23 research outputs found
A Satisfiability Modulo Theory Approach to Secure State Reconstruction in Differentially Flat Systems Under Sensor Attacks
We address the problem of estimating the state of a differentially flat
system from measurements that may be corrupted by an adversarial attack. In
cyber-physical systems, malicious attacks can directly compromise the system's
sensors or manipulate the communication between sensors and controllers. We
consider attacks that only corrupt a subset of sensor measurements. We show
that the possibility of reconstructing the state under such attacks is
characterized by a suitable generalization of the notion of s-sparse
observability, previously introduced by some of the authors in the linear case.
We also extend our previous work on the use of Satisfiability Modulo Theory
solvers to estimate the state under sensor attacks to the context of
differentially flat systems. The effectiveness of our approach is illustrated
on the problem of controlling a quadrotor under sensor attacks.Comment: arXiv admin note: text overlap with arXiv:1412.432
An Unknown Input Multi-Observer Approach for Estimation and Control under Adversarial Attacks
We address the problem of state estimation, attack isolation, and control of
discrete-time linear time-invariant systems under (potentially unbounded)
actuator and sensor false data injection attacks. Using a bank of unknown input
observers, each observer leading to an exponentially stable estimation error
(in the attack-free case), we propose an observer-based estimator that provides
exponential estimates of the system state in spite of actuator and sensor
attacks. Exploiting sensor and actuator redundancy, the estimation scheme is
guaranteed to work if a sufficiently small subset of sensors and actuators are
under attack. Using the proposed estimator, we provide tools for reconstructing
and isolating actuator and sensor attacks; and a control scheme capable of
stabilizing the closed-loop dynamics by switching off isolated actuators.
Simulation results are presented to illustrate the performance of our tools.Comment: arXiv admin note: substantial text overlap with arXiv:1811.1015
A Multi-Observer Based Estimation Framework for Nonlinear Systems under Sensor Attacks
We address the problem of state estimation and attack isolation for general
discrete-time nonlinear systems when sensors are corrupted by (potentially
unbounded) attack signals. For a large class of nonlinear plants and observers,
we provide a general estimation scheme, built around the idea of sensor
redundancy and multi-observer, capable of reconstructing the system state in
spite of sensor attacks and noise. This scheme has been proposed by others for
linear systems/observers and here we propose a unifying framework for a much
larger class of nonlinear systems/observers. Using the proposed estimator, we
provide an isolation algorithm to pinpoint attacks on sensors during sliding
time windows. Simulation results are presented to illustrate the performance of
our tools.Comment: arXiv admin note: text overlap with arXiv:1806.0648
Detection of Sensor Attack and Resilient State Estimation for Uniformly Observable Nonlinear Systems having Redundant Sensors
This paper presents a detection algorithm for sensor attacks and a resilient
state estimation scheme for a class of uniformly observable nonlinear systems.
An adversary is supposed to corrupt a subset of sensors with the possibly
unbounded signals, while the system has sensor redundancy. We design an
individual high-gain observer for each measurement output so that only the
observable portion of the system state is obtained. Then, a nonlinear error
correcting problem is solved by collecting all the information from those
partial observers and exploiting redundancy. A computationally efficient,
on-line monitoring scheme is presented for attack detection. Based on the
attack detection scheme, an algorithm for resilient state estimation is
provided. The simulation results demonstrate the effectiveness of the proposed
algorithm
A secure state estimation algorithm for nonlinear systems under sensor attacks
The state estimation of continuous-time nonlinear systems in which a subset
of sensor outputs can be maliciously controlled through injecting a potentially
unbounded additive signal is considered in this paper. Analogous to our earlier
work for continuous-time linear systems in \cite{chong2015observability}, we
term the convergence of the estimates to the true states in the presence of
sensor attacks as `observability under attacks', where refers to the
number of sensors which the attacker has access to. Unlike the linear case, we
only provide a sufficient condition such that a nonlinear system is observable
under attacks. The condition requires the existence of asymptotic observers
which are robust with respect to the attack signals in an input-to-state stable
sense. We show that an algorithm to choose a compatible state estimate from the
state estimates generated by the bank of observers achieves asymptotic state
reconstruction. We also provide a constructive method for a class of nonlinear
systems to design state observers which have the desirable robustness property.
