Visible to the public Actuator Security

SoS Newsletter- Advanced Book Block


SoS Logo

Acutator Security

At the October Quarterly meeting of the Lablets at the University of Maryland, discussion about resiliency and composability identified the need to build secure sensors and actuators. The works cited here address the problems of actuator security and were presented or published in 2014.

  • Shafagh, H.; Hithnawi, A., "Poster Abstract: Security Comes First, a Public-key Cryptography Framework for the Internet of Things," Distributed Computing in Sensor Systems (DCOSS), 2014 IEEE International Conference on, pp.135,136, 26-28 May 2014. doi: 10.1109/DCOSS.2014.62 Novel Internet services are emerging around an increasing number of sensors and actuators in our surroundings, commonly referred to as smart devices. Smart devices, which form the backbone of the Internet of Things (IoT), enable alternative forms of user experience by means of automation, convenience, and efficiency. At the same time new security and safety issues arise, given the Internet-connectivity and the interaction possibility of smart devices with human's proximate living space. Hence, security is a fundamental requirement of the IoT design. In order to remain interoperable with the existing infrastructure, we postulate a security framework compatible to standard IP-based security solutions, yet optimized to meet the constraints of the IoT ecosystem. In this ongoing work, we first identify necessary components of an interoperable secure End-to-End communication while incorporating Public-key Cryptography (PKC). To this end, we tackle involved computational and communication overheads. The required components on the hardware side are the affordable hardware acceleration engines for cryptographic operations and on the software side header compression and long-lasting secure sessions. In future work, we focus on integration of these components into a framework and the evaluation of an early prototype of this framework.
    Keywords: IP networks; Internet; Internet of Things; open systems; public key cryptography; IP-based security solutions; Internet of Things; Internet services; Internet-connectivity; IoT; end-to-end communication; interoperability; public-key cryptography; safety issues; security issues; smart devices; Acceleration; Cryptography; Engines; Hardware; Internet of Things; Protocols (ID#:14-3140)
  • Djouadi, S.M.; Melin, A.M.; Ferragut, E.M.; Laska, J.A.; Jin Dong, "Finite Energy And Bounded Attacks On Control System Sensor Signals," American Control Conference (ACC), 2014, pp.1716, 1722, 4-6 June 2014. doi: 10.1109/ACC.2014.6859001 Control system networks are increasingly being connected to enterprise level networks. These connections leave critical industrial controls systems vulnerable to cyber-attacks. Most of the effort in protecting these cyber-physical systems (CPS) from attacks has been in securing the networks using information security techniques. Effort has also been applied to increasing the protection and reliability of the control system against random hardware and software failures. However, the inability of information security techniques to protect against all intrusions means that the control system must be resilient to various signal attacks for which new analysis methods need to be developed. In this paper, sensor signal attacks are analyzed for observer-based controlled systems. The threat surface for sensor signal attacks is subdivided into denial of service, finite energy, and bounded attacks. In particular, the error signals between states of attack free systems and systems subject to these attacks are quantified. Optimal sensor and actuator signal attacks for the finite and infinite horizon linear quadratic (LQ) control in terms of maximizing the corresponding cost functions are computed. The closed-loop systems under optimal signal attacks are provided. Finally, an illustrative numerical example using a power generation network is provided together with distributed LQ controllers.
