12,893 research outputs found
Dynamic Attack Detection in Cyber-Physical Systems with Side Initial State Information
This paper studies the impact of side initial state information on the
detectability of data deception attacks against cyber-physical systems. We
assume the attack detector has access to a linear function of the initial
system state that cannot be altered by an attacker. First, we provide a
necessary and sufficient condition for an attack to be undetectable by any
dynamic attack detector under each specific side information pattern. Second,
we characterize attacks that can be sustained for arbitrarily long periods
without being detected. Third, we define the zero state inducing attack, the
only type of attack that remains dynamically undetectable regardless of the
side initial state information available to the attack detector. Finally, we
design a dynamic attack detector that detects detectable attacks.Comment: Submitted. Initial Submission: Mar. 201
Cyber-Physical Systems Security: a Systematic Mapping Study
Cyber-physical systems are integrations of computation, networking, and
physical processes. Due to the tight cyber-physical coupling and to the
potentially disrupting consequences of failures, security here is one of the
primary concerns. Our systematic mapping study sheds some light on how security
is actually addressed when dealing with cyber-physical systems. The provided
systematic map of 118 selected studies is based on, for instance, application
fields, various system components, related algorithms and models, attacks
characteristics and defense strategies. It presents a powerful comparison
framework for existing and future research on this hot topic, important for
both industry and academia.Comment: arXiv admin note: text overlap with arXiv:1205.5073 by other author
Data-Injection Attacks in Stochastic Control Systems: Detectability and Performance Tradeoffs
Consider a stochastic process being controlled across a communication
channel. The control signal that is transmitted across the control channel can
be replaced by a malicious attacker. The controller is allowed to implement any
arbitrary detection algorithm to detect if an attacker is present. This work
characterizes some fundamental limitations of when such an attack can be
detected, and quantifies the performance degradation that an attacker that
seeks to be undetected or stealthy can introduce
Cyber Physical Attacks with Control Objectives
This paper studies attackers with control objectives against cyber-physical
systems (CPS). The system is equipped with its own controller and attack
detector, and the goal of the attacker is to move the system to a target state
while altering the system's actuator input and sensor output to avoid
detection. We formulate a cost function that reflects the attacker's goals,
and, using dynamic programming, we show that the optimal attack strategy
reduces to a linear feedback of the attacker's state estimate. By changing the
parameters of the cost function, we show how an attacker can design optimal
attacks to balance the control objective and the detection avoidance objective.
Finally, we provide a numerical illustration based on a remotely-controlled
helicopter under attack
S3A: Secure System Simplex Architecture for Enhanced Security of Cyber-Physical Systems
Until recently, cyber-physical systems, especially those with safety-critical
properties that manage critical infrastructure (e.g. power generation plants,
water treatment facilities, etc.) were considered to be invulnerable against
software security breaches. The recently discovered 'W32.Stuxnet' worm has
drastically changed this perception by demonstrating that such systems are
susceptible to external attacks. Here we present an architecture that enhances
the security of safety-critical cyber-physical systems despite the presence of
such malware. Our architecture uses the property that control systems have
deterministic execution behavior, to detect an intrusion within 0.6 {\mu}s
while still guaranteeing the safety of the plant. We also show that even if an
attack is successful, the overall state of the physical system will still
remain safe. Even if the operating system's administrative privileges have been
compromised, our architecture will still be able to protect the physical system
from coming to harm.Comment: 12 page
Cyber-Physical War Gaming
This paper presents general strategies for cyber war gaming of Cyber-Physical
Systems (CPSs) that are used for cyber security research at the U.S. Army
Research Laboratory (ARL). Since Supervisory Control and Data Acquisition
(SCADA) and other CPSs are operational systems, it is difficult or impossible
to perform security experiments on actual systems. The authors describe how
table-top strategy sessions and realistic, live CPS war games are conducted at
ARL. They also discuss how the recorded actions of the war game activity can be
used to test and validate cyber-defence models, such as game-theoretic security
