A Frequency Hopping Method to Detect Replay Attacks

The application of information technology in network control systems introduces the potential threats to the future industrial control system. The malicious attacks undermine the security of network control system, which could cause a huge economic loss. This thesis studies a particular cyber attack called the replay attack, which is motivated by the Stuxnet worm allegedly used against the nuclear facilities in Iran. For replay attack, this thesis injects the narrow-band signal into control signal and adopts the spectrum estimation approach to test the estimation residue. In order to protect the information of the injected signal from knowing by attackers, the frequency hopping technology is employed to encrypt the frequency of the narrow-band signal. The detection method proposed in the thesis is illustrated and examined by the simulation studies, and it shows the good detection rate and security

Set-based replay attack detection in closed-loop systems using a plug & play watermarking approach

© 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.This paper presents a watermarking signal injection method that compensates its effect in the loop, avoiding thus the signal reinjection. Similar to a virtual actuator scheme, the proposed methodology masks the presence of the authentication signal to the system controller, that do not need to be retuned as it remains immunized. Furthermore, a set-based analysis concerning the effect that the performance loss imposed by a watermarking signal has in the detectability of a replay attack is performed for the stationary, assuming that a standard state observer is used in order to monitor the plant. Finally, a numerical application example is used to illustrate the proposed approach.This work has been partially funded by the Spanish State ResearchAgency (AEI) and the European Regional Development Fund (ERFD)through the projects SCAV (ref. MINECO DPI2017-88403-R) and DEOCS(ref. MINECO DPI2016-76493) and AGAUR ACCIO RIS3CAT UTILITIES4.0 – P7 SECUTIL. This work has been also supported by the AEI throughthe Maria de Maeztu Seal of Excellence to IRI (MDM-2016-0656).Peer ReviewedPostprint (author's final draft

Detection of replay attacks in cyber-physical systems using a frequency-based signature

This paper proposes a frequency-based approach for the detection of replay attacks affecting cyber-physical systems (CPS). In particular, the method employs a sinusoidal signal with a time-varying frequency (authentication signal) into the closed-loop system and checks whether the time profile of the frequency components in the output signal are compatible with the authentication signal or not. In order to carry out this target, the couplings between inputs and outputs are eliminated using a dynamic decoupling technique based on vector fitting. In this way, a signature introduced on a specific input channel will affect only the output that is selected to be associated with that input, which is a property that can be exploited to determine which channels are being affected. A bank of band-pass filters is used to generate signals whose energies can be compared to reconstruct an estimation of the time-varying frequency profile. By matching the known frequency profile with its estimation, the detector can provide the information about whether a replay attack is being carried out or not. The design of the signal generator and the detector are thoroughly discussed, and an example based on a quadruple-tank process is used to show the application and effectiveness of the proposed method.Peer ReviewedPostprint (author's final draft

Detection of replay attacks in CPSs using observer-based signature compensation

© 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.This paper presents a replay attack detection method that addresses the performance loss of watermarking-based approaches. The proposed method injects a sinusoidal signal that affects a subset, chosen at random, of the system outputs. The presence of the signal in each one of the outputs is estimated by means of independent observers and its effect is compensated in the control loop. When a system output is affected by a replay attack, the loss of feedback of the associated observer destabilizes the signal estimation, leading to an exponential increase of the estimation error up to a threshold, above which the estimated signal compensation in the control loop is disabled. This event triggers the detection of a replay attack over the output corresponding to the disrupted observer. The effectiveness of the method is demonstrated using results obtained with a quadruple-tank system simulator.Peer ReviewedPostprint (author's final draft

Learning-based attacks in cyber-physical systems

We introduce the problem of learning-based attacks in a simple abstraction of cyber-physical systems---the case of a discrete-time, linear, time-invariant plant that may be subject to an attack that overrides the sensor readings and the controller actions. The attacker attempts to learn the dynamics of the plant and subsequently override the controller's actuation signal, to destroy the plant without being detected. The attacker can feed fictitious sensor readings to the controller using its estimate of the plant dynamics and mimic the legitimate plant operation. The controller, on the other hand, is constantly on the lookout for an attack; once the controller detects an attack, it immediately shuts the plant off. In the case of scalar plants, we derive an upper bound on the attacker's deception probability for any measurable control policy when the attacker uses an arbitrary learning algorithm to estimate the system dynamics. We then derive lower bounds for the attacker's deception probability for both scalar and vector plants by assuming a specific authentication test that inspects the empirical variance of the system disturbance. We also show how the controller can improve the security of the system by superimposing a carefully crafted privacy-enhancing signal on top of the "nominal control policy." Finally, for nonlinear scalar dynamics that belong to the Reproducing Kernel Hilbert Space (RKHS), we investigate the performance of attacks based on nonlinear Gaussian-processes (GP) learning algorithms

DoubleEcho: Mitigating Context-Manipulation Attacks in Copresence Verification

Copresence verification based on context can improve usability and strengthen security of many authentication and access control systems. By sensing and comparing their surroundings, two or more devices can tell whether they are copresent and use this information to make access control decisions. To the best of our knowledge, all context-based copresence verification mechanisms to date are susceptible to context-manipulation attacks. In such attacks, a distributed adversary replicates the same context at the (different) locations of the victim devices, and induces them to believe that they are copresent. In this paper we propose DoubleEcho, a context-based copresence verification technique that leverages acoustic Room Impulse Response (RIR) to mitigate context-manipulation attacks. In DoubleEcho, one device emits a wide-band audible chirp and all participating devices record reflections of the chirp from the surrounding environment. Since RIR is, by its very nature, dependent on the physical surroundings, it constitutes a unique location signature that is hard for an adversary to replicate. We evaluate DoubleEcho by collecting RIR data with various mobile devices and in a range of different locations. We show that DoubleEcho mitigates context-manipulation attacks whereas all other approaches to date are entirely vulnerable to such attacks. DoubleEcho detects copresence (or lack thereof) in roughly 2 seconds and works on commodity devices

Bibliographical review on cyber attacks from a control oriented perspective

This paper presents a bibliographical review of definitions, classifications and applications concerning cyber attacks in networked control systems (NCSs) and cyber-physical systems (CPSs). This review tackles the topic from a control-oriented perspective, which is complementary to information or communication ones. After motivating the importance of developing new methods for attack detection and secure control, this review presents security objectives, attack modeling, and a characterization of considered attacks and threats presenting the detection mechanisms and remedial actions. In order to show the properties of each attack, as well as to provide some deeper insight into possible defense mechanisms, examples available in the literature are discussed. Finally, open research issues and paths are presented.Peer ReviewedPostprint (author's final draft

Separability of State Trajectories and its Applications to Security of Cyber-Physical Systems

This article studies a fundamental problem of security of cyber-physical systems (CPSs). We focus on a class of attacks where some of the actuators could be malicious while all the sensors are considered to be honest. We introduce a novel idea of separability of state trajectories that are generated by the honest and corrupt actuators, and establish its connection to the security of CPSs in the context of detecting the presence of malicious actuators (if any,) in the system. As a defense strategy to guard the CPS against malicious attacks, we focus on the mechanism of perturbing the pre-determined control action by injecting a certain class of random process by the honest actuators called private excitation, which is assumed to have a known distribution. As primary contributions we give sufficient conditions for the existence and non-existence of a separator for linear time-invariant stochastic systems, under the assumption that the policies are randomized-Markovian and randomized history dependent. Several technical aspects of the established results are discussed extensively.Comment: 26 page