    Keywords: {closed loop systems; computer network reliability; computer network security; linear quadratic Gaussian control; sensors; CPS protecting; actuator signal attacks; attack free systems; bounded attacks; closed-loop systems; control system networks; control system protection; control system reliability; control system sensor signals; cost functions maximization; critical industrial controls systems; cyber-attacks; cyber-physical systems protection; distributed LQ controllers; enterprise level networks; error signals; finite energy; hardware failures; information security techniques ;linear quadratic control; networks security ;observer-based controlled systems; power generation network; sensor signal attacks; software failures; threat surface; Closed loop systems; Computer crime; Cost function; Eigenvalues and eigenfunctions; Generators; Vectors; Control applications; Emerging control theory; Fault-tolerant systems (ID#:14-3141)
  • Manandhar, K.; Xiaojun Cao; Fei Hu; Yao Liu, "Combating False Data Injection Attacks in Smart Grid using Kalman Filter," Computing, Networking and Communications (ICNC), 2014 International Conference on, pp.16,20, 3-6 Feb. 2014. doi: 10.1109/ICCNC.2014.6785297 The security of Smart Grid, being one of the very important aspects of the Smart Grid system, is studied in this paper. We first discuss different pitfalls in the security of the Smart Grid system considering the communication infrastructure among the sensors, actuators, and control systems. Following that, we derive a mathematical model of the system and propose a robust security framework for power grid. To effectively estimate the variables of a wide range of state processes in the model, we adopt Kalman Filter in the framework. The Kalman Filter estimates and system readings are then fed into the χ2-square detectors and the proposed Euclidean detectors, which can detect various attacks and faults in the power system including False Data Injection Attacks. The χ2-detector is a proven-effective exploratory method used with Kalman Filter for the measurement of the relationship between dependent variables and a series of predictor variables. The χ2-detector can detect system faults/attacks such as replay and DoS attacks. However, the study shows that the χ2-detector detectors are unable to detect statistically derived False Data Injection Attacks while the Euclidean distance metrics can identify such sophisticated injection attacks.
    Keywords: Kalman filters; computer network security; electric sensing devices; fault diagnosis; power engineering computing; power system faults; power system security; power system state estimation; smart power grids;χ2-square detector; DoS attacks; Euclidean detector; Euclidean distance metrics; Kalman filter; actuators; communication infrastructure; control systems; false data injection attack detection; fault detection; mathematical model; power system; predictor variable series; sensors; smart power grid security; state process; Detectors; Equations; Kalman filters; Mathematical model; Security; Smart grids (ID#:14-3142)
  • Manandhar, K.; Cao, X.; Hu, F.; Liu, Y., "Detection of Faults and Attacks Including False Data Injection Attack in Smart Grid Using Kalman Filter," Control of Network Systems, IEEE Transactions on, vol. PP, no.99, pp.1,1, September 2014. doi: 10.1109/TCNS.2014.2357531 By exploiting the communication infrastructure among the sensors, actuators, and control systems, attackers may compromise the security of smart grid systems, with techniques such as Denial of Service (DoS) attack, random attack and data injection attack. In this paper, we present a mathematical model of the system to study these pitfalls and propose a robust security framework for smart grid. Our framework adopts Kalman Filter to estimate the variables of a wide range of state processes in the model. The estimates from the Kalman Filter and the system readings are then fed into the 2-detector or the proposed Euclidean detector. The 2-detector is a proven effective exploratory method used with Kalman Filter for the measurement of the relationship between dependent variables and a series of predictor variables. The 2-detector can detect system faults/attacks such as DoS attack, short termed and long termed random attacks. However, the study shows that the 2- detector is unable to detect the statistically derived False Data Injection attack. To overcome this limitation, we prove that Euclidean detector can effectively detect such a sophisticated injection attack.
    Keywords: Detectors; Equations; Kalman filters; Mathematical model; Security; Smart grids (ID#:14-3143)
  • Zhuoping Yu; Junxian Wu; Lu Xiong, "Research of Stability Control Of Distributed Drive Electric Vehicles Under Motor Failure Modes," Transportation Electrification Asia-Pacific (ITEC Asia-Pacific), 2014 IEEE Conference and Expo, pp. 1, 5, Aug. 31 2014-Sept. 3 2014. doi: 10.1109/ITEC-AP.2014.6940723 With the application and promotion of electric vehicles, vehicle security problems caused by actuator reliability have become increasingly prominent. Firstly, the paper analyses and sums motor failure modes and their effects of permanent magnet synchronous motor (PMSM) , which is commonly used on electric vehicles. And then design a hierarchical structure of the vehicle control strategies and the corresponding algorithms, and adjust based on the different failure modes. Finally conduct simulation conditions in CarSim environment. Verify the control strategy and algorithm can maintain vehicle stability and reduce the burden on driver under motor failure conditions.
