Fast and Resource-Efficient Control of Wireless Cyber-Physical Systems

Baumann, Dominik

January 2019

Cyber-physical systems (CPSs) tightly integrate physical processes with computing and communication to autonomously interact with the surrounding environment.This enables emerging applications such as autonomous driving, coordinated flightof swarms of drones, or smart factories. However, current technology does notprovide the reliability and flexibility to realize those applications. Challenges arisefrom wireless communication between the agents and from the complexity of thesystem dynamics. In this thesis, we take on these challenges and present three maincontributions.We first consider imperfections inherent in wireless networks, such as communication delays and message losses, through a tight co-design. We tame the imperfectionsto the extent possible and address the remaining uncertainties with a suitable controldesign. That way, we can guarantee stability of the overall system and demonstratefeedback control over a wireless multi-hop network at update rates of 20-50 ms.If multiple agents use the same wireless network in a wireless CPS, limitedbandwidth is a particular challenge. In our second contribution, we present aframework that allows agents to predict their future communication needs. Thisallows the network to schedule resources to agents that are in need of communication.In this way, the limited resource communication can be used in an efficient manner.As a third contribution, to increase the flexibility of designs, we introduce machinelearning techniques. We present two different approaches. In the first approach,we enable systems to automatically learn their system dynamics in case the truedynamics diverge from the available model. Thus, we get rid of the assumption ofhaving an accurate system model available for all agents. In the second approach, wepropose a framework to directly learn actuation strategies that respect bandwidthconstraints. Such approaches are completely independent of a system model andstraightforwardly extend to nonlinear settings. Therefore, they are also suitable forapplications with complex system dynamics. / <p>QC 20190118</p>

Cyber-Physical Systems

Event-Triggered Control

Machine Learning

Engineering and Technology

Teknik och teknologier

On integrated modularization for situated product configuration

Williamsson, David

January 2019

Road transports face increasing societal challenges with respect to emissions, safety, and traffic congestion, as well as business challenges. Truck automation, e.g. self-driving trucks may be utilized to address some of these issues. Autonomous transport vehicles may be characterized as Cyber-Physical Systems (CPS). A drawback is that CPS significantly increase technical complexity and thus introduce new challenges to system architecting. A product architecture is the interrelation between physical components and their function, i.e. their purpose. Product architectures can be categorized as being modular or integral. The main purpose of a modular architecture is to enable external variety and at the same time internal commonality. Products with a modular architecture are configured from predesigned building blocks, i.e. modules. A stable module, which is a carrier of main function(s) has standardized interfaces, is configured for company-specific reasons, which means it supports a company-specific (business) strategy. In this thesis, the present state at the heavy vehicle manufacturer Scania, concerning product architecting, modularization, product description and configuration is investigated. Moreover, a new clustering based method for product modularization that integrates product complexity and company business strategies is proposed. The method is logically verified with multiple industrial cases, where the architecture of a heavy truck driveline is used as a test bench. The driveline contains synergistic configurations of mechanical, electrical and software technologies that are constituents of an automated  and/or semi-autonomous system, i.e. the driveline may be characterized as a CPS. The architecture is analyzed both from technical complexity and business strategy point of view.  The presented research indicates that a structured methodology which supports the development of the product architecture is needed at Scania, to enable control of the increasing technical complexity in the Cyber-Physical Systems. Finally, configuration rules are identified to be highly important in order to successfully realize a modular product architecture. A drawback with this approach is that the solution space becomes hard to identify, therefore a complete and flexible product description methodology is essential. The results from the case studies indicate that clustering of a Product Architecture DSM may result in a modular architecture with significantly reduced complexity, but with clusters that contain conflicting module drivers. It is also identified that the new modularization methodology is capable of identifying and proposing reasonable module candidates that address product complexity as well as company-specific strategies. Furthermore, several case studies show that the proposed method can be used for analyzing and finding the explicit and/or implicit, technical as well as strategic, reasons behind the architecture of an existing product.

