76 research outputs found
μν λ°μ΄ν°λ‘ ννλλ μ¬μ΄λ²-물리 μμ€ν μ μ·¨μ½μ λΆμ λ° κ²μΆ λΆκ°λ₯ν 곡격μ λν λ°©μ΄ κΈ°λ²
νμλ
Όλ¬Έ (λ°μ¬) -- μμΈλνκ΅ λνμ : 곡과λν μ κΈ°Β·μ 보곡νλΆ, 2020. 8. μ¬ν보.The rapid evolution of communication network and computation speed has led to the emergence of cyber-physical systems in which the traditional physical plants are controlled remotely using digital controllers.
Unfortunately, however, the separation between the plant and controller with a network communication provides a new chance for external adversaries to intrude control systems, which are highly connected to human life and social infrastructures. For this reason, among various issues of the cyber-physical system, security problems have gained particular attention to control engineers these days. This dissertation presents new theoretical vulnerabilities undetectable from the conventional anomaly detector, which arise due to the mixture of continuous- and discrete-time components on cyber-physical systems, and addresses countermeasures against such vulnerabilities. Specific subjects dealt with in the dissertation are listed as follows:
1) Zero dynamics attacks can be lethal to cyber-physical systems because they can be harmful to physical plants and impossible to detect. Fortunately, if the given continuous-time physical system is minimum phase, the attack is not so effective even if it cannot be detected. However, the situation can become unfavorable if one uses digital control by sampling the sensor measurement and using a zero-order hold for actuation because of the `sampling zeros.' When the continuous-time system has a relative degree greater than two and the sampling period is small, the sampled-data system must have unstable zeros, so that the cyber-physical system becomes vulnerable to `sampling zero dynamics attack.' In this dissertation, we present an idea to neutralize the zero dynamics attack for single-input and single-output sampled-data systems by shifting the unstable discrete-time zeros into stable ones. This idea is realized by employing the so-called `generalized hold' which replaces a standard zero-order hold. It is shown that, under mild assumptions, a generalized hold exists which places the discrete-time zeros at desired positions. Furthermore, we formulate the design problem as an optimization problem whose performance index is related to the inter-sample behavior of the physical plant, and propose an optimal gain which alleviates the performance degradation caused by generalized hold as much as possible, and in order to verify the theoretical results, we apply the proposed strategy to a DC/DC converter with an electrical circuit.
2) The zero dynamics attack has usually been studied as a type of actuator attack, but it can harm the physical plant through the sensor network. Specifically, when the system monitors abnormal behavior of the plant using the anomaly detector (fault detector), one can generate zero dynamics attack on the sensor network deceiving the anomaly detector by regarding the output of the plant and residual of the anomaly detector as a new input and output of a target system. It is noticed that this sensor attack is not so effective when the plant is stable even if the attack is still undetectable. Noting this point, we propose to reexamine the generalized hold as a countermeasure against the undetectable sensor attack. That is, using the fact that the output feedback passing through the generalized hold can stabilize the unstable systems by selecting an appropriate hold function, we show that the plant can be safe from the undetectable sensor attack. Furthermore, to relieve the performance degradation of the use of generalized hold feedback, we employ a discrete-time linear quadratic regulator minimizing a continuous-time cost function.
