Advancing the Utility of Manufacturing Data for Modeling, Monitoring, and Securing Machining Processes

Shafae, Mohammed Saeed Abuelmakarm

23 August 2018

The growing adoption of smart manufacturing systems and its related technologies (e.g., embedded sensing, internet-of-things, cyber-physical systems, big data analytics, and cloud computing) is promising a paradigm shift in the manufacturing industry. Such systems enable extracting and exchanging actionable knowledge across the different entities of the manufacturing cyber-physical system and beyond. From a quality control perspective, this allows for more opportunities to realize proactive product design; real-time process monitoring, diagnosis, prognosis, and control; and better product quality characterization. However, a multitude of challenges are arising, with the growing adoption of smart manufacturing, including industrial data characterized by increasing volume, velocity, variety, and veracity, as well as the security of the manufacturing system in the presence of growing connectivity. Taking advantage of these emerging opportunities and tackling the upcoming challenges require creating novel quality control and data analytics methods, which not only push the boundaries of the current state-of-the-art research, but discover new ways to analyze the data and utilize it. One of the key pillars of smart manufacturing systems is real-time automated process monitoring, diagnosis, and control methods for process/product anomalies. For machining applications, traditionally, deterioration in quality measures may occur due to a variety of assignable causes of variation such as poor cutting tool replacement decisions and inappropriate choice cutting parameters. Additionally, due to increased connectivity in modern manufacturing systems, process/product anomalies intentionally induced through malicious cyber-attacks -- aiming at degrading the process performance and/or the part quality -- is becoming a growing concern in the manufacturing industry. Current methods for detecting and diagnosing traditional causes of anomalies are primarily lab-based and require experts to perform initial set-ups and continual fine-tuning, reducing the applicability in industrial shop-floor applications. As for efforts accounting for process/product anomalies due cyber-attacks, these efforts are in early stages. Therefore, more foundational research is needed to develop a clear understanding of this new type of cyber-attacks and their effects on machining processes, to ensure smart manufacturing security both on the cyber and the physical levels. With primary focus on machining processes, the overarching goal of this dissertation work is to explore new ways to expand the use and value of manufacturing data-driven methods for better applicability in industrial shop-floors and increased security of smart manufacturing systems. As a first step toward achieving this goal, the work in this dissertation focuses on adopting this goal in three distinct areas of interest: (1) Statistical Process Monitoring of Time-Between-Events Data (e.g., failure-time data); (2) Defending against Product-Oriented Cyber-Physical Attacks on Intelligent Machining Systems; and (3) Modeling Machining Process Data: Time Series vs. Spatial Point Cloud Data Structures. / PHD / Recent advancements in embedded sensing, internet-of-things, big data analytics, cloud computing, and communication technologies and methodologies are shifting the modern manufacturing industry toward a novel operational paradigm. Several terms have been coined to refer to this new paradigm such as cybermanufacturing, industry 4.0, industrial internet of things, industrial internet, or more generically smart manufacturing (term to be used henceforth). The overarching goal of smart manufacturing is to transform modern manufacturing systems to knowledge-enabled Cyber-Physical Systems (CPS), in which humans, machines, equipment, and products communicate and cooperate together in real-time, to make decentralized decisions resulting in profound improvements in the entire manufacturing ecosystem. From a quality control perspective, this allows for more opportunities to utilize manufacturing process data to realize proactive product design; real-time process monitoring, diagnosis, prognosis, and control; and better product quality characterization. With primary focus on machining processes, the overarching goal of this work is to explore new ways to expand the use and value of manufacturing data-driven methods for better applicability in industrial shop-floors and increased security of smart manufacturing systems. As a first step toward achieving this goal, the work in this dissertation focuses on three distinct areas of interest: (1) Monitoring of time-between-events data of mechanical components replacements (e.g., failure-time data); (2) Defending against cyber-physical attacks on intelligent machining systems aiming at degrading machined parts quality; and (3) Modeling machining process data using two distinct data structures, namely, time series and spatial point cloud data.

Advanced Manufacturing Systems

Cyber-Physical Attacks

Cyber-Physical Systems Security

Quality Control

Statistical Process Control

Security of Cyber-Physical Systems with Human Actors: Theoretical Foundations, Game Theory, and Bounded Rationality

