Cyber-Physical System Augmented Prognostics and Health Management for Fleet-Based Systems

Liu, Zongchang

15 May 2018

No description available.

Mechanical Engineering

Prognostics and health management

Cyber-physical systems

networked and fleet-sourced systems

data-driven PHM

Hybrid-State System Modelling for Control, Estimation and Prediction in Vehicular Autonomy

Kurt, Arda

06 January 2012

No description available.

Electrical Engineering

hybrid-state systems

Fast and Resource-Efficient Control of Wireless Cyber-Physical Systems

Baumann, Dominik

January 2019

Cyber-physical systems (CPSs) tightly integrate physical processes with computing and communication to autonomously interact with the surrounding environment.This enables emerging applications such as autonomous driving, coordinated flightof swarms of drones, or smart factories. However, current technology does notprovide the reliability and flexibility to realize those applications. Challenges arisefrom wireless communication between the agents and from the complexity of thesystem dynamics. In this thesis, we take on these challenges and present three maincontributions.We first consider imperfections inherent in wireless networks, such as communication delays and message losses, through a tight co-design. We tame the imperfectionsto the extent possible and address the remaining uncertainties with a suitable controldesign. That way, we can guarantee stability of the overall system and demonstratefeedback control over a wireless multi-hop network at update rates of 20-50 ms.If multiple agents use the same wireless network in a wireless CPS, limitedbandwidth is a particular challenge. In our second contribution, we present aframework that allows agents to predict their future communication needs. Thisallows the network to schedule resources to agents that are in need of communication.In this way, the limited resource communication can be used in an efficient manner.As a third contribution, to increase the flexibility of designs, we introduce machinelearning techniques. We present two different approaches. In the first approach,we enable systems to automatically learn their system dynamics in case the truedynamics diverge from the available model. Thus, we get rid of the assumption ofhaving an accurate system model available for all agents. In the second approach, wepropose a framework to directly learn actuation strategies that respect bandwidthconstraints. Such approaches are completely independent of a system model andstraightforwardly extend to nonlinear settings. Therefore, they are also suitable forapplications with complex system dynamics. / <p>QC 20190118</p>

Cyber-Physical Systems

Event-Triggered Control

Machine Learning

Engineering and Technology

Teknik och teknologier

Trustworthy Embedded Computing for Cyber-Physical Control

Lerner, Lee Wilmoth

20 February 2015

A cyber-physical controller (CPC) uses computing to control a physical process. Example CPCs can be found in self-driving automobiles, unmanned aerial vehicles, and other autonomous systems. They are also used in large-scale industrial control systems (ICSs) manufacturing and utility infrastructure. CPC operations rely on embedded systems having real-time, high-assurance interactions with physical processes. However, recent attacks like Stuxnet have demonstrated that CPC malware is not restricted to networks and general-purpose computers, rather embedded components are targeted as well. General-purpose computing and network approaches to security are failing to protect embedded controllers, which can have the direct effect of process disturbance or destruction. Moreover, as embedded systems increasingly grow in capability and find application in CPCs, embedded leaf node security is gaining priority. This work develops a root-of-trust design architecture, which provides process resilience to cyber attacks on, or from, embedded controllers: the Trustworthy Autonomic Interface Guardian Architecture (TAIGA). We define five trust requirements for building a fine-grained trusted computing component. TAIGA satisfies all requirements and addresses all classes of CPC attacks using an approach distinguished by adding resilience to the embedded controller, rather than seeking to prevent attacks from ever reaching the controller. TAIGA provides an on-chip, digital, security version of classic mechanical interlocks. This last line of defense monitors all of the communications of a controller using configurable or external hardware that is inaccessible to the controller processor. The interface controller is synthesized from C code, formally analyzed, and permits run-time checked, authenticated updates to certain system parameters but not code. TAIGA overrides any controller actions that are inconsistent with system specifications, including prediction and preemption of latent malwares attempts to disrupt system stability and safety. This material is based upon work supported by the National Science Foundation under Grant Number CNS-1222656. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation. We are grateful for donations from Xilinx, Inc. and support from the Georgia Tech Research Institute. / Ph. D.

