Cyber-Physical Security Strategies

Cyber-physical security describes the protection of systems with close relationships between computational functions and physical ones and addresses the issue of vulnerability to attack through both cyber and physical avenues. This describes systems in a wide variety of functions, many crucial to the function of modern society, making their security of paramount importance. The development of secure system design and attack detection strategies for each potential avenue of attack is needed to combat malicious attacks. This thesis will provide an overview of the approaches to securing different aspect of cyber-physical systems. The cyber element can be designed to better prevent unauthorized entry and to be more robust to attack while its use is evaluated for signs of ongoing intrusion. Nodes in sensor networks can be evaluated by their claims to determine the likelihood of their honesty. Control systems can be designed to be robust in cases of the failure of one component and to detect signal insertion or replay attack. Through the application of these strategies, the safety and continued function of cyber-physical systems can be improved

A Resilient Control Approach to Secure Cyber Physical Systems (CPS) with an Application on Connected Vehicles

The objective of this dissertation is to develop a resilient control approach to secure Cyber Physical Systems (CPS) against cyber-attacks, network failures and potential physical faults. Despite being potentially beneficial in several aspects, the connectivity in CPSs poses a set of specific challenges from safety and reliability standpoint. The first challenge arises from unreliable communication network which affects the control/management of overall system. Second, faulty sensors and actuators can degrade the performance of CPS and send wrong information to the controller or other subsystems of the CPS. Finally, CPSs are vulnerable to cyber-attacks which can potentially lead to dangerous scenarios by affecting the information transmitted among various components of CPSs. Hence, a resilient control approach is proposed to address these challenges. The control approach consists of three main parts:(1) Physical fault diagnostics: This part makes sure the CPS works normally while there is no cyber-attacks/ network failure in the communication network; (2) Cyber-attack/failure resilient strategy: This part consists of a resilient strategy for specific cyber-attacks to compensate for their malicious effects ; (3) Decision making algorithm: The decision making block identifies the specific existing cyber-attacks/ network failure in the system and deploys corresponding control strategy to minimize the effect of abnormality in the system performance. In this dissertation, we consider a platoon of connected vehicle system under Co-operative Adaptive Cruise Control (CACC) strategy as a CPS and develop a resilient control approach to address the aforementioned challenges. The first part of this dissertation investigates fault diagnostics of connected vehicles assuming ideal communication network. Very few works address the real-time diagnostics problem in connected vehicles. This study models the effect of different faults in sensors and actuators, and also develops fault diagnosis scheme for detectable and identifiable faults. The proposed diagnostics scheme is based on sliding model observers to detect, isolate and estimate faults in the sensors and actuators. One of the main advantages of sliding model approach lies in applicability to nonlinear systems. Therefore, the proposed method can be extended for other nonlinear cyber physical systems as well. The second part of the proposed research deals with developing strategies to maintain performance of cyber-physical systems close to the normal, in the presence of common cyber-attacks and network failures. Specifically, the behavior of Dedicated Short-Range Communication (DSRC) network is analyzed under cyber-attacks and failures including packet dropping, Denial of Service (DOS) attack and false data injection attack. To start with, packet dropping in network communication is modeled by Bernoulli random variable. Then an observer based modifying algorithm is proposed to modify the existing CACC strategy against the effect of packet dropping phenomena. In contrast to the existing works on state estimation over imperfect communication network in CPS which mainly use either holding previous received data or Kalman filter with intermittent observation, a combination of these two approaches is used to construct the missing data over packet dropping phenomena. Furthermore, an observer based fault diagnostics based on sliding mode approach is proposed to detect, isolate and estimate sensor faults in connected vehicles platoon. Next, Denial of Service (DoS) attack is considered on the communication network. The effect of DoS attack is modeled as an unknown stochastic delay in data delivery in the communication network. Then an observer based approach is proposed to estimate the real data from the delayed measured data over the network. A novel approach based on LMI theory is presented to design observer and estimate the states of the system via delayed measurements. Next, we explore and alternative approach by modeling DoS with unknown constant time delay and propose an adaptive observer to estimate the delay. Furthermore, we study the effects of system uncertainties on the DoS algorithm. In the third algorithm, we considered a general CPS with a saturated DoS attack modeled with constant unknown delay. In this part, we modeled the DoS via a PDE and developed a PDE based observer to estimate the delay as well as states of the system while the only available measurements are delayed. Furthermore, as the last cyber-attack of the second part of the dissertation, we consider false data injection attack as the fake vehicle identity in the platoon of vehicles. In this part, we develop a novel PDE-based modeling strategy for the platoon of vehicles equipped with CACC. Moreover, we propose a PDE based observer to detect and isolate the location of the false data injection attack injected into the platoon as fake identity. Finally, the third part of the dissertation deals with the ongoing works on an optimum decision making strategy formulated via Model Predictive Control (MPC). The decision making block is developed to choose the optimum strategy among available strategies designed in the second part of the dissertation