Sanjab, Anibal Jean

30 November 2018

Cyber-physical systems (CPSs) are large-scale systems that seamlessly integrate physical and human elements via a cyber layer that enables connectivity, sensing, and data processing. Key examples of CPSs include smart power systems, smart transportation systems, and the Internet of Things (IoT). This wide-scale cyber-physical interconnection introduces various operational benefits and promises to transform cities, infrastructure, and networked systems into more efficient, interactive, and interconnected smart systems. However, this ubiquitous connectivity leaves CPSs vulnerable to menacing security threats as evidenced by the recent discovery of the Stuxnet worm and the Mirai malware, as well as the latest reported security breaches in a number of CPS application domains such as the power grid and the IoT. Addressing these culminating security challenges requires a holistic analysis of CPS security which necessitates: 1) Determining the effects of possible attacks on a CPS and the effectiveness of any implemented defense mechanism, 2) Analyzing the multi-agent interactions -- among humans and automated systems -- that occur within CPSs and which have direct effects on the security state of the system, and 3) Recognizing the role that humans and their decision making processes play in the security of CPSs. Based on these three tenets, the central goal of this dissertation is to enhance the security of CPSs with human actors by developing fool-proof defense strategies founded on novel theoretical frameworks which integrate the engineering principles of CPSs with the mathematical concepts of game theory and human behavioral models. Towards realizing this overarching goal, this dissertation presents a number of key contributions targeting two prominent CPS application domains: the smart electric grid and drone systems. In smart grids, first, a novel analytical framework is developed which generalizes the analysis of a wide set of security attacks targeting the state estimator of the power grid, including observability and data injection attacks. This framework provides a unified basis for solving a broad set of known smart grid security problems. Indeed, the developed tools allow a precise characterization of optimal observability and data injection attack strategies which can target the grid as well as the derivation of optimal defense strategies to thwart these attacks. For instance, the results show that the proposed framework provides an effective and tractable approach for the identification of the sparsest stealthy attacks as well as the minimum sets of measurements to defend for protecting the system. Second, a novel game-theoretic framework is developed to derive optimal defense strategies to thwart stealthy data injection attacks on the smart grid, launched by multiple adversaries, while accounting for the limited resources of the adversaries and the system operator. The analytical results show the existence of a diminishing effect of aggregated multiple attacks which can be leveraged to successfully secure the system; a novel result which leads to more efficiently and effectively protecting the system. Third, a novel analytical framework is developed to enhance the resilience of the smart grid against blackout-inducing cyber attacks by leveraging distributed storage capacity to meet the grid's critical load during emergency events. In this respect, the results demonstrate that the potential subjectivity of storage units' owners plays a key role in shaping their energy storage and trading strategies. As such, financial incentives must be carefully designed, while accounting for this subjectivity, in order to provide effective incentives for storage owners to commit the needed portions of their storage capacity for possible emergency events. Next, the security of time-critical drone-based CPSs is studied. In this regard, a stochastic network interdiction game is developed which addresses pertinent security problems in two prominent time-critical drone systems: drone delivery and anti-drone systems. Using the developed network interdiction framework, the optimal path selection policies for evading attacks and minimizing mission completion times, as well as the optimal interdiction strategies for effectively intercepting the paths of the drones, are analytically characterized. Using advanced notions from Nobel-prize winning prospect theory, the developed framework characterizes the direct impacts of humans' bounded rationality on their chosen strategies and the achieved mission completion times. For instance, the results show that this bounded rationality can lead to mission completion times that significantly surpass the desired target times. Such deviations from the desired target times can lead to detrimental consequences primarily in drone delivery systems used for the carriage of emergency medical products. Finally, a generic security model for CPSs with human actors is proposed to study the diffusion of threats across the cyber and physical realms. This proposed framework can capture several application domains and allows a precise characterization of optimal defense strategies to protect the critical physical components of the system from threats emanating from the cyber layer. The developed framework accounts for the presence of attackers that can have varying skill levels. The results show that considering such differing skills leads to defense strategies which can better protect the system. In a nutshell, this dissertation presents new theoretical foundations for the security of large-scale CPSs, that tightly integrate cyber, physical, and human elements, thus paving the way towards the wide-scale adoption of CPSs in tomorrow's smart cities and critical infrastructure. / Ph. D. / Enhancing the efficiency, sustainability, and resilience of cities, infrastructure, and industrial systems is contingent on their transformation into more interactive and interconnected smart systems. This has led to the emergence of what is known as cyber-physical systems (CPSs). CPSs are widescale distributed and interconnected systems integrating physical components and humans via a cyber layer that enables sensing, connectivity, and data processing. Some of the most prominent examples of CPSs include the smart electric grid, smart cities, intelligent transportation systems, and the Internet of Things. The seamless interconnectivity between the various elements of a CPS introduces a wealth of operational benefits. However, this wide-scale interconnectivity and ubiquitous integration of cyber technologies render CPSs vulnerable to a range of security threats as manifested by recently reported security breaches in a number of CPS application domains. Addressing these culminating security challenges requires the development and implementation of fool-proof defense strategies grounded in solid theoretical foundations. To this end, the central goal of this dissertation is to enhance the security of CPSs by advancing novel analytical frameworks which tightly integrate the cyber, physical, and human elements of a CPS. The developed frameworks and tools enable the derivation of holistic defense strategies by: a) Characterizing the security interdependence between the various elements of a CPS, b) Quantifying the consequences of possible attacks on a CPS and the effectiveness of any implemented defense mechanism, c) Modeling the multi-agent interactions in CPSs, involving humans and automated systems, which have a direct effect on the security state of the system, and d) Capturing the role that human perceptions and decision making processes play in the security of CPSs. The developed tools and performed analyses integrate the engineering principles of CPSs with the mathematical concepts of game theory and human behavioral models and introduce key contributions to a number of CPS application domains such as the smart electric grid and drone systems. The introduced results enable strengthening the security of CPSs, thereby paving the way for their wide-scale adoption in smart cities and critical infrastructure.