Trustworthy Computing

Secure Computing

Autonomic Computing

Cybersecurity

Embedded Systems

Cyber-Physical Systems

Process Control Systems

Distributed Machine Learning for Autonomous and Secure Cyber-physical Systems

Ferdowsi Khosrowshahi, Aidin

31 July 2020

Autonomous cyber-physical systems (CPSs) such as autonomous connected vehicles (ACVs), unmanned aerial vehicles (UAVs), critical infrastructure (CI), and the Internet of Things (IoT) will be essential to the functioning of our modern economies and societies. Therefore, maintaining the autonomy of CPSs as well as their stability, robustness, and security (SRS) in face of exogenous and disruptive events is a critical challenge. In particular, it is crucial for CPSs to be able to not only operate optimally in the vicinity of a normal state but to also be robust and secure so as to withstand potential failures, malfunctions, and intentional attacks. However, to evaluate and improve the SRS of CPSs one must overcome many technical challenges such as the unpredictable behavior of a CPS's cyber-physical environment, the vulnerability to various disruptive events, and the interdependency between CPSs. The primary goal of this dissertation is, thus, to develop novel foundational analytical tools, that weave together notions from machine learning, game theory, and control theory, in order to study, analyze, and optimize SRS of autonomous CPSs. Towards achieving this overarching goal, this dissertation led to several major contributions. First, a comprehensive control and learning framework was proposed to thwart cyber and physical attacks on ACV networks. This framework brings together new ideas from optimal control and reinforcement learning (RL) to derive a new optimal safe controller for ACVs in order to maximize the street traffic flow while minimizing the risk of accidents. Simulation results show that the proposed optimal safe controller outperforms the current state of the art controllers by maximizing the robustness of ACVs to physical attacks. Furthermore, using techniques from convex optimization and deep RL a joint trajectory and scheduling policy is proposed in UAV-assisted networks that aims at maintaining the freshness of ground node data at the UAV. The analytical and simulation results show that the proposed policy can outperform policies such discretized state RL and value-based methods in terms of maximizing the freshness of data. Second, in the IoT domain, a novel watermarking algorithm, based on long short term memory cells, is proposed for dynamic authentication of IoT signals. The proposed watermarking algorithm is coupled with a game-theoretic framework so as to enable efficient authentication in massive IoT systems. Simulation results show that using our approach, IoT messages can be transmitted from IoT devices with an almost 100% reliability. Next, a brainstorming generative adversarial network (BGAN) framework is proposed. It is shown that this framework can learn to generate real-looking data in a distributed fashion while preserving the privacy of agents (e.g. IoT devices, ACVs, etc). The analytical and simulation results show that the proposed BGAN architecture allows heterogeneous neural network designs for agents, works without reliance on a central controller, and has a lower communication over head compared to other state-of-the-art distributed architectures. Last, but not least, the SRS challenges of interdependent CI (ICI) are addressed. Novel game-theoretic frameworks are proposed that allow the ICI administrator to assign different protection levels on ICI components to maximizing the expected ICI security. The mixed-strategy Nash of the games are derived analytically. Simulation results coupled with theoretical analysis show that, using the proposed games, the administrator can maximize the security level in ICI components. In summary, this dissertation provided major contributions across the areas of CPSs, machine learning, game theory, and control theory with the goal of ensuring SRS across various domains such as autonomous vehicle networks, IoT systems, and ICIs. The proposed approaches provide the necessary fundamentals that can lay the foundations of SRS in CPSs and pave the way toward the practical deployment of autonomous CPSs and applications. / Doctor of Philosophy / In order to deliver innovative technological services to their residents, smart cities will rely on autonomous cyber-physical systems (CPSs) such as cars, drones, sensors, power grids, and other networks of digital devices. Maintaining stability, robustness, and security (SRS) of those smart city CPSs is essential for the functioning of our modern economies and societies. SRS can be defined as the ability of a CPS, such as an autonomous vehicular system, to operate without disruption in its quality of service. In order to guarantee SRS of CPSs one must overcome many technical challenges such as CPSs' vulnerability to various disruptive events such as natural disasters or cyber attacks, limited resources, scale, and interdependency. Such challenges must be considered for CPSs in order to design vehicles that are controlled autonomously and whose motion is robust against unpredictable events in their trajectory, to implement stable Internet of digital devices that work with a minimum communication delay, or to secure critical infrastructure to provide services such as electricity, gas, and water systems. The primary goal of this dissertation is, thus, to develop novel foundational analytical tools, that weave together notions from machine learning, game theory, and control theory, in order to study, analyze, and optimize SRS of autonomous CPSs which eventually will improve the quality of service provided by smart cities. To this end, various frameworks and effective algorithms are proposed in order to enhance the SRS of CPSs and pave the way toward the practical deployment of autonomous CPSs and applications. The results show that the developed solutions can enable a CPS to operate efficiently while maintaining its SRS. As such, the outcomes of this research can be used as a building block for the large deployment of smart city technologies that can be of immense benefit to tomorrow's societies.