Modularization

Product Description

Module

Product Structure

Product Architecture

Cyber-Physical System

Other Mechanical Engineering

Annan maskinteknik

Model-Based Trust Assessment in Autonomous Cyber-Physical Production Systems

Zahid, Maryam

January 2024

An increase in consumer demand and scarcity of available resources has led industrialists to hunt for solutions related to the automation of traditional manufacturing and production processes, optimizing resource consumption while improving the overall efficiency of the process. The resultant revolution brought forward the concept of cyber-physical production systems. Furthermore, industries within the private sector have integrated artificial intelligence with their traditional production processes as Cobots (collaborative robots), thus introducing the concept of Autonomous Cyber-Physical Production Systems. Although these systems maximize the production or manufacturing process while efficiently using the available resources, the machine learning component integrated into the traditional cyber-physical production system brings about trust-related issues due to its possible lack of predictability and transparency. Implementing trust-related attributes within autonomous cyber-physical production systems alone cannot overcome the highlighted problem. Therefore, a detailed risk assessment is required to identify and assess any trust-related risks in the system, especially at the early stages of the software development life cycle, to avoid major incidents and reduce maintenance costs. Based on the above-stated facts, this research proposes a model-based risk assessment technique for evaluating the trustworthiness of autonomous cyber-physical production systems. The proposed technique focuses on the identification and assessment of trust-related risks originating from the dynamic behavior of the machine learning component in autonomous cyber-physical production systems. For this, we use existing standards and techniques proposed for risk assessment in cyber-physical production systems as common ground to facilitate better implementation of trustworthiness in autonomous cyber-physical production systems. The proposed technique is aimed at overcoming the structural and behavioral limitations reported in existing model-based risk assessment techniques when dealing with autonomous cyber-physical production systems.

Model-Based

Risk Assessment

Machine Learning

Architecture

Trustworthiness

Computer Systems

Datorsystem

An Axiomatic Categorisation Framework for the Dynamic Alignment of Disparate Functions in Cyber-Physical Systems

Byrne, Thomas J., Doikin, Aleksandr, Campean, Felician, Neagu, Daniel

04 April 2019

Yes / Advancing Industry 4.0 concepts by mapping the product of the automotive industry on the spectrum of Cyber Physical Systems, we immediately recognise the convoluted processes involved in the design of new generation vehicles. New technologies developed around the communication core (IoT) enable novel interactions with data. Our framework employs previously untapped data from vehicles in the field for intelligent vehicle health management and knowledge integration into design. Firstly, the concept of an inter-disciplinary artefact is introduced to support the dynamic alignment of disparate functions, so that cyber variables change when physical variables change. Secondly, the axiomatic categorisation (AC) framework simulates functional transformations from artefact to artefact, to monitor and control automotive systems rather than components. Herein, an artefact is defined as a triad of the physical and engineered component, the information processing entity, and communication devices at their interface. Variable changes are modelled using AC, in conjunction with the artefacts, to aggregate functional transformations within the conceptual boundary of a physical system of systems. / Jaguar Land Rover funded research “Intelligent Personalised Powertrain Healthcare” 2016-2019

Cyber Physical System

Internet of Things

Industry 4.0

Multidisciplinary design

IVHM

FruitPAL: An IoT-Enabled Framework for Automatic Monitoring of Fruit Consumption in Smart Healthcare

Alkinani, Abdulrahman Ibrahim M.

12 1900

This research proposes FruitPAL and FruitPAL 2.0. They are full automatic devices that can detect fruit consumption to reduce the risk of disease. Allergies to fruits can seriously impair the immune system. A novel device (FruitPAL) detecting fruit that can cause allergies is proposed in this thesis. The device can detect fifteen types of fruit and alert the caregiver when an allergic reaction may have happened. The YOLOv8 model is employed to enhance accuracy and response time in detecting dangers. The notification will be transmitted to the mobile device through the cloud, as it is a commonly utilized medium. The proposed device can detect the fruit with an overall precision of 86%. FruitPAL 2.0 is envisioned as a device that encourages people to consume fruit. Fruits contain a variety of essential nutrients that contribute to the general health of the human body. FruitPAL 2.0 is capable of analyzing the consumed fruit and then determining its nutritional value. FruitPAL 2.0 has been trained on YOLOv5 V6.0. FruitPAL 2.0 has an overall precision of 90% in detecting the fruit. The purpose of this study is to encourage fruit consumption unless it causes illness. Even though fruit plays an important role in people's health, it might cause dangers. The proposed work can not only alert people to fruit that can cause allergies, but also it encourages people to consume fruit that is beneficial for their health.

