Secure Detection in Cyberphysical Control Systems

Chabukswar, Rohan

01 May 2014

A SCADA system employing the distributed networks of sensors and actuators that interact with the physical environment is vulnerable to attacks that target the interface between the cyber and physical subsystems. An attack that hijacks the sensors in an attempt to provide false readings to the controller (for example, the Stuxnet worm that targeted Iran’s nuclear centrifuges) can be used to feign normal system operation for the control system, while the attacker can hijack the actuators to send the system beyond its safety range. This thesis extends the results of a previously proposed method. The original method proposed addition of a randomized “watermarking” signal and checking for the presence of this signal and its effects in the received sensor measurements. Since the control inputs traverse the cyberphysical boundary and make their effects apparent in the sensor measurements, they are employed to carry this watermarking signal through to the system and back to the SCADA controller. The sensor measurements are compared to the expected measurements (calculated using a suitably delayed model of the system within the controller). This methodology is based on using the statistics of the linear system and its controller. The inclusion of a randomized signal on the control inputs induces an increase in the performance cost of the physical system. This thesis proposes a method of optimization of the watermarking signal based on the trade-off between this performance cost and the attack detection rate, by leveraging the distribution the watermarking signal over multiple inputs and multiple outputs. It is further proved that regardless of the number of inputs and outputs in the system, only one watermarking signal needs to be generated. This optimization, and its necessity in improving the effectiveness of the detector without detriment to the performance cost, are demonstrated on a simulated chemical plant. The thesis also proposes another methodology that does not rely on these statistics, but is instead based on calculating the correlation between the received sensor measurements and the expected measurements accrued from the model inside the controller. Generalizing the form of attack even further to attacks that target the integrity of the data sent to the actuators and received from the sensors, this thesis demonstrates the effect of such integrity attack on electricity market operations, where the attacker successfully uses a vulnerability in the Global Position System to break synchronicity among dispersed phasor measurements to gain a competitive advantage over other bidders in the electricity market. In an effort to make state estimation robust against integrity attacks, the sensors and states are modeled as binary variables. Sensor networks use binary measurements and state estimations for several reasons, including communication and processing overheads. Such a state estimator is vulnerable to attackers that can hijack a subset of the sensors in an effort to change the state estimate. This thesis proposes a method for designing the estimators using the concept of invariant sets. This methodology relies on identifying the sets of measurement vectors for which no amount of manipulation by the attacker can change estimate, and maximizing the probability that the sensor measurement vector lies in this set. Although the problem of finding the best possible invariant sets for a general set of sensors has double-exponential complexity, by using some simplifications on the types of sensors, this can be reduced significantly. For the problem that employs all sensors of the same type, this method reduces to a linear search. For sensors that can be classified into two types, this complexity reduces to a search over a two-dimensional space, which is still tractable. Further increase in the confidence of the estimate can be achieved by considering the correlation between the sensor measurements.

control

cyberphysical systems

secure control

scada

Applications of Information Inequalities to Linear Systems : Adaptive Control and Security