Machine learning

Autonomous Cyber-Physical Systems

Stability

Optimality

Security

Robustness

Game Theory

Advancing the Utility of Manufacturing Data for Modeling, Monitoring, and Securing Machining Processes

Shafae, Mohammed Saeed Abuelmakarm

23 August 2018

The growing adoption of smart manufacturing systems and its related technologies (e.g., embedded sensing, internet-of-things, cyber-physical systems, big data analytics, and cloud computing) is promising a paradigm shift in the manufacturing industry. Such systems enable extracting and exchanging actionable knowledge across the different entities of the manufacturing cyber-physical system and beyond. From a quality control perspective, this allows for more opportunities to realize proactive product design; real-time process monitoring, diagnosis, prognosis, and control; and better product quality characterization. However, a multitude of challenges are arising, with the growing adoption of smart manufacturing, including industrial data characterized by increasing volume, velocity, variety, and veracity, as well as the security of the manufacturing system in the presence of growing connectivity. Taking advantage of these emerging opportunities and tackling the upcoming challenges require creating novel quality control and data analytics methods, which not only push the boundaries of the current state-of-the-art research, but discover new ways to analyze the data and utilize it. One of the key pillars of smart manufacturing systems is real-time automated process monitoring, diagnosis, and control methods for process/product anomalies. For machining applications, traditionally, deterioration in quality measures may occur due to a variety of assignable causes of variation such as poor cutting tool replacement decisions and inappropriate choice cutting parameters. Additionally, due to increased connectivity in modern manufacturing systems, process/product anomalies intentionally induced through malicious cyber-attacks -- aiming at degrading the process performance and/or the part quality -- is becoming a growing concern in the manufacturing industry. Current methods for detecting and diagnosing traditional causes of anomalies are primarily lab-based and require experts to perform initial set-ups and continual fine-tuning, reducing the applicability in industrial shop-floor applications. As for efforts accounting for process/product anomalies due cyber-attacks, these efforts are in early stages. Therefore, more foundational research is needed to develop a clear understanding of this new type of cyber-attacks and their effects on machining processes, to ensure smart manufacturing security both on the cyber and the physical levels. With primary focus on machining processes, the overarching goal of this dissertation work is to explore new ways to expand the use and value of manufacturing data-driven methods for better applicability in industrial shop-floors and increased security of smart manufacturing systems. As a first step toward achieving this goal, the work in this dissertation focuses on adopting this goal in three distinct areas of interest: (1) Statistical Process Monitoring of Time-Between-Events Data (e.g., failure-time data); (2) Defending against Product-Oriented Cyber-Physical Attacks on Intelligent Machining Systems; and (3) Modeling Machining Process Data: Time Series vs. Spatial Point Cloud Data Structures. / PHD / Recent advancements in embedded sensing, internet-of-things, big data analytics, cloud computing, and communication technologies and methodologies are shifting the modern manufacturing industry toward a novel operational paradigm. Several terms have been coined to refer to this new paradigm such as cybermanufacturing, industry 4.0, industrial internet of things, industrial internet, or more generically smart manufacturing (term to be used henceforth). The overarching goal of smart manufacturing is to transform modern manufacturing systems to knowledge-enabled Cyber-Physical Systems (CPS), in which humans, machines, equipment, and products communicate and cooperate together in real-time, to make decentralized decisions resulting in profound improvements in the entire manufacturing ecosystem. From a quality control perspective, this allows for more opportunities to utilize manufacturing process data to realize proactive product design; real-time process monitoring, diagnosis, prognosis, and control; and better product quality characterization. With primary focus on machining processes, the overarching goal of this work is to explore new ways to expand the use and value of manufacturing data-driven methods for better applicability in industrial shop-floors and increased security of smart manufacturing systems. As a first step toward achieving this goal, the work in this dissertation focuses on three distinct areas of interest: (1) Monitoring of time-between-events data of mechanical components replacements (e.g., failure-time data); (2) Defending against cyber-physical attacks on intelligent machining systems aiming at degrading machined parts quality; and (3) Modeling machining process data using two distinct data structures, namely, time series and spatial point cloud data.

Advanced Manufacturing Systems

Cyber-Physical Attacks

Cyber-Physical Systems Security

Quality Control

Statistical Process Control

Security of Cyber-Physical Systems with Human Actors: Theoretical Foundations, Game Theory, and Bounded Rationality

