A Risk Based Approach to Intelligent Transportation Systems Security

Bakhsh Kelarestaghi, Kaveh

11 July 2019

Security threats to cyber-physical systems are targeting institutions and infrastructure around the world, and the frequency and severity of attacks are on the rise. Healthcare manufacturing, financial services, education, government, and transportation are among the industries that are the most lucrative targets for adversaries. Hacking is not just about companies, organizations, or banks; it also includes critical infrastructure. Wireless Sensors Networks, Vehicle-to-everything communication (V2X), Dynamic Message Signs (DMS), and Traffic Signal Controllers are among major Intelligent Transportation Systems (ITS) infrastructure that has already been attacked or remain vulnerable to hacking. ITS has been deployed with a focus on increasing efficiency and safety in the face of dramatic increases in travel demand. Although many studies have been performed and many security primitives have been proposed, there are significant concerns about flawless performance in a dynamic environment. A holistic security approach, in which all infrastructure performs within the satisfactory level of security remains undiscovered. Previously, hacking of road infrastructure was a rare event, however, in recent years, field devices such as DMS are hacked with higher frequency. The primary reason that transportation assets are vulnerable to cyber-attacks is due to their location. A more dramatic scenario occurs when hackers attempt to convey tampered instructions to the public. Analyzing traveler behavior in response to the hacked messages sign on the basis of empirical data is a vital step toward operating a secure and reliable transportation system. There may be room for improvement by policymakers and program managers when considering critical infrastructure vulnerabilities. With cybersecurity issues escalating every day, road users' safety has been neglected. This dissertation overcomes these challenges and contributes to the nascent but growing literature of Intelligent Transportation System (ITS) security impact-oriented risk assessment in threefold. • First, I employ a risk-based approach to conduct a threat assessment. This threat assessment performs a qualitative vulnerability-oriented threat analysis. The objective is to scrutinize safety, security, reliability, and operation issues that are prompted by a compromised Dynamic Message Signs (DMS). • Second, I examine the impact of drivers' attitudes and behaviors on compliance, route diversion behavior, and speed change behavior, under a compromised DMS. We aim to assess the determinants that are likely to contribute to drivers' compliance with forged information. To this extent, this dissertation evaluates drivers' behavior under different unauthentic messages to assess in-depth the impact of an adversarial attack on the transportation network. • Third, I evaluate distracted driving under different scenarios to assess the in-depth impact of an adversarial attack on the transportation network. To this extent, this dissertation examines factors that are contributing to the manual, visual, and cognitive distractions when drivers encountering fabricated advisory information at a compromised DMS. The results of this dissertation support the original hypothesis and indicate that with respect to the forged information drivers tend to (1) change their planned route, (2) become involved in distracting activities, and (3) change their choice speed at the presence of a compromised DMS. The main findings of this dissertation are outlined below: 1. The DMS security vulnerabilities and predisposing conditions allow adversaries to compromise ITS functionality. The risk-based approach of this study delivers the impact-likelihood matrix, which maps the adverse impacts of the threat events onto a meaningful, visual, matrix. DMS hacking adverse impacts can be categorized mainly as high-risk and medium-risk clusters. The safety, operational (i.e., monetary losses) and behavioral impacts are associated with a high-risk cluster. While the security, reliability, efficiency, and operational (i.e., congestion) impacts are associated with the medium-risk cluster. 2. Tech friendly drivers are more likely to change their route under a compromised DMS. At the same time, while they are acquiring new information, they need to lowering their speed to respond to the higher information load. Under realistic-fabricated information, about 65% of the subjects would depart from their current route. The results indicate that females and subjects with a higher driving experience are more likely to change their route. In addition, those subjects who are more sensitive to the DMS's traffic-related messages and those who use DMS under congested traffic condition are more likely to divert. Interestingly, individuals with lower education level, Asians, those who live in urban areas, and those with trouble finding their direction in new routes are less likely to pick another route rather the one they planned for. 3. Regardless of the DMS hacking scenarios, drivers would engage in at least one of the distractive activities. Among the distractive activities, cognitive distraction has the highest impact on the distracted driving likelihood. Meaning, there is a high chance that drivers think of something other than driving, look at surrounding traffic and scenery, or talk to other passengers regarding the forged information they saw on the DMS. Drivers who rely and trust in technology, and those who check traffic condition before starting their trips tend to become distracted. In addition, the result identified that at the presence of bogus information, drivers tend to slow down or stop in order to react to the DMS. That is, they would either (1) become involved in activities through the means of their phone, (2) they would mind wander, look around, and talk to a passenger about the sign, and (3) search for extra information by means of their vehicle's radio or internet. 4. Females, black individuals, subjects with a disability, older, and those with high trust in DMS are less likely to ignore the fabricated messages. In contrary, white, those who drive long hours, and those who see driving as a tedious task are more likely to ignore the bogus messages. Drivers who comply with traffic regulations and have a good driving record are likely to slow down under the tampered messages. Furthermore, female drivers and those who live in rural areas are more likely to slow down under fabricated advisory information. Furthermore, this dissertation identifies that planning for alternative route and involvement in distractive activities cause speed variation behaviors under the compromised DMS. This dissertation is the first to investigate the adverse impact of a compromised DMS on the road users and operators. I attempt to address the current gap in the literature by assessing and evaluating the impact of ITS security vulnerabilities. Broader impacts of this study include (1) to systematically raising awareness among policy-makers and engineers, (2) motivating further simulations and real-world experiments to investigate this matter further, (3) to systematically assessing the adverse impact of a security breach on transportation reliability and safety, and drivers' behavior, and (4) providing insights for system operators and decision-makers to prioritize the risk of a compromised DMS. Additionally, the outcome can be integrated with the nationwide connected vehicle and V2X implementations and security design. / Doctor of Philosophy / Security threats are targeting institutions and infrastructure around the world, and the frequency and severity of security attacks are on the rise. Healthcare manufacturing, financial services, education, government, and transportation are among the industries that are the most lucrative targets for adversaries. Hacking is not just about companies, organizations, or banks; it also includes critical infrastructure. Intelligent Transportation Systems have been deployed with a focus on increasing efficiency and safety in the face of dramatic increases in traffic volume. Although many studies have been performed and many security primitives have been proposed, there are significant concerns about flawless performance in a dynamic environment. A holistic security approach, in which all infrastructure performs within the satisfactory level of security remains undiscovered. Previously, hacking of road infrastructure was a rare event, however, in recent years, field devices, such as dynamic message signs, are hacked with higher frequency. The primary reason that transportation assets are vulnerable to cyber-attacks is that of their location in public. A more dramatic scenario occurs when hackers attempt to convey tampered instructions to the public. Analyzing traveler behavior in response to the hacked messages sign on the basis of empirical data is a vital step toward operating a secure and reliable transportation system. This study is the first to investigate the adversarial impact of a compromised message sign on the road users and operators. I attempt to address the current gap in the literature by assessing and evaluating the impact of ITS security vulnerabilities.