3) In the sampled-data framework, most anomaly detectors monitor the plant's output only at discrete time instants. Consequently, abnormal behavior between sampling instants cannot be detected if output behaves normally at every sampling instant. This implies that if an actuator attack drives the plant's state to pass through the kernel of the output matrix at each sensing time, then the attack compromises the system while remaining stealthy. This type of attack is always constructible when the sampled-data system has an input redundancy, i.e., the number of inputs being larger than that of outputs and/or the sampling rate of the actuators being higher than that of the sensors. Simulation results for the X-38 vehicle and other numerical examples illustrate this new attack strategy may result in disastrous consequences.λμ§νΈ μ₯μΉλ€μ μ°μ° μλμ λ€νΈμν¬ μ μ‘ μλμ κΈμ§μ μΈ λ°μ μΌλ‘ κ³ μ μ μΈ μ μ΄ μμ€ν
μ΄ λ€νΈμν¬λ₯Ό ν΅ν΄ μ격μΌλ‘ μ μ΄λλ μ¬μ΄λ²-물리 μμ€ν
(cyber-physical systems)μ΄ λ±μ₯νκΈ° μμνλ€. μ΄λ¬ν μ¬μ΄λ²-물리 μμ€ν
μ μ μ΄κΈ°μ μ μ΄ λμμ λΆλ¦¬λΌλ νΉμ±μ μΈλΆμ μ
μμ μΈ κ³΅κ²©μ νΈλ‘ λΆν° 곡격λΉν μ μλ μ μ¬μ μΈ μνμ λ
ΈμΆλμ΄ μμΌλ©° νμνλνΈμ μ격κ°μμ μ΄(SCADA, Supervisory Control And Data Acquisition)μ κ°μ μ¬ν κΈ°λ° μμ€κ³Όλ λ°μ ν μ°κ΄μ΄ μμ΄ κ·Έ 보μμ±μ κ΄ν μ°κ΅¬μ νμμ±μ΄ κ°μ‘°λκ³ μλ€. λ³Έ λ
Όλ¬Έμ μ¬μ΄λ²-물리 μμ€ν
μ΄ μ°μμκ°μΌλ‘ μ΄λ£¨μ΄μ§ 물리 νλνΈ(physical plant)μ λμ§νΈ μ μ΄κΈ°λ‘ μ΄λ£¨μ΄μ Έ μλ€λ μ¬μ€λ‘λΆν° μ΄λ₯Ό μμ°¨νλ(zero-order hold)μ μνλ¬(sampler)λ‘ μ΄μ°ν(discretize)λλ μν-λ°μ΄ν° μμ€ν
μΌλ‘ νννκ³ , μ°μμκ°κ³Ό μ΄μ°μκ°μ κ²°ν©μΌλ‘ λΆν° λ°μν μ μλ μ¬μ΄λ² 곡격μ λν μ΄λ‘ μ μΈ μ·¨μ½μ μ λΆμνκ³ κ·Έμ λν ν΄κ²°μ±
μ μ μνλ€.
ꡬ체μ μΌλ‘ λ³Έ λ
Όλ¬Έμμλ λ€μμ μΈ κ°μ§ μ£Όμ λ€μ λ€λ£¬λ€. 첫 λ²μ§Έλ‘, λ³Έ λ
Όλ¬Έμ μμ€ν
μ λΆμμ ν(unstable) μμ (zero)μ μ 보λ₯Ό μ΄μ©νμ¬ μ
λ ₯ λ€νΈμν¬λ₯Ό ν΅ν΄ μ£Όμ
λ κ²½μ° κ²μΆλΆκ°λ₯(undetectable)ν μλμν 곡격(zero dynamics attack)μ΄ μν λ°μ΄ν° μμ€ν
μμ λ°μνλ μνλ§ μμ (sampling zero)μ μ΄μ©νμ¬λ κ°λ₯νλ€λ μ μ λ°νλ€. κ·Έλ¦¬κ³ μμ°¨νλ λμ μΌλ°νλ νλ(generalized hold)λ₯Ό μ΄μ©ν κ²½μ° μ΄μ°μκ° μμ€ν
μ μ΄μ°μκ° μμ μ λͺ¨λ μμ ν(stable)ν μμμΌλ‘ ν λΉν μ μλ€λ μ¬μ€μ κ·Όκ±°νμ¬ μλμν 곡격μ λν κ·Όλ³Έμ μΈ λμμ±
μΌλ‘ μμ°¨νλλ₯Ό μΌλ°νλ νλλ‘ λ체νλ λ°©μμ μ μνλ€. μΆκ°μ μΌλ‘, μΌλ°νλ νλλ₯Ό μ΄μ©ν κ²½μ° λ°μνλ μ±λ₯μ νλ₯Ό μ΅μν νκΈ° μν΄ λ³Όλ‘(convex) μ΅μ ν λ¬Έμ λ‘ μΌλ°νλ νλλ₯Ό μ€κ³νλ λ°©λ²μ μ μνλ€. λ€λ₯Έ ννΈ, μ΄μ°μκ° μμ€ν
μ μΆλ ₯ μΌμ λ€νΈμν¬λ₯Ό μ
λ ₯ κ·Έλ¦¬κ³ κ³ μ₯ κ²μΆκΈ°(fault detector)μ μμ¬μ νΈ(residual)λ₯Ό μΆλ ₯μΌλ‘ νλ μμ€ν
μ μλμνμ μ΄μ©νμ¬ κ²μΆ λΆκ°λ₯ν μΌμ κ³΅κ²©μ΄ κ°λ₯ν¨μ 보μ΄κ³ , μ΄μ λν ν΄κ²°μ±
μΌλ‘ μ΄μ°μκ° μΆλ ₯ λΆν° μ°μμκ° μ