Sanjab, Anibal Jean

30 November 2018

Cyber-physical systems (CPSs) are large-scale systems that seamlessly integrate physical and human elements via a cyber layer that enables connectivity, sensing, and data processing. Key examples of CPSs include smart power systems, smart transportation systems, and the Internet of Things (IoT). This wide-scale cyber-physical interconnection introduces various operational benefits and promises to transform cities, infrastructure, and networked systems into more efficient, interactive, and interconnected smart systems. However, this ubiquitous connectivity leaves CPSs vulnerable to menacing security threats as evidenced by the recent discovery of the Stuxnet worm and the Mirai malware, as well as the latest reported security breaches in a number of CPS application domains such as the power grid and the IoT. Addressing these culminating security challenges requires a holistic analysis of CPS security which necessitates: 1) Determining the effects of possible attacks on a CPS and the effectiveness of any implemented defense mechanism, 2) Analyzing the multi-agent interactions -- among humans and automated systems -- that occur within CPSs and which have direct effects on the security state of the system, and 3) Recognizing the role that humans and their decision making processes play in the security of CPSs. Based on these three tenets, the central goal of this dissertation is to enhance the security of CPSs with human actors by developing fool-proof defense strategies founded on novel theoretical frameworks which integrate the engineering principles of CPSs with the mathematical concepts of game theory and human behavioral models. Towards realizing this overarching goal, this dissertation presents a number of key contributions targeting two prominent CPS application domains: the smart electric grid and drone systems. In smart grids, first, a novel analytical framework is developed which generalizes the analysis of a wide set of security attacks targeting the state estimator of the power grid, including observability and data injection attacks. This framework provides a unified basis for solving a broad set of known smart grid security problems. Indeed, the developed tools allow a precise characterization of optimal observability and data injection attack strategies which can target the grid as well as the derivation of optimal defense strategies to thwart these attacks. For instance, the results show that the proposed framework provides an effective and tractable approach for the identification of the sparsest stealthy attacks as well as the minimum sets of measurements to defend for protecting the system. Second, a novel game-theoretic framework is developed to derive optimal defense strategies to thwart stealthy data injection attacks on the smart grid, launched by multiple adversaries, while accounting for the limited resources of the adversaries and the system operator. The analytical results show the existence of a diminishing effect of aggregated multiple attacks which can be leveraged to successfully secure the system; a novel result which leads to more efficiently and effectively protecting the system. Third, a novel analytical framework is developed to enhance the resilience of the smart grid against blackout-inducing cyber attacks by leveraging distributed storage capacity to meet the grid's critical load during emergency events. In this respect, the results demonstrate that the potential subjectivity of storage units' owners plays a key role in shaping their energy storage and trading strategies. As such, financial incentives must be carefully designed, while accounting for this subjectivity, in order to provide effective incentives for storage owners to commit the needed portions of their storage capacity for possible emergency events. Next, the security of time-critical drone-based CPSs is studied. In this regard, a stochastic network interdiction game is developed which addresses pertinent security problems in two prominent time-critical drone systems: drone delivery and anti-drone systems. Using the developed network interdiction framework, the optimal path selection policies for evading attacks and minimizing mission completion times, as well as the optimal interdiction strategies for effectively intercepting the paths of the drones, are analytically characterized. Using advanced notions from Nobel-prize winning prospect theory, the developed framework characterizes the direct impacts of humans' bounded rationality on their chosen strategies and the achieved mission completion times. For instance, the results show that this bounded rationality can lead to mission completion times that significantly surpass the desired target times. Such deviations from the desired target times can lead to detrimental consequences primarily in drone delivery systems used for the carriage of emergency medical products. Finally, a generic security model for CPSs with human actors is proposed to study the diffusion of threats across the cyber and physical realms. This proposed framework can capture several application domains and allows a precise characterization of optimal defense strategies to protect the critical physical components of the system from threats emanating from the cyber layer. The developed framework accounts for the presence of attackers that can have varying skill levels. The results show that considering such differing skills leads to defense strategies which can better protect the system. In a nutshell, this dissertation presents new theoretical foundations for the security of large-scale CPSs, that tightly integrate cyber, physical, and human elements, thus paving the way towards the wide-scale adoption of CPSs in tomorrow's smart cities and critical infrastructure. / Ph. D. / Enhancing the efficiency, sustainability, and resilience of cities, infrastructure, and industrial systems is contingent on their transformation into more interactive and interconnected smart systems. This has led to the emergence of what is known as cyber-physical systems (CPSs). CPSs are widescale distributed and interconnected systems integrating physical components and humans via a cyber layer that enables sensing, connectivity, and data processing. Some of the most prominent examples of CPSs include the smart electric grid, smart cities, intelligent transportation systems, and the Internet of Things. The seamless interconnectivity between the various elements of a CPS introduces a wealth of operational benefits. However, this wide-scale interconnectivity and ubiquitous integration of cyber technologies render CPSs vulnerable to a range of security threats as manifested by recently reported security breaches in a number of CPS application domains. Addressing these culminating security challenges requires the development and implementation of fool-proof defense strategies grounded in solid theoretical foundations. To this end, the central goal of this dissertation is to enhance the security of CPSs by advancing novel analytical frameworks which tightly integrate the cyber, physical, and human elements of a CPS. The developed frameworks and tools enable the derivation of holistic defense strategies by: a) Characterizing the security interdependence between the various elements of a CPS, b) Quantifying the consequences of possible attacks on a CPS and the effectiveness of any implemented defense mechanism, c) Modeling the multi-agent interactions in CPSs, involving humans and automated systems, which have a direct effect on the security state of the system, and d) Capturing the role that human perceptions and decision making processes play in the security of CPSs. The developed tools and performed analyses integrate the engineering principles of CPSs with the mathematical concepts of game theory and human behavioral models and introduce key contributions to a number of CPS application domains such as the smart electric grid and drone systems. The introduced results enable strengthening the security of CPSs, thereby paving the way for their wide-scale adoption in smart cities and critical infrastructure.

