This project focuses on tackling the security and privacy of Cyber-Physical Systems (CPS) by integrating the theory and best practices from the information security community as well as practical approaches from the control theory community. The first part of the project focuses on security and protection of cyber-physical critical infrastructures such as the power grid, water distribution networks, and transportation networks against computer attacks in order to prevent disruptions that may cause loss of service, infrastructure damage or even loss of life. The second part of the project focuses on privacy of CPS and proposes new algorithms to deal with the unprecedented levels of data collection granularity of physical human activity. The work in these two parts focuses on the integration of practical control theory concepts into computer security solutions. In particular, in the last decade, the control theory community has proposed fundamental advances in CPS security; in parallel, the computer security community has also achieved significant advances in practical implementation aspects for CPS security and privacy. While both of these fields have made significant progress independently, there is still a large language and conceptual barrier between the two fields, and as a result, computer security experts have developed a parallel and independent research agenda from control theory researchers. In order to design future CPS security and privacy mechanisms, the two communities need to come closer together and leverage the insights that each has developed. This project attempts to facilitate the integration of these two communities by leveraging the physical properties of the system under control in two research problems: (1) Physics-based CPS security; and (2) Physics-based CPS privacy. Physics-based CPS security leverages the time series from sensor and control signals to detect deviations from expected operation. This is a growing area of research in both security and control theory venues, although there are several open problems in this space. This proposal tackles some of these open problems including the definition of new evaluation metrics that capture the unique operational properties of control systems, the consistent evaluation of different proposals for models and anomaly detection tests, and the development of new industrial control protocol parsers. Physics-based CPS privacy focuses on how to guide the implementation of general privacy recommendations like the Fair Information Practice principles into cyber-physical systems, leveraging the fact that these physical systems often have an objective to achieve, and this objective depends on the data-handling policies of the operator. The project focuses on investigating the trade-off between privacy and control performance and developing tools to guide how data minimization, data delays, and data retention should be implemented.

The evolution of manufacturing systems from loose collections of cyber and physical components into true cyber-physical systems has expanded the opportunities for cyber-attacks against manufacturing. To ensure the continued production of high-quality parts in this new environment requires the development of novel security tools that transcend both the cyber and physical worlds. Potential cyber-attacks can cause undetectable changes in a manufacturing system that can adversely affect the product's design intent, performance, quality, or perceived quality. The result of this could be financially devastating by delaying a product's launch, ruining equipment, increasing warranty costs, or losing customer trust. More importantly, these attacks pose a risk to human safety, as operators and consumers could be using faulty equipment/products. New methods for detecting and diagnosing cyber-physical attacks will be studied and evaluated through our established industrial partners. The expected results of this project will contribute significantly in further securing our nation's manufacturing infrastructure. This project establishes a new vision for manufacturing cyber-security based upon modeling and understanding the correlation between cyber events that occur in a product/process development-cycle and the physical data generated during manufacturing. Specifically, the proposed research will take advantage of this correlation to characterize the relationships between cyber-attacks, process data, product quality observations, and side-channel impacts for the purpose of attack detection and diagnosis. These process characterizations will be coupled with new manufacturing specific cyber-attack taxonomies to provide a comprehensive understanding of attack surfaces for advanced manufacturing systems and their cyber-physical manifestations in manufacturing processes. This is a fundamental missing element in the manufacturing cyber-security body of knowledge. Finally, new forensic techniques, based on constraint optimization and machine learning, will be researched to differentiate process changes indicative of cyber-attacks from common variations in manufacturing due to inherent system variability.