Smart Healthcare

Diet Monitoring

Healthcare Cyber-Physical System (H-CPS)

Machine Learning

Engineering, Biomedical

A Cyber-Physical System (CPS) Approach to Support Worker Productivity based on Voice-Based Intelligent Virtual Agents

Linares Garcia, Daniel Antonio

16 August 2022

The Architecture, Engineering, and Construction (AEC) industry is currently challenged by low productivity trends and labor shortages. Efforts in academia and industry alike invested in developing solutions to this pressing issue. The majority of such efforts moved towards modernization of the industry, making use of digitalization approaches such as cyber-physical systems (CPS). In this direction, various research works have developed methods to capture information from construction environments and elements and provide monitoring capabilities to measure construction productivity at multiple levels. At the root of construction productivity, the productivity at the worker level is deemed critical. As a result, previous works explored monitoring the productivity of construction workers and resources to address the industry's productivity problems. However, productivity trends are not promising and show a need to more rigorously address productivity issues. Labor shortages also exacerbated the need for increasing the productivity of the current labor workers. Active means to address productivity have been explored as a solution in recent years. As a result, previous research took advantage of CPS and developed systems that sense construction workers' actions and environment and enable interaction with workers to render productivity improvements. One viable solution to this problem is providing on-demand activity-related information to the workers while at work, to decrease the need for manually seeking information from different sources, including supervisors, thereby improving their productivity. Especially, construction workers whose activities involve visual and manual limitations need to receive more attention, as seeking information can jeopardize their safety. Multiple labor trades such as plumbing, steel work, or carpenters are considered within this worker classification. These workers rely on knowledge gathered from the construction project documentation and databases, but have difficulties accessing this information while doing their work. Research works have explored the use of knowledge retrieval systems to give access to construction project data sources to construction workers through multiple methods, including information booths, mobile devices, and augmented reality (AR). However, these solutions do not address the need of this category of workers in receiving on-demand activity related information during their work, without negatively impacting their safety. This research focuses on voice, as an effective modality most appropriate for construction workers whose activities impose visual and manual limit actions. to this end, first, a voice-based solution is developed that supports workers' productivity through providing access to project knowledge available in Building Information Modeling (BIM) data sources. The effect of the selected modality on these workers' productivity is then evaluated using multiple user studies. The work presented in this dissertation is structured as follows: First, in chapter 2, a literature review was conducted to identify means to support construction workers and how integration with BIM has been done in previous research. This chapter identified challenges in incorporating human factors in previous systems and opportunities for seamless integration of workers into BIM practices. In chapter 3, voice-based assistance was explored as the most appropriate means to provide knowledge to workers while performing their activities. As such, Chapter 3 presents the first prototype of a voice-based intelligent virtual agent, aka VIVA, and focuses on evaluating the human factors and testing performance of voice as a modality for worker support. VIVA was tested using a user study involving a simulated construction scenario and the results of the performance achieved through VIVA were compared with the baseline currently used in construction projects for receiving activity-related information, i.e., blueprints. Results from this assessment evidenced productivity performance improvements of users using VIVA over the baseline. Finally, chapter 4 presents an updated version of VIVA that provides automatic real-time link to BIM project data and provides knowledge to the workers through voice. This system was developed based on web platforms, allowing easier development and deployment and access to more devices for future deployment. This study contributes to the productivity improvements in the AEC industry by empowering construction workers through providing on-demand access to project information. This is done through voice as a method that does not jeopardize workers' safety or interrupt their activities. This research contributes to the body of knowledge by developing an in-depth study of the effect of voice-based support systems on worker productivity, enabling real-time BIM-worker integration, and developing a working worker-level productivity support solution for construction workers whose activities limit them in manually accessing project knowledge. / Doctor of Philosophy / The Architecture, Engineering, and Construction (AEC) industry is currently challenged by low productivity trends and labor shortages. At the root of productivity, the improving productivity of construction workers is of critical essence. Therefore, academia and industry alike have shown great interest in research to develop solutions addressing construction worker productivity. For this purpose, monitoring systems for construction worker support have been developed, but productivity trends do not seem to improve, while labor shortages have increased productivity concerns. Other approaches to address productivity improvements have explored active means for productivity support. These include monitoring systems that also interact with the user. Construction workers performing activities that require allocating immense attention while using both hands, e.g. plumbers, steel workers, carpenters, have not been the focus of previous research because of the challenges of their conditions and needs. The activities performed by these workers require access to construction project data and documentation. Still, it is difficult for these workers to access information from the documents while doing their work. Therefore, previous researchers have explored methodologies to bring project data and documentation to the field but providing workers on-demand access to this data and documents have not been thoroughly studied. This research focuses on identifying the most appropriate method to provide workers access to information during activities that require more visual and manual attention. Worker support is provided by developing a solution that provides workers access to knowledge during their activities without being disruptive. The study then evaluated the effect of providing non-disruptive access to information sources enabled through the developed solution on the productivity for workers. First, in chapter 2, this study reviews the literature on approaches to connect construction project databases, a.k.a. Building Information Modeling (BIM), and workers. This review identified system types, integration approaches, and future research trends for linking BIM sources and with workers. In addition, this chapter's outcomes highlight system interoperability challenges and challenges in developing interactive systems involving humans. In chapter 3, a voice-based support system was developed as the most appropriate method for worker support during work activities that limit visual and manual worker capabilities. Then, the performance benefits of using a voice-based support system for construction workers was evaluated through a user study involving simulated construction activities. Finally, in chapter 4, this study provided a new integration method to connect BIM and workers in real-time. This system allows workers to interact with information from BIM through voice. The system was developed based on web platforms, allowing easier development and deployment and access to more devices for future deployment. This study contributes to the productivity improvements in the AEC industry by empowering construction workers through providing on-demand access to project information. This is done through voice as a method that does not jeopardize workers' attention or interrupt their activities.

