net and the analysis results from CPS' external related multi data sources' big data.For the quantitative calculation of the information security risks of the evaluated CPS, this paper proposes to use RBF (Radial Basis Function) neural network model, because RBF neural network model has strong evaluation ability to information systems' information security risks and has got wide application.For further ensuring the reliability and authenticity of the analysis results of CPS' internal data and external related multi data sources' big data, we introduce blockchain technology into CPS.In view of CPS' layered structure characteristics and each layer's function characteristics, blockchain's layered structure in CPS is constructed and blockchain's each layer's function analyzed.The architecture for CPS information security risk evaluation is shown in Fig. 1.
Due to the diversity and greatness of CPS data, in Fig. 1, we also applied big data technology to CPS.In Fig. 1, after analyzing and confirming each risk evaluation element of each asset for each subsystem of each sample, CPS will compose the initial index system for CPS information security risk evaluation (Gotten by evaluation experts evaluating CPS (embodied in Petri net model)), while the corresponding weight values (provided by evaluation experts colligating the results for evaluation experts evaluating CPS information security risks, the results for data analysis experts analyzing CPS' external related multisource big data, and the results for evaluation experts carrying out fuzzy comprehensive evaluation), the final index system (Provided by evaluation experts colligating the initial index system, and the results for data analysis experts analyzing CPS' external related multisource big data), and the evaluation results (Provided by evaluation experts colligating the results for evaluation experts evaluating CPS information security risks, the results for data analysis experts analyzing CPS external related multisource big data) will become the basis for constructing quantitative model for calculating other CPS information security risk evaluation results.In Fig. 1, the analysis results from Petri net model for the CPS information security risk evaluation system to be evaluated include the preliminary evaluation results for CPS information security risk evaluation, but the terminal evaluation results need be confirmed by RBF neural network model calculating.
Figure 1 The architecture diagram for CPS information security risk evaluation CPS information security risk evaluation not only includes CPS interior evaluation, but also includes evaluation of other systems related to CPS, that is, CPS information security risk evaluation element index system not only includes CPS internal elements, but also includes CPS related other systems' elements.In Fig. 1, Petri net model is used to describe the correlation and concrete state of CPS internal elements (CPS internal elements' risk values need be confirmed by comprehensively analyzing CPS' internal data and CPS' external related multi data sources' big data), CPS external risk elements' information need be gotten by analyzing CPS external related big data.Blockchain technology is used for providing guarantee to the authenticity and reliability of CPS data and CPS external related systems' data.

Index System Construction and Evaluation Realization 3.1.1 Index System Construction
In Petri net model, CPS information security risk evaluation process has been described.Through analyzing the evaluation process, the initial index system for evaluation can be constructed, according to the structure characteristics of CPS, the indexes can be constructed with layered structure as "subsystem → asset → element", next the experts will confirm, analyze and revise the initial index system, and create the revised index system, continue through CPS external related multisource big data analysis results to validate the revised index system, further creating the final index system.
The index weight can be obtained by colligating the analysis results from Petri net model, and the importance level of each subsystem, each risk asset, each element index that is provided by experts using fuzzy comprehensive evaluation method, on this basis further with the reflection of CPS external data source information security risk evaluation related big data to each element information security risk importance, to verify and adjust each asset's evaluation index element weight (External data sources reflected risk evaluation index weight values are gotten by experts using fuzzy comprehensive evaluation method, on this basis further with the analysis results of external multisource big data to verify and adjust.).The variability of big data results in the variability of the information content contained in big data, because the variation of big data is dynamic and real-time, so the evaluation index system and each index weight for CPS are also varying with the variation of big data dynamically and real-timely, which are conforming to the different demands for different phases of CPS information security risk evaluation.
In the process of constructing risk element indexes of each asset, we can get risk correlations among each element index of CPS through the information in Petri net model, and we can also get the risk correlations among each element index of CPS through analyzing a certain number of same profession's same type of CPS' risk evaluation related external multisource big data (In general, different CPS have large differences in the aspects of structure and information interaction, and the differences of their risk evaluation external related multisource big data are also large, so, we need consider cautiously before using this method.),as the basis of adjusting the evaluation weight values.