Cyber-Physical Systems Security

Game Theory

Prospect Theory

Smart Grids

Unmanned Aerial Vehicles

Internet of Things.

A Cyber-Physical System (CPS) Approach to Support Worker Productivity based on Voice-Based Intelligent Virtual Agents

Linares Garcia, Daniel Antonio

16 August 2022

The Architecture, Engineering, and Construction (AEC) industry is currently challenged by low productivity trends and labor shortages. Efforts in academia and industry alike invested in developing solutions to this pressing issue. The majority of such efforts moved towards modernization of the industry, making use of digitalization approaches such as cyber-physical systems (CPS). In this direction, various research works have developed methods to capture information from construction environments and elements and provide monitoring capabilities to measure construction productivity at multiple levels. At the root of construction productivity, the productivity at the worker level is deemed critical. As a result, previous works explored monitoring the productivity of construction workers and resources to address the industry's productivity problems. However, productivity trends are not promising and show a need to more rigorously address productivity issues. Labor shortages also exacerbated the need for increasing the productivity of the current labor workers. Active means to address productivity have been explored as a solution in recent years. As a result, previous research took advantage of CPS and developed systems that sense construction workers' actions and environment and enable interaction with workers to render productivity improvements. One viable solution to this problem is providing on-demand activity-related information to the workers while at work, to decrease the need for manually seeking information from different sources, including supervisors, thereby improving their productivity. Especially, construction workers whose activities involve visual and manual limitations need to receive more attention, as seeking information can jeopardize their safety. Multiple labor trades such as plumbing, steel work, or carpenters are considered within this worker classification. These workers rely on knowledge gathered from the construction project documentation and databases, but have difficulties accessing this information while doing their work. Research works have explored the use of knowledge retrieval systems to give access to construction project data sources to construction workers through multiple methods, including information booths, mobile devices, and augmented reality (AR). However, these solutions do not address the need of this category of workers in receiving on-demand activity related information during their work, without negatively impacting their safety. This research focuses on voice, as an effective modality most appropriate for construction workers whose activities impose visual and manual limit actions. to this end, first, a voice-based solution is developed that supports workers' productivity through providing access to project knowledge available in Building Information Modeling (BIM) data sources. The effect of the selected modality on these workers' productivity is then evaluated using multiple user studies. The work presented in this dissertation is structured as follows: First, in chapter 2, a literature review was conducted to identify means to support construction workers and how integration with BIM has been done in previous research. This chapter identified challenges in incorporating human factors in previous systems and opportunities for seamless integration of workers into BIM practices. In chapter 3, voice-based assistance was explored as the most appropriate means to provide knowledge to workers while performing their activities. As such, Chapter 3 presents the first prototype of a voice-based intelligent virtual agent, aka VIVA, and focuses on evaluating the human factors and testing performance of voice as a modality for worker support. VIVA was tested using a user study involving a simulated construction scenario and the results of the performance achieved through VIVA were compared with the baseline currently used in construction projects for receiving activity-related information, i.e., blueprints. Results from this assessment evidenced productivity performance improvements of users using VIVA over the baseline. Finally, chapter 4 presents an updated version of VIVA that provides automatic real-time link to BIM project data and provides knowledge to the workers through voice. This system was developed based on web platforms, allowing easier development and deployment and access to more devices for future deployment. This study contributes to the productivity improvements in the AEC industry by empowering construction workers through providing on-demand access to project information. This is done through voice as a method that does not jeopardize workers' safety or interrupt their activities. This research contributes to the body of knowledge by developing an in-depth study of the effect of voice-based support systems on worker productivity, enabling real-time BIM-worker integration, and developing a working worker-level productivity support solution for construction workers whose activities limit them in manually accessing project knowledge. / Doctor of Philosophy / The Architecture, Engineering, and Construction (AEC) industry is currently challenged by low productivity trends and labor shortages. At the root of productivity, the improving productivity of construction workers is of critical essence. Therefore, academia and industry alike have shown great interest in research to develop solutions addressing construction worker productivity. For this purpose, monitoring systems for construction worker support have been developed, but productivity trends do not seem to improve, while labor shortages have increased productivity concerns. Other approaches to address productivity improvements have explored active means for productivity support. These include monitoring systems that also interact with the user. Construction workers performing activities that require allocating immense attention while using both hands, e.g. plumbers, steel workers, carpenters, have not been the focus of previous research because of the challenges of their conditions and needs. The activities performed by these workers require access to construction project data and documentation. Still, it is difficult for these workers to access information from the documents while doing their work. Therefore, previous researchers have explored methodologies to bring project data and documentation to the field but providing workers on-demand access to this data and documents have not been thoroughly studied. This research focuses on identifying the most appropriate method to provide workers access to information during activities that require more visual and manual attention. Worker support is provided by developing a solution that provides workers access to knowledge during their activities without being disruptive. The study then evaluated the effect of providing non-disruptive access to information sources enabled through the developed solution on the productivity for workers. First, in chapter 2, this study reviews the literature on approaches to connect construction project databases, a.k.a. Building Information Modeling (BIM), and workers. This review identified system types, integration approaches, and future research trends for linking BIM sources and with workers. In addition, this chapter's outcomes highlight system interoperability challenges and challenges in developing interactive systems involving humans. In chapter 3, a voice-based support system was developed as the most appropriate method for worker support during work activities that limit visual and manual worker capabilities. Then, the performance benefits of using a voice-based support system for construction workers was evaluated through a user study involving simulated construction activities. Finally, in chapter 4, this study provided a new integration method to connect BIM and workers in real-time. This system allows workers to interact with information from BIM through voice. The system was developed based on web platforms, allowing easier development and deployment and access to more devices for future deployment. This study contributes to the productivity improvements in the AEC industry by empowering construction workers through providing on-demand access to project information. This is done through voice as a method that does not jeopardize workers' attention or interrupt their activities.

