Establishment of a Cyber-Physical Systems (CPS) Test Bed to Explore Traffic Collision Avoidance System (TCAS) Vulnerabilities to Cyber Attacks

Graziano, Timothy Michael

10 August 2021

Traffic Collision Avoidance Systems (TCAS) are safety-critical, unauthenticated, ranging systems required in commercial aircraft. Previous work has proposed TCAS vulnerabilities to attacks from malicious actors with low cost software defined radios (SDR) and inexpensive open-source software (GNU radio) where spoofing TCAS radio signals in now possible. This paper outlines a proposed threat model for several TCAS vulnerabilities from an adversarial perspective. Periodic and aperiodic attack models are explored as possible low latency solutions to spoof TCAS range estimation. A TCAS test bed is established with commercial avionics to demonstrate the efficacy of proposed vulnerabilities. SDRs and Vector Waveform Generators (VWGs) are used to achieve desired latency. Sensor inputs to the TCAS system are spoofed with micro-controllers. These include Radar Altimeter, Barometric Altimeter, and Air Data Computer (ADC) heading and attitude information transmitted by Aeronautical Radio INC (ARINC) 429 encoding protocol. TCAS spoofing is attempted against the test bed and analysis conducted on the timing results and test bed performance indicators. The threat model is analyzed qualitatively and quantitatively. / Master of Science / Traffic Collision Avoidance Systems (TCAS), or Airborne Collision Avoidance Systems ACAS), are safety-critical systems required by the Federal Aviation Administration (FAA) in commercial aircraft. They work by sending queries to surrounding aircraft in the form of radio transmission. Aircraft in the who receive these transmissions send replies. Information in these replies allow the TCAS system to determine if a nearby aircraft may travel too close to itself. TCAS can then determine help both pilots avoid a mid-air collision. Information in the messages can be faked by a malicious actor. To explore these vulnerabilities a test bed is built with commercial grade TCAS equipment. Several types of attacks are evaluated.

Cyber-Physical Systems

Avionics

Security

Cyber-Physical Security for Advanced Manufacturing

Desmit, Zachary James

16 January 2018

The increased growth of cyber-physical systems, controlling multiple production processes within the manufacturing industry, has led to an industry susceptible to cyber-physical attacks. Differing from traditional cyber-attacks in their ability to alter the physical world, cyber-physical attacks have been increasing in number since the early 2000's. To combat and ultimately prevent the malicious intent of such attacks, the field of cyber-physical security was launched. Cyber-physical security efforts can be seen across many industries that employ cyber-physical systems but little work has been done to secure manufacturing systems. Through the completion of four research objectives, this work provides the foundation necessary to begin securing manufacturing systems from cyber-physical attacks. First, this work is motivated through the systematic review of literature surrounding the topic. This objective not only identifies and highlights the need for research efforts within the manufacturing industry, but also defines the research field. Second, a framework is developed to identify cyber-physical vulnerabilities within manufacturing systems. The framework is further developed into a tool allowing manufacturers to more easily identify the vulnerabilities that exist within their manufacturing systems. This tool will allow a manufacturer to utilize the developed framework and begin the steps necessary to secure the manufacturing industry. Finally, game theoretic models is applied to cyber-physical security in manufacturing to model the interactions between adversaries and defenders. The results of this work provide the manufacturing industry with the tools and motivation necessary to begin securing manufacturing facilities from malicious cyber-physical attacks and create a more resilient industry. / PHD

