Middleware and Architecture for Advanced Applications of Cyber-physical Systems

In this thesis, we address issues related to middleware, architecture and applications of cyber-physical systems. The first problem we address is the cross-layer design of cyber-physical systems to cope with interactions between the cyber layer and the physical layer in a dynamic environment. We propose a bi-directional middleware that allows the optimal utilization of the common resources for the benefit of either or both the layers in order to obtain overall system performance. The case study of network connectivity preservation in a vehicular formation illustrates how this approach can be applied to a particular situation where the network connectivity drives the application layer. Next we address another aspect of cross-layer impact: the problem that arises when network performance, in this case delay performance, affects control system performance. We propose a two-pronged approach involving a flexible adaptive model identification algorithm with outlier rejection, which in turn uses an adaptive system model to detect and reject outliers, thus shielding the estimation algorithm and thereby improving reliability. We experimentally demonstrate that the outlier rejection approach which intercepts and filters the data, combined with simultaneous model adaptation, can result in improved performance of Model Predictive Control in the vehicular testbed. Then we turn to two advanced applications of cyber-physical systems. First, we address the problem of security of cyber-physical systems. We consider the context of an intelligent transportation system in which a malicious sensor node manipulates the position data of one of the autonomous cars to deviate from a safe trajectory and collide with other cars. In order to secure the safety of such systems where sensor measurements are compromised, we employ the procedure of “dynamic watermarking”. This procedure enables an honest node in the control loop to detect the existence of a malicious node within the feedback loop. We demonstrate in the testbed that dynamic watermarking can indeed protect cars against collisions even in the presence of sensor attacks. The second application of cyber-physical systems that we consider is cyber-manufacturing which is an origami-type laser-based custom manufacturing machine employing folding and cutting of sheet material to manufacture 3D objects. We have developed such a system for use in a laser-based autonomous custom manufacturing machine equipped with real-time sensing and control. The basic elements in the architecture are a laser processing machine, a sensing system to estimate the state of the workpiece, a control system determining control inputs for a laser system based on the estimated data, a robotic arm manipulating the workpiece in the work space, and middleware supporting the communication among the systems. We demonstrate automated 3D laser cutting and bending to fabricate a 3D product as an experimental result. Lastly, we address the problem of traffic management of an unmanned aerial system. In an effort to improve the performance of the traffic management for unmanned aircrafts, we propose a probability-based collision resolution algorithm. The proposed algorithm analyzes the planned trajectories to calculate their collision probabilities, and modifies individual drone starting times to reduce the probability of collision, while attempting to preserve high performance. Our simulation results demonstrate that the proposed algorithm improves the performance of the drone traffic management by guaranteeing high safety with low modification of the starting times

R^2IM: Reliable and Robust Intersection Manager Robust to Rogue Vehicles

abstract: At modern-day intersections, traffic lights and stop signs assist human drivers to cross the intersection safely. Traffic congestion in urban road networks is a costly problem that affects all major cities. Efficiently operating intersections is largely dependent on accuracy and precision of human drivers, engendering a lingering uncertainty of attaining safety and high throughput. To improve the efficiency of the existing traffic network and mitigate the effects of human error in the intersection, many studies have proposed autonomous, intelligent transportation systems. These studies often involve utilizing connected autonomous vehicles, implementing a supervisory system, or both. Implementing a supervisory system is relatively more popular due to the security concerns of vehicle-to-vehicle communication. Even though supervisory systems are a step in the right direction for security, many supervisory systems’ safe operation solely relies on the promise of connected data being correct, making system reliability difficult to achieve. To increase fault-tolerance and decrease the effects of position uncertainty, this thesis proposes the Reliable and Robust Intersection Manager, a supervisory system that uses a separate surveillance system to dependably detect vehicles present in the intersection in order to create data redundancy for more accurate scheduling of connected autonomous vehicles. Adding the Surveillance System ensures that the temporal safety buffers between arrival times of connected autonomous vehicles are maintained. This guarantees that connected autonomous vehicles can traverse the intersection safely in the event of large vehicle controller error, a single rogue car entering the intersection, or a sybil attack. To test the proposed system given these fault-models, MATLAB® was used to create simulations in order to observe the functionality of R2IM compared to the state-of-the-art supervisory system, Robust Intersection Manager. Though R2IM is less efficient than the Robust Intersection Manager, it considers more fault models. The Robust Intersection Manager failed to maintain safety in the event of large vehicle controller errors and rogue cars, however R2IM resulted in zero collisions.Dissertation/ThesisMasters Thesis Computer Engineering 201