Cyber-Physical Systems Security

Game Theory

Prospect Theory

Smart Grids

Unmanned Aerial Vehicles

Internet of Things.

Security of Critical Cyber-Physical Systems: Fundamentals and Optimization

Eldosouky Mahmoud Salama, Abdelrahman A.

18 June 2019

Cyber-physical systems (CPSs) are systems that integrate physical elements with a cyber layer that enables sensing, monitoring, and processing the data from the physical components. Examples of CPSs include autonomous vehicles, unmanned aerial vehicles (UAVs), smart grids, and the Internet of Things (IoT). In particular, many critical infrastructure (CI) that are vital to our modern day cities and communities, are CPSs. This wide range of CPSs domains represents a cornerstone of smart cities in which various CPSs are connected to provide efficient services. However, this level of connectivity has brought forward new security challenges and has left CPSs vulnerable to many cyber-physical attacks and disruptive events that can utilize the cyber layer to cause damage to both cyber and physical components. Addressing these security and operation challenges requires developing new security solutions to prevent and mitigate the effects of cyber and physical attacks as well as improving the CPSs response in face of disruptive events, which is known as the CPS resilience. To this end, the primary goal of this dissertation is to develop novel analytical tools that can be used to study, analyze, and optimize the resilience and security of critical CPSs. In particular, this dissertation presents a number of key contributions that pertain to the security and the resilience of multiple CPSs that include power systems, the Internet of Things (IoT), UAVs, and transportation networks. First, a mathematical framework is proposed to analyze and mitigate the effects of GPS spoofing attacks against UAVs. The proposed framework uses system dynamics to model the optimal routes which UAVs can follow in normal operations and under GPS spoofing attacks. A countermeasure mechanism, built on the premise of cooperative localization, is then developed to mitigate the effects of these GPS spoofing attacks. To practically deploy the proposed defense mechanism, a dynamic Stackelberg game is formulated to model the interactions between a GPS spoofer and a drone operator. The equilibrium strategies of the game are analytically characterized and studied through a novel, computationally efficient algorithm. Simulation results show that, when combined with the Stackelberg strategies, the proposed defense mechanism will outperform baseline strategy selection techniques in terms of reducing the possibility of UAV capture. Next, a game-theoretic framework is developed to model a novel moving target defense (MTD) mechanism that enables CPSs to randomize their configurations to proactive deter impending attacks. By adopting an MTD approach, a CPS can enhance its security against potential attacks by increasing the uncertainty on the attacker. The equilibrium of the developed single-controller, stochastic MTD game is then analyzed. Simulation results show that the proposed framework can significantly improve the overall utility of the defender. Third, the concept of MTD is coupled with new cryptographic algorithms for enhancing the security of an mHealth Internet of Things (IoT) system. In particular, using a combination of theory and implementation, a framework is introduced to enable the IoT devices to update their cryptographic keys locally to eliminate the risk of being revealed while they are shared. Considering the resilience of CPSs, a novel framework for analyzing the component- and system-level resilience of CIs is proposed. This framework brings together new ideas from Bayesian networks and contract theory – a Nobel prize winning theory – to define a concrete system-level resilience index for CIs and to optimize the allocation of resources, such as redundant components, monitoring devices, or UAVs to help those CIs improve their resilience. In particular, the developed resilience index is able to account for the effect of CI components on the its probability of failure. Meanwhile, using contract theory, a comprehensive resource allocation framework is proposed enabling the system operator to optimally allocate resources to each individual CI based on its economic contribution to the entire system. Simulation results show that the system operator can economically benefit from allocating the resources while dams can have a significant improvement in their resilience indices. Subsequently, the developed contract-theoretic framework is extended to account for cases of asymmetric information in which the system operator has only partial information about the CIs being in some vulnerability and criticality levels. Under such asymmetry, it is shown that the proposed approach maximizes the system operator's utility while ensuring that no CI has an incentive to ask for another contract. Next, a proof-of-concept framework is introduced to analyze and improve the resilience of transportation networks against flooding. The effect of flooding on road capacities and on the free-flow travel time, is considered for different rain intensities and roads preparedness. Meanwhile, the total system's travel time before and after flooding is evaluated using the concept of a Wardrop equilibrium. To this end, a proactive mechanism is developed to reduce the system's travel time, after flooding, by shifting capacities (available lanes) between same road sides. In a nutshell, this dissertation provides a suite of analytical techniques that allow the optimization of security and resilience across multiple CPSs. / Doctor of Philosophy / Cyber-physical systems (CPSs) have recently been used in many application domains because of their ability to integrate physical elements with a cyber layer allowing for sensing, monitoring, and remote controlling. This pervasive use of CPSs in different applications has brought forward new security challenges and threats. Malicious attacks can now leverage the connectivity of the cyber layer to launch remote attacks and cause damage to the physical components. Taking these threats into consideration, it became imperative to ensure the security of CPSs. Given that many CPSs provide critical services, for instance many critical infrastructure (CI) are CPSs such as smart girds and nuclear reactors; it is then inevitable to ensure that these critical CPSs can maintain proper operation. One key measure of the CPS’s functionality, is resilience which evaluates the ability of a CPS to deliver its designated service under potentially disruptive situations. In general, resilience measures a CPS’s ability to adapt or rapidly recover from disruptive events. Therefore, it is crucial for CPSs to be resilient in face of potential failures. To this end, the central goal of this dissertation is to develop novel analytical frameworks that can evaluate and improve security and resilience of CPSs. In these frameworks, cross-disciplinary tools are used from game theory, contract theory, and optimization to develop robust analytical solutions for security and resilience problems. In particular, these frameworks led to the following key contributions in cyber security: developing an analytical framework to mitigate the effects of GPS spoofing attacks against UAVs, introducing a game-theoretic moving target defense (MTD) framework to improve the cyber security, and securing data privacy in m-health Internet of Things (IoT) networks using a MTD cryptographic framework. In addition, the dissertation led to the following contributions in CI resilience: developing a general framework using Bayesian Networks to evaluate and improve the resilience of CIs against their components failure, introducing a contract-theoretic model to allocate resources to multiple connected CIs under complete and asymmetric information scenarios, providing a proactive plan to improve the resilience of transportation networks against flooding, and, finally, developing an environment-aware framework to deploy UAVs in disaster-areas.

