A control theoretic approach for security of cyber-physical systems

In this dissertation, several novel defense methodologies for cyber-physical systems have been proposed. First, a special type of cyber-physical system, the RFID system, is considered for which a lightweight mutual authentication and ownership management protocol is proposed in order to protect the data confidentiality and integrity. Then considering the fact that the protection of the data confidentiality and integrity is insufficient to guarantee the security in cyber-physical systems, we turn to the development of a general framework for developing security schemes for cyber-physical systems wherein the cyber system states affect the physical system and vice versa. After that, we apply this general framework by selecting the traffic flow as the cyber system state and a novel attack detection scheme that is capable of capturing the abnormality in the traffic flow in those communication links due to a class of attacks has been proposed. On the other hand, an attack detection scheme that is capable of detecting both sensor and actuator attacks is proposed for the physical system in the presence of network induced delays and packet losses. Next, an attack detection scheme is proposed when the network parameters are unknown by using an optimal Q-learning approach. Finally, this attack detection and accommodation scheme has been further extended to the case where the network is modeled as a nonlinear system with unknown system dynamics --Abstract, page iv

Time-Delay Switch Attack on Networked Control Systems, Effects and Countermeasures

In recent years, the security of networked control systems (NCSs) has been an important challenge for many researchers. Although the security schemes for networked control systems have advanced in the past several years, there have been many acknowledged cyber attacks. As a result, this dissertation proposes the use of a novel time-delay switch (TDS) attack by introducing time delays into the dynamics of NCSs. Such an attack has devastating effects on NCSs if prevention techniques and countermeasures are not considered in the design of these systems. To overcome the stability issue caused by TDS attacks, this dissertation proposes a new detector to track TDS attacks in real time. This method relies on an estimator that will estimate and track time delays introduced by a hacker. Once a detector obtains the maximum tolerable time delay of a plant’s optimal controller (for which the plant remains secure and stable), it issues an alarm signal and directs the system to its alarm state. In the alarm state, the plant operates under the control of an emergency controller that can be local or networked to the plant and remains in this stable mode until the networked control system state is restored. In another effort, this dissertation evaluates different control methods to find out which one is more stable when under a TDS attack than others. Also, a novel, simple and effective controller is proposed to thwart TDS attacks on the sensing loop (SL). The modified controller controls the system under a TDS attack. Also, the time-delay estimator will track time delays introduced by a hacker using a modified model reference-based control with an indirect supervisor and a modified least mean square (LMS) minimization technique. Furthermore, here, the demonstration proves that the cryptographic solutions are ineffective in the recovery from TDS attacks. A cryptography-free TDS recovery (CF-TDSR) communication protocol enhancement is introduced to leverage the adaptive channel redundancy techniques, along with a novel state estimator to detect and assist in the recovery of the destabilizing effects of TDS attacks. The conclusion shows how the CF-TDSR ensures the control stability of linear time invariant systems

On the Control of Microgrids Against Cyber-Attacks: A Review of Methods and Applications

Nowadays, the use of renewable generations, energy storage systems (ESSs) and microgrids (MGs) has been developed due to better controllability of distributed energy resources (DERs) as well as their cost-effective and emission-aware operation. The development of MGs as well as the use of hierarchical control has led to data transmission in the communication platform. As a result, the expansion of communication infrastructure has made MGs as cyber-physical systems (CPSs) vulnerable to cyber-attacks (CAs). Accordingly, prevention, detection and isolation of CAs during proper control of MGs is essential. In this paper, a comprehensive review on the control strategies of microgrids against CAs and its defense mechanisms has been done. The general structure of the paper is as follows: firstly, MGs operational conditions, i.e., the secure or insecure mode of the physical and cyber layers are investigated and the appropriate control to return to a safer mode are presented. Then, the common MGs communication system is described which is generally used for multi-agent systems (MASs). Also, classification of CAs in MGs has been reviewed. Afterwards, a comprehensive survey of available researches in the field of prevention, detection and isolation of CA and MG control against CA are summarized. Finally, future trends in this context are clarified

Enhancing Cyber-Resiliency of DER-based SmartGrid: A Survey

The rapid development of information and communications technology has enabled the use of digital-controlled and software-driven distributed energy resources (DERs) to improve the flexibility and efficiency of power supply, and support grid operations. However, this evolution also exposes geographically-dispersed DERs to cyber threats, including hardware and software vulnerabilities, communication issues, and personnel errors, etc. Therefore, enhancing the cyber-resiliency of DER-based smart grid - the ability to survive successful cyber intrusions - is becoming increasingly vital and has garnered significant attention from both industry and academia. In this survey, we aim to provide a systematical and comprehensive review regarding the cyber-resiliency enhancement (CRE) of DER-based smart grid. Firstly, an integrated threat modeling method is tailored for the hierarchical DER-based smart grid with special emphasis on vulnerability identification and impact analysis. Then, the defense-in-depth strategies encompassing prevention, detection, mitigation, and recovery are comprehensively surveyed, systematically classified, and rigorously compared. A CRE framework is subsequently proposed to incorporate the five key resiliency enablers. Finally, challenges and future directions are discussed in details. The overall aim of this survey is to demonstrate the development trend of CRE methods and motivate further efforts to improve the cyber-resiliency of DER-based smart grid.Comment: Submitted to IEEE Transactions on Smart Grid for Publication Consideratio