    Keywords: DC motors; Permanent magnet motors; Stability analysis; Synchronous motors; Torque; Vehicles; Wheels; Control allocation algorithm; Distributed drive electric vehicles; Motor failure; Vehicle safety (ID#:14-3144)
  • Mitchell, R.; Ing-Ray Chen, "Adaptive Intrusion Detection of Malicious Unmanned Air Vehicles Using Behavior Rule Specifications," Systems, Man, and Cybernetics: Systems, IEEE Transactions on, vol. 44, no.5, pp.593, 604, May 2014. doi: 10.1109/TSMC.2013.2265083 In this paper, we propose an adaptive specification-based intrusion detection system (IDS) for detecting malicious unmanned air vehicles (UAVs) in an airborne system in which continuity of operation is of the utmost importance. An IDS audits UAVs in a distributed system to determine if the UAVs are functioning normally or are operating under malicious attacks. We investigate the impact of reckless, random, and opportunistic attacker behaviors (modes which many historical cyber attacks have used) on the effectiveness of our behavior rule-based UAV IDS (BRUIDS) which bases its audit on behavior rules to quickly assess the survivability of the UAV facing malicious attacks. Through a comparative analysis with the multiagent system/ant-colony clustering model, we demonstrate a high detection accuracy of BRUIDS for compliant performance. By adjusting the detection strength, BRUIDS can effectively trade higher false positives for lower false negatives to cope with more sophisticated random and opportunistic attackers to support ultrasafe and secure UAV applications.
    Keywords: ant colony optimisation; autonomous aerial vehicles; multi-agent systems; security of data ;BRUIDS; IDS; UAV; adaptive intrusion detection; airborne system; ant-colony clustering model; behavior rule specifications;distributed system; malicious attacks; malicious unmanned air vehicles; multiagent system; opportunistic attacker behaviors; random attacker behaviors; reckless attacker behaviors; Actuators; Gears; Intrusion detection; Monitoring; Pricing; Sensors; Weapons; Intrusion detection; security; unmanned air vehicles (UAVs) (ID#:14-3145)
  • Li Yumei; Voos, H.; Darouach, M., "Robust H∞ Cyber-Attacks Estimation For Control Systems," Control Conference (CCC), 2014 33rd Chinese, pp.3124,3129, 28-30 July 2014 doi: 10.1109/ChiCC.2014.6895451 This paper deals with the robust H∞ cyber-attacks estimation problem for control systems under stochastic cyber-attacks and disturbances. The focus is on designing a H∞ filter which maximize the attack sensitivity and minimize the effect of disturbances. The design requires not only the disturbance attenuation, but also the residual to remain the attack sensitivity as much as possible while the effect of disturbance is minimized. A stochastic model of control system with stochastic cyber-attacks which satisfy the Markovian stochastic process is constructed. And we also present the stochastic attack models that a control system is possibly exposed to. Furthermore, applying H∞ filtering technique-based on linear matrix inequalities (LMIs), the paper obtains sufficient conditions that ensure the filtering error dynamic is asymptotically stable and satisfies a prescribed ratio between cyber-attack sensitivity and disturbance sensitivity. Finally, the results are applied to the control of a Quadruple-tank process (QTP) under a stochastic cyber-attack and a stochastic disturbance. The simulation results underline that the designed filters is effective and feasible in practical application.