Cyber-physical

Industry4.0

Advanced Manufacturing

Parallel and distributed cyber-physical system simulation

Pfeifer, Dylan Conrad

06 November 2014

The traditions of real-time and embedded system engineering have evolved into a new field of cyber-physical systems (CPSs). The increase in complexity of CPS components and the multi-domain engineering composition of CPSs challenge the current best practices in design and simulation. To address the challenges of CPS simulation, this work introduces a simulator coordination method drawing from strengths of the field of parallel and distributed simulation (PADS), yet offering benefits aimed towards the challenges of coordinating CPS engineering design simulators. The method offers the novel concept of Interpolated Event data types applied to Kahn Process Networks in order to provide simulator coordination. This can enable conservative and optimistic coordination of multiple heterogeneous and homogeneous simulators, but provide important benefits for CPS simulation, such as the opportunity to reduce functional requirements for simulator interfacing compared to existing solutions. The method is analyzed in theoretical properties and instantiated in software tools SimConnect and SimTalk. Finally, an experimental study applies the method and tools to accelerate Spice circuit simulation with tradeoffs in speed versus accuracy, and demonstrates the coordination of three heterogeneous simulators for a CPS simulation with increasing component model refinement and realism. / text

Cyber-physical systems

Parallel and distributed simulation

Cyber-Physical systems for maintenance in Industry 4.0

He, Kaifei, Jin, Man

January 2016

As two emerging terms in industry field, “Industry 4.0” and “Cyber-Physical System” have attracted an increasing amount of attention from both researchers and manufactures. Available advanced technologies brought by these terms, offers possible solutions and improvements for future maintenance. The purpose of the thesis is to identify how Industry 4.0 integrates with Cyber-Physical Systems regarding maintenance management and the requirements for companies to reach the ideal smart factory. Two researcher questions were studied to fulfill the purpose. Firstly, identifying the integration between Industry 4.0 and CPS regarding maintenance functions. Secondly, to investigate how such integration contribute to maintenance management in an ideal future factory.

Cyber-Physical Systems

Industry 4.0

Maintenance

Implementation of the DEECo component framework for embedded systems / Implementation of the DEECo component framework for embedded systems

Matěna, Vladimír

January 2014

Recent development in the field of distributed and decentralized cyber-physical systems led to emerge of DEECo model. As many DEECo use cases are embedded applications it is interesting to evaluate DEECo on embedded hardware. Currently there is only reference DEECo implementation which is written in Java thus cannot be used for embedded applications. As part of this thesis C++ DEECo mapping and embedded CDEECo++ framework were designed using FreeRTOS operating system for task scheduling and synchronization. An example application designed for the STM32F4 board demonstrates usability of the framework. This thesis contains description of the DEECo mapping into the C++ language, source codes of the CDEECo++ framework, documentation and example application including basic measurement of its real- time properties. Powered by TCPDF (www.tcpdf.org)

Design and Analysis of Intrusion Detection Protocols in Cyber Physical Systems

Mitchel, Robert Raymondl III

23 April 2013

In this dissertation research we aim to design and validate intrusion detection system (IDS) protocols for a cyber physical system (CPS) comprising sensors, actuators, control units, and physical objects for controlling and protecting physical infrastructures.<br />The design part includes host IDS, system IDS and IDS response designs. The validation part includes a novel model-based analysis methodology with simulation validation. Our objective is to maximize the CPS reliability or lifetime in the presence of malicious nodes performing attacks which can cause security failures. Our host IDS design results in a lightweight, accurate, autonomous and adaptive protocol that runs on every node in the CPS to detect misbehavior of neighbor nodes based on state-based behavior specifications. Our system IDS design results in a robust and resilient protocol that can cope with malicious, erroneous, partly trusted, uncertain and incomplete information in a CPS. Our IDS response design results in a highly adaptive and dynamic control protocol that can adjust detection strength in response to environment changes in attacker strength and behavior. The end result is an energy-aware and adaptive IDS that can maximize the CPS lifetime in the presence of malicious attacks, as well as malicious, erroneous, partly trusted, uncertain and incomplete information.<br />We develop a probability model based on stochastic Petri nets to describe the behavior of a CPS incorporating our proposed intrusion detection and response designs, subject to attacks by malicious nodes exhibiting a range of attacker behaviors, including reckless, random, insidious and opportunistic attacker models. We identify optimal intrusion detection settings under which the CPS reliability or lifetime is maximized for each attacker model. Adaptive control for maximizing IDS performance is achieved by dynamically adjusting detection and response strength in response to attacker strength and behavior detected at runtime. We conduct extensive analysis of our designs with four case studies, namely, a mobile group CPS, a medical CPS, a smart grid CPS and an unmanned aircraft CPS. The results show that our adaptive intrusion and response designs operating at optimizing conditions significantly outperform existing anomaly-based IDS techniques for CPSs. / Ph. D.