Cyber-Physical Systems

CPS

Voice-Based

Productivity

Worker Support

Interoperability

VIVA

Human-System Interaction

Designing Security Defenses for Cyber-Physical Systems

Foruhandeh, Mahsa

04 May 2022

Legacy cyber-physical systems (CPSs) were designed without considering cybersecurity as a primary design tenet especially when considering their evolving operating environment. There are many examples of legacy systems including automotive control, navigation, transportation, and industrial control systems (ICSs), to name a few. To make matters worse, the cost of designing and deploying defenses in existing legacy infrastructure can be overwhelming as millions or even billions of legacy CPS systems are already in use. This economic angle, prevents the use of defenses that are not backward compatible. Moreover, any protection has to operate efficiently in resource constraint environments that are dynamic nature. Hence, the existing approaches that require ex- pensive additional hardware, propose a new protocol from scratch, or rely on complex numerical operations such as strong cryptographic solutions, are less likely to be deployed in practice. In this dissertation, we explore a variety of lightweight solutions for securing different existing CPSs without requiring any modifications to the original system design at hardware or protocol level. In particular, we use fingerprinting, crowdsourcing and deterministic models as alternative backwards- compatible defenses for securing vehicles, global positioning system (GPS) receivers, and a class of ICSs called supervisory control and data acquisition (SCADA) systems, respectively. We use fingerprinting to address the deficiencies in automobile cyber-security from the angle of controller area network (CAN) security. CAN protocol is the de-facto bus standard commonly used in the automotive industry for connecting electronic control units (ECUs) within a vehicle. The broadcast nature of this protocol, along with the lack of authentication or integrity guarantees, create a foothold for adversaries to perform arbitrary data injection or modification and impersonation attacks on the ECUs. We propose SIMPLE, a single-frame based physical layer identification for intrusion detection and prevention on such networks. Physical layer identification or fingerprinting is a method that takes advantage of the manufacturing inconsistencies in the hardware components that generate the analog signal for the CPS of our interest. It translates the manifestation of these inconsistencies, which appear in the analog signals, into unique features called fingerprints which can be used later on for authentication purposes. Our solution is resilient to ambient temperature, supply voltage value variations, or aging. Next, we use fingerprinting and crowdsourcing at two separate protection approaches leveraging two different perspectives for securing GPS receivers against spoofing attacks. GPS, is the most predominant non-authenticated navigation system. The security issues inherent into civilian GPS are exacerbated by the fact that its design and implementation are public knowledge. To address this problem, first we introduce Spotr, a GPS spoofing detection via device fingerprinting, that is able to determine the authenticity of signals based on their physical-layer similarity to the signals that are known to have originated from GPS satellites. More specifically, we are able to detect spoofing activities and track genuine signals over different times and locations and propagation effects related to environmental conditions. In a different approach at a higher level, we put forth Crowdsourcing GPS, a total solution for GPS spoofing detection, recovery and attacker localization. Crowdsourcing is a method where multiple entities share their observations of the environment and get together as a whole to make a more accurate or reliable decision on the status of the system. Crowdsourcing has the advantage of deployment with the less complexity and distributed cost, however its functionality is dependent on the adoption rate by the users. Here, we have two methods for implementing Crowdsourcing GPS. In the first method, the users in the crowd are aware of their approximate distance from other users using Bluetooth. They cross validate this approximate distance with the GPS-derived distance and in case of any discrepancy they report ongoing spoofing activities. This method is a strong candidate when the users in the crowd have a sparse distribution. It is also very effective when tackling multiple coordinated adversaries. For method II, we exploit the angular dispersion of the users with respect to the direction that the adversarial signal is being transmitted from. As a result, the users that are not facing the attacker will be safe. The reason for this is that human body mostly comprises of water and absorbs the weak adversarial GPS signal. The safe users will help the spoofed users find out that there is an ongoing attack and recover from it. Additionally, the angular information is used for localizing the adversary. This method is slightly more complex, and shows the best performance