The relevance of this study is illustrated on monitoring the safe operation of
a power distribution network.Comment: This paper has been accepted for publication at the 59th IEEE
Conference on Decision and Control, 202
Design and Implementation of Attack-Resilient Cyber-Physical Systems
Recent years have witnessed a significant increase in the number of security-related incidents in control systems. These include high-profile attacks in a wide range of application domains, from attacks on critical infrastructure, as in the case of the Maroochy Water breach [1], and industrial systems (such as the StuxNet virus attack on an industrial supervisory control and data acquisition system [2], [3] and the German Steel Mill cyberattack [4], [5]), to attacks on modern vehicles [6]-[8]. Even high-assurance military systems were shown to be vulnerable to attacks, as illustrated in the highly publicized downing of the RQ-170 Sentinel U.S. drone [9]-[11]. These incidents have greatly raised awareness of the need for security in cyberphysical systems (CPSs), which feature tight coupling of computation and communication substrates with sensing and actuation components. However, the complexity and heterogeneity of this next generation of safety-critical, networked, and embedded control systems have challenged the existing design methods in which security is usually consider as an afterthought
Secure Trajectory Planning Against Undetectable Spoofing Attacks
This paper studies, for the first time, the trajectory planning problem in
adversarial environments, where the objective is to design the trajectory of a
robot to reach a desired final state despite the unknown and arbitrary action
of an attacker. In particular, we consider a robot moving in a two-dimensional
space and equipped with two sensors, namely, a Global Navigation Satellite
System (GNSS) sensor and a Radio Signal Strength Indicator (RSSI) sensor. The
attacker can arbitrarily spoof the readings of the GNSS sensor and the robot
control input so as to maximally deviate his trajectory from the nominal
precomputed path. We derive explicit and constructive conditions for the
existence of undetectable attacks, through which the attacker deviates the
robot trajectory in a stealthy way. Conversely, we characterize the existence
of secure trajectories, which guarantee that the robot either moves along the
nominal trajectory or that the attack remains detectable. We show that secure
trajectories can only exist between a subset of states, and provide a numerical
mechanism to compute them. We illustrate our findings through several numerical
studies, and discuss that our methods are applicable to different models of
robot dynamics, including unicycles. More generally, our results show how
control design affects security in systems with nonlinear dynamics.Comment: Accepted for publication in Automatic
State of the art of cyber-physical systems security: An automatic control perspective
Cyber-physical systems are integrations of computation, networking, and physical processes. Due to the tight cyber-physical coupling and to the potentially disrupting consequences of failures, security here is one of the primary concerns. Our systematic mapping study sheds light on how security is actually addressed when dealing with cyber-physical systems from an automatic control perspective. The provided map of 138 selected studies is defined empirically and is based on, for instance, application fields, various system components, related algorithms and models, attacks characteristics and defense strategies. It presents a powerful comparison framework for existing and future research on this hot topic, important for both industry and academia
Parameter-Invariant Monitor Design for Cyber Physical Systems
The tight interaction between information technology and the physical world inherent in Cyber-Physical Systems (CPS) can challenge traditional approaches for monitoring safety and security. Data collected for robust CPS monitoring is often sparse and may lack rich training data describing critical events/attacks. Moreover, CPS often operate in diverse environments that can have significant inter/intra-system variability. Furthermore, CPS monitors that are not robust to data sparsity and inter/intra-system variability may result in inconsistent performance and may not be trusted for monitoring safety and security. Towards overcoming these challenges, this paper presents recent work on the design of parameter-invariant (PAIN) monitors for CPS. PAIN monitors are designed such that unknown events and system variability minimally affect the monitor performance. This work describes how PAIN designs can achieve a constant false alarm rate (CFAR) in the presence of data sparsity and intra/inter system variance in real-world CPS.
To demonstrate the design of PAIN monitors for safety monitoring in CPS with different types of dynamics, we consider systems with networked dynamics, linear-time invariant dynamics, and hybrid dynamics that are discussed through case studies for building actuator fault detection, meal detection in type I diabetes, and detecting hypoxia caused by pulmonary shunts in infants. In all applications, the PAIN monitor is shown to have (significantly) less variance in monitoring performance and (often) outperforms other competing approaches in the literature. Finally, an initial application of PAIN monitoring for CPS security is presented along with challenges and research directions for future security monitoring deployments