Security and privacy concerns in the increasingly interconnected world are receiving much attention from the research community, policymakers, and general public. However, much of the recent and on-going efforts concentrate on security of general-purpose computation and on privacy in communication and social interactions. The advent of cyber-physical systems (e.g., safety-critical IoT), which aim at tight integration between distributed computational intelligence, communication networks, physical world, and human actors, opens new horizons for intelligent systems with advanced capabilities. These systems may reduce number of accidents and increase throughput of transportation networks, improve patient safety, mitigate caregiver errors, enable personalized treatments, and allow older adults to age in their places. At the same time, cyber-physical systems introduce new challenges and concerns about safety, security, and privacy. The proposed project will lead to safer, more secure and privacy preserving CPS. As our lives depend more and more on these systems, specifically in automotive, medical, and Internet-of-Things domains, results obtained in this project will have a direct impact on the society at large. The study of emerging legal and ethical aspects of large-scale CPS deployments will inform future policy decision-making. The educational and outreach aspects of this project will help us build a workforce that is better prepared to address the security and privacy needs of the ever-more connected and technologically oriented society. Cyber-physical systems (CPS) involve tight integration of computational nodes, connected by one or more communication networks, the physical environment of these nodes, and human users of the system, who interact with both the computational part of the system and the physical environment. Attacks on a CPS system may affect all of its components: computational nodes and communication networks are subject to malicious intrusions, and physical environment may be maliciously altered. CPS-specific security challenges arise from two perspectives. On the one hand, conventional information security approaches can be used to prevent intrusions, but attackers can still affect the system via the physical environment. Resource constraints, inherent in many CPS domains, may prevent heavy-duty security approaches from being deployed. This proposal will develop a framework in which the mix of prevention, detection and recovery, and robust techniques work together to improve the security and privacy of CPS. Specific research products will include techniques providing: 1) accountability-based detection and bounded-time recovery from malicious attacks to CPS, complemented by novel preventive techniques based on lightweight cryptography; 2) security-aware control design based on attack resilient state estimator and sensor fusions; 3) privacy of data collected and used by CPS based on differential privacy; and, 4) evidence-based framework for CPS security and privacy assurance, taking into account the operating context of the system and human factors. Case studies will be performed in applications with autonomous features of vehicles, internal and external vehicle networks, medical device interoperability, and smart connected medical home.

Security and privacy concerns in the increasingly interconnected world are receiving much attention from the research community, policymakers, and general public. However, much of the recent and on-going efforts concentrate on security of general-purpose computation and on privacy in communication and social interactions. The advent of cyber-physical systems (e.g., safety-critical IoT), which aim at tight integration between distributed computational intelligence, communication networks, physical world, and human actors, opens new horizons for intelligent systems with advanced capabilities. These systems may reduce number of accidents and increase throughput of transportation networks, improve patient safety, mitigate caregiver errors, enable personalized treatments, and allow older adults to age in their places. At the same time, cyber-physical systems introduce new challenges and concerns about safety, security, and privacy. The proposed project will lead to safer, more secure and privacy preserving CPS. As our lives depend more and more on these systems, specifically in automotive, medical, and Internet-of-Things domains, results obtained in this project will have a direct impact on the society at large. The study of emerging legal and ethical aspects of large-scale CPS deployments will inform future policy decision-making. The educational and outreach aspects of this project will help us build a workforce that is better prepared to address the security and privacy needs of the ever-more connected and technologically oriented society. Cyber-physical systems (CPS) involve tight integration of computational nodes, connected by one or more communication networks, the physical environment of these nodes, and human users of the system, who interact with both the computational part of the system and the physical environment. Attacks on a CPS system may affect all of its components: computational nodes and communication networks are subject to malicious intrusions, and physical environment may be maliciously altered. CPS-specific security challenges arise from two perspectives. On the one hand, conventional information security approaches can be used to prevent intrusions, but attackers can still affect the system via the physical environment. Resource constraints, inherent in many CPS domains, may prevent heavy-duty security approaches from being deployed. This proposal will develop a framework in which the mix of prevention, detection and recovery, and robust techniques work together to improve the security and privacy of CPS. Specific research products will include techniques providing: 1) accountability-based detection and bounded-time recovery from malicious attacks to CPS, complemented by novel preventive techniques based on lightweight cryptography; 2) security-aware control design based on attack resilient state estimator and sensor fusions; 3) privacy of data collected and used by CPS based on differential privacy; and, 4) evidence-based framework for CPS security and privacy assurance, taking into account the operating context of the system and human factors. Case studies will be performed in applications with autonomous features of vehicles, internal and external vehicle networks, medical device interoperability, and smart connected medical home.