in dense areas. It is also designed based on the assumption that the spoofing attack is only terrestrial. Finally, we propose a tandem IDS to secure SCADA systems. SCADA systems play a critical role in most safety-critical infrastructures of ICSs. The evolution of communications technology has rendered modern SCADA systems and their connecting actuators and sensors vulnerable to malicious attacks on both physical and application layers. The conventional IDS that are built for securing SCADA systems are focused on a single layer of the system. With the tandem IDS we break this habit and propose a strong multi-layer solution which is able to expose a wide range of attack. To be more specific, the tandem IDS comprises of two parts, a traditional network IDS and a shadow replica. We design the shadow replica as a deterministic IDS. It performs a workflow analysis and makes sure the logical flow of the events in the SCADA controller and its connected devices maintain their expected states. Any deviation would be a malicious activity or a reliability issue. To model the application level events, we leverage finite state machines (FSMs) to compute the anticipated states of all of the devices. This is feasible because in many of the existing ICSs the flow of traffic and the resulting states and actions in the connected devices have a deterministic nature. Consequently, it leads to a reliable and free of uncertainty solution. Aside from detecting traditional network attacks, our approach bypasses the attacker in case it succeeds in taking over the devices and also maintains continuous service if the SCADA controller gets compromised. / Doctor of Philosophy / Our lives are entangled with cyber-physical systems (CPSs) on a daily basis. Examples of these systems are vehicles, navigation systems, transportation systems, industrial control systems, etc. CPSs are mostly legacy systems and were built with a focus on performance, overlooking security. Security was not considered in the design of these old systems and now they are dominantly used in our everyday life. After numerous demonstration of cyber hacks, the necessity of protecting the CPSs from adversarial activities is no longer ambiguous. Many of the advanced cryptographic techniques are far too complex to be implemented in the existing CPSs such as cars, satellites, etc. We attempt to secure such resource constraint systems using simple backward compatible techniques in this dissertation. We design cheap lightweight solutions, with no modifications to the original system. In part of our research, we use fingerprinting as a technique to secure passenger cars from being hacked, and GPS receivers from being spoofed. For a brief description of fingerprinting, we use the example of two identical T-shirts with the same size and design. They will always have subtle differences between them no matter how hard the tailor tried to make them identical. This means that there are no two T-shirts that are exactly identical. This idea, when applied to analog signalling on electric devices, is called fingerprinting. Here, we fingerprint the mini computers inside a car, which enables us to identify these computers and prevent hacking. We also use the signal levels to design fingerprints for GPS signals. We use the fingerprints to distinguish counterfeit GPS signals from the ones that have originated from genuine satellites. This summarizes two major contributions in the dissertation. Our earlier contribution to GPS security was effective, but it was heavily dependent on the underlying hardware, requiring extensive training for each radio receiver that it was protecting. To remove this dependence of training for the specific underlying hardware, we design and implement the next framework using defenses that require application-layer access. Thus, we proposed two methods that leverage crowdsourcing approaches to defend against GPS spoofing attacks and, at the same time, improve the accuracy of localization for commodity mobile devices. Crowdsourcing is a method were several devices agree to share their information with each other. In this work, GPS users share their location and direction information, and in case of any discrepancy they figure that they are under attack and cooperate to recover from it. Last, we shift the gear to the industrial control systems (ICSs) and propose a novel IDS to protect them against various cyber attacks. Unlike the conventional IDSs that are focused on one of the layers of the system, our IDS comprises of two main components. A conventional component that exposes traditional attacks and a second component called a shadow replica. The replica mimics the behavior of the system and compares it with that of the actual system in a real-time manner. In case of any deviation between the two, it detects attacks that target the logical flow of the events in the system. Note that such attacks are more sophisticated and difficult to detect because they do not leave any obvious footprints behind. Upon detection of attacks on the original controller, our replica takes over the responsibilities of the original ICS controller and provides service continuity.