Intelligent Transportation Systems

Cyber Security

Cyber-Physical Systems

Vulnerability Assessment

Attack Tree

Dynamic Message Sign

Risk Assessment

Impact Assessment

Travelers Behavior

Distracted Driving

Speed Variation

Route Divergence

Systems Health Management for Resilient Extraterrestrial Habitation

Murali Krishnan Rajasekharan Pillai (18390546)

17 April 2024

<p dir="ltr">Deep-space extraterrestrial missions require operating, supporting, and maintaining complex habitat systems at light minutes from Earth.</p><p dir="ltr">These habitation systems operate in harsh, unforgiving environments, will be sparsely crewed, and must be more autonomous than current space habitats, as communication delays will severely constrain Earth-based support.</p><p dir="ltr">Long-duration missions, limited knowledge of the extraterrestrial environment, and the need for self-sufficiency make these habitats vulnerable to a wide range of risks and failures, many of which are impossible to premeditate.</p><p dir="ltr">Therefore, it is necessary to design these systems to be resilient to faults and failures, thoughtfully designed to be situationally aware of their operational state and engage control mechanisms that maintain safe operations when migrating towards unsafe regions of operation.</p><p dir="ltr">Resilience-oriented design of such systems requires a holistic systems approach that represents the system's dynamic behavior, its control-oriented behaviors, and the interactions between them as it navigates through regions of safe and unsafe operations.</p><p dir="ltr">Only through this integrated approach can we fully understand how the system will behave under various conditions and design controls to prevent performance loss and ensure resilient operations.</p><p dir="ltr">Systems health management (SHM) is a key component for the resilience-oriented design of extraterrestrial habitats.</p><p dir="ltr">SHM capabilities enable intelligent autonomous control capabilities that can:</p><p dir="ltr">a) sense, diagnose, and isolate the root causes of anomalies,</p><p dir="ltr">b) predict how the system's behavior may evolve, and</p><p dir="ltr">c) select and execute recovery actions to restore system performance when appropriate.</p><p dir="ltr">Modern SHM technologies increasingly rely on intelligent autonomous control capabilities to manage system health and adapt behavior to maintain system performance.</p><p dir="ltr">This is achieved through complex nonlinear informational dependencies and control feedback loops that are difficult to design and verify using traditional risk assessment and resilience engineering methods.</p><p dir="ltr">This research contributes to enhancing the conceptual and preliminary design phases for developing resilient complex systems with embedded intelligent control-oriented behaviors.</p><p dir="ltr">It presents the required systems engineering tools and frameworks, enabling us to study the dynamic behavior of systems as they approach and recover from unsafe operations.</p><p dir="ltr">Further, it demonstrates how these tools and frameworks can quantify and gain insights into system resilience and support engineering decisions.</p><p dir="ltr">The work is contextualized within the broader systems engineering approach for designing complex, resilient extraterrestrial habitation systems.</p>

