A Resilient Control Approach to Secure Cyber Physical Systems (CPS) with an Application on Connected Vehicles

The objective of this dissertation is to develop a resilient control approach to secure Cyber Physical Systems (CPS) against cyber-attacks, network failures and potential physical faults. Despite being potentially beneficial in several aspects, the connectivity in CPSs poses a set of specific challenges from safety and reliability standpoint. The first challenge arises from unreliable communication network which affects the control/management of overall system. Second, faulty sensors and actuators can degrade the performance of CPS and send wrong information to the controller or other subsystems of the CPS. Finally, CPSs are vulnerable to cyber-attacks which can potentially lead to dangerous scenarios by affecting the information transmitted among various components of CPSs. Hence, a resilient control approach is proposed to address these challenges. The control approach consists of three main parts:(1) Physical fault diagnostics: This part makes sure the CPS works normally while there is no cyber-attacks/ network failure in the communication network; (2) Cyber-attack/failure resilient strategy: This part consists of a resilient strategy for specific cyber-attacks to compensate for their malicious effects ; (3) Decision making algorithm: The decision making block identifies the specific existing cyber-attacks/ network failure in the system and deploys corresponding control strategy to minimize the effect of abnormality in the system performance. In this dissertation, we consider a platoon of connected vehicle system under Co-operative Adaptive Cruise Control (CACC) strategy as a CPS and develop a resilient control approach to address the aforementioned challenges. The first part of this dissertation investigates fault diagnostics of connected vehicles assuming ideal communication network. Very few works address the real-time diagnostics problem in connected vehicles. This study models the effect of different faults in sensors and actuators, and also develops fault diagnosis scheme for detectable and identifiable faults. The proposed diagnostics scheme is based on sliding model observers to detect, isolate and estimate faults in the sensors and actuators. One of the main advantages of sliding model approach lies in applicability to nonlinear systems. Therefore, the proposed method can be extended for other nonlinear cyber physical systems as well. The second part of the proposed research deals with developing strategies to maintain performance of cyber-physical systems close to the normal, in the presence of common cyber-attacks and network failures. Specifically, the behavior of Dedicated Short-Range Communication (DSRC) network is analyzed under cyber-attacks and failures including packet dropping, Denial of Service (DOS) attack and false data injection attack. To start with, packet dropping in network communication is modeled by Bernoulli random variable. Then an observer based modifying algorithm is proposed to modify the existing CACC strategy against the effect of packet dropping phenomena. In contrast to the existing works on state estimation over imperfect communication network in CPS which mainly use either holding previous received data or Kalman filter with intermittent observation, a combination of these two approaches is used to construct the missing data over packet dropping phenomena. Furthermore, an observer based fault diagnostics based on sliding mode approach is proposed to detect, isolate and estimate sensor faults in connected vehicles platoon. Next, Denial of Service (DoS) attack is considered on the communication network. The effect of DoS attack is modeled as an unknown stochastic delay in data delivery in the communication network. Then an observer based approach is proposed to estimate the real data from the delayed measured data over the network. A novel approach based on LMI theory is presented to design observer and estimate the states of the system via delayed measurements. Next, we explore and alternative approach by modeling DoS with unknown constant time delay and propose an adaptive observer to estimate the delay. Furthermore, we study the effects of system uncertainties on the DoS algorithm. In the third algorithm, we considered a general CPS with a saturated DoS attack modeled with constant unknown delay. In this part, we modeled the DoS via a PDE and developed a PDE based observer to estimate the delay as well as states of the system while the only available measurements are delayed. Furthermore, as the last cyber-attack of the second part of the dissertation, we consider false data injection attack as the fake vehicle identity in the platoon of vehicles. In this part, we develop a novel PDE-based modeling strategy for the platoon of vehicles equipped with CACC. Moreover, we propose a PDE based observer to detect and isolate the location of the false data injection attack injected into the platoon as fake identity. Finally, the third part of the dissertation deals with the ongoing works on an optimum decision making strategy formulated via Model Predictive Control (MPC). The decision making block is developed to choose the optimum strategy among available strategies designed in the second part of the dissertation