Intrusion Detection Systems

Cyber Physical Systems

Resilience and Cybersecurity for Distribution Systems with Distributed Energy Resources

Somda, Baza R.

05 1900

Heightened awareness of the impact of climate change has led to rapidly increasing penetration of renewable energy resources in electric energy distribution systems. Those distributed energy resources (DERs), mostly inverter-based, can act as resiliency sources for the grid but also introduce new control and stability challenges. In this thesis, a cyber-physical system (CPS) testbed is proposed combining a real-time electro-magnetic transient power system simulation and a practical model for communication network simulation. By regularly updating the CPS testbed with real-world SCADA information, a digital twin is effectively created. The digital twin allows the testing of novel microgrid control and cybersecurity strategies. Simulations using the Virginia Tech Electric Service (VTES) as a test case demonstrate the capability of adequately controlled resources, including solar PV, energy storage, and a synchronous generator, to enhance resilience by providing energy to critical loads. The DERs comply with IEEE disturbance ride-through requirements and switching transients are maintained within acceptable limits. A comprehensive DER-based resiliency plan is developed and validated for the Virginia Tech smart grid. / M.S. / In the last two decades, the increased occurrence of major power outages in the United States underscores the critical need to improve the reliability and resilience of the power grid. Massive investments have been made to install information and communications technology enabling near real-time monitoring and control of the smart grid. Simultaneously, heightened awareness of the impact of climate change led to rapidly increasing penetration of renewable energy resources at the distribution system level. Those distributed energy resources, mostly inverter-based, can act as resiliency sources for the grid but also introduce new control and stability challenges. In this work, a comprehensive testbed is proposed for the real-time simulation of both the power systems and communication networks. This method allows the testing of novel microgrid control and cybersecurity strategies. The testbed is used to develop and validate a resiliency plan for the Virginia Tech Electric Service using distributed energy resources.

Microgrid

Resilience

Cyber-Physical Systems

Digital Twins

Cyber-physical Algorithms for Enhancing Collaboration

Guymon, Daniel Wade

18 May 2012

The research presented in this thesis covers two specific problems within the larger domain of cyber-physical algorithms for enhancing collaboration between one or more people. The two specific problems are 1) determining when people are going to arrive late to a meeting and 2) creating ad-hoc secure pairing protocols for short-range communication. The domain was broken down at opposite extremes in order to derive these problems to work on: 1) collaborations that are planned long in advance and deviations from the plan need to be detected and 2) collaborations that are not planned and need to be dynamically created and secured. Empirical results show the functionality and performance of user late arrival detection for planned collaborations and end-user authentication protocols for unplanned collaborations. / Master of Science

cyber-physical systems

mobile computing

smartphones

security

Exploring the Vulnerabilities of Traffic Collision Avoidance Systems (TCAS) Through Software Defined Radio (SDR) Exploitation

