Secure State Estimation and Attack Reconstruction in Cyber-Physical Systems: Sliding Mode Observer Approach

A cyber-physical system (CPS) is a tight coupling of computational resources, network communication, and physical processes. They are composed of a set of networked components, including sensors, actuators, control processing units, and communication agents that instrument the physical world to make “smarter.” However, cyber components are also the source of new, unprecedented vulnerabilities to malicious attacks. In order to protect a CPS from attacks, three security levels of protection, detection, and identification are considered. In this chapter, we will discuss the identification level, i.e., secure state estimation and attack reconstruction of CPS with corrupted states and measurements. Considering different attack plans that may assault the states, sensors, or both of them, different online attack reconstruction approaches are discussed. Fixed-gain and adaptive-gain finite-time convergent observation algorithms, specifically sliding mode observers, are applied to online reconstruction of sensor and state attacks. Next, the corrupted measurements and states are to be cleaned up online in order to stop the attack propagation to the CPS via the control signal. The proposed methodologies are applied to an electric power network, whose states and sensors are under attack. Simulation results illustrate the efficacy of the proposed observers

Automating NFC Message Sending for Good and Evil

Near Field Communication (NFC) is an emerging proximity wireless technology used for triggering automatic interactions between mobile devices. In standard NFC usage, one message is sent per device contact, then the devices must be physically separated and brought together again. In this paper, we present a mechanism for automatically sending multiple messages without any need to physically decouple the devices. After an introduction to NFC and related security issues, we discuss the motivation for—and an implementation of—an automation framework for sending repeated NFC messages without any need for human interaction. Then we consider how such an automated mechanism can be used for both a denial of service attack and as a platform for fuzz testing. We present experimental evidence on the efficacy of automated NFC as a vector for achieving these goals. We conclude with suggestions for future work and provide some overall insights

Cyber-attacks and faults reconstruction using finite time convergent observation algorithms: Electric power network application

This is the author accepted manuscript. The final version is available from Elsevier via the DOI in this recordIn this work, linear (linearized) cyber-physical systems with output feedback control, whose sensors are experiencing faults or are under cyber-attack, are studied. Two different cases are investigated. First, when all sensors are attacked, then, when some sensors are protected from the attacks. Finite time convergent observers, specifically the sliding mode ones, including the observers with gain adaptation, are employed for on-line reconstruction of the cyber-attacks. The corrupted measured outputs are “cleaned” from cyber-attacks, and feedback control that uses the “cleaned” outputs is shown to provide elevated cyber-physical system performance close to the one without attack. Finally, the proposed methodology is applied to an electric power system under cyber-attack. Simulation results illustrate the efficacy of the proposed observers

Distributed Fault Detection in Formation of Multi-Agent Systems with Attack Impact Analysis

Autonomous Underwater Vehicles (AUVs) are capable of performing a variety of deepwater marine applications as in multiple mobile robots and cooperative robot reconnaissance. Due to the environment that AUVs operate in, fault detection and isolation as well as the formation control of AUVs are more challenging than other Multi-Agent Systems (MASs). In this thesis, two main challenges are tackled. We first investigate the formation control and fault accommodation algorithms for AUVs in presence of abnormal events such as faults and communication attacks in any of the team members. These undesirable events can prevent the entire team to achieve a safe, reliable, and efficient performance while executing underwater mission tasks. For instance, AUVs may face unexpected actuator/sensor faults and the communication between AUVs can be compromised, and consequently make the entire multi-agent system vulnerable to cyber-attacks. Moreover, a possible deception attack on network system may have a negative impact on the environment and more importantly the national security. Furthermore, there are certain requirements for speed, position or depth of the AUV team. For this reason, we propose a distributed fault detection scheme that is able to detect and isolate faults in AUVs while maintaining their formation under security constraints. The effects of faults and communication attacks with a control theoretical perspective will be studied. Another contribution of this thesis is to study a state estimation problem for a linear dynamical system in presence of a Bias Injection Attack (BIA). For this purpose, a Kalman Filter (KF) is used, where we show that the impact of an attack can be analyzed as the solution of a quadratically constrained problem for which the exact solution can be found efficiently. We also introduce a lower bound for the attack impact in terms of the number of compromised actuators and a combination of sensors and actuators. The theoretical findings are accompanied by simulation results and numerical can study examples

Ataque de negação de serviço por reflexão amplificada sobre CLDAP utilizando a ferramenta Linderhof