Middleware and Architecture for Advanced Applications of Cyber-physical Systems

In this thesis, we address issues related to middleware, architecture and applications of cyber-physical systems. The first problem we address is the cross-layer design of cyber-physical systems to cope with interactions between the cyber layer and the physical layer in a dynamic environment. We propose a bi-directional middleware that allows the optimal utilization of the common resources for the benefit of either or both the layers in order to obtain overall system performance. The case study of network connectivity preservation in a vehicular formation illustrates how this approach can be applied to a particular situation where the network connectivity drives the application layer. Next we address another aspect of cross-layer impact: the problem that arises when network performance, in this case delay performance, affects control system performance. We propose a two-pronged approach involving a flexible adaptive model identification algorithm with outlier rejection, which in turn uses an adaptive system model to detect and reject outliers, thus shielding the estimation algorithm and thereby improving reliability. We experimentally demonstrate that the outlier rejection approach which intercepts and filters the data, combined with simultaneous model adaptation, can result in improved performance of Model Predictive Control in the vehicular testbed. Then we turn to two advanced applications of cyber-physical systems. First, we address the problem of security of cyber-physical systems. We consider the context of an intelligent transportation system in which a malicious sensor node manipulates the position data of one of the autonomous cars to deviate from a safe trajectory and collide with other cars. In order to secure the safety of such systems where sensor measurements are compromised, we employ the procedure of “dynamic watermarking”. This procedure enables an honest node in the control loop to detect the existence of a malicious node within the feedback loop. We demonstrate in the testbed that dynamic watermarking can indeed protect cars against collisions even in the presence of sensor attacks. The second application of cyber-physical systems that we consider is cyber-manufacturing which is an origami-type laser-based custom manufacturing machine employing folding and cutting of sheet material to manufacture 3D objects. We have developed such a system for use in a laser-based autonomous custom manufacturing machine equipped with real-time sensing and control. The basic elements in the architecture are a laser processing machine, a sensing system to estimate the state of the workpiece, a control system determining control inputs for a laser system based on the estimated data, a robotic arm manipulating the workpiece in the work space, and middleware supporting the communication among the systems. We demonstrate automated 3D laser cutting and bending to fabricate a 3D product as an experimental result. Lastly, we address the problem of traffic management of an unmanned aerial system. In an effort to improve the performance of the traffic management for unmanned aircrafts, we propose a probability-based collision resolution algorithm. The proposed algorithm analyzes the planned trajectories to calculate their collision probabilities, and modifies individual drone starting times to reduce the probability of collision, while attempting to preserve high performance. Our simulation results demonstrate that the proposed algorithm improves the performance of the drone traffic management by guaranteeing high safety with low modification of the starting times

Towards smarter, safer, more reliable and more resilient autonomous robotic systems

Abstract: Although the concepts and developments on Fault Detection and Diagnosis (FDD) and Fault-Tolerant Control (FTC) have been progressively and extensively investigated worldwide since the 1970’s and 1980’s, respectively, the two recent catastrophic accidents induced by the crashes of two Boeing 737 MAX8 airplanes have highlighted again the necessity and urgency for FDD and FTC research & development and their industrial applications. On the other hand, benefited from technical advances in new materials, mechatronics, communication, computation, control, sensors, actuators and new/smart designs, Unmanned Aerial Vehicles (UAVs), Autonomous Cars (AVs), and other robotic systems on the space, land, on/under the water are gaining more and more attention and rapid development during the last few years due to their relatively easy and cost-effective uses in various application tasks such as automated operations, surveillance, sensing, search and rescue, agriculture, forest, environment, pipelines, powerlines, military and security applications. In this Abstract presentation, brief overall view on the challenges and latest developments on making these autonomous/unmanned robotic systems smarter, safer, more reliable and more resilient in terms of Guidance, Navigation, and Control (GNC) of robotic systems (in particular UAVs) by integrating with Remote Sensing (RS) techniques for autonomous, efficient and reliable applications to forest and environment monitoring and fires/damages/risks detection and suppression will be presented first, then some of new developments and current research works being carried out at Concordia’s Networked Autonomous Vehicles Lab (NAVL) will be introduced as the second part of the presentation. In particular, new developments on autonomous control, FDD, FTC, and Fault-Tolerant Cooperative Control (FTCC) techniques towards autonomous, safe and secure operations and applications of autonomous/unmanned systems (UAVs and AVs) to the forest fire monitoring and fighting tasks, as well as safe and resilient control of autonomous/unmanned systems in the presence of both physical-faults and cyber-attacks in the general framework of cyber-physical systems will also be presented.Résumé de la communication présentée lors du congrès international tenu conjointement par Canadian Society for Mechanical Engineering (CSME) et Computational Fluid Dynamics Society of Canada (CFD Canada), à l’Université de Sherbrooke (Québec), du 28 au 31 mai 2023