Cyber-Physical Systems

CPS

Voice-Based

Productivity

Worker Support

Interoperability

VIVA

Human-System Interaction

Microgrid as a Cyber-Physical System: Dynamics and Control

Lee, Lung-An

15 May 2023

As a result of climate change, extreme events occur more frequently and at higher severity, causing catastrophic power outages with significant economic losses. Microgrids are deployed as a technology to enhance power system resilience. A microgrid may include one or more distributed energy resources (DERs), including synchronous generators, solar panels, wind turbines, and energy storage systems which are decentralized power sources primarily in a distribution system to enable system recovery from catastrophic events. Microgrids can be operated in a utility-connected mode or an islanded mode in separation with the hosting transmission or distribution system. As major disasters occur, intentional islanding of a microgrid is a strategy to serve critical loads, within or outside the microgrids, until the utility service is restored. To operate microgrids, dispatch and control capabilities are required that would significantly improve the dynamic performance of the microgrid. An islanded microgrid can be used to serve critical load as a resiliency source when a severe outage occurs. In an islanded mode, control of a microgrid relies on the communication system significantly. Hence, microgrids are cyber-physical systems and, therefore, the cyber system plays a crucial role in the performance of the cyber-power system. Improper parameters of the cyber system can result in instability of a microgrid system. Simplification of the networked control system model is needed to enhance the computational performance, making the analytical method practical for large-scale power systems. To reduce the emission of carbon dioxide and alleviate the impact of climate change, the electric power industry has been integrating renewable energy into the power grid. The high penetration of renewable energy at an unprecedented level also raises new issues for the power grid, e.g., low inertia, degraded power quality, and higher uncertainties. Power electronics technology is used for power conversion of renewable energy. As the level of penetration of renewable energy increases, the inverter-based resources (IBRs) are being installed at a fast pace on the power grid. Compared to conventional synchronous generators (SGs), a major technical challenge of IBRs is their low inertia which can lead to system instability. In this context, the work of this dissertation results in major contributions regarding control algorithms for microgrid resilience, stability, and cyber-physical systems. Specifically, three novel contributions are presented: 1) A coordinated control scheme is proposed to achieve the goals of power dispatch and system regulation for an islanded microgrid. The proposed control scheme improves system dynamics; 2) A method is developed for the determination of critical values for the data reporting period and communication delay. Based on the proposed method, a 2-dimensional stability region of a microgrid in the space of cyber parameters is derived and critical values of cyber parameters are identified based on the stability region; 3) A control scheme is proposed to improve system stability of a hybrid-DER microgrid. The analysis serves to illustrate the stability regions of the hybrid-DER microgrid. A control methodology based on two-time scale decomposition is developed to stabilize the system. / Doctor of Philosophy / Climate change is causing more frequent and severe weather events, resulting in catastrophic power outages and significant economic losses. To enhance power system resilience, microgrids are proposed as a solution. Microgrids consist of one or more distributed energy resources, such as solar panels, wind turbines, and energy storage systems, which can be operated in a utility-connected or islanded mode. Microgrids can operate in an islanded mode to serve critical loads when an extended outage of the utility grid occurs. Proper dispatch and control capabilities are necessary for the operation and control. However, the performance of a microgrid, especially in an islanded mode, is dependent on the communication system. Excessive cyber latencies can result in system instability of the microgrid. To reduce carbon dioxide emissions, the power industry is integrating an unprecedented level of renewable energy into the power grid. Power electronics technology is being used for power conversion of renewable energy, and inverter-based resources are being installed at a fast pace into the power grid. One major technical challenge of inverter-based resources is their low inertia, which can lead to system instability. To address these issues, this dissertation presents three novel contributions: a coordinated control scheme to improve the microgrid dynamics and perform power dispatch and system regulation functions, a method to determine critical values of cyber parameters based on stability regions, and a control scheme to improve system stability of a hybrid-DER microgrid. These contributions provide valuable concepts and methodologies for resilient and stable microgrids that are critical to meet the operational and control challenges of an electricity infrastructure with a high-level penetration of renewable energy.

Microgrid

Resilience

Dynamics

Stability

Cyber-Physical System

Hybrid-DER Microgrid

Droop Control

Secondary Control

Feedback Control

Electromagnetic Interference Attacks on Cyber-Physical Systems: Theory, Demonstration, and Defense