Trabalho de conclusão de curso (graduação) — Universidade de Brasília, Instituto de Ciências Exatas, Departamento de Ciência da Computação, 2021.Ataques de Negação de Serviço (DoS), em particular os Ataques Distribuídos de Negação de Serviço por Reflexão Amplificada (AR-DDoS), vêm se mostrando uma ameaça con stante a segurança dos negócios disponíveis na internet. Impulsionados pelo aumento de dispositivos de Internet das Coisas (IoT), que possuem baixo poder computacional e pouca segurança, ataques AR-DDoS têm quebrando recordes de tráfego gerado na rede. Devido a isso, criou-se a ferramenta Linderhof, capaz de gerar ataques de negação de serviço por reflexão amplificada de forma controlada, com o objetivo de permitir o es tudo desses ataques e mensurar sua ameaça. Este trabalho se propõe a implementar melhorias na ferramenta permitindo que diferentes características dos ataque AR-DDoS sejam estudados, tais como adicionar uma forma de alterar parâmetros dos protocolos em tempo de execução, permitir a customização da taxa do ataque, adicionar a possibil idade de definir a vítima como sendo um bloco de endereços, salvar as configurações em um arquivo, adicionar uma interface gráfica, implementar a funcionalidade de encontrar refletores e implementar o ataque nos protocolos SNMP e CLDAP. Assim como os trabal hos anteriores que vêm realizando estudos com o auxílio dessa ferramenta, este trabalho apresenta um estudo específico da utilização do protocolo CLDAP para a realização de tais ataques. Os resultados obtidos estão de acordo com os estudos anteriores, demon strando a saturação dos dispositivos que agem como refletores em baixas taxas de injeção de pacotes.Denial of Service Attacks (DoS), in particular the Amplified Reflection Distributed De nial of Service Attacks (AR-DDoS), have been a constant threat to the security of busi nesses available on the Internet. Driven by the rise of Internet of Things (IoT) devices, which have low computing power and little security, AR-DDoS attacks have been breaking records of traffic generated on the network. Because of this, the tool named Linderhof was created, capable of generating denial of service attacks by amplified reflection in a controlled manner, with the objective of allowing the study of these attacks and mea suring their threat level. This work proposes to implement improvements in the tool allowing different characteristics of AR-DDoS attacks to be studied, such as adding a way to change protocol parameters at runtime, allowing customization of the attack rate, adding a possibility to define the victim as an address block, save the settings in a file, add a graphical interface, implement the functionality of finding reflectors and implement the attack in the SNMP and CLDAP protocols. Like previous works that have been car rying out studies with the aid of this tool, this work presents a specific study of the use of the CLDAP protocol to carry out such attacks. The results obtained are compatible with previous studies, demonstrating the saturation of devices that act as reflectors at low packet injection rates

Internet das coisas e seus riscos : uma análise da exploração de servidores CoAP como refletores de ataques de negação de serviço amplificados

Trabalho de Conclusão de Curso (graduação)—Universidade de Brasília, Instituto de Ciências Exatas, Departamento de Ciência da Computação, 2019.Ataques de Negação de Serviço (DoS) são amplamente utilizados e apresentam grandes riscos à estabilidade da Internet. São ataques antigos que foram evoluindo junto com tecnologias e infraestrutura presentes na internet. Com advento e popularização da Inter- net das Coisas (IoT) muitos dispositivos de baixo poder computacional estão aberto para internet com baixa preocupação com segurança. Como esses dispositivos tem capacidade reduzida, são utilizados protocolos mais modestos que, comumente, trocam segurança por simplicidade. Esse trabalho apresenta uma análise sobre como os vários dispositivos da Internet das Coisas podem ser potenciais vetores de ataques, uma visão geral de ataque DoS e um enfoque em DoS com CoAP para reflexão amplificada de pacotes UDP. E, para simulações e testes foi também implementado um módulo CoAP na ferramenta Lindehof 1.Denial of Service (DoS) attacks are widely used and present great risks to the stability of the Internet. These are well known attacks that have evolved along with Internet technolo- gies and infrastructure. With the popularization of the Internet of Things (IoT), many low power computing devices are now open to the Internet with little security concerns. As these devices have reduced computational power, lightweight communication protocols are used that commonly switch security for simplicity. In this work we will present an analysis of how the various IoT devices can potentially be attack vectors, an overview of DoS attack focusing on exploiting CoAP for amplified reflection of UDP packets. Also, a new module for the Lindehof 2 framework was implemented for simulations and tests

A Defense Framework Against Denial-of-Service in Computer Networks

Denial-of-Service (DoS) is a computer security problem that poses a serious challenge totrustworthiness of services deployed over computer networks. The aim of DoS attacks isto make services unavailable to legitimate users, and current network architectures alloweasy-to-launch, hard-to-stop DoS attacks. Particularly challenging are the service-level DoSattacks, whereby the victim service is flooded with legitimate-like requests, and the jammingattack, in which wireless communication is blocked by malicious radio interference. Theseattacks are overwhelming even for massively-resourced services, and effective and efficientdefenses are highly needed. This work contributes a novel defense framework, which I call dodging, against service-level DoS and wireless jamming. Dodging has two components: (1) the careful assignment ofservers to clients to achieve accurate and quick identification of service-level DoS attackersand (2) the continuous and unpredictable-to-attackers reconfiguration of the client-serverassignment and the radio-channel mapping to withstand service-level and jamming DoSattacks. Dodging creates hard-to-evade baits, or traps, and dilutes the attack "fire power".The traps identify the attackers when they violate the mapping function and even when theyattack while correctly following the mapping function. Moreover, dodging keeps attackers"in the dark", trying to follow the unpredictably changing mapping. They may hit a fewtimes but lose "precious" time before they are identified and stopped. Three dodging-based DoS defense algorithms are developed in this work. They are moreresource-efficient than state-of-the-art DoS detection and mitigation techniques. Honeybees combines channel hopping and error-correcting codes to achieve bandwidth-efficientand energy-efficient mitigation of jamming in multi-radio networks. In roaming honeypots, dodging enables the camouflaging of honeypots, or trap machines, as real servers,making it hard for attackers to locate and avoid the traps. Furthermore, shuffling requestsover servers opens up windows of opportunity, during which legitimate requests are serviced.Live baiting, efficiently identifies service-level DoS attackers by employing results fromthe group-testing theory, discovering defective members in a population using the minimumnumber of tests. The cost and benefit of the dodging algorithms are analyzed theoretically,in simulation, and using prototype experiments