Berges, Paul Martin

13 June 2019

Traffic Collision Avoidance Systems (TCAS) are safety-critical systems that are deployed on most commercial aircraft in service today. However, TCAS transactions were not designed to account for malicious actors. While in the past it may have been infeasible for an attacker to craft arbitrary radio signals, attackers today have access to open-source digital signal processing software like GNU Radio and inexpensive Software Define Radios (SDR). Therefore, this thesis presents motivation through analytical and experimental means for more investigation into TCAS from a security perspective. Methods for analyzing TCAS both qualitatively and quantitatively from an adversarial perspective are presented, and an experimental attack is developed in GNU Radio to perform an attack in a well-defined threat model. / Master of Science / Since 1993, the Federal Aviation Administration (FAA) requires that many commercial turbine-powered aircraft to be outfitted with an on-board mid-air collision mitigation system. This system is known as the Traffic Collision Avoidance System (TCAS) in the United States, and it is known as the Airborne Collision Avoidance System (ACAS) in other parts of the world. TCAS/ACAS is a type of safety-critical system, which means that implementations need to be highly tolerant to system failures because their operation directly affects the safety of the on-board passengers and crew. However, while safety-critical systems are tolerant to failures, the designers of these systems only account for failures that occur in a cooperative environment; these engineers fail to account for “bad actors” who want to attack the weaknesses of these systems, or they assume that attacking such a system is infeasible. Therefore, to demonstrate how safety-critical systems like TCAS/ACAS are vulnerable to such bad actors, this thesis presents a method for manipulating the TCAS/ACAS in the favor of a bad actor. To start, a method for qualitatively and quantitatively analyzing the system’s vulnerabilities is presented. Then, using Software Defined Radio (SDR), which is a free and open-source effort to combine the flexibility of software with the power of wireless communication, this thesis shows how an actor can craft wireless signals such that they appear to look like an aircraft on a collision course with a target.

Cyber-Physical

Security

TCAS

SSR

SDR

Design Optimization Techniques for Time-Critical Cyber-Physical Systems

Zhao, Yecheng

20 January 2020

Cyber-Physical Systems (CPS) are widely deployed in critical applications which are subject to strict timing constraints. To ensure correct timing behavior, much of the effort has been dedicated to the development of validation and verification methods for CPS (e.g., system models and their timing and schedulability analysis). As CPS is becoming increasingly complex, there is an urgent need for efficient optimization techniques that can aid the design of large-scale systems. Specifically, techniques that can find good design options in a reasonable amount of time while meeting all the timing and other critical requirements are becoming vital. However, the current mindset is to use existing schedulability analysis and optimization techniques for the design optimization of time-critical CPS. This has resulted in two issues in today's CPS design: 1) Existing timing and schedulability analysis are very difficult and inefficient to be integrated into well-established optimization frameworks such as mathematical programming; 2) New system models and timing analysis are being developed in a way that is increasingly unfriendly to optimization. Due to these difficulties, existing practice for optimization mostly relies on meta or ad-hoc heuristics, which suffers either from sub-optimality or limited applicability. In this dissertation, we seek to address these issues and explore two new directions for developing optimization algorithms for time-critical CPS. The first is to develop {em optimization-oriented timing analysis}, that are efficient to formulate in mathematical programming framework. The second is a domain-specific optimization framework. The framework leverages domain-specific knowledge to provide methods that abstract timing analysis into a simple mathematical form. This allows to efficiently handle the complexity of timing analysis in optimization algorithms. The results on a number of case studies show that the proposed approaches have the potential to significantly improve upon scalability (several orders of magnitude faster) and solution quality, while being applicable to various system models, timing analysis techniques, and design optimization problems in time-critical CPS. / Doctor of Philosophy / Cyber-Physical Systems (CPS) tightly intertwine computing units and physical plants to accomplish complex tasks such as control and monitoring. They are often deployed in critical applications subject to strict timing constraints. For example, many control applications and tasks are required to finished within bounded latencies. To guarantee such timing correctness, much of the effort has been dedicated to studying methods for delay and latency estimation. These techniques are known as schedulability analysis/timing analysis. As CPS becomes increasingly complex, there is an urgent need for efficient optimization techniques that can aid the design of large-scale and correct CPS. Specifically, techniques that can find good design options in reasonable amount of time while meeting all the timing and other critical requirements are becoming vital. However, most of the existing schedulability analysis are either non-linear, non-convex, non-continuous or without closed form. This gives significant challenge for integrating these analysis into optimization. In this dissertation, we explore two new paradigm-shifting approaches for developing optimization algorithms for the design of CPS. Experimental evaluations on both synthetic and industrial case studies show that the new approaches significantly improve upon existing optimization techniques in terms of scalability and quality of solution.

Cyber-physical systems

Design optimization

Schedulability analysis