An Energy Aware and Secure MAC Protocol for Tackling Denial of Sleep Attacks in Wireless Sensor Networks

Wireless sensor networks which form part of the core for the Internet of Things consist of resource constrained sensors that are usually powered by batteries. Therefore, careful energy awareness is essential when working with these devices. Indeed,the introduction of security techniques such as authentication and encryption, to ensure confidentiality and integrity of data, can place higher energy load on the sensors. However, the absence of security protection c ould give room for energy drain attacks such as denial of sleep attacks which have a higher negative impact on the life span ( of the sensors than the presence of security features. This thesis, therefore, focuses on tackling denial of sleep attacks from two perspectives A security perspective and an energy efficiency perspective. The security perspective involves evaluating and ranking a number of security based techniques to curbing denial of sleep attacks. The energy efficiency perspective, on the other hand, involves exploring duty cycling and simulating three Media Access Control ( protocols Sensor MAC, Timeout MAC andTunableMAC under different network sizes and measuring different parameters such as the Received Signal Strength RSSI) and Link Quality Indicator ( Transmit power, throughput and energy efficiency Duty cycling happens to be one of the major techniques for conserving energy in wireless sensor networks and this research aims to answer questions with regards to the effect of duty cycles on the energy efficiency as well as the throughput of three duty cycle protocols Sensor MAC ( Timeout MAC ( and TunableMAC in addition to creating a novel MAC protocol that is also more resilient to denial of sleep a ttacks than existing protocols. The main contributions to knowledge from this thesis are the developed framework used for evaluation of existing denial of sleep attack solutions and the algorithms which fuel the other contribution to knowledge a newly developed protocol tested on the Castalia Simulator on the OMNET++ platform. The new protocol has been compared with existing protocols and has been found to have significant improvement in energy efficiency and also better resilience to denial of sleep at tacks Part of this research has been published Two conference publications in IEEE Explore and one workshop paper

FRIEND: A Cyber-Physical System for Traffic Flow Related Information Aggregation and Dissemination

The major contribution of this thesis is to lay the theoretical foundations of FRIEND — A cyber-physical system for traffic Flow-Related Information aggrEgatioN and Dissemination. By integrating resources and capabilities at the nexus between the cyber and physical worlds, FRIEND will contribute to aggregating traffic flow data collected by the huge fleet of vehicles on our roads into a comprehensive, near real-time synopsis of traffic flow conditions. We anticipate providing drivers with a meaningful, color-coded, at-a-glance view of flow conditions ahead, alerting them to congested traffic. FRIEND can be used to provide accurate information about traffic flow and can be used to propagate this information. The workhorse of FRIEND is the ubiquitous lane delimiters (a.k.a. cat\u27s eyes) on our roadways that, at the moment, are used simply as dumb reflectors. Our main vision is that by endowing cat\u27s eyes with a modest power source, detection and communication capabilities they will play an important role in collecting, aggregating and disseminating traffic flow conditions to the driving public. We envision the cat\u27s eyes system to be supplemented by road-side units (RSU) deployed at regular intervals (e.g. every kilometer or so). The RSUs placed on opposite sides of the roadway constitute a logical unit and are connected by optical fiber under the median. Unlike inductive loop detectors, adjacent RSUs along the roadway are not connected with each other, thus avoiding the huge cost of optical fiber. Each RSU contains a GPS device (for time synchronization), an active Radio Frequency Identification (RFID) tag for communication with passing cars, a radio transceiver for RSU to RSU communication and a laptop-class computing device. The physical components of FRIEND collect traffic flow-related data from passing vehicles. The collected data is used by FRIEND\u27s inference engine to build beliefs about the state of the traffic, to detect traffic trends, and to disseminate relevant traffic flow-related information along the roadway. The second contribution of this thesis is the development of an incident classification and detection algorithm that can be used to classify different types of traffic incident Then, it can notify the necessary target of the incident. We also compare our incident detection technique with other VANET techniques. Our third contribution is a novel strategy for information dissemination on highways. First, we aim to prevent secondary accidents. Second, we notify drivers far away from the accident of an expected delay that gives them the option to continue or exit before reaching the incident location. A new mechanism tracks the source of the incident while notifying drivers away from the accident. The more time the incident stays, the further the information needs to be propagated. Furthermore, the denser the traffic, the faster it will backup. In high density highways, an incident may form a backup of vehicles faster than low density highways. In order to satisfy this point, we need to propagate information as a function of density and time