Ziemann, Ingvar

January 2021

This thesis considers the application of information inequalities, Cramér-Rao type bounds, based on Fisher information, to linear systems. These tools are used to study the trade-offs between learning and performance in two application areas: adaptive control and control systems security. In the first part of the thesis, we study stochastic adaptive control of linear quadratic regulators (LQR). Here, information inequalities are used to derive instance-dependent  regret lower bounds. First, we consider a simplified version of LQR, a memoryless reference tracking model, and show how regret can be linked to a cumulative estimation error. This is then exploited to derive a regret lower bound in terms of the Fisher information generated by the experiment of the optimal policy. It is shown that if the optimal policy has ill-conditioned Fisher information, then so does any low-regret policy. This is combined with a Cramér-Rao bound to give a regret lower bound on the order of magnitude square-root T in the time-horizon  for a class of instances we call uninformative. The lower bound holds for all policies which depend smoothly on the underlying parametrization. Second, we extend these results to the general LQR model, and to arbitrary affine parametrizations of the instance parameters. The notion of uninformativeness is generalized to this situation to give a structure-dependent rank condition for when logarithmic regret is impossible. This is done by reduction of regret to a cumulative Bellman error. Due to the quadratic nature of LQR, this Bellman error turns out to be a quadratic form, which again can be interpreted as an estimation error. Using this, we prove a local minimax regret lower bound, of which the proof relies on relating the minimax regret to a Bayesian estimation problem, and then using Van Trees' inequality. Again, it is shown that an appropriate information quantity of any low regret policy is similar to that of the optimal policy and that any uninformative instance suffers local minimax regret at least on the order of magnitude square-root T. Moreover, it shown that the notion of uninformativeness when specialized to certain well-understood scenarios yields a tight characterization of square-root-regret. In the second part of this thesis, we study control systems security problems from a Fisher information point of view. First, we consider a secure state estimation problem and characterize the maximal impact an adversary can cause by means of least informative distributions -- those which maximize the Cramér-Rao bound. For a linear measurement equation, it is shown that the least informative distribution, subjected to variance and sparsity constraints, can be solved for by a semi-definite program, which becomes mixed-integer in the presence of sparsity constraints. Furthermore, by relying on well-known results on minimax and robust estimation, a game-theoretic interpretation for this characterization of the maximum impact is offered. Last, we consider a Fisher information regularized minimum variance control objective, to study the trade-offs between parameter privacy and control performance. It is noted that this can be motivated for instance by learning-based attacks, in which case one seeks to leak as little information as possible to a system-identification adversary. Supposing that the feedback law is linear, the noise distribution minimizing the trace of Fisher information subject to a state variance penalty is found to be conditionally Gaussian. / <p>QC 20210310</p><p>QC 20210310</p>

Stochastic Adaptive Control

Machine Learning

Fisher Information

Secure Control

Fundamental Limitations

Reinforcement Learning

Control Engineering

Reglerteknik

Ενσωματωμένο σύστημα ασφαλούς ελέγχου, προστασίας και ανανέωσης λογισμικού απομακρυσμένου υπολογιστή μέσω διαδικτύου