    Keywords:{H∞ filters; H∞ control; Markov processes; control system synthesis; linear matrix inequalities; robust control; stochastic systems; H∞ filter; LMI; Markovian stochastic process; QTP; control systems; linear matrix inequalities; quadruple-tank process; robust H∞ cyber-attacks estimation; stochastic cyber-attacks; Actuators; Computer crime; Estimation; Robustness; Stochastic processes; Symmetric matrices; Cyber attacks; control systems; stochastic data DoS attack; stochastic data deception attack (ID#:14-3146)
  • Bovet, G.; Hennebert, J., "Distributed Semantic Discovery for Web-of-Things Enabled Smart Buildings," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on, pp.1, 5, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814015 Nowadays, our surrounding environment is more and more scattered with various types of sensors. Due to their intrinsic properties and representation formats, they form small islands isolated from each other. In order to increase interoperability and release their full capabilities, we propose to represent devices descriptions including data and service invocation with a common model allowing to compose mashups of heterogeneous sensors. Pushing this paradigm further, we also propose to augment service descriptions with a discovery protocol easing automatic assimilation of knowledge. In this work, we describe the architecture supporting what can be called a Semantic Sensor Web-of-Things. As proof of concept, we apply our proposal to the domain of smart buildings, composing a novel ontology covering heterogeneous sensing, actuation and service invocation. Our architecture also emphasizes on the energetic aspect and is optimized for constrained environments.
    Keywords: Internet of Things; Web services; home automation; ontologies (artificial intelligence);open systems; software architecture; wireless sensor networks; actuator; data invocation; distributed semantic discovery protocols ;interoperability; intrinsic properties; knowledge automatic assimilation; ontology covering heterogeneous sensor; semantic sensor Web of Things; service invocation; smart building; Ontologies; Resource description framework; Semantics; Sensors; Smart buildings; Web services (ID#:14-3147)
  • Vamsi, P.R.; Kant, K., "Sybil Attack Detection using Sequential Hypothesis Testing in Wireless Sensor Networks," Signal Propagation and Computer Technology (ICSPCT), 2014 International Conference on , vol., no., pp.698,702, 12-13 July 2014. doi: 10.1109/ICSPCT.2014.6884945 Sybil attack poses a serious threat to geographic routing. In this attack, a malicious node attempts to broadcast incorrect location information, identity and secret key information. A Sybil node can tamper its neighboring nodes for the purpose of converting them as malicious. As the amount of Sybil nodes increase in the network, the network traffic will seriously affect and the data packets will never reach to their destinations. To address this problem, researchers have proposed several schemes to detect Sybil attacks. However, most of these schemes assume costly setup such as the use of relay nodes or use of expensive devices and expensive encryption methods to verify the location information. In this paper, the authors present a method to detect Sybil attacks using Sequential Hypothesis Testing. The proposed method has been examined using a Greedy Perimeter Stateless Routing (GPSR) protocol with analysis and simulation. The simulation results demonstrate that the proposed method is robust against detecting Sybil attacks.
    Keywords: network theory (graphs); routing protocols; statistical testing; telecommunication security; wireless sensor networks; GPSR protocol; Sybil attack detection; encryption methods; geographic routing; greedy perimeter stateless routing; location information; malicious node; network traffic; sequential hypothesis testing; wireless sensor networks; Acoustics; Actuators; Bandwidth; IEEE 802.11 Standards; Optimization; Robustness; Wireless sensor networks; Sequential hypothesis testing; Sybil attack; geographic routing; wireless sensor networks (ID#:14-3148)
  • Cam, H.; Mouallem, P.; Yilin Mo; Sinopoli, B.; Nkrumah, B., "Modeling Impact Of Attacks, Recovery, And Attackability Conditions For Situational Awareness," Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), 2014 IEEE International Inter-Disciplinary Conference on, pp.181,187, 3-6 March 2014. doi: 10.1109/CogSIMA.2014.6816560 A distributed cyber control system comprises various types of assets, including sensors, intrusion detection systems, scanners, controllers, and actuators. The modeling and analysis of these components usually require multi-disciplinary approaches. This paper presents a modeling and dynamic analysis of a distributed cyber control system for situational awareness by taking advantage of control theory and time Petri net. Linear time-invariant systems are used to model the target system, attacks, assets influences, and an anomaly-based intrusion detection system. Time Petri nets are used to model the impact and timing relationships of attacks, vulnerability, and recovery at every node. To characterize those distributed control systems that are perfectly attackable, algebraic and topological attackability conditions are derived. Numerical evaluation is performed to determine the impact of attacks on distributed control system.