Evaluation Realization
This paper proposes using the current popular evaluation model-RBF neural network model to calculate the risk values of evaluated CPS, in view of the weighted RBF neural network model is more accurate to approach the true value of the evaluated object in evaluation calculation [8], this paper proposes introducing risk element weight value in model construction.Because the research on RBF neural network is very mature, so in here we don't discuss more.
In the process of using RBF neural network model to calculate the risk evaluation values of CPS, we need select multiple CPS with same hardware composition and function construction, and use the CPS' risk evaluation values and the corresponding evaluation element index values of the same period in history as the training data (We can use multiple periods of system risk evaluation values and the corresponding evaluation element index values of some a CPS as the training data, but this method also needed to be considered cautiously before using.), to get the parameter constitution and parameter values of RBF neural network for calculating the risk evaluation values of CPS.Due to CPS have complex physical and function structure, so, sometimes we need construct different RBF neural network evaluation models for different subsystems, and even sometimes we also need construct different RBF neural network evaluation models for different assets, then further to summarily calculate these evaluation result values.

Information Quality Guarantee System
CPS information security risk evaluation's basis mainly sources of expert evaluation results and the related information security risk big data, so the authenticity and reliability of CPS information security risk evaluation related data resources also determine the credibility of CPS evaluation result.However, the traditional information management methods are unable to ensure the authenticity and the reliability of CPS information.
Blockchain is the decentralized distributed account issued by Satoshi Nakamoto with bitcoin in January 9, 2009, in Blockchain, using hash algorithm, digital signature, time stamping technology and consensus mechanism to realize data non repudiation proof [9].Therein, the hash algorithm is a method for mapping arbitrary length binary value to a shorter and fixed length binary value, for a piece of data information, the hash value is exclusive, the hash value is equivalent to the data abstract for this piece of data information.Digital signature is a technology for the information sender using asymmetric encryption technology to encrypt data abstract and verify the authenticity of the sent information.Time stamping technology is used for ensuring the time traceability of information.Consensus mechanism is used for realizing authentication to the authenticity of business data and electing the business accounting subject.The work principle of blockchain is shown in Fig. 2.