Dayanikli, Gokcen Yilmaz

27 August 2021

A cyber-physical system (CPS) is a complex integration of hardware and software components to perform well-defined tasks. Up to this point, many software-based attacks targeting the network and computation layers have been reported by the researchers. However, the physical layer attacks that utilize natural phenomena (e.g., electromagnetic waves) to manipulate safety-critic signals such as analog sensor outputs, digital data, and actuation signals have recently taken the attention. The purpose of this dissertation is to detect the weaknesses of cyber-physical systems against low-power Intentional Electromagnetic Interference (IEMI) attacks and provide hardware-level countermeasures. Actuators are irreplaceable components of electronic systems that control the physically moving sections, e.g., servo motors that control robot arms. In Chapter 2, the potential effects of IEMI attacks on actuation control are presented. Pulse Width Modulation (PWM) signal, which is the industry–standard for actuation control, is observed to be vulnerable to IEMI with specific frequency and modulated–waveforms. Additionally, an advanced attacker with limited information about the victim can prevent the actuation, e.g., stop the rotation of a DC or servo motor. For some specific actuator models, the attacker can even take the control of the actuators and consequently the motion of the CPS, e.g., the flight trajectory of a UAV. The attacks are demonstrated on a fixed-wing unmanned aerial vehicle (UAV) during varying flight scenarios, and it is observed that the attacker can block or take control of the flight surfaces (e.g., aileron) which results in a crash of the UAV or a controllable change in its trajectory, respectively. Serial communication protocols such as UART or SPI are widely employed in electronic systems to establish communication between peripherals (e.g., sensors) and controllers. It is observed that an adversary with the reported three-phase attack mechanism can replace the original victim data with the 'desired' false data. In the detection phase, the attacker listens to the EM leakage of the victim system. In the signal processing phase, the exact timing of the victim data is determined from the victim EM leakage, and in the transmission phase, the radiated attack waveform replaces the original data with the 'desired' false data. The attack waveform is a narrowband signal at the victim baud rate, and in a proof–of–concept demonstration, the attacks are observed to be over 98% effective at inducing a desired bit sequence into pseudorandom UART frames. Countermeasures such as twisted cables are discussed and experimentally validated in high-IEMI scenarios. In Chapter 4, a state-of-art electrical vehicle (EV) charger is assessed in IEMI attack scenarios, and it is observed that an attacker can use low–cost RF components to inject false current or voltage sensor readings into the system. The manipulated sensor data results in a drastic increase in the current supplied to the EV which can easily result in physical damage due to thermal runaway of the batteries. The current switches, which control the output current of the EV charger, can be controlled (i.e., turned on) by relatively high–power IEMI, which gives the attacker direct control of the current supplied to the EV. The attacks on UAVs, communication systems, and EV chargers show that additional hardware countermeasures should be added to the state-of-art system design to alleviate the effect of IEMI attacks. The fiber-optic transmission and low-frequency magnetic field shielding can be used to transmit 'significant signals' or PCB-level countermeasures can be utilized which are reported in Chapter 5. / Doctor of Philosophy / The secure operation of an electronic system depends on the integrity of the signals transmitted from/to components like sensors, actuators, and controllers. Adversaries frequently aim to block or manipulate the information carried in sensor and actuation signals to disrupt the operation of the victim system with physical phenomena, e.g., infrared light or acoustic waves. In this dissertation, it is shown that low-power electromagnetic (EM) waves, with specific frequency and form devised for the victim system, can be utilized as an attack tool to disrupt, and, in some scenarios, control the operation of the system; moreover, it is shown that these attacks can be mitigated with hardware-level countermeasures. In Chapter 2, the attacks are applied to electric motors on an unmanned aerial vehicle (UAV), and it is observed that an attacker can block (i.e., crash of the UAV) or control the UAV motion with EM waves. In Chapter 3, it is shown that digital communication systems are not resilient against intentional electromagnetic interference (IEMI), either. Low–power EM waves can be utilized by attackers to replace the data in serial communication systems with a success rate %98 or more. In Chapter 4, the attacks are applied to the sensors and actuators of electric vehicle chargers with low–cost over–the–shelf amplifiers and antennas, and it is shown that EM interference attacks can manipulate the sensor data and boosts the current supplied to the EV, which can result in overheating and fire. To ensure secure electronic system operation, hardware–level defense mechanisms are discussed and validated with analytical solutions, simulations, and experiments.