Systems engineering

Health management

Deep Space Missions

Habitation

Health Management system

Cyber Physical Systems (CPS)

Complex systems engineering

SOSLite: Soporte para Sistemas Ciber-Físicos y Computación en la Nube

Pradilla Ceron, Juan Vicente

16 January 2017

Cyber-Physical Systems (CPS) have become one of the greatest research topics today; because they pose a new complex discipline, which addresses big existing and future systems as the Internet, the Internet of Things, sensors networks and smart grids. As a recent discipline, there are many possibilities to improve the state of the art, interoperability being one of the most relevant. Thus, this thesis has been created within the framework of interoperability for CPS, by using the SOS (Sensor Observation Service) standard, which belongs to the SWE (Sensor Web Enablement) framework of the OGC (Open Geospatial Consortium). It has been developed to give rise to a new line of research within the Distributed Real-Time Systems and Applications group (SATRD for its acronym in Spanish) from the Communications Department of the Polytechnic University of Valencia (UPV for its acronym in Valencian). The approach, with which the interoperability in the CPS has been addressed, is of synthetic type (from parts to whole), starting from a verifiable and workable solution for interoperability in sensor networks, one of the most significant CPSs because it is integrated in many other CPSs, next adapting and testing the solution in more complex CPS, such as the Internet of Things. In this way, an interoperability solution in sensor networks is proposed based on the SOS, but adapted to some requirements that makes of this mechanism a lighter version of the standard, which facilitates the deployment of future implementations due to the possibility of using limited devices for this purpose. This theoretical solution is brought to a first implementation, called SOSLite, which is tested to determine its characteristic behavior and to verify the fulfillment of its purpose. Analogously, and starting from the same theoretical solution, a second implementation is projected called SOSFul, which proposes an update to the SOS standard so that it is lighter, more efficient and easier to use. The SOSFul, has a more ambitious projection by addressing the Internet of Things, a more complex CPS than sensors networks. As in the case of the SOSLite, tests are performed and validation is made through a use case. So, both the SOSLite and the SOSFul are projected as interoperability solutions in the CPS. Both implementations are based on the theoretical proposal of a light SOS and are available for free and under open source licensing so that it can be used by the research community to continue its development and increase its use. / Los Sistemas Ciber-Físicos (CPS) se han convertido en uno de los temas de investigación con mayor proyección en la actualidad; debido a que plantean una nueva disciplina compleja, que aborda sistemas existentes y futuros de gran auge como: la Internet, la Internet de las Cosas, las redes de sensores y las redes eléctricas inteligentes. Como disciplina en gestación, existen muchas posibilidades para aportar al estado del arte, siendo la interoperabilidad uno de los más relevantes. Así, esta tesis se ha creado en el marco de la interoperabilidad para los CPS, mediante la utilización del estándar SOS (Sensor Observation Service) perteneciente al marco de trabajo SWE (Sensor Web Enablement) del OGC (Open Geospatial Consortium). Se ha desarrollado para dar surgimiento a una nueva línea de investigación dentro del grupo SATRD (Sistemas y Aplicaciones de Tiempo Real Distribuidos) del Departamento de Comunicaciones de la UPV (Universitat Politècnica de València). La aproximación con la cual se ha abordado la interoperabilidad en los CPS es de tipo sintética (pasar de las partes al todo), iniciando desde una solución, verificable y realizable, para la interoperabilidad en las redes de sensores, uno de los CPS más significativos debido a que se integra en muchos otros CPS, y pasando a adaptar y comprobar dicha solución en CPS de mayor complejidad, como la