Fake-Acknowledgment Attack on ACK-based Sensor Power Schedule for Remote State Estimation

We consider a class of malicious attacks against remote state estimation. A sensor with limited resources adopts an acknowledgement (ACK)-based online power schedule to improve the remote state estimation performance. A malicious attacker can modify the ACKs from the remote estimator and convey fake information to the sensor. When the capability of the attacker is limited, we propose an attack strategy for the attacker and analyze the corresponding effect on the estimation performance. The possible responses of the sensor are studied and a condition for the sensor to discard ACKs and switch from online schedule to offline schedule is provided.Comment: submitted to IEEE CDC 201

On Ladder Logic Bombs in Industrial Control Systems

In industrial control systems, devices such as Programmable Logic Controllers (PLCs) are commonly used to directly interact with sensors and actuators, and perform local automatic control. PLCs run software on two different layers: a) firmware (i.e. the OS) and b) control logic (processing sensor readings to determine control actions). In this work, we discuss ladder logic bombs, i.e. malware written in ladder logic (or one of the other IEC 61131-3-compatible languages). Such malware would be inserted by an attacker into existing control logic on a PLC, and either persistently change the behavior, or wait for specific trigger signals to activate malicious behaviour. For example, the LLB could replace legitimate sensor readings with manipulated values. We see the concept of LLBs as a generalization of attacks such as the Stuxnet attack. We introduce LLBs on an abstract level, and then demonstrate several designs based on real PLC devices in our lab. In particular, we also focus on stealthy LLBs, i.e. LLBs that are hard to detect by human operators manually validating the program running in PLCs. In addition to introducing vulnerabilities on the logic layer, we also discuss countermeasures and we propose two detection techniques.Comment: 11 pages, 14 figures, 2 tables, 1 algorith

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

A virtual actuator approach for the secure control of networked LPV systems under pulse-width modulated DoS attacks

In this paper, we formulate and analyze the problem of secure control in the context of networked linear parameter varying (LPV) systems. We consider an energy-constrained, pulse-width modulated (PWM) jammer, which corrupts the control communication channel by performing a denial-of-service (DoS) attack. In particular, the malicious attacker is able to erase the data sent to one or more actuators. In order to achieve secure control, we propose a virtual actuator technique under the assumption that the behavior of the attacker has been identified. The main advantage brought by this technique is that the existing components in the control system can be maintained without need of retuning them, since the virtual actuator will perform a reconfiguration of the plant, hiding the attack from the controller point of view. Using Lyapunov-based results that take into account the possible behavior of the attacker, design conditions for calculating the virtual actuators gains are obtained. A numerical example is used to illustrate the proposed secure control strategy.Peer ReviewedPostprint (author's final draft

Performance analysis with network-enhanced complexities: On fading measurements, event-triggered mechanisms, and cyber attacks

Copyright © 2014 Derui Ding et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.Nowadays, the real-world systems are usually subject to various complexities such as parameter uncertainties, time-delays, and nonlinear disturbances. For networked systems, especially large-scale systems such as multiagent systems and systems over sensor networks, the complexities are inevitably enhanced in terms of their degrees or intensities because of the usage of the communication networks. Therefore, it would be interesting to (1) examine how this kind of network-enhanced complexities affects the control or filtering performance; and (2) develop some suitable approaches for controller/filter design problems. In this paper, we aim to survey some recent advances on the performance analysis and synthesis with three sorts of fashionable network-enhanced complexities, namely, fading measurements, event-triggered mechanisms, and attack behaviors of adversaries. First, these three kinds of complexities are introduced in detail according to their engineering backgrounds, dynamical characteristic, and modelling techniques. Then, the developments of the performance analysis and synthesis issues for various networked systems are systematically reviewed. Furthermore, some challenges are illustrated by using a thorough literature review and some possible future research directions are highlighted.This work was supported in part by the National Natural Science Foundation of China under Grants 61134009, 61329301, 61203139, 61374127, and 61374010, the Royal Society of the UK, and the Alexander von Humboldt Foundation of Germany