Secure covert communications over streaming media using dynamic steganography

Streaming technologies such as VoIP are widely embedded into commercial and industrial applications, so it is imperative to address data security issues before the problems get really serious. This thesis describes a theoretical and experimental investigation of secure covert communications over streaming media using dynamic steganography. A covert VoIP communications system was developed in C++ to enable the implementation of the work being carried out. A new information theoretical model of secure covert communications over streaming media was constructed to depict the security scenarios in streaming media-based steganographic systems with passive attacks. The model involves a stochastic process that models an information source for covert VoIP communications and the theory of hypothesis testing that analyses the adversary‘s detection performance. The potential of hardware-based true random key generation and chaotic interval selection for innovative applications in covert VoIP communications was explored. Using the read time stamp counter of CPU as an entropy source was designed to generate true random numbers as secret keys for streaming media steganography. A novel interval selection algorithm was devised to choose randomly data embedding locations in VoIP streams using random sequences generated from achaotic process. A dynamic key updating and transmission based steganographic algorithm that includes a one-way cryptographical accumulator integrated into dynamic key exchange for covert VoIP communications, was devised to provide secure key exchange for covert communications over streaming media. The discrete logarithm problem in mathematics and steganalysis using t-test revealed the algorithm has the advantage of being the most solid method of key distribution over a public channel. The effectiveness of the new steganographic algorithm for covert communications over streaming media was examined by means of security analysis, steganalysis using non parameter Mann-Whitney-Wilcoxon statistical testing, and performance and robustness measurements. The algorithm achieved the average data embedding rate of 800 bps, comparable to other related algorithms. The results indicated that the algorithm has no or little impact on real-time VoIP communications in terms of speech quality (< 5% change in PESQ with hidden data), signal distortion (6% change in SNR after steganography) and imperceptibility, and it is more secure and effective in addressing the security problems than other related algorithms

Efficiency and Accuracy Enhancement of Intrusion Detection System Using Feature Selection and Cross-layer Mechanism

The dramatic increase in the number of connected devices and the significant growth of the network traffic data have led to many security vulnerabilities and cyber-attacks. Hence, developing new methods to secure the network infrastructure and protect data from malicious and unauthorized access becomes a vital aspect of communication network design. Intrusion Detection Systems (IDSs), as common widely used security techniques, are critical to detect network attacks and unauthorized network access and thus minimize further cyber-attack damages. However, there are a number of weaknesses that need to be addressed to make reliable IDS for real-world applications. One of the fundamental challenges is the large number of redundant and non-relevant data. Feature selection emerges as a necessary step in efficient IDS design to overcome high dimensionality problem and enhance the performance of IDS through the reduction of its complexity and the acceleration of the detection process. Moreover, detection algorithm has significant impact on the performance of IDS. Machine learning techniques are widely used in such systems which is studied in details in this dissertation. One of the most destructive activities in wireless networks such as MANET is packet dropping. The existence of the intrusive attackers in the network is not the only cause of packet loss. In fact, packet drop can occur because of faulty network. Hence, in order detect the packet dropping caused by a malicious activity of an attacker, information from various layers of the protocol is needed to detect malicious packet loss effectively. To this end, a novel cross-layer design for malicious packet loss detection in MANET is proposed using features from physical layer, network layer and MAC layer to make a better detection decision. Trust-based mechanism is adopted in this design and a packet loss free routing algorithm is presented accordingly