Security of Distributed Cyber-Physical Systems with Connected Vehicle Applications
pdf
This project aims at accelerating the deployment of security measures for cyber-physical systems (CPSs) by proposing a framework that combines anomaly identification approaches, which emphasizes on the development of decentralized cyber-attack monitoring and diagnostic-like components, with robust control countermeasure to improve reliability and maintain system functionality. One of the main challenges for cyber-physical systems is the security of transmitted data over the communication network. Wireless shared communication networks reduce the maintenance cost and provide flexibility to system architecture design especially for large-scale distributed systems; however, they introduce a set of new challenges from the security point of view. Existing CPSs applications of particular interest are in the automotive field. We use platooning and accident avoidance system to illustrate our methods, which are based on game theory, hybrid dynamical systems, and fault diagnosis.
One of the approaches aims at making distributed automotive systems more robust to improperly maintained or malfunctioning subsystems. We start by making some of the subsystems behave in a way to counter-act the goal of the distributed system. This allows us to phrase our analysis as a zero-sum game theory problem between the goal of the system and the malfunctioning components. According to game theory, the Nash equilibrium of this game should produce a control strategy that is more resilient to errors in the components/subsystems. In the past year, we have derived the payoff matrix of the design of the platooning system using simulations with seeded error conditions. We are currently trying to reduce the size of the matrix by removing the dominated attacks and countermeasures. The next step will be to do a minimax/maximin analysis on the simplified game. We expect to derive a mixed strategy from the analysis that can be used as the optimal countermeasure for the robust system.
We also studied the problem of designing a decentralized Cooperative Adaptive Cruise Control (CACC) with quantifiable robustness margins with respect to network delays and intermittent measurements. A networked decentralized proportional-derivative controller hybrid controller is considered to achieve string stability for a platoon of vehicles. The closed-loop system is augmented with a timer triggering the arrival of new measurements. Sufficient conditions in the form of matrix inequalities are given to design the proposed controller with additional performance specifications. We proposed an algorithm, tailored to this particular application, which allows solving the control problem in a computationally efficient way by employing a one parameter line search over a compact interval. Our approach allows achieving equivalent performances with respect to other control design technique while using a lower transmission rate of the communication between vehicles.
Moreover, a decentralized diagnosis algorithm based on noisy control signal methodology and cross-correlator is proposed to detect the replay attack in a CACC controlled platooning formation. The effectiveness of the overall online algorithm scheme is verified via simulation results, which show that the noisy control signal is not affecting significantly the behavior of the vehicle platoon and that the detection algorithm is able to detect the replay attack.
Along with theoretical research, we developed a vehicular network testbed based on dedicated short-range communication (DSRC) where our finding will be tested. Across these years, the vehicular network testbed was enhanced with current campus deployment amounting to 4 RSUs, with a total of 15 OBUs and 6 RSUs available for testing. Other accomplishments in the testbed include: a) better integration with Cohda OBU/RSU; b) development of the testbed middleware features such as network aware pub/sub BSM dissemination; c) deployment of a local NTP server (sourced by GPS) to provide a master time sync for all devices; d) performance baseline of the system. Additionally, work is being done in developing a variant of CACC that smoothly switched between various models of ACC and CACC depending on network conditions and on the accuracy of local lidar or video sensors.
Submitted by Anonymous
on
This project aims at accelerating the deployment of security measures for cyber-physical systems (CPSs) by proposing a framework that combines anomaly identification approaches, which emphasizes on the development of decentralized cyber-attack monitoring and diagnostic-like components, with robust control countermeasure to improve reliability and maintain system functionality. One of the main challenges for cyber-physical systems is the security of transmitted data over the communication network. Wireless shared communication networks reduce the maintenance cost and provide flexibility to system architecture design especially for large-scale distributed systems; however, they introduce a set of new challenges from the security point of view. Existing CPSs applications of particular interest are in the automotive field. We use platooning and accident avoidance system to illustrate our methods, which are based on game theory, hybrid dynamical systems, and fault diagnosis.
One of the approaches aims at making distributed automotive systems more robust to improperly maintained or malfunctioning subsystems. We start by making some of the subsystems behave in a way to counter-act the goal of the distributed system. This allows us to phrase our analysis as a zero-sum game theory problem between the goal of the system and the malfunctioning components. According to game theory, the Nash equilibrium of this game should produce a control strategy that is more resilient to errors in the components/subsystems. In the past year, we have derived the payoff matrix of the design of the platooning system using simulations with seeded error conditions. We are currently trying to reduce the size of the matrix by removing the dominated attacks and countermeasures. The next step will be to do a minimax/maximin analysis on the simplified game. We expect to derive a mixed strategy from the analysis that can be used as the optimal countermeasure for the robust system.
We also studied the problem of designing a decentralized Cooperative Adaptive Cruise Control (CACC) with quantifiable robustness margins with respect to network delays and intermittent measurements. A networked decentralized proportional-derivative controller hybrid controller is considered to achieve string stability for a platoon of vehicles. The closed-loop system is augmented with a timer triggering the arrival of new measurements. Sufficient conditions in the form of matrix inequalities are given to design the proposed controller with additional performance specifications. We proposed an algorithm, tailored to this particular application, which allows solving the control problem in a computationally efficient way by employing a one parameter line search over a compact interval. Our approach allows achieving equivalent performances with respect to other control design technique while using a lower transmission rate of the communication between vehicles.
Moreover, a decentralized diagnosis algorithm based on noisy control signal methodology and cross-correlator is proposed to detect the replay attack in a CACC controlled platooning formation. The effectiveness of the overall online algorithm scheme is verified via simulation results, which show that the noisy control signal is not affecting significantly the behavior of the vehicle platoon and that the detection algorithm is able to detect the replay attack.
Along with theoretical research, we developed a vehicular network testbed based on dedicated short-range communication (DSRC) where our finding will be tested. Across these years, the vehicular network testbed was enhanced with current campus deployment amounting to 4 RSUs, with a total of 15 OBUs and 6 RSUs available for testing. Other accomplishments in the testbed include: a) better integration with Cohda OBU/RSU; b) development of the testbed middleware features such as network aware pub/sub BSM dissemination; c) deployment of a local NTP server (sourced by GPS) to provide a master time sync for all devices; d) performance baseline of the system. Additionally, work is being done in developing a variant of CACC that smoothly switched between various models of ACC and CACC depending on network conditions and on the accuracy of local lidar or video sensors.