Figure 2 The work principle of blockchain
At present, as a data authenticity guarantee technology system, blockchain has already achieved wide attention from academic circles and industry circles, and having generated a large number of research and application results, the research contents include value analysis (such as [10,11]), architecture design (such as [12,13]), and product introduction (such as [14,15]), etc., and the research fields include finance, education, medical treatment, intellectual property, etc.Although at present very successful blockchain products have not appeared in the field of CPS, and the academic research results on blockchain applying in CPS have not formed, but the products of blockchain related to Internet of things have got attention and debugging from academic circles and industry circles.So, this paper proposes applying blockchain technology to CPS and other information security risk related data's network systems, for ensuring CPS information security risk evaluation data sources are true and reliable.The logic structure of blockchain technology applying in CPS information security risk evaluation system is shown in Fig. 3 (Fig. 3 is an abstract graph, in fact, the blockchain for CPS can be different from the blockchain for Intranet or other network systems.).
The architecture of CPS includes application layer, collaborative processing layer, network layer, and physical layer [16].The characteristics of CPS as complex, layered structure, and integration make we can construct blockchain's layered function system architecture in CPS to achieve blockchain's application.Combining the system architecture characteristics of CPS to construct blockchain's layered function system, in the blockchain's layered function architecture is shown in Fig. 4. From Fig. 4 we can see, the data stream, control stream, and layered system structure of CPS make CPS' business can be divided into two parts, so we built two blockchains (blockchain 1 and blockchain 2) to correspond to the two parts of businesses.The data characteristics, block structure, digital signature algorithm, hash function, communication mechanism, consensus mechanism, and accounting mechanism (control instruction confirmation) for the two blockchains can be different, the corresponding business subjects and authentication subjects (Because of the openness and transparency of blockchain, in CPS the blockchain system's authentication subjects' selection should meet the confidentiality requirements to the related data that risk evaluation process involving.)can also be different.The layered structure characteristics of CPS not only can meet the realization of blockchain technology route (business data generation → digital signature → business data and signed related data network broadcast → consensus authentication → distributed accounting → accounting data application), but also can make full use of the advantage characteristics of the network layer providing service to data broadcast and consensus authentication, and cloud platform or network processing platform providing service to data storage and management.In addition, in view of the confidentiality requirements to the related data that risk evaluation process involving, we can also adopt the corresponding encryption measures to the blockchain data in CPS.
For the blockchain 1, perception center digitally signs the perceived sensor data, then broadcasts through the network layer.The subjects that joined blockchain 1 in CPS may authenticate the sensor data's authenticity and source according to the blockchain 1 system granted permissions, the authenticated data would be respectively stored in the cloud platform space by each authentication subject.For the subjects that joined in the blockchain 1 in CPS, if needing to use the data of the blockchain 1, they can analyze and manage the specific data of the blockchain 1 which are owned by themselves, and apply the data analysis results to other environment or guide their management decision activities.
For the blockchain 2, the application subjects of CPS analyze the corresponding data of blockchain 1 which are owned by themselves, then produce the control instructions for CPS, the application subjects digitally sign the control instruction data in the corresponding cloud platform or other network processing platform, then broadcast through the network layer; the subjects that joined blockchain 2 in CPS may authenticate the control instruction data's authenticity and source according to the blockchain 2 system granted permissions.The authenticated data will be respectively stored in the cloud platform space by each authentication subject.After CPS application subjects' instruction data are being confirmed, the control instruction will implement the corresponding control to CPS through control center.
So, although the blockchain technology is complex, the CPS' layered structure and intelligent data interaction processing technology can achieve the seamless grafting between CPS and blockchain technology.Under the support of blockchain technology system, CPS information security risk evaluation data can be dynamically, real-time, and safely achieved from CPS, and the cloud platform or other network processing platforms which CPS rely on can also meet the strong computing power and data storage capacity requirements that were required by the blockchain technology applications.

CASE ANALYSIS
In this part, from a concrete situation to analyze the application of combining blockchain technology and big data.For the case construction, based on the temperature and humidity monitoring system of the Internet of things laboratory of shanxi university of finance and economics, and the gas monitoring and controlling system of tunlan mine of shanxi coking coal group, on the basis of analyzing the structure and function of the two systems, a total of 20 experts from shanxi university of finance and economics and shanxi coking coal group together constructed a case system on CPS, and intelligent home management system was a subsystem of this CPS.Using situational analysis method to evaluate and analyze the information security risks of this case system.The topology structure for this case system is shown in Fig. 5.

The Application Case
The hardware environment of case system includes circuit system, fire control system, security monitoring system, CPS network system, physical environment system, etc.Therefore, the data sources for the hardware vulnerability identification in the case of system's information security risk evaluation not only include the interior of CPS, but also include the Intranet network of the organization and other related network systems.In view of the limited data capacity of the case system, taking the multisource data analysis instead of the big data analysis, and simulating the data acquisition and storage management for intelligent home management subsystem's hardware environment vulnerability identification process, as shown in Fig. 6.
In Fig. 6, blockchain runs in CPS, and stores all the CPS running data, at the same time links with multi data sources outside CPS, for the information security risk evaluation of CPS, basing on evaluation requirements, the multisource data will be collected, analyzed, and the analysis results will be distributed stored in the blockchain system.Because of the greatness and complexity of the data in the whole evaluation process, we store the basic data and blockchain in different storage spaces, respectively.The basic data are classified (Classified as CPS running data, external multisource data analysis results, data correlation information, and CPS hardware vulnerability identification results, etc.), and stored respectively.
For CPS external related systems (such as circuit system, fire control system, security monitoring system, etc.), we can construct blockchain system other than CPS' blockchain system respectively, and the other systems' blockchain system's structure and work principle can refer to Bitcoin blockchain and Ethereum blockchain, and these blockchains will link with the blokchain for CPS, here we don't discuss more.

