ABSTRACT
Cyber-secure networked control is modeled, analyzed, and experimentally illustrated in this paper. An attack space defined by the adversary's system knowledge, disclosure, and disruption resources is introduced. Adversaries constrained by these resources are modeled for a networked control system architecture. It is shown that attack scenarios corresponding to replay, zero dynamics, and bias injection attacks can be analyzed using this framework. An experimental setup based on a quadruple-tank process controlled over a wireless network is used to illustrate the attack scenarios, their consequences, and potential counter-measures.
- S. Amin, A. Cárdenas, and S. Sastry. Safe and secure networked control systems under denial-of-service attacks. In Hybrid Systems: Computation and Control, pages 31--45. Lecture Notes in Computer Science. Springer Berlin / Heidelberg, April 2009. Google ScholarDigital Library
- S. Amin, X. Litrico, S. S. Sastry, and A. M. Bayen. Stealthy deception attacks on water scada systems. In Proc. of the 13th ACM Int. Conf. on Hybrid systems: computation and control, HSCC '10, New York, NY, USA, 2010. ACM. Google ScholarDigital Library
- M. Bishop. Computer Security: Art and Science. Addison-Wesley Professional, 2002.Google ScholarDigital Library
- A. Cárdenas, S. Amin, and S. Sastry. Research challenges for the security of control systems. In Proc. 3rd USENIX Workshop on Hot topics in security, July 2008. Google ScholarDigital Library
- J. Chen and R. J. Patton. Robust Model-Based Fault Diagnosis for Dynamic Systems. Kluwer Academic Publishers, 1999. Google ScholarDigital Library
- S. X. Ding. Model-based Fault Diagnosis Techniques: Design Schemes. Springer Verlag, 2008. Google ScholarDigital Library
- A. Giani, S. Sastry, K. H. Johansson, and H. Sandberg. The VIKING project: an initiative on resilient control of power networks. In Proc. 2nd Int. Symp. on Resilient Control Systems, Idaho Falls, ID, USA, Aug. 2009.Google ScholarCross Ref
- S. Gorman. Electricity grid in U.S. penetrated by spies. The Wall Street Journal, page A1, April 8th 2009.Google Scholar
- A. Gupta, C. Langbort, and T. Başar. Optimal control in the presence of an intelligent jammer with limited actions. In Proc. of the 49th IEEE Conf. on Decision and Control (CDC), Dec. 2010.Google ScholarCross Ref
- I. Hwang, S. Kim, Y. Kim, and C. E. Seah. A survey of fault detection, isolation, and reconfiguration methods. IEEE Transactions on Control Systems Technology, 18(3):636--653, May 2010.Google ScholarCross Ref
- K. Johansson. The quadruple-tank process: a multivariable laboratory process with an adjustable zero. IEEE Transactions on Control Systems Technology, 8(3):456--465, May 2000.Google ScholarCross Ref
- O. Kosut, L. Jia, R. Thomas, and L. Tong. Malicious data attacks on smart grid state estimation: Attack strategies and countermeasures. In Proc. of IEEE SmartGridComm, Oct. 2010.Google ScholarCross Ref
- Y. Liu, M. K. Reiter, and P. Ning. False data injection attacks against state estimation in electric power grids. In Proc. 16th ACM Conf. on Computer and Communications Security, pages 21--32, New York, NY, USA, 2009. Google ScholarDigital Library
- Y. Mo and B. Sinopoli. Secure control against replay attack. In 47th Annual Allerton Conference on Communication, Control, and Computing, Oct. 2009. Google ScholarDigital Library
- F. Pasqualetti, F. Dorfler, and F. Bullo. Cyber-physical attacks in power networks: Models, fundamental limitations and monitor design. In Proc. of the 50th IEEE Conf. on Decision and Control and European Control Conference, Orlando, FL, USA, Dec. 2011.Google ScholarCross Ref
- H. Sandberg, A. Teixeira, and K. H. Johansson. On security indices for state estimators in power networks. In Preprints of the First Workshop on Secure Control Systems, CPSWEEK 2010, Stockholm, Sweden, April 2010.Google Scholar
- R. Smith. A decoupled feedback structure for covertly appropriating networked control systems. In Proc. of the 18th IFAC World Congress, Milano, Italy, August-September 2011.Google ScholarCross Ref
- A. Teixeira, H. Sandberg, G. Dán, and K. H. Johansson. Optimal power flow: Closing the loop over corrupted data. In Proc. American Control Conference, 2012. Accepted.Google ScholarCross Ref
- L. Xie, Y. Mo, and B. Sinopoli. False data injection attacks in electricity markets. In First IEEE International Conference on Smart Grid Communications, Oct. 2010.Google ScholarCross Ref
- K. Zhou, J. C. Doyle, and K. Glover. Robust and Optimal Control. Prentice-Hall, Inc., Upper Saddle River, NJ, USA, 1996. Google ScholarDigital Library
Index Terms
- Attack models and scenarios for networked control systems
Recommendations
Attacks against process control systems: risk assessment, detection, and response
ASIACCS '11: Proceedings of the 6th ACM Symposium on Information, Computer and Communications SecurityIn the last years there has been an increasing interest in the security of process control and SCADA systems. Furthermore, recent computer attacks such as the Stuxnet worm, have shown there are parties with the motivation and resources to effectively ...
A secure control framework for resource-limited adversaries
Cyber-secure networked control is modeled, analyzed, and experimentally illustrated in this paper. An attack space defined by the adversary's model knowledge, disclosure, and disruption resources is introduced. Adversaries constrained by these resources ...
Bio-inspired Active System Identification: a Cyber-Physical Intelligence Attack in Networked Control Systems
AbstractFrom the point of view of the control theory, the literature indicates that stealthy and accurate cyber-physical attacks on Networked Control System (NCS) must be planned based on an accurate knowledge about the model of the attacked system. ...
Comments