models.Comment: To appear in Journal of Information Warfare, Volume 1
Persuasion-based Robust Sensor Design Against Attackers with Unknown Control Objectives
In this paper, we introduce a robust sensor design framework to provide
"persuasion-based" defense in stochastic control systems against an unknown
type attacker with a control objective exclusive to its type. For effective
control, such an attacker's actions depend on its belief on the underlying
state of the system. We design a robust "linear-plus-noise" signaling strategy
to encode sensor outputs in order to shape the attacker's belief in a strategic
way and correspondingly to persuade the attacker to take actions that lead to
minimum damage with respect to the system's objective. The specific model we
adopt is a Gauss-Markov process driven by a controller with a (partially)
"unknown" malicious/benign control objective. We seek to defend against the
worst possible distribution over control objectives in a robust way under the
solution concept of Stackelberg equilibrium, where the sensor is the leader. We
show that a necessary and sufficient condition on the covariance matrix of the
posterior belief is a certain linear matrix inequality and we provide a
closed-form solution for the associated signaling strategy. This enables us to
formulate an equivalent tractable problem, indeed a semi-definite program, to
compute the robust sensor design strategies "globally" even though the original
optimization problem is non-convex and highly nonlinear. We also extend this
result to scenarios where the sensor makes noisy or partial measurements.
Finally, we analyze the ensuing performance numerically for various scenarios
Attack Analysis for Distributed Control Systems: An Internal Model Principle Approach
Although adverse effects of attacks have been acknowledged in many
cyber-physical systems, there is no system-theoretic comprehension of how a
compromised agent can leverage communication capabilities to maximize the
damage in distributed multi-agent systems. A rigorous analysis of
cyber-physical attacks enables us to increase the system awareness against
attacks and design more resilient control protocols. To this end, we will take
the role of the attacker to identify the worst effects of attacks on root nodes
and non-root nodes in a distributed control system. More specifically, we show
that a stealthy attack on root nodes can mislead the entire network to a wrong
understanding of the situation and even destabilize the synchronization
process. This will be called the internal model principle for the attacker and
will intensify the urgency of designing novel control protocols to mitigate
these types of attacks
Two-Way Coding in Control Systems Under Injection Attacks: From Attack Detection to Attack Correction
In this paper, we introduce the method of two-way coding, a concept
originating in communication theory characterizing coding schemes for two-way
channels, into (networked) feedback control systems under injection attacks. We
first show that the presence of two-way coding can distort the perspective of
the attacker on the control system. In general, the distorted viewpoint on the
attacker side as a consequence of two-way coding will facilitate detecting the
attacks, or restricting what the attacker can do, or even correcting the attack
effect. In the particular case of zero-dynamics attacks, if the attacks are to
be designed according to the original plant, then they will be easily detected;
while if the attacks are designed with respect to the equivalent plant as
viewed by the attacker, then under the additional assumption that the plant is
stabilizable by static output feedback, the attack effect may be corrected in
steady state
A Roadmap Towards Resilient Internet of Things for Cyber-Physical Systems
The Internet of Things (IoT) is a ubiquitous system connecting many different
devices - the things - which can be accessed from the distance. The
cyber-physical systems (CPS) monitor and control the things from the distance.
As a result, the concepts of dependability and security get deeply intertwined.
The increasing level of dynamicity, heterogeneity, and complexity adds to the
system's vulnerability, and challenges its ability to react to faults. This
paper summarizes state-of-the-art of existing work on anomaly detection,
fault-tolerance and self-healing, and adds a number of other methods applicable
to achieve resilience in an IoT. We particularly focus on non-intrusive methods
ensuring data integrity in the network. Furthermore, this paper presents the
main challenges in building a resilient IoT for CPS which is crucial in the era
of smart CPS with enhanced connectivity (an excellent example of such a system
is connected autonomous vehicles). It further summarizes our solutions,
work-in-progress and future work to this topic to enable "Trustworthy IoT for
CPS". Finally, this framework is illustrated on a selected use case: A smart
sensor infrastructure in the transport domain.Comment: preprint (2018-10-29
- …