λ ₯κΉμ§ μΌλ°νλ νλλ₯Ό μ΄μ©ν νΌλλ°± 루νλ₯Ό μΆκ°νμ¬ κ³΅κ²©μ ν¨κ³Όλ₯Ό 무ν¨ννλ λ°©λ²μ μ μνλ€. λν μ΄λ¬ν νΌλλ°± 루νλ‘ μΈν μ μ΄ μ±λ₯ μ νλ₯Ό μ΅μννκΈ° μν΄ μ°μμκ° λΉμ©ν¨μλ₯Ό μ΅μννλ μ΄μ°μκ° μ΅μ μ μ΄κΈ°λ²μ μ΄μ©μ μ μνλ€. λ§μ§λ§μΌλ‘, μμ°¨νλμ μνλ¬μ λμμ£ΌκΈ°κ° κ°μ§ μμ λ€μ€ μ
μΆλ ₯(MIMO) μν-λ°μ΄ν° μμ€ν
μ μμΈ μμ€ν
(lifted system)μΌλ‘ ννμμ λ μΆλ ₯λλΉ μ
λ ₯ μ¬μ λΆμ΄ λ§μ κ²½μ°, μ
λ ₯ λ€νΈμν¬λ₯Ό ν΅νμ¬ κ²μΆ λΆκ°λ₯ν 곡격μ κ°λ₯νκ² νλ μΆ©λΆμ‘°κ±΄μ μ°Ύκ³ , μ΄λ₯Ό νμ©νμ¬ κ³΅κ²©μ νΈλ₯Ό μμ±νλ μ€κ³λ²μ μ μνλ€.1 Introduction 1
1.1 Overview of Security Issues on Cyber-Physical Systems 1
1.2 Contributions and Outline of Dissertation 4
1.3 Preliminary: Characterization of detectable and undetectable attacks 8
2 Use of Generalized Hold in Sampled-data Systems to Counteract Zero Dynamics Attack 13
2.1 Zero Dynamics Attack with Normal Form 13
2.1.1 Continuous-time Linear Systems 13
2.1.2 Sampled-data Linear Systems 16
2.1.3 Simulation Result: Zero Dynamics Attack on Sampling Zeros 18
2.1.4 Existing Countermeasures Against Zero Dynamics Attack 19
2.2 Optimal Generalized Hold Function to Neutralize Zero Dynamics Attack 22
2.2.1 Shifting discrete-time zeros by generalized hold 23
2.2.2 Design of optimal generalized hold function with security guaranteed 27
2.2.3 Simulation Results: Effect of Optimal Generalized Hold 34
2.3 Illustrative Example for Closed-loop System 36
2.4 Experiment: DC/DC Converter with Electrical Circuit 39
2.4.1 Simulation Results 43
2.4.2 Experiment Results 44
2.5 Study on the Effect of Generalized Hold on Intrinsic Zeros of Nonlinear Systems under Fast Sampling 47
3 Use of Generalized Hold Feedback in Sampled-data Systems to Counteract Zero-dynamics Sensor Attack 57
3.1 Undetectable Sensor Attack and its lethality 57
3.1.1 Construction of Zero Dynamics Sensor Attack 58
3.1.2 Simulation Results: Magnetic Levitation of a Steel Ball 61
3.2 Strategy to Neutralize Zero Dynamics Sensor Attack and Relieve Performance Degradation 63
3.2.1 Employing the generalized hold feedback to neutralize zero dynamics sensor attack 64
3.2.2 Simulation Results: Effectiveness of the Generalized Hold 69
3.2.3 DLQR under Consideration of Inter-sample Behavior 71
3.2.4 Simulation Results: Effectiveness of DLQR with Continuous-time Performance Index 77
4 Masking Attack for Sampled-data System via Input Redundancy 79
4.1 Problem Formulation 79
4.2 Design of Masking Attack with Zero-stealthy and Disruptive Properties 83
4.2.1 Clustering the Time Frame 86
4.2.2 Conditions for Masking Attack Design 90
4.2.3 Off-line Construction of Attack Signal 93
4.2.4 Practical Stealthiness of Masking Attack with R \in R 97
4.3 Simulation Results 99
4.3.1 Numerical Example: R = 1 with Ξ΄ = 0 99
4.3.2 X-38 Vehicle: R = 4 with Ξ΄ = 0 102