    Keywords: Petri nets; distributed processing; security of data; actuators; anomaly-based intrusion detection system; assets influence; control theory; controllers; distributed control system; distributed cyber control system; dynamic analysis; linear time-invariant system; modeling impact; numerical evaluation; scanners; situational awareness; time Petri nets; timing relationships; topological attackability condition; Analytical models; Decentralized control; Fires; Intrusion detection; Linear systems; Sensors (ID#:14-3149)
  • Lee, P.; Clark, A.; Bushnell, L.; Poovendran, R., "A Passivity Framework for Modeling and Mitigating Wormhole Attacks on Networked Control Systems," Automatic Control, IEEE Transactions on, vol. PP, no.99, pp.1,1, August 2014. doi: 10.1109/TAC.2014.2351871 Networked control systems consist of distributed sensors and actuators that communicate via a wireless network. The use of an open wireless medium and unattended deployment leaves these systems vulnerable to intelligent adversaries whose goal is to disrupt the system performance. In this paper, we study the wormhole attack on a networked control system, in which an adversary establishes a link between two geographically distant regions of the network by using either high-gain antennas, as in the out-of-band wormhole, or colluding network nodes as in the in-band wormhole. Wormholes allow the adversary to violate the timing constraints of real-time control systems by first creating low-latency links, which attract network traffic, and then delaying or dropping packets. Since the wormhole attack reroutes and replays valid messages, it cannot be detected using cryptographic mechanisms alone. We study the impact of the wormhole attack on the network flows and delays and introduce a passivity-based control-theoretic framework for modeling and mitigating the wormhole attack. We develop this framework for both the in-band and out-of-band wormhole attacks as well as complex, hereto-unreported wormhole attacks consisting of arbitrary combinations of in-and out-of band wormholes. By integrating existing mitigation strategies into our framework, we analyze the throughput, delay, and stability properties of the overall system. Through simulation study, we show that, by selectively dropping control packets, the wormhole attack can cause disturbances in the physical plant of a networked control system, and demonstrate that appropriate selection of detection parameters mitigates the disturbances due to the wormhole while satisfying the delay constraints of the physical system.
    Keywords: Cryptography; Delays; Networked control systems; Resource management; Routing; Silicon (ID#:14-3150)
  • Grilo, A.M.; Chen, J.; Diaz, M.; Garrido, D.; Casaca, A., "An Integrated WSAN and SCADA System for Monitoring a Critical Infrastructure," Industrial Informatics, IEEE Transactions on, vol. 10, no. 3, pp.1755,1764, Aug. 2014. doi: 10.1109/TII.2014.2322818 Wireless sensor and actuator networks (WSAN) constitute an emerging technology with multiple applications in many different fields. Due to the features of WSAN (dynamism, redundancy, fault tolerance, and self-organization), this technology can be used as a supporting technology for the monitoring of critical infrastructures (CIs). For decades, the monitoring of CIs has centered on supervisory control and data acquisition (SCADA) systems, where operators can monitor and control the behavior of the system. The reach of the SCADA system has been hampered by the lack of deployment flexibility of the sensors that feed it with monitoring data. The integration of a multihop WSAN with SCADA for CI monitoring constitutes a novel approach to extend the SCADA reach in a cost-effective way, eliminating this handicap. However, the integration of WSAN and SCADA presents some challenges which have to be addressed in order to comprehensively take advantage of the WSAN features. This paper presents a solution for this joint integration. The solution uses a gateway and a Web services approach together with a Web-based SCADA, which provides an integrated platform accessible from the Internet. A real scenario where this solution has been successfully applied to monitor an electrical power grid is presented.
