Revisiting a Watermark-Based Detection Scheme to Handle Cyber-Physical Attacks

Abstract

We address detection of attacks against cyber-physical systems. Cyber-physical systems are industrial control systems upgraded with novel computing, communication and interconnection capabilities. In this paper we reexamine the security of a detection scheme proposed by Mo and Sinopoli (2009) and Mo et