4.3.3 Numerical Example: R = 0.4 with Ξ΄ = 0.75 105
5 Conclusion of Dissertation 111
BIBLIOGRAPHY 113
κ΅λ¬Έμ΄λ‘ 121Docto
Comprehensive Survey and Taxonomies of False Injection Attacks in Smart Grid: Attack Models, Targets, and Impacts
Smart Grid has rapidly transformed the centrally controlled power system into
a massively interconnected cyber-physical system that benefits from the
revolutions happening in the communications (e.g. 5G) and the growing
proliferation of the Internet of Things devices (such as smart metres and
intelligent electronic devices). While the convergence of a significant number
of cyber-physical elements has enabled the Smart Grid to be far more efficient
and competitive in addressing the growing global energy challenges, it has also
introduced a large number of vulnerabilities culminating in violations of data
availability, integrity, and confidentiality. Recently, false data injection
(FDI) has become one of the most critical cyberattacks, and appears to be a
focal point of interest for both research and industry. To this end, this paper
presents a comprehensive review in the recent advances of the FDI attacks, with
particular emphasis on 1) adversarial models, 2) attack targets, and 3) impacts
in the Smart Grid infrastructure. This review paper aims to provide a thorough
understanding of the incumbent threats affecting the entire spectrum of the
Smart Grid. Related literature are analysed and compared in terms of their
theoretical and practical implications to the Smart Grid cybersecurity. In
conclusion, a range of technical limitations of existing false data attack
research is identified, and a number of future research directions is
recommended.Comment: Double-column of 24 pages, prepared based on IEEE Transaction articl
State of the art of cyber-physical systems security: An automatic control perspective
Cyber-physical systems are integrations of computation, networking, and physical processes. Due to the tight cyber-physical coupling and to the potentially disrupting consequences of failures, security here is one of the primary concerns. Our systematic mapping study sheds light on how security is actually addressed when dealing with cyber-physical systems from an automatic control perspective. The provided map of 138 selected studies is defined empirically and is based on, for instance, application fields, various system components, related algorithms and models, attacks characteristics and defense strategies. It presents a powerful comparison framework for existing and future research on this hot topic, important for both industry and academia
- β¦