Internet de las Cosas. De esta forma, se propone una solución de interoperabilidad en las redes de sensores fundamentada en el SOS, pero adaptada a unos requerimientos que hacen de este mecanismo una versión más ligera del estándar, con lo que se facilita el despliegue de futuras implementaciones debido a la posibilidad de emplear dispositivos limitados para tal fin. Dicha solución teórica, se lleva a una primera implementación, denominada SOSLite, la cual se prueba para determinar su comportamiento característico y verificar el cumplimiento de su propósito. De forma análoga y partiendo de la misma solución teórica, se proyecta una segunda implementación, llamada SOSFul, la cual propone una actualización del estándar SOS de forma que sea más ligero, eficiente y fácil de emplear. El SOSFul, tiene una proyección más ambiciosa al abordar la Internet de las Cosas, un CPS más complejo que las redes de sensores. Como en el caso del SOSLite, se realizan pruebas y se valida mediante un caso de uso. Así, tanto el SOSLite como el SOSFul se proyectan como soluciones de interoperabilidad en los CPS. Ambas implementaciones parten de la propuesta teórica de SOS ligero y se encuentran disponibles de forma gratuita y bajo código libre, para ser empleados por la comunidad investigativa para continuar su desarrollo y aumentar su uso. / Els sistemes ciberfísics (CPS, Cyber-Physical Systems) s'han convertit en un dels temes de recerca amb major projecció en l'actualitat, a causa del fet que plantegen una nova disciplina complexa que aborda sistemes existents i futurs de gran auge, com ara: la Internet, la Internet de les Coses, les xarxes de sensors i les xarxes elèctriques intel·ligents. Com a disciplina en gestació, hi ha moltes possibilitats per a aportar a l'estat de la qüestió, sent la interoperabilitat una de les més rellevants. Així, aquesta tesi s'ha creat en el marc de la interoperabilitat per als CPS, mitjançant la utilització de l'estàndard SOS (Sensor Observation Service) pertanyent al marc de treball SWE (Sensor Web Enablement) de l'OGC (Open Geospatial Consortium). S'ha desenvolupat per a iniciar una nova línia de recerca dins del Grup de SATRD (Sistemes i Aplicacions de Temps Real Distribuïts) del Departament de Comunicacions de la UPV (Universitat Politècnica de València). L'aproximació amb la qual s'ha abordat la interoperabilitat en els CPS és de tipus sintètic (passar de les parts al tot), iniciant des d'una solució, verificable i realitzable, per a la interoperabilitat en les xarxes de sensors, un dels CPS més significatius pel fet que s'integra en molts altres CPS, i passant a adaptar i comprovar aquesta solució en CPS de major complexitat, com la Internet de les Coses. D'aquesta forma, es proposa una solució d'interoperabilitat en les xarxes de sensors fonamentada en el SOS, però adaptada a uns requeriments que fan d'aquest mecanisme una versió més lleugera de l'estàndard, amb la qual cosa es facilita el desplegament de futures implementacions per la possibilitat d'emprar dispositius limitats a aquest fi. Aquesta solució teòrica es porta a una primera implementació, denominada SOSLite, que es prova per a determinar el seu comportament característic i verificar el compliment del seu propòsit. De forma anàloga i partint de la mateixa solució teòrica, es projecta una segona implementació, anomenada SOSFul, que proposa una actualització de l'estàndard SOS de manera que siga més lleuger, eficient i fàcil d'emprar. El SOSFul té una projecció més ambiciosa quan aborda la Internet de les Coses, un CPS més complex que les xarxes de sensors. Com en el cas del SOSLite, es realitzen proves i es valida mitjançant un cas d'ús. Així, tant el SOSLite com el SOSFul, es projecten com a solucions d'interoperabilitat en els CPS. Ambdues implementacions parteixen de la proposta teòrica de SOS lleuger, i es troben disponibles de forma gratuïta i en codi lliure per a ser emprades per la comunitat investigadora a fi de continuar el seu desenvolupament i augmentar-ne l'ús. / Pradilla Ceron, JV. (2016). SOSLite: Soporte para Sistemas Ciber-Físicos y Computación en la Nube [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/76808