Σπανού, Ελένη

13 September 2011

Είναι ευρέως αποδεκτό ότι η ασφάλεια δεδομένων έχει ήδη ξεκινήσει να διαδραματίζει κεντρικό ρόλο στον σχεδιασμό μελλοντικών συστημάτων τεχνολογίας πληροφορίας (IT – Information Technology). Μέχρι πριν από λίγα χρόνια, ο υπολογιστής αποτελούσε την κινητήρια δύναμη της ψηφιακής επικοινωνίας. Πρόσφατα, ωστόσο, έχει γίνει μια μετατόπιση προς τις εφαρμογές τεχνολογίας πληροφορίας που υλοποιούνται σαν ενσωματωμένα συστήματα. Πολλές από αυτές τις εφαρμογές στηρίζονται σε μεγάλο βαθμό σε μηχανισμούς ασφαλείας, περιλαμβάνοντας την ασφάλειας για ασύρματα τηλέφωνα, φαξ, φορητούς υπολογιστές, συνδρομητική τηλεόραση, καθώς και συστήματα προστασίας από αντιγραφή για audio / video καταναλωτικά προϊόντα και ψηφιακούς κινηματογράφους. Το γεγονός ότι ένα μεγάλο μέρος των ενσωματωμένων εφαρμογών είναι ασύρματο, καθιστά το κανάλι επικοινωνίας ιδιαίτερα ευάλωτο και φέρνει στο προσκήνιο την ανάγκη για ακόμη μεγαλύτερη ασφάλεια. Παράλληλα με τα ενσωματωμένα συστήματα, η εκρηκτική ανάπτυξη των ψηφιακών επικοινωνιών έχει επιφέρει πρόσθετες προκλήσεις για την ασφάλεια. Εκατομμύρια ηλεκτρονικές συναλλαγές πραγματοποιούνται κάθε μέρα, και η ταχεία ανάπτυξη του ηλεκτρονικού εμπορίου κατέστησε την ασφάλεια ένα θέμα ζωτικής σημασίας για πολλές καταναλωτές. Πολύτιμες επιχειρηματικές ευκαιρίες , καθώς επίσης και πολλές υπηρεσίες πραγματοποιούνται κάθε μέρα μέσω του Διαδικτύου και πλήθος ευαίσθητων δεδομένων μεταφέρονται από ανασφαλή κανάλια επικοινωνίας σε όλο τον κόσμο. Η επιτακτική ανάγκη για την αντιμετώπιση αυτών των προβλημάτων, κατέστησε πολύ σημαντική την συμβολή της κρυπτογραφίας, και δημιούργησε μια πολύ υποσχόμενη λύση, με την οποία ενσωματωμένα συστήματα σε συνδυασμό με κρυπτογραφικά πρωτόκολλα, θα μπορούσαν να μας οδηγήσουν στην εξασφάλιση των επιθυμητών αποτελεσμάτων. Στην παρούσα εργασία, παρουσιάζουμε την υλοποίηση ενός ενσωματωμένου συστήματος, εμπλουτισμένο με κρυπτογραφικά πρωτόκολλα, που ουσιαστικά μεταμορφώνει έναν κοινό ηλεκτρονικό υπολογιστή σε ένα ισχυρό Crypto System PC, και έχει σαν κύρια αρμοδιότητα να μπορεί να επικοινωνεί με ένα υπολογιστικό σύστημα και να στέλνει πληροφορίες για την κατάσταση του μέσω ασφαλούς σύνδεσης διαδικτύου σε κάποιον απομακρυσμένο υπολογιστή ελέγχου/καταγραφής συμβάντων σε ώρες που δεν είναι εφικτή η παρουσία εξειδικευμένου προσωπικού για τον έλεγχο του. Αξιολογούμε την απόδοση του και την λειτουργία του με την εκτέλεση διάφορων πειραμάτων, ενώ επίσης προτείνουμε λύσεις για πιο ιδανικές και αποδοτικές συνθήκες λειτουργίας για μελλοντικές εφαρμογές. / It is widely recognized that data security already plays a central role in the design of future IT systems.Until a few years ago, the PC had been the major driver of the digital economy. Recently, however, there has been a shift towards IT applications realized as embedded systems.Many of those applications rely heavily on security mechanisms, including security for wireless phones, faxes, wireless computing, pay-TV, and copy protection schemes for audio/video consumer products and digital cinemas. Note that a large share of those embedded applications will be wireless, which makes the communication channel especially vulnerable and the need for security even more obvious. In addition to embedded devices, the explosive growth of digital communications also brings additional security challenges. Millions of electronic transactions are completed each day, and the rapid growth of eCommerce has made security a vital issue for many consumers. Valuable business opportunities are realized over the Internet and megabytes of sensitive data are transferred and moved over insecure communication channels around the world. The urgent need to face these problems has made the contribution of cryptography very important , and created a very promising solution, in which embedded systems in combination with cryptographic protocols, could lead us to obtain the desired results. In this paper, we present the implementation of an embedded system, enriched with cryptographic protocols, which turns a common computer into a powerful Crypto System PC, and has as its primary responsibility to be able to communicate with a computer system and send information for its situation through secure internet connections to a remote computer which is responsible for recording of events, when there is not qualified staff to control the computer system. We evalauate its performance and operation, by executing various experiments and we also suggest solutions for more optimal and efficient operating conditions for future applications.

Ανανέωση λογισμικού

005.82

Embedded systems

Remote computer software protection

Remote computer software update

Secure control via Internet

Secure encrypted connection

Cryptographic protocols

Hush functions

DES

AES-128

CAST-128

SHA-1

MD5