Security of Linear Control Systems

The coming decades may see the large scale deployment of networked cyber-physical systems to address global needs in areas such as energy, water, healthcare, and transportation. However, as recent events have shown, such systems are vulnerable to cyber attacks. They are not only econoically important, but being safety critical, their disruption or misbehavior can also cause injuries and loss of life. It is therefore important to secure such networked cyber-physical systems against attacks. In the absence of credible security guarantees, there will be resistance to the proliferation of cyber-physical systems, which are much needed to meet global needs in critical infrastructures and services. This study addresses the problem of secure control of networked cyber-physical systems. This problem is different from the problem of securing the communication network, since cyberphysical systems at their very essence need sensors and actuators that interface with the physical plant, and malicious agents may tamper with sensors or actuators, as recent attacks have shown. We consider physical plants that are being controlled by multiple actuators and sensors communicating over a network, where some sensors and actuators could be “malicious." A malicious sensor may not report the measurement that it observes truthfully, while a malicious actuator may not apply actuation signals in accordance with the designed control policy. In the first part of this work, we introduce, against this backdrop, the notions of securable and unsecurable subspaces of a linear dynamical system, and show that they have important operational meanings for both deterministic and stochastic linear dynamical systems in the context of secure control. These subspaces may be regarded as analogs of the controllable and unobservable subspaces reexamined in an era where there is intense interest in cybersecurity of control systems. In the second part of the work, we propose a general technique, termed “Dynamic Watermarking,” by which honest nodes in the system can detect the actions of malicious nodes, and disable closed-loop control based on their information. Dynamic Watermarking employs the technique of honest actuators injecting a “small" random noise, known as private excitation, into the system which will reveal tampering of measurements by malicious sensors. We lay the foundations for the theory for how such an active defense can be used to secure networked systems of sensors and actuators

Information Leakage Attacks and Countermeasures

The scientific community has been consistently working on the pervasive problem of information leakage, uncovering numerous attack vectors, and proposing various countermeasures. Despite these efforts, leakage incidents remain prevalent, as the complexity of systems and protocols increases, and sophisticated modeling methods become more accessible to adversaries. This work studies how information leakages manifest in and impact interconnected systems and their users. We first focus on online communications and investigate leakages in the Transport Layer Security protocol (TLS). Using modern machine learning models, we show that an eavesdropping adversary can efficiently exploit meta-information (e.g., packet size) not protected by the TLS’ encryption to launch fingerprinting attacks at an unprecedented scale even under non-optimal conditions. We then turn our attention to ultrasonic communications, and discuss their security shortcomings and how adversaries could exploit them to compromise anonymity network users (even though they aim to offer a greater level of privacy compared to TLS). Following up on these, we delve into physical layer leakages that concern a wide array of (networked) systems such as servers, embedded nodes, Tor relays, and hardware cryptocurrency wallets. We revisit location-based side-channel attacks and develop an exploitation neural network. Our model demonstrates the capabilities of a modern adversary but also presents an inexpensive tool to be used by auditors for detecting such leakages early on during the development cycle. Subsequently, we investigate techniques that further minimize the impact of leakages found in production components. Our proposed system design distributes both the custody of secrets and the cryptographic operation execution across several components, thus making the exploitation of leaks difficult

Trust-based fault detection and robust fault-tolerant control of uncertain cyber-physical systems against time-delay injection attacks

Control systems need to be able to operate under uncertainty and especially under attacks. To address such challenges, this paper formulates the solution of robust control for uncertain systems under time-varying and unknown time-delay attacks in cyber-physical systems (CPSs). A novel control method able to deal with thwart time-delay attacks on closed-loop control systems is proposed. Using a descriptor model and an appropriate Lyapunov functional, sufficient conditions for closed-loop stability are derived based on linear matrix inequalities (LMIs). A design procedure is proposed to obtain an optimal state feedback control gain such that the uncertain system can be resistant under an injection time-delay attack with variable delay. Furthermore, various fault detection frameworks are proposed by following the dynamics of the measured data at the system's input and output using statistical analysis such as correlation analysis and K-L (Kullback-Leibler) divergence criteria to detect attack's existence and to prevent possible instability. Finally, an example is provided to evaluate the proposed design method's effectiveness