Middleware and Architecture for Advanced Applications of Cyber-physical Systems

In this thesis, we address issues related to middleware, architecture and applications of cyber-physical systems. The first problem we address is the cross-layer design of cyber-physical systems to cope with interactions between the cyber layer and the physical layer in a dynamic environment. We propose a bi-directional middleware that allows the optimal utilization of the common resources for the benefit of either or both the layers in order to obtain overall system performance. The case study of network connectivity preservation in a vehicular formation illustrates how this approach can be applied to a particular situation where the network connectivity drives the application layer. Next we address another aspect of cross-layer impact: the problem that arises when network performance, in this case delay performance, affects control system performance. We propose a two-pronged approach involving a flexible adaptive model identification algorithm with outlier rejection, which in turn uses an adaptive system model to detect and reject outliers, thus shielding the estimation algorithm and thereby improving reliability. We experimentally demonstrate that the outlier rejection approach which intercepts and filters the data, combined with simultaneous model adaptation, can result in improved performance of Model Predictive Control in the vehicular testbed. Then we turn to two advanced applications of cyber-physical systems. First, we address the problem of security of cyber-physical systems. We consider the context of an intelligent transportation system in which a malicious sensor node manipulates the position data of one of the autonomous cars to deviate from a safe trajectory and collide with other cars. In order to secure the safety of such systems where sensor measurements are compromised, we employ the procedure of “dynamic watermarking”. This procedure enables an honest node in the control loop to detect the existence of a malicious node within the feedback loop. We demonstrate in the testbed that dynamic watermarking can indeed protect cars against collisions even in the presence of sensor attacks. The second application of cyber-physical systems that we consider is cyber-manufacturing which is an origami-type laser-based custom manufacturing machine employing folding and cutting of sheet material to manufacture 3D objects. We have developed such a system for use in a laser-based autonomous custom manufacturing machine equipped with real-time sensing and control. The basic elements in the architecture are a laser processing machine, a sensing system to estimate the state of the workpiece, a control system determining control inputs for a laser system based on the estimated data, a robotic arm manipulating the workpiece in the work space, and middleware supporting the communication among the systems. We demonstrate automated 3D laser cutting and bending to fabricate a 3D product as an experimental result. Lastly, we address the problem of traffic management of an unmanned aerial system. In an effort to improve the performance of the traffic management for unmanned aircrafts, we propose a probability-based collision resolution algorithm. The proposed algorithm analyzes the planned trajectories to calculate their collision probabilities, and modifies individual drone starting times to reduce the probability of collision, while attempting to preserve high performance. Our simulation results demonstrate that the proposed algorithm improves the performance of the drone traffic management by guaranteeing high safety with low modification of the starting times

Multi-Layer Cyber-Physical Security and Resilience for Smart Grid

The smart grid is a large-scale complex system that integrates communication technologies with the physical layer operation of the energy systems. Security and resilience mechanisms by design are important to provide guarantee operations for the system. This chapter provides a layered perspective of the smart grid security and discusses game and decision theory as a tool to model the interactions among system components and the interaction between attackers and the system. We discuss game-theoretic applications and challenges in the design of cross-layer robust and resilient controller, secure network routing protocol at the data communication and networking layers, and the challenges of the information security at the management layer of the grid. The chapter will discuss the future directions of using game-theoretic tools in addressing multi-layer security issues in the smart grid.Comment: 16 page

MobileTrust: Secure Knowledge Integration in VANETs

Vehicular Ad hoc NETworks (VANET) are becoming popular due to the emergence of the Internet of Things and ambient intelligence applications. In such networks, secure resource sharing functionality is accomplished by incorporating trust schemes. Current solutions adopt peer-to-peer technologies that can cover the large operational area. However, these systems fail to capture some inherent properties of VANETs, such as fast and ephemeral interaction, making robust trust evaluation of crowdsourcing challenging. In this article, we propose MobileTrust—a hybrid trust-based system for secure resource sharing in VANETs. The proposal is a breakthrough in centralized trust computing that utilizes cloud and upcoming 5G technologies to provide robust trust establishment with global scalability. The ad hoc communication is energy-efficient and protects the system against threats that are not countered by the current settings. To evaluate its performance and effectiveness, MobileTrust is modelled in the SUMO simulator and tested on the traffic features of the small-size German city of Eichstatt. Similar schemes are implemented in the same platform to provide a fair comparison. Moreover, MobileTrust is deployed on a typical embedded system platform and applied on a real smart car installation for monitoring traffic and road-state parameters of an urban application. The proposed system is developed under the EU-founded THREAT-ARREST project, to provide security, privacy, and trust in an intelligent and energy-aware transportation scenario, bringing closer the vision of sustainable circular economy