Security

Cyber-physical-systems

Fingerprinting

Crowdsourcing

Deterministic Models

CAN

GPS

SCADA

Hur förändrar smart teknik resurseffektiviteten i fordonsbranschen? : En studie av hur Cyber-Physical Systems och Internet of Things påverkar resurseffektiviteten i personbilsbranschen

Mirza, Helen, Nikolic, Rade

January 2019

Idag pratas det mycket om smart teknik och man säger att den fjärde industriella revolutionen är på väg. Revolutionen kallas för Industri 4.0 och innebär två tekniska förbättringar, Internet of Things (IoT) och Cyber-Physical Systems (CPS). IoT låter fysiska enheter sammankopplas i ett system med andra enheter med hjälp av elektromagnetiska vågor och CPS ger möjligheten till att få in information från omvärlden och implementera informationen i digital form. När det kommer till implementering i tillverkningsindustrin används begreppen Industrial Internet of Things och Cyber-Physical Production Systems. Arbetet består av en djupgående litteraturstudie och undersöker vad implementering av IoT och CPS i personbilsbranschens tillverkningssystem kan leda till och hur de fungerar i praktiken. Teorin utgår från vetenskapliga artiklar, tidskrifter och journaler samt en studie från Atlas Copco. Eftersom att smart teknik är ett brett ämne och vi behövde förhålla oss till en tidsgräns på 18 veckor avgränsades arbetet till endast IoT och CPS i tillverkande personbilsföretag. Branschen för personbilar valdes för att i jämförelse med andra branscher är både kvaliteten och kvantiteten avgörande. Samtidigt som det produceras många personbilar måste varje personbil uppfylla en rad olika krav och varje enhet utgör en betydande del av kapitalet i företaget. Resultatet visar hur IoT och CPS fungerar som helhet och vad för positiva och negativa konsekvenser implementering av begreppen ger. Av resultatet framgår också att faktorerna produktion, ekonomi och människa ska analyseras som en helhet och inte enskilt för att implementeringen ska vara framgångsrik i tillverkande personbilsföretag. Möjligheterna som IoT och CPS medför är snabbare och exaktare beslut, systemövervakning och insamling, utbyte och analysering av data för personbilsbranschens företag. Den största utmaningen som implementeringen av begreppen medför är datahantering. Det finns en risk att oönskade mottagare får tillgång till konfidentiell information genom bland annat dataläckage och dataintrång. Således bör fokus ligga på att förebygga detta för att få ut fördelarna och samtidigt reducera nackdelarna. Slutsatsen som kan dras av resultatet är att en kombination av IoT och CPS i personbilsbranschens tillverkningssystem skapar ett kommunikationsnätverk bland heterogena enheter som gör att system kan kommunicera och utbyta data med varandra på ett effektivt sätt. Implementering av begreppen leder till minskning av defekter, introduktionskostnader, energianvändning och upplärning för arbetare samt ökad verktygsdrift och produktivitet. / Today, there is much talk about smart technology and it is said that the fourth industrial revolution is on its way. The revolution is called Industry 4.0 and involves two technical improvements, the Internet of Things (IoT) and Cyber-Physical Systems (CPS). IoT allows physical devices to be interconnected in a system with other devices using electromagnetic waves and CPS provides the opportunity to get information from the outside world and implement the information in digital form. When it comes to implementation in the manufacturing industry, the concepts Industrial Internet of Things and Cyber-Physical Production Systems are used. The thesis consists of an in-depth literature study and investigates what implementation of IoT and CPS in the automotive industry's manufacturing system can lead to and how they work in practice. The theory is based on scientific articles, paper and journals, and a study by Atlas Copco. Because smart technology is a broad topic and we needed to relate to a time limit of 18 weeks, the work was limited to IoT and CPS only in manufacturing passenger car companies. The industry for passenger cars was chosen so that, in comparison with other industries, both the quality and the quantity are decisive. While many passenger cars are being produced, each passenger car must meet a variety of requirements and each unit constitutes a significant part of the capital of the company. The result shows how IoT and CPS work as a whole and what positive and negative consequences the implementation of the concepts gives. The result also shows that the factors of production, economy and humanity should be analysed as a whole and not individually in order for the implementation to be successful in manufacturing passenger car companies. The opportunities that IoT and CPS entail are faster and more precise decisions, system monitoring and collection, exchange and analysis of data for the automotive industry's companies. The biggest challenge that the implementation of the concepts entails is data management. There is a risk that unwanted recipients will have access to confidential information through, among other things, data leakage and hacking. Thus, the focus should be on preventing this in order to get the benefits and at the same time reduce the disadvantages. The conclusion that can be drawn from the result is that IoT and CPS in the automotive industry's manufacturing system create a communication network among heterogeneous units that enable systems to communicate and exchange data with each other in an efficient manner. Implementation of the concepts leads to a reduction of defects, introduction costs, energy use and training for workers, as well as increased tool operation and productivity.

Internet of Things

Cyber-Physical Systems

Industry 4.0

smart technology

manufacturing industry

resource efficiency

automotive

Internet of Things

Cyber-Physical Systems

Industri 4.0

smart teknik

tillverkningsindustri

resurseffektivitet

personbilar

Engineering and Technology

Teknik och teknologier