3 research outputs found
A Bernoulli-Gaussian Physical Watermark for Detecting Integrity Attacks in Control Systems
We examine the merit of Bernoulli packet drops in actively detecting
integrity attacks on control systems. The aim is to detect an adversary who
delivers fake sensor measurements to a system operator in order to conceal
their effect on the plant. Physical watermarks, or noisy additive Gaussian
inputs, have been previously used to detect several classes of integrity
attacks in control systems. In this paper, we consider the analysis and design
of Gaussian physical watermarks in the presence of packet drops at the control
input. On one hand, this enables analysis in a more general network setting. On
the other hand, we observe that in certain cases, Bernoulli packet drops can
improve detection performance relative to a purely Gaussian watermark. This
motivates the joint design of a Bernoulli-Gaussian watermark which incorporates
both an additive Gaussian input and a Bernoulli drop process. We characterize
the effect of such a watermark on system performance as well as attack
detectability in two separate design scenarios. Here, we consider a correlation
detector for attack recognition. We then propose efficiently solvable
optimization problems to intelligently select parameters of the Gaussian input
and the Bernoulli drop process while addressing security and performance
trade-offs. Finally, we provide numerical results which illustrate that a
watermark with packet drops can indeed outperform a Gaussian watermark.Comment: Appearing in 55th Annual Allerton Conference on Communication,
Control, and Computin
Detecting Generalized Replay Attacks via Time-Varying Dynamic Watermarking
Cyber-physical systems (CPS) often rely on external communication for
supervisory control or sensing. Unfortunately, these communications render the
system vulnerable to cyber-attacks. Attacks that alter messages, such as replay
attacks that record measurement signals and then play them back to the system,
can cause devastating effects. Dynamic Watermarking methods, which inject a
private excitation into control inputs to secure resulting measurement signals,
have begun addressing the challenges of detecting these attacks, but have been
restricted to linear time invariant (LTI) systems. Though LTI models are
sufficient for some applications, other CPS, such as autonomous vehicles,
require more complex models. This paper develops a linear time-varying (LTV)
extension to previous Dynamic Watermarking methods by designing a matrix
normalization factor to accommodate the temporal changes in the system.
Implementable tests are provided with considerations for real-world systems.
The proposed method is then shown to be able to detect generalized replay
attacks both in theory and in simulation using a LTV vehicle model.Comment: 16 pages, 2 figure
A Moving Target Defense for Securing Cyber-Physical Systems
This article considers the design and analysis of multiple moving target
defenses for recognizing and isolating attacks on cyber-physical systems. We
consider attackers who perform integrity attacks on a set of sensors and
actuators in a control system. In such cases, a model aware adversary can
carefully design attack vectors to bypass bad data detection and identification
filters while causing damage to the control system. To counter such an
attacker, we propose the moving target defense which introduces stochastic,
time-varying parameters in the control system. The underlying random dynamics
of the system limit an attacker's model knowledge and inhibits his/her ability
to construct stealthy attack sequences. Moreover, the time-varying nature of
the dynamics thwarts adaptive adversaries. We explore three main designs.
First, we consider a hybrid system where parameters within the existing plant
are switched among multiple modes. We demonstrate how such an approach can
enable both the detection and identification of malicious nodes. Next, we
investigate the addition of an extended system with dynamics that are coupled
to the original plant but do not affect system performance. An attack on the
original system will affect the authenticating subsystem and in turn be
revealed by a set of sensors measuring the extended plant. Lastly, we propose
the use of sensor nonlinearities to enhance the effectiveness of the moving
target defense. The nonlinear dynamics act to conceal normal operational
behavior from an attacker who has tampered with the system state, further
hindering an attacker's ability to glean information about the time-varying
dynamics. In all cases mechanisms for analysis and design are proposed.
Finally, we analyze attack detectability for each moving target defense by
investigating expected lower bounds on the detection statistic. Our
contributions are tested via simulation