Foundations of Secure Cyber Physical Systems

Abstract

Cyber-physical systems regulating critical infrastructures, such as electrical grids and water networks, are increasingly geographically distributed, necessitating communication between remote sensors, actuators and controllers. The combination of networked computational and physical subsystems leads to new security vulnerabilities that adversaries can exploit with devastating consequences. A synchronized attack on the interdependent network components and physical plants can create complex and new security vulnerabilities that cannot be addressed by securing the constituent systems individually.

This project is taking a holistic view by utilizing the properties of physical systems to design new secure protocols and architectures for cyber-physical systems (CPS) through a unified conceptual framework, which uses models for the physical system and the communication/ computation network to define precise attack models and vulnerabilities. These mathematical models are then being used to design algorithms and proto- cols with provable operational security guarantees, thus enabling the design of more trustworthy architectures and components.

In the first year, we have taken several important steps towards this goal. In particular, we have laid some of the theoretical foundations of operating and controlling cyber-physical systems, despite adversarial attacks on sensors, actuators and communication links. We have also made progress on developing testbeds that would enable us to not only validate ideas, but also guide us to the foundational questions to be investigated. The following were the main research activities that the team undertook in the first year.
Secure estimation and control for cyber-physical systems under adversarial attacks: Several critical infrastructures such as the power grid, water distribution systems, oil and gas refineries and pipelines, etc, is supported by numerous feedback control loops. To implement these feedback control loops, state estimation is a basic component. An adversary can disable the control mechanism and disrupt or destroy the operation of the critical infrastructure by attacking sensors and actuators in the system. We have developed a new methods for state estimation and control despite sensor and actuator attacks, which are provably optimal for such attacks. These ideas connect to real-error correction and computationally efficient methods relate to compressive sensing.
Cryptographic techniques for secure distributed control: In distributed control, one needs to compute a control function when observations are dispersed over several nodes. Moreover, since some of these nodes could have been corrupted by adversaries, this control function would need to be computed securely. This connects the problem to the classical multiparty secure computation problem studied in cryptography. A critical capability for this type of distributed control mechanism is adaptive security – that is, the system should continue to function in a secure manner even if nodes are corrupted during the execution of the distributed controller. We have resolved the (longstanding open) problem of achieving adaptively security for distributed (multiparty, controller) computation even when the majority of the nodes are corrupted.
Distributed secure control under communication attacks: Most work on multiparty computation is re- lated to communication topologies where the nodes can directly establish secure communication links with one another. Much less is known when nodes communicate over multiple hops, as would be the case when the nodes are dispersed over a large geographical area. These are called sparsely connected networks. In this work we initated the study of distributed secure control when there are both communication attacks as well as cor- rupted nodes in sparsely connected networks. We showed that even for very sparse networks that are specially designed there are protocols that guarantee correctness, security and privacy for almost all participants. Testbeds for sensor tampering and asynchronous networked control: In order to study the vulnera- bilities of sensors/actuators, we have chosen to initially study sensors in Anti-lock Brake System (ABS) in automobiles. We are studyin the question of how to attack (tamper with) the ABS sensors using the least amount of electronics and mechanisms that cause the greatest damage to the vehicle. By these questions, one can start to think about how to design a secure controller that can be robust to such attacks. As part of this activity we also created a real-time emulation engine where suitable combinations of high-level models of plant, controller, sensor, and actuator behaviors can be executed in real-time. We are also developing a testbed for developing robustness in asynchronous networked control.

Award ID: 1136174

 

  • Automotive
  • CPS Domains
  • Smart Grid
  • Testing
  • Control
  • Energy
  • Modeling
  • Systems Engineering
  • Critical Infrastructure
  • Wireless Sensing and Actuation
  • Science of Security
  • Transportation
  • Validation and Verification
  • CPS Technologies
  • Foundations
  • National CPS PI Meeting 2012
  • 2012
  • Poster
  • Academia
  • CPS PI MTG 12 Posters & Abstracts
  • CPS Security
Submitted by Suhas Diggavi on