    Keywords: SCADA systems; Web services; actuators; control engineering computing; critical infrastructures; power engineering computing; power grids; power system measurement; wireless sensor networks; CI; Internet; SCADA system; Web services; Web-based SCADA; critical infrastructure monitoring; electrical power grid; gateway; integrated WSAN; multihop WSAN; supervisory control and data acquisition systems; wireless sensor and actuator networks; Logic gates; Monitoring; Protocols; SCADA systems; Security; Substations; Wireless sensor networks; Critical infrastructure (CI) monitoring; remote monitoring; supervisory control and data acquisition (SCADA) systems; surveillance; wireless sensor and actuator networks (WSAN) (ID#:14-3151)
  • Fawzi, H.; Tabuada, P.; Diggavi, S., "Secure Estimation and Control for Cyber-Physical Systems Under Adversarial Attacks," Automatic Control, IEEE Transactions on, vol.59, no.6, pp.1454, 1467, June 2014. doi: 10.1109/TAC.2014.2303233 The vast majority of today's critical infrastructure is supported by numerous feedback control loops and an attack on these control loops can have disastrous consequences. This is a major concern since modern control systems are becoming large and decentralized and thus more vulnerable to attacks. This paper is concerned with the estimation and control of linear systems when some of the sensors or actuators are corrupted by an attacker. We give a new simple characterization of the maximum number of attacks that can be detected and corrected as a function of the pair (A,C) of the system and we show in particular that it is impossible to accurately reconstruct the state of a system if more than half the sensors are attacked. In addition, we show how the design of a secure local control loop can improve the resilience of the system. When the number of attacks is smaller than a threshold, we propose an efficient algorithm inspired from techniques in compressed sensing to estimate the state of the plant despite attacks. We give a theoretical characterization of the performance of this algorithm and we show on numerical simulations that the method is promising and allows to reconstruct the state accurately despite attacks. Finally, we consider the problem of designing output-feedback controllers that stabilize the system despite sensor attacks. We show that a principle of separation between estimation and control holds and that the design of resilient output feedback controllers can be reduced to the design of resilient state estimators.
    Keywords: control system synthesis; critical infrastructures; fault tolerant control; feedback; linear systems; security of data; stability; state estimation; adversarial attacks; compressed sensing; critical infrastructure; feedback control loops; linear system control; resilient output feedback controller design; resilient state estimators; secure cyber-physical system control; secure cyber-physical system estimation; secure local control loop; sensor attacks; system stabilization; Actuators; Decoding; Estimation; Sensor systems; Vectors; Algorithm; feedback controller (ID#:14-3152)
  • Weyrich, M.; Schmidt, J.-P.; Ebert, C., "Machine-to-Machine Communication," Software, IEEE, vol.31, no.4, pp.19, 23, July-Aug. 2014. doi: 10.1109/MS.2014.87 Imagine a widespread manufacturing plant equipped with smart machinery and RFID-enabled technology. All machines are interconnected and communicate through their sensors and actuators as they work their way through the manufacturing process. Operators use wireless pads and connect to production systems for diagnostics and manufacturing oversight. Machine load, status, and diagnosis data are further aggregated in enterprise systems for resource planning and production optimization. The machines receive usage feedback to adjust production schemes and therefore optimize cost and quality. The machines also communicate with their own manufacturers to request repairs or order new parts to avoid costly outages. Agent-based systems allocate load to machines in a distributed, often global, production setup to optimize supply chain cost. This is a growing reality in what we call the smart factory. The smart factory of the future is far more agile than the approaches in today's flexible manufacturing. The smart factory connects the machines, devices, logistics, and humans to perform the necessary coordination ubiquitously and ad hoc.
    Keywords: enterprise resource planning; factory automation; optimised production technology; production engineering computing; supply chain management; M2M communication; enterprise systems ;machine-to-machine communication; production optimization; resource planning; smart factory; smart machinery; supply chain cost optimization; Ad hoc networks; Communication system security; Machine-to-machine communication; Production facilities; Wireless communication; Wireless sensor networks; embedded systems; green computing; machine-to-machine; smart factory; software engineering; wireless technology (ID#:14-3153)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.