Sensor Observation Service (SOS)

Cyber Physical Systems (CPS)

Fog Computing (FC)

Internet of Things (IoT)

Cloud Computing (CC)

Sensor Web Enablement (SWE)

INGENIERIA TELEMATICA

Achieving Compositional Security and Privacy in IoT Environments

Muslum Ozgur Ozmen (18870154)

11 September 2024

<p dir="ltr">The Internet of Things (IoT) systems include sensors that measure the physical world, actuators that influence it, and IoT apps that automate these sensors and actuators. Although IoT environments have revolutionized our lives by integrating digital connectivity into physical processes, they also introduce unique security and privacy concerns. Particularly, these systems include multiple components that are unified through the cyber and physical domains. For instance, smart homes include various devices and multiple IoT apps that control these devices. Thus, attacks against any single component can have rippling effects, amplifying due to the composite behavior of sensors, actuators, apps, and the physical environment.</p><p dir="ltr">In this dissertation, I explore the emerging security and privacy issues that arise from the complex physical interactions in IoT environments. To discover and mitigate these emerging issues, there is a need for composite reasoning techniques that consider the interplay between digital and physical domains. This dissertation addresses these challenges to build secure IoT environments and enhance user privacy with new formal techniques and systems.</p><p dir="ltr">To this end, I first describe my efforts in ensuring the safety and security of IoT en- vironments. Particularly, I introduced IoTSeer, a security service that discovers physical interaction vulnerabilities among IoT apps. I then proposed attacks that evade prior event verification systems by exploiting the complex physical interactions between IoT sensors and actuators. To address them, I developed two defenses, software patching and sensor placement, to make event verification systems robust against evasion attacks. These works provide a suite of tools to achieve compositional safety and security in IoT environments. </p><p dir="ltr">Second, I discuss my work that identifies the privacy risks of emerging IoT devices. I designed DMC-Xplorer to find vulnerabilities in voice assistant platforms and showed that an adversary can eavesdrop on privacy-sensitive device states and prevent users from controlling devices. I then developed a remote side-channel attack against intermittent devices to infer privacy-sensitive information about the environment in which they are deployed. These works highlight new privacy issues in emerging commodity devices used in IoT environments.</p>

Data and information privacy

System and network security

IoT Security

Cyber-physical systems security

Internet of Things

Privacy

Formal Methods

Design, Implementation and Validation of Resource-Aware and Resilient Wireless Networked Control Systems

Araújo, José

January 2014

Networked control over wireless networks is of growing importance in many application domains such as industrial control, building automation and transportation systems. Wide deployment however, requires systematic design tools to enable efficient resource usage while guaranteeing close-loop control performance. The control system may be greatly affected by the inherent imperfections and limitations of the wireless medium and malfunction of system components. In this thesis, we make five important contributions that address these issues.  In the first contribution, we consider event- and self-triggered control and investigate how to efficiently tune and execute these paradigms for appropriate control performance. Communication strategies for aperiodic control are devised, where we jointly address the selection of medium-access control and scheduling policies. Experimental results show that the best trade-off is obtained by a hybrid scheme, combining event- and self-triggered control together with contention-based and contention-free medium access control. The second contribution proposes an event-based method to select between fast and slow periodic sampling rates. The approach is based on linear quadratic control and the event condition is a quadratic function of the system state. Numerical and experimental results show that this hybrid controller is able to reduce the average sampling rate in comparison to a traditional periodic controller, while achieving the same closed-loop control performance. In the third contribution, we develop compensation methods for out-of-order communications and time-varying delays using a game-theoretic minimax control framework. We devise a linear temporal coding strategy where the sensor combines the current and previous measurements into a single packet to be transmitted. An experimental evaluation is performed in a multi-hop networked control scenario with a routing layer vulnerability exploited by a malicious application. The experimental and numerical results show the advantages of the proposed compensation schemes. The fourth contribution proposes a distributed reconfiguration method for sensor and actuator networks. We consider systems where sensors and actuators cooperate to recover from faults. Reconfiguration is performed to achieve model-matching, while minimizing the steady-state estimation error covariance and a linear quadratic control cost. The reconfiguration scheme is implemented in a room heating testbed, and experimental results demonstrate the method's ability to automatically reconfigure the faulty system in a distributed and fast manner. The final contribution is a co-simulator, which combines the control system simulator Simulink with the wireless network simulator COOJA. The co-simulator integrates physical plant dynamics with realistic wireless network models and the actual embedded software running on the networked devices. Hence, it allows for the validation of the complete wireless networked control system, including the study of the interactions between software and hardware components. / <p>QC 20140929</p>

wireless networked control systems

NCS

wireless communications

control

distributed reconfiguration

resilient

fault-tolerant control

IEEE 802.15.4

resource-aware

WNCS

aperiodic control

event-triggered

self-triggered

event-based

co-simulator

estimation

GISOO

MAC

scheduling

routing

RPL

delay

out-of-order communications

CPS

Cyber Physical Systems

Wireless Cyber Physical Systems

Wireless Cyber Physical Control Systems

Prise en compte des risques de cyber-attaques dans le domaine de la sécurité des systèmes cyber-physiques : proposition de mécanismes de détection à base de modèles comportementaux / Addressing cyber-attack risks for the security of cyber-physical systems : proposition of detection mechanisms based on behavioural models