Cyber-Physical Systems Security

Critical Infrastructure Resilience

Unmanned Aerial Vehicles

Game Theory

Moving Target Defense

Contract Theory

Internet of Things

Achieving Compositional Security and Privacy in IoT Environments

Muslum Ozgur Ozmen (18870154)

11 September 2024

<p dir="ltr">The Internet of Things (IoT) systems include sensors that measure the physical world, actuators that influence it, and IoT apps that automate these sensors and actuators. Although IoT environments have revolutionized our lives by integrating digital connectivity into physical processes, they also introduce unique security and privacy concerns. Particularly, these systems include multiple components that are unified through the cyber and physical domains. For instance, smart homes include various devices and multiple IoT apps that control these devices. Thus, attacks against any single component can have rippling effects, amplifying due to the composite behavior of sensors, actuators, apps, and the physical environment.</p><p dir="ltr">In this dissertation, I explore the emerging security and privacy issues that arise from the complex physical interactions in IoT environments. To discover and mitigate these emerging issues, there is a need for composite reasoning techniques that consider the interplay between digital and physical domains. This dissertation addresses these challenges to build secure IoT environments and enhance user privacy with new formal techniques and systems.</p><p dir="ltr">To this end, I first describe my efforts in ensuring the safety and security of IoT en- vironments. Particularly, I introduced IoTSeer, a security service that discovers physical interaction vulnerabilities among IoT apps. I then proposed attacks that evade prior event verification systems by exploiting the complex physical interactions between IoT sensors and actuators. To address them, I developed two defenses, software patching and sensor placement, to make event verification systems robust against evasion attacks. These works provide a suite of tools to achieve compositional safety and security in IoT environments. </p><p dir="ltr">Second, I discuss my work that identifies the privacy risks of emerging IoT devices. I designed DMC-Xplorer to find vulnerabilities in voice assistant platforms and showed that an adversary can eavesdrop on privacy-sensitive device states and prevent users from controlling devices. I then developed a remote side-channel attack against intermittent devices to infer privacy-sensitive information about the environment in which they are deployed. These works highlight new privacy issues in emerging commodity devices used in IoT environments.</p>

Data and information privacy

System and network security

IoT Security

Cyber-physical systems security

Internet of Things

Privacy

Formal Methods