An approach for formal analysis of the security of a water treatment testbed

This thesis focuses on securing critical infrastructures such as chemical plants, manufacturing units, and power generating plants against attacks that disrupt the information flow from one component to another. Such systems are controlled by an Industrial Control System (ICS) that includes controllers communicating with each other, and with physical sensors and actuators, using a communications network. Traditional security models partition the security universe into two worlds, secure and insecure, but in the real world the partitions often overlap and information is leaked even through the physical observation which makes it much harder to analyze a Cyber physical system (CPS). To overcome these, this thesis focus on the Multiple Security Domain Nondeducibility (MSDND) model to identify the vulnerable points of attack on the system that hide critical information as in the STUXNET virus rather than theft of information. It is shown how MSDND analysis, conducted on a realistic multi-stage water treatment testbed, is useful in enhancing the security of a water treatment plant. Based on the MSDND analysis, this thesis offers a thorough documentation on the vulnerable points of attack, invariants used for removing the vulnerabilities, and suggested design decisions that help in developing invariants --Abstract, page iii

Assessing database and network threats in traditional and cloud computing

Cloud Computing is currently one of the most widely-spoken terms in IT. While it offers a range of technological and financial benefits, its wide acceptance by organizations is not yet wide spread. Security concerns are a main reason for this and this paper studies the data and network threats posed in both traditional and cloud paradigms in an effort to assert in which areas cloud computing addresses security issues and where it does introduce new ones. This evaluation is based on Microsoft’s STRIDE threat model and discusses the stakeholders, the impact and recommendations for tackling each threat

Autonomic computing architecture for SCADA cyber security

Cognitive computing relates to intelligent computing platforms that are based on the disciplines of artificial intelligence, machine learning, and other innovative technologies. These technologies can be used to design systems that mimic the human brain to learn about their environment and can autonomously predict an impending anomalous situation. IBM first used the term ‘Autonomic Computing’ in 2001 to combat the looming complexity crisis (Ganek and Corbi, 2003). The concept has been inspired by the human biological autonomic system. An autonomic system is self-healing, self-regulating, self-optimising and self-protecting (Ganek and Corbi, 2003). Therefore, the system should be able to protect itself against both malicious attacks and unintended mistakes by the operator

Multi-Layer Cyber-Physical Security and Resilience for Smart Grid

The smart grid is a large-scale complex system that integrates communication technologies with the physical layer operation of the energy systems. Security and resilience mechanisms by design are important to provide guarantee operations for the system. This chapter provides a layered perspective of the smart grid security and discusses game and decision theory as a tool to model the interactions among system components and the interaction between attackers and the system. We discuss game-theoretic applications and challenges in the design of cross-layer robust and resilient controller, secure network routing protocol at the data communication and networking layers, and the challenges of the information security at the management layer of the grid. The chapter will discuss the future directions of using game-theoretic tools in addressing multi-layer security issues in the smart grid.Comment: 16 page

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

STOP-IT: strategic, tactical, operational protection of water infrastructure against cyberphysical threats

Water supply and sanitation infrastructures are essential for our welfare, but vulnerable to several attack types facilitated by the ever-changing landscapes of the digital world. A cyber-attack on critical infrastructures could for example evolve along these threat vectors: chemical/biological contamination, physical or communications disruption between the network and the supervisory SCADA. Although conceptual and technological solutions to security and resilience are available, further work is required to bring them together in a risk management framework, strengthen the capacities of water utilities to systematically protect their systems, determine gaps in security technologies and improve risk management approaches. In particular, robust adaptable/flexible solutions for prevention, detection and mitigation of consequences in case of failure due to physical and cyber threats, their combination and cascading effects (from attacks to other critical infrastructure, i.e. energy) are still missing. There is (i) an urgent need to efficiently tackle cyber-physical security threats, (ii) an existing risk management gap in utilities’ practices and (iii) an un-tapped technology market potential for strategic, tactical and operational protection solutions for water infrastructure: how the H2020 STOP-IT project aims to bridge these gaps is presented in this paper.Postprint (published version

Autonomic computing meets SCADA security

© 2017 IEEE. National assets such as transportation networks, large manufacturing, business and health facilities, power generation, and distribution networks are critical infrastructures. The cyber threats to these infrastructures have increasingly become more sophisticated, extensive and numerous. Cyber security conventional measures have proved useful in the past but increasing sophistication of attacks dictates the need for newer measures. The autonomic computing paradigm mimics the autonomic nervous system and is promising to meet the latest challenges in the cyber threat landscape. This paper provides a brief review of autonomic computing applications for SCADA systems and proposes architecture for cyber security