Sicard, Franck

11 October 2018

Les systèmes de contrôle-commande industriels (Industrial Control System, ICS) sont des infrastructures constituées par un ensemble de calculateurs industriels reliés en réseau et permettant de contrôler un système physique. Ils assurent le pilotage de réseaux électriques (Smart Grid), de systèmes de production, de transports, de santé ou encore de systèmes d’armes. Pensés avant tout pour assurer productivité et respect de la mission dans un environnement non malveillant, les ICS sont, depuis le 21ème siècle, de plus en plus vulnérables aux attaques (Stuxnet, Industroyer, Triton, …) notamment avec l’arrivée de l’industrie 4.0. De nombreuses études ont contribué à sécuriser les ICS avec des approches issues du domaine de la sécurité (cryptographie, IDS, etc…) mais qui ne tiennent pas compte du comportement du système physique et donc des conséquences de l’acte de malveillance en lui-même. Ainsi, une sécurisation se limitant exclusivement à l’analyse des informations qui transitent sur un réseau industriel n’est pas suffisante. Notre approche amène un changement de paradigme dans les mécanismes de détection en y intégrant la modélisation du comportement du système cyber-physique.Cette thèse propose des mécanismes de détection d’attaques en se positionnant au plus proche de la physique. Ils analysent les données échangées entre le système de contrôle-commande et le système physique, et filtrent les échanges au travers de modèles déterministes qui représentent le comportement du système physique soumis à des lois de commande. A cet effet, une méthodologie de conception a été proposée dans laquelle l’ensemble des ordres est identifié afin de détecter les attaques brutales. Pour faire face aux autres attaques, en particulier celles plus sournoises, comme les attaques par séquences, nous proposons une stratégie de détection complémentaire permettant d’estimer l’occurrence d’une attaque avant que ses conséquences ne soient destructives. A cet effet, nous avons développé des concepts de distance d’un état caractérisé comme critique auquel nous avons adjoint un second mécanisme dit de trajectoire dans le temps permettant de caractériser une intention de nuire.L’approche proposée hybride ainsi deux techniques orientées sécurité (sonde IDS) et sûreté (approche filtre) pour proposer une stratégie de détection basée sur quatre mécanismes lié :• A la détection de contexte : basé sur l’état courant de l’ICS, un ordre émis par l’API peut être bloqué s’il conduit vers un état critique (attaque brutale).• Aux contraintes combinatoires (attaque par séquences) : vérifiées par les concepts de distance et de trajectoire (évolution de la distance).• Aux contraintes temporelles (attaque temporelle) : vérifiées par des fenêtres temporelles sur l’apparition d’évènements et d’indicateurs surveillant la durée moyenne d’exécution.• Aux sur-sollicitations basées sur un indicateur surveillant les commandes envoyées afin de prévenir un vieillissement prématuré (attaque sur les équipements).L’approche proposée a été appliquée sur différents exemples de simulation et sur une plateforme industrielle réelle où la stratégie de détection a montré son efficacité face à différents profils d’attaquant. / Industrial Control Systems (ICSs) are infrastructures composed by several industrial devices connected to a network and used to control a physical system. They control electrical power grid (Smart Grid), production systems (e.g. chemical and manufacturing industries), transport (e.g. trains, aircrafts and autonomous vehicles), health and weapon systems. Designed to ensure productivity and respect safety in a non-malicious environment, the ICSs are, since the 21st century, increasingly vulnerable to attacks (e.g. Stuxnet, Industroyer, Triton) especially with the emergence of the industry 4.0. Several studies contributed to secure the ICS with approaches from the security field (e.g. cryptography, IDS) which do not take into account the behavior of the physical system and therefore the consequences of the malicious act. Thus, a security approach limited exclusively to the analysis of information exchanged by industrial network is not sufficient. Our approach creates a paradigm shift in detection mechanisms by integrating the behavioral modeling of the cyber-physical system.This thesis proposes detection mechanisms of attacks by locating detection closer to physical system. They analyze the data exchanged between the control system and the physical system, and filter the exchanges through deterministic models that represent the behavior of the physical system controlled by control laws. For this purpose, a design methodology has been proposed in which all actions are identified in order to instantly detect brutal attacks. To deal with other attacks, especially the more sneaky, such as sequential attacks, we propose a complementary detection strategy to estimate the occurrence of an attack before its consequences are destructive. To this end, we have developed the concepts of distance of a state identified as critical to which we have added a second mechanism called trajectory which leads to a temporal notion that characterize an intention to harm.As part of this thesis, the proposed approach combines two techniques oriented security (IDS probe) and safety (filter approach) to propose a detection strategy based on four mechanisms related to:• Context detection: based on the current state of the system, an order sent by the PLC can be blocked by the control filter if it leads to a critical state (brutal attack).• Combinatorial constraints (sequential attack): verified by the concepts of distance (risk indicator for the current state) and trajectory (indicator of the intention to harm by studying the evolution of the distance on a sequence).• Temporal constraints (temporal attack): verified by time windows on the appearance of events and an indicator monitoring the average duration of execution.• Over-solicitation monitoring mechanism: based on an indicator monitoring orders sent to the actuators to prevent premature ageing of the production equipment (attack on the equipment).The proposed approach has been applied to various simulation examples and an industrial platform where the detection strategy has shown its effectiveness against different scenarios corresponding to attacker profiles.