Computation is everywhere. Greeting cards have processors that play songs. Fireworks have processors for precisely timing their detonation. Computers are in engines, monitoring combustion and performance. They are in our homes, hospitals, offices, ovens, planes, trains, and automobiles. These computers, when networked, will form the Internet of Things (IoT). The resulting applications and services have the potential to be even more transformative than the World Wide Web. The security implications are enormous. Internet threats today steal credit cards. Internet threats tomorrow will disable home security systems, flood fields, and disrupt hospitals. The root problem is that these applications consist of software on tiny low-power devices and cloud servers, have difficult networking, and collect sensitive data that deserves strong cryptography, but usually written by developers who have expertise in none of these areas. The goal of the research is to make it possible for two developers to build a complete, secure, Internet of Things applications in three months. The research focuses on four important principles. The first is "distributed model view controller." A developer writes an application as a distributed pipeline of model-view-controller systems. A model specifies what data the application generates and stores, while a new abstraction called a transform specifies how data moves from one model to another. The second is "embedded-gateway-cloud." A common architecture dominates Internet of Things applications. Embedded devices communicate with a gateway over low-power wireless. The gateway processes data and communicates with cloud systems in the broader Internet. Focusing distributed model view controller on this dominant architecture constrains the problem sufficiently to make problems, such as system security, tractable. The third is "end-to-end security." Data emerges encrypted from embedded devices and can only be decrypted by end user applications. Servers can compute on encrypted data, and many parties can collaboratively compute results without learning the input. Analysis of the data processing pipeline allows the system and runtime to assert and verify security properties of the whole application. The final principle is "software-defined hardware." Because designing new embedded device hardware is time consuming, developers rely on general, overkill solutions and ignore the resulting security implications. The data processing pipeline can be compiled into a prototype hardware design and supporting software as well as test cases, diagnostics, and a debugging methodology for a developer to bring up the new device. These principles are grounded in Ravel, a software framework that the team collaborates on, jointly contributes to, and integrates into their courses and curricula on cyberphysical systems.

Inherent vulnerabilities of information and communication technology systems to cyber-attacks (e.g., malware) impose significant security risks to Cyber-Physical Systems (CPS). This is evidenced by a number of recent accidents. Noticeably, current distributed control of CPS is not really attack-resilient (ensuring task completion despite attacks). Although provable resilience would significantly lift the trustworthiness of CPS, existing defenses are rather ad-hoc and mainly focus on attack detection. In addition, while network attacks have been extensively studied, resilient-to-malware distributed control has been rarely investigated. This project aims to bridge the gap. It aims to investigate provably correct distributed attack-resilient control of CPS. The project will focus on a representative class of CPS, namely unmanned-vehicle-operator networks, and its four main research thrusts are: (1) The development of a distributed attack-resilient control framework to ensure task completion of multiple vehicles despite network attacks and malware attacks, (2) The synthesis of novel distributed attack-resilient control algorithms to deal with network attacks, (3) The design of estimation algorithms to detect malware attacks on vehicles, and computationally efficient algorithms which allow clean vehicles to avoid the collision with the vehicles compromised by malware, and (4) The validation of the cost-effectiveness of the proposed distributed attack-resilient control framework via a principled systematic evaluation plan. The research findings profoundly impact CPS security of a variety of engineering disciplines beyond unmanned-vehicle-operator networks, including smart grid, smart buildings and intelligent transportation systems. The proposed research is interdisciplinary and involves interactions among security, control, distributed algorithms and robotics. This will lead to educational and training opportunities that cross traditional disciplinary boundaries for high-school, undergraduate and graduate students in STEM.

The increasing reliance on computer and communication technologies exposes control systems to cyber security threats. The physical systems can now be attacked through cyberspace. Emerging sophisticated attacks can exploit zero-day vulnerabilities, persist in the system for long periods of time, and advance stealthily to achieve their attack goals. Protection and prevention against such attacks are not always possible, and a paradigm shift to emphasize resilience of a control system is the overarching objective for safeguarding control systems to protect nation's critical infrastructures. The major challenge for designing secure and resilient cyber-physical control system is the lack of scientific foundations, and quantitative methods to provide a systematic guideline for large-scale cyber-physical interactions. To this end, the project aims to establish a meta-game system theory, and develop computational and design methodologies for cyber-physical co-design problems. Game-theoretic tools serve as an appropriate way to interconnect systems from multiple domains into one single framework to address security and resilience issues of highly integrated CPS. This project investigates a meta-game framework as a new paradigm to compose heterogeneous system components to design their interactions to achieve functional security and resiliency properties. Through developing security-aware controllers and impact-aware proactive cyber defense mechanism, this project creates a system co-design paradigm based on the meta-game framework, which captures the system properties of robustness, security, and resilience in one single framework, and provides fundamental principles to characterize their tradeoffs. The analytical framework will lead to the development of a cyber-physical mechanism design theory to provide a solid foundation for achieving optimal cyber-physical integration for control systems. The developed analytical and design tools will allow the prediction of unexpected outcomes of system integrations, the mitigation of the impact of cyber attacks on control systems, and the cost-effective operation and design of resilient CPS.