Efficiency Calculation and Analysis
The main traits of the information security risk evaluation system are the application of external related big data to realize the integrity of risk acquisition and the accuracy of risk identification, and the application of blockchain technology to insure the data reliability and authenticity.Colligating the information system evaluation index system inferred in reference [17][18][19][20], and discussing by 20 experts from shanxi university of finance and economics and shanxi coking coal group, and proposing intelligent home management subsystem information security risk evaluation index system R should include: the integrity of risk acquisition (R 1 ), the accuracy of risk identification (R 2 ), the guarantee degree of data security (R 3 ), the adaptability of evaluation system (R 4 ), the cost of evaluation system (R 5 ), the profit of evaluation system (R 6 ).Colligating the experts' opinions, and giving the weight of each evaluation index as: Limiting the score value of each expert giving to each index from low to high to interval [0,1], and giving the score values of R 1 , R 2 , R 3 , R 4 , R 5 , R 6 in intelligent home management subsystem based on blockchain and big data as C A , and based on traditional system as C B , computing the average value of the score values of R 1 , R 2 , R 3 , R 4 , R 5 , R 6 given by each expert as A C and B C , the results are shown in Tab. 1. Taking the cost as negative value and calculating the expected efficiency values under different evaluation systems, the expected efficiency value of intelligent home management subsystem information security risk evaluation based on blockchain and big data can be calculated as: From Tab. 1 we can see, the experts generally recognize the guarantee function of blockchain in data security, the value of big data analysis to the integrity of risk acquisition and the accuracy of information security risk evaluation, but the experts also recognize the application of blockchain and big data will bring challenge and cost increase to actual operation,.So, promoting the application of blockchain technology and big data technology in the field of CPS, and saving the application cost, are the important problems needed to be solved in the future of blockchain and big data technology extensively applied in CPS information security risk evaluation.
By comparing A E with B E we can see, the experts have recognized the value of blockchain and big data application in CPS information security risk evaluation.

CONCLUSIONS
Comparing to traditional information systems, the information security risk evaluation for CPS is more complex, so, the traditional information security risk evaluation methods are also unsuitable for efficiently describing the evaluation process and evaluation results of CPS.For improving the integrity and accuracy of CPS information security risk evaluation, this paper proposes to introduce CPS external risk evaluation related big data to perfect the evaluation process.Aiming at the characteristics of data sources are numerous, data capacity is huge, data structure is alienation for CPS information security risk evaluation related big data, and the authenticity, reliability requirement for information, this paper proposes the thought of applying blockchain technology to CPS information security risk evaluation system.In the part of case analysis, we calculated and analyzed the efficiency of the evaluation system for this paper.
By using Petri net model, big data technology, technology, RBF neural network model, etc., this paper constructs an information security risk evaluation system for CPS, but we do not go a step further to research the realization process of the evaluation system.In view of the characteristics of CPS, some difficulties can occur in the risk evaluation realization process, the prominent difficulties are: (1) The definition for CPS external information security risk evaluation related multi data sources, the collection, management and analysis to the risk evaluation related big data.
(2) The construction and operation of blockchain in the physical environment of evaluation system.
Hereafter, we will implement the risk evaluation system, comprising the construction of data processing environment, the realization of evaluation model and evaluation process model, and the application of blockchain technology.Because CPS and blockchain technology both are new products, existing application and research results are very rare, so the difficulties and challenges are much in the course of implementation.

Figure 3 Figure 4
Figure 3The CPS information security risk evaluation system logic structure based on blockchain

Figure 5
Figure 5The topology structure for the case system

Figure 6
Figure 6The application case architecture


The expected efficiency value of intelligent home management subsystem information security risk evaluation based on traditional system can be calculated as:

Table 1
The score values of each index evaluation value