Détection à base de modèles

Surveillance

Contrôle-Commande

Systèmes à évènements discrets

Cybersécurité

Systèmes Cyber-Physiques

Model-Based Detection

System Monitoring

Industrial Control Systems

Discrete-Event Systems

Cybersecurity

Cyber-Physical Systems

004

IoMT-Based Accurate Stress Monitoring for Smart Healthcare

Rachakonda, Laavanya

05 1900

This research proposes Stress-Lysis, iLog and SaYoPillow to automatically detect and monitor the stress levels of a person. To self manage psychological stress in the framework of smart healthcare, a deep learning based novel system (Stress-Lysis) is proposed in this dissertation. The learning system is trained such that it monitors stress levels in a person through human body temperature, rate of motion and sweat during physical activity. The proposed deep learning system has been trained with a total of 26,000 samples per dataset and demonstrates accuracy as high as 99.7%. The collected data are transmitted and stored in the cloud, which can help in real time monitoring of a person's stress levels, thereby reducing the risk of death and expensive treatments. The proposed system has the ability to produce results with an overall accuracy of 98.3% to 99.7%, is simple to implement and its cost is moderate. Chronic stress, uncontrolled or unmonitored food consumption, and obesity are intricately connected, even involving certain neurological adaptations. In iLog we propose a system which can not only monitor but also create awareness for the user of how much food is too much. iLog provides information on the emotional state of a person along with the classification of eating behaviors to Normal-Eating or Stress-Eating. This research proposes a deep learning model for edge computing platforms which can automatically detect, classify and quantify the objects in the plate of the user. Three different paradigms where the idea of iLog can be performed are explored in this research. Two different edge platforms have been implemented in iLog. The platforms include mobile, as it is widely used, and a single board computer which can easily be a part of network for executing experiments, with iLog Glasses being the main wearable. The iLog model has produced an overall accuracy of 98% with an average precision of 85.8%. Smart-Yoga Pillow (SaYoPillow) is envisioned as a device that may help in recognizing the importance of a good quality sleep to alleviate stress while establishing a measurable relationship between stress and sleeping habits. A system that analyzes the sleeping habits by continuously monitoring the physiological changes that occur during rapid eye movement (REM) and non-rapid eye movement (NREM) stages of sleep is proposed in the current work. In addition to the physiological parameter changes, factors such as sleep duration, snoring range, eye movement, and limb movements are also monitored. The SaYoPillow system is processed at the edge level with the storage being at the cloud. SaYoPillow has 96% accuracy which is close to other existing research works. This research can not only help in keeping an individual self-aware by providing immediate feedback to change the lifestyle of the person in order to lead a healthier life, but can also play a significant role in the state-of-the-art by allowing computing on the edge devices.

Computer Science

Health Sciences, Mental Health

Návrh digitálního dvojčete CNC obráběcího stroje / Design of digital twinn of CNC machine tool

Staněk, Václav

January 2019

The Master’s thesis deals with design of digital twins of machine tools and application of designed procedure on a case study – digital twin of the machine tool MCV 754 Quick. In the first part are described current roles of digital twins in the field of machine tools and also hardware and software options for creating them. Software and hardware tools by Siemens (Mechatronics Concept Designer and SIMIT) are used for the case study. The complex procedure of creating the digital twin is designed in the second part, starting with preparation of a model, ending with the virtual commissioning of the machine tool MCV 754 Quick. The procedure is described in detail, including preparation of 3D model of the machine tool, assignment of physical properties and joints, preparation of PLC, connection all the elements of the whole system: Sinumerik – SIMIT – Mechatronics Concept Designer and controlling the twin via CNC automation system. Output of the thesis is the virtually commissioned machine tool, capable of being controlled by Sinumerik 840D sl. This is the first step in development of the full-fledged digital twin of machine tool, which can be used for testing the functionality and capability of this new technology in industry.

Commande PI basée sur la passivité : application aux systèmes physiques / PI Passivity-Based Control : Application to Physical Systems