Cyber-Physical System Security

Electromagnetic Attacks

Signal Integrity

Designing Security Defenses for Cyber-Physical Systems

Foruhandeh, Mahsa

04 May 2022

Legacy cyber-physical systems (CPSs) were designed without considering cybersecurity as a primary design tenet especially when considering their evolving operating environment. There are many examples of legacy systems including automotive control, navigation, transportation, and industrial control systems (ICSs), to name a few. To make matters worse, the cost of designing and deploying defenses in existing legacy infrastructure can be overwhelming as millions or even billions of legacy CPS systems are already in use. This economic angle, prevents the use of defenses that are not backward compatible. Moreover, any protection has to operate efficiently in resource constraint environments that are dynamic nature. Hence, the existing approaches that require ex- pensive additional hardware, propose a new protocol from scratch, or rely on complex numerical operations such as strong cryptographic solutions, are less likely to be deployed in practice. In this dissertation, we explore a variety of lightweight solutions for securing different existing CPSs without requiring any modifications to the original system design at hardware or protocol level. In particular, we use fingerprinting, crowdsourcing and deterministic models as alternative backwards- compatible defenses for securing vehicles, global positioning system (GPS) receivers, and a class of ICSs called supervisory control and data acquisition (SCADA) systems, respectively. We use fingerprinting to address the deficiencies in automobile cyber-security from the angle of controller area network (CAN) security. CAN protocol is the de-facto bus standard commonly used in the automotive industry for connecting electronic control units (ECUs) within a vehicle. The broadcast nature of this protocol, along with the lack of authentication or integrity guarantees, create a foothold for adversaries to perform arbitrary data injection or modification and impersonation attacks on the ECUs. We propose SIMPLE, a single-frame based physical layer identification for intrusion detection and prevention on such networks. Physical layer identification or fingerprinting is a method that takes advantage of the manufacturing inconsistencies in the hardware components that generate the analog signal for the CPS of our interest. It translates the manifestation of these inconsistencies, which appear in the analog signals, into unique features called fingerprints which can be used later on for authentication purposes. Our solution is resilient to ambient temperature, supply voltage value variations, or aging. Next, we use fingerprinting and crowdsourcing at two separate protection approaches leveraging two different perspectives for securing GPS receivers against spoofing attacks. GPS, is the most predominant non-authenticated navigation system. The security issues inherent into civilian GPS are exacerbated by the fact that its design and implementation are public knowledge. To address this problem, first we introduce Spotr, a GPS spoofing detection via device fingerprinting, that is able to determine the authenticity of signals based on their physical-layer similarity to the signals that are known to have originated from GPS satellites. More specifically, we are able to detect spoofing activities and track genuine signals over different times and locations and propagation effects related to environmental conditions. In a different approach at a higher level, we put forth Crowdsourcing GPS, a total solution for GPS spoofing detection, recovery and attacker localization. Crowdsourcing is a method where multiple entities share their observations of the environment and get together as a whole to make a more accurate or reliable decision on the status of the system. Crowdsourcing has the advantage of deployment with the less complexity and distributed cost, however its functionality is dependent on the adoption rate by the users. Here, we have two methods for implementing Crowdsourcing GPS. In the first method, the users in the crowd are aware of their approximate distance from other users using Bluetooth. They cross validate this approximate distance with the GPS-derived distance and in case of any discrepancy they report ongoing spoofing activities. This method is a strong candidate when the users in the crowd have a sparse distribution. It is also very effective when tackling multiple coordinated adversaries. For method II, we exploit the angular dispersion of the users with respect to the direction that the adversarial signal is being transmitted from. As a result, the users that are not facing the attacker will be safe. The reason for this is that human body mostly comprises of water and absorbs the weak adversarial GPS signal. The safe users will help the spoofed users find out that there is an ongoing attack and recover from it. Additionally, the angular information is used for localizing the adversary. This method is slightly more complex, and shows the best performance in dense areas. It is also designed based on the assumption that the spoofing attack is only terrestrial. Finally, we propose a tandem IDS to secure SCADA systems. SCADA systems play a critical role in most safety-critical infrastructures of ICSs. The evolution of communications technology has rendered modern SCADA systems and their connecting actuators and sensors vulnerable to malicious attacks on both physical and application layers. The conventional IDS that are built for securing SCADA systems are focused on a single layer of the system. With the tandem IDS we break this habit and propose a strong multi-layer solution which is able to expose a wide range of attack. To be more specific, the tandem IDS comprises of two parts, a traditional network IDS and a shadow replica. We design the shadow replica as a deterministic IDS. It performs a workflow analysis and makes sure the logical flow of the events in the SCADA controller and its connected devices maintain their expected states. Any deviation would be a malicious activity or a reliability issue. To model the application level events, we leverage finite state machines (FSMs) to compute the anticipated states of all of the devices. This is feasible because in many of the existing ICSs the flow of traffic and the resulting states and actions in the connected devices have a deterministic nature. Consequently, it leads to a reliable and free of uncertainty solution. Aside from detecting traditional network attacks, our approach bypasses the attacker in case it succeeds in taking over the devices and also maintains continuous service if the SCADA controller gets compromised. / Doctor of Philosophy / Our lives are entangled with cyber-physical systems (CPSs) on a daily basis. Examples of these systems are vehicles, navigation systems, transportation systems, industrial control systems, etc. CPSs are mostly legacy systems and were built with a focus on performance, overlooking security. Security was not considered in the design of these old systems and now they are dominantly used in our everyday life. After numerous demonstration of cyber hacks, the necessity of protecting the CPSs from adversarial activities is no longer ambiguous. Many of the advanced cryptographic techniques are far too complex to be implemented in the existing CPSs such as cars, satellites, etc. We attempt to secure such resource constraint systems using simple backward compatible techniques in this dissertation. We design cheap lightweight solutions, with no modifications to the original system. In part of our research, we use fingerprinting as a technique to secure passenger cars from being hacked, and GPS receivers from being spoofed. For a brief description of fingerprinting, we use the example of two identical T-shirts with the same size and design. They will always have subtle differences between them no matter how hard the tailor tried to make them identical. This means that there are no two T-shirts that are exactly identical. This idea, when applied to analog signalling on electric devices, is called fingerprinting. Here, we fingerprint the mini computers inside a car, which enables us to identify these computers and prevent hacking. We also use the signal levels to design fingerprints for GPS signals. We use the fingerprints to distinguish counterfeit GPS signals from the ones that have originated from genuine satellites. This summarizes two major contributions in the dissertation. Our earlier contribution to GPS security was effective, but it was heavily dependent on the underlying hardware, requiring extensive training for each radio receiver that it was protecting. To remove this dependence of training for the specific underlying hardware, we design and implement the next framework using defenses that require application-layer access. Thus, we proposed two methods that leverage crowdsourcing approaches to defend against GPS spoofing attacks and, at the same time, improve the accuracy of localization for commodity mobile devices. Crowdsourcing is a method were several devices agree to share their information with each other. In this work, GPS users share their location and direction information, and in case of any discrepancy they figure that they are under attack and cooperate to recover from it. Last, we shift the gear to the industrial control systems (ICSs) and propose a novel IDS to protect them against various cyber attacks. Unlike the conventional IDSs that are focused on one of the layers of the system, our IDS comprises of two main components. A conventional component that exposes traditional attacks and a second component called a shadow replica. The replica mimics the behavior of the system and compares it with that of the actual system in a real-time manner. In case of any deviation between the two, it detects attacks that target the logical flow of the events in the system. Note that such attacks are more sophisticated and difficult to detect because they do not leave any obvious footprints behind. Upon detection of attacks on the original controller, our replica takes over the responsibilities of the original ICS controller and provides service continuity.

Security

Cyber-physical-systems

Fingerprinting

Crowdsourcing

Deterministic Models

CAN

GPS

SCADA

Trustworthy Embedded Computing for Cyber-Physical Control

Lerner, Lee Wilmoth

20 February 2015

A cyber-physical controller (CPC) uses computing to control a physical process. Example CPCs can be found in self-driving automobiles, unmanned aerial vehicles, and other autonomous systems. They are also used in large-scale industrial control systems (ICSs) manufacturing and utility infrastructure. CPC operations rely on embedded systems having real-time, high-assurance interactions with physical processes. However, recent attacks like Stuxnet have demonstrated that CPC malware is not restricted to networks and general-purpose computers, rather embedded components are targeted as well. General-purpose computing and network approaches to security are failing to protect embedded controllers, which can have the direct effect of process disturbance or destruction. Moreover, as embedded systems increasingly grow in capability and find application in CPCs, embedded leaf node security is gaining priority. This work develops a root-of-trust design architecture, which provides process resilience to cyber attacks on, or from, embedded controllers: the Trustworthy Autonomic Interface Guardian Architecture (TAIGA). We define five trust requirements for building a fine-grained trusted computing component. TAIGA satisfies all requirements and addresses all classes of CPC attacks using an approach distinguished by adding resilience to the embedded controller, rather than seeking to prevent attacks from ever reaching the controller. TAIGA provides an on-chip, digital, security version of classic mechanical interlocks. This last line of defense monitors all of the communications of a controller using configurable or external hardware that is inaccessible to the controller processor. The interface controller is synthesized from C code, formally analyzed, and permits run-time checked, authenticated updates to certain system parameters but not code. TAIGA overrides any controller actions that are inconsistent with system specifications, including prediction and preemption of latent malwares attempts to disrupt system stability and safety. This material is based upon work supported by the National Science Foundation under Grant Number CNS-1222656. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation. We are grateful for donations from Xilinx, Inc. and support from the Georgia Tech Research Institute. / Ph. D.

Trustworthy Computing

Secure Computing

Autonomic Computing

Cybersecurity

Embedded Systems

Cyber-Physical Systems

Process Control Systems