Cisneros Montoya, Rafael

13 July 2016

Le régulateur PID (Proportionnel-Intégral-Dérivée) est la commande par retour d'état la plus connue. Elle permet d'aborder un bon nombre de problèmes de commande, particulièrement pour des systèmes faiblement non linéaire et dont la performance requise est relativement modeste. En plus, en raison de sa simplicité, la commande PID est largement utilisée en l'industrie. Étant donnés que les méthodes de réglage de la commande PID sont basées sur la linéarisation, la synthèse d'un contrôleur autour d'un point d'équilibre est relativement simple, néanmoins, la performance sera faible dans des modes de fonctionnement loin du point d'équilibre. Pour surmonter ce désavantage, une pratique courante consiste en adapter les gains du PID, procédure connue sous le nom de séquencement de gain (ou gain-scheduling en anglais). Il y a plusieurs désavantages à cette procédure, comme la commutation des gains de la commande et la définition -non triviale- des régions de l'espace d'état dans lesquelles cette commutation aura lieu. Ces deux problèmes se compliquent quand la dynamique est fortement non linéaire. Dans d'autres méthodes, la synthèse de la commande utilise des schémas empiriques, ce qui ne permet pas l'analyse de la stabilité globale du processus. Dans ce contexte, ce travail de thèse a pour objectif de synthétiser des contrôleurs PI, basés sur la passivité, de telle sorte que la stabilité globale du système en boucle fermé soit garantie. L'un des avantages à utiliser la passivité est son attrait intuitif, qui exploite les propriétés physique des systèmes. L'idée centrale dans un système passive est que l'écoulement d'énergie entrante au système provenant de l'extérieur n'est pas inférieur à l'incrément de son énergie de stockage. Par conséquence, ces systèmes ne peuvent pas stocker plus d'énergie que celle fournie, dont la différence correspond à l'énergie dissipée. En introduisant le concept d'énergie, cette méthodologie nous permet de formuler le problème de commande en celui de trouver un système dynamique dont la fonction de stockage d'énergie prend la forme désirée. En incorporant le concept d'énergie cette méthode devient accessible à la communauté de praticiens et permets de fournir des interprétations physique de l'action de commande. Dans cette thèse, une méthodologie constructive de commande PI basée sur la passivité est présentée et motivée par des applications à des systèmes physiques. / One of the best known forms of feeding back a system is through a three-term control law called PID (Proportional-Integral-Derivative) controller. PID controllers are sufficient for many control problems, particularly when process dynamics are not highly nonlinear and the performance requirements are modest. Besides, because of its simple structure, the PID controller is the most adopted control scheme by industry and practitioners, beeing the PI the form mostly employed. Since the PI tuning methods are based on the linearization, commissioning a PI to operate around a single operating point is relatively easy, however, the performance will be below par in wide operating regimes. To overcome this drawback the current practice is to re-tune the gains of the PI controllers based on a linear model of the plant evaluated at various operating points, a procedure known as gain-scheduling. There are several disadvantages of gain-scheduling including the need to switch (or interpolate) the controller gains and the non-trivial definition of the regions in the plants state space where the switching takes place - both problems are exacerbated if the dynamics of the plant is highly nonlinear. In other common scenarios, a little information about the process dynamics or only a "good" linear approximation is taken into account when designing the control design. This impedes to analyse the global stability of the system. In this context, the current thesis work is aimed at the designing of PI controllers, based on the passivity theory, such that the stability of the closed-loop system is guarantied. One of the main advantages of passivity concepts is that they offer a physical and intuitive appeal. The primary idea in passive systems is that the power flowing into the system is not less that the increase of storage. Thus, they cannot store more energy than is supplied to it from the outside, with the difference being the dissipated energy. Thus, introducing the concept of energy, this methodology allows to recast the control problem as finding a dynamical system such that system energy function takes the desired form. Also, with this formulation, the communication between practitioners and control theorists is facilitated, incorporating prior knowledge of the system and providing physical interpretations of the control action. In this thesis, a constructive methodology for deriving PI passivity-based controllers is presented and motivated by the application to physical systems.

Commande PI basée sur la passivité

PI-PBC pour systèmes physiques

Commande d'éoliens

Comande de convertisseurs

PI-PBC pour le problème de suivi

PI Passivity-Based Control

PI-PBC for physical systems

Control of windmill

Control for power converters

Tracking PI-PBC

Verteilte Mobilität - Eine spannende Herausforderung

Werner, Matthias

05 July 2013

Cyber-physikalische Systeme (CPS) sind eine erweitere Sicht auf eingebettete Systeme, die die konkreten umgebenden Elemente in das Systemdesign einbeziehen. Das Design solcher Systeme erfordert neue Herangehensweisen: Während beispielsweise in "normalen" verteilten Systemen Aspekte wie "Bewegung" oder "Ort" möglichst transparent und damit für den Nutzer unsichtbar gestaltet werden, benötigen CPS-Anwendungen häufig Bewusstsein für Bewegung oder Ort, d.h., sie sind _motion aware_ oder _location aware_. Die Professur "Betriebssysteme" der TUC hat sich die Frage gestellt, wie eine generische Unterstützung für solche verteilte mobile Systeme aussehen könnte. Im Vortrag werden Probleme, Konzepte und erste Lösungsansätze für ein künftiges Betriebssystem für diese Art von Systemen vorgestellt.

info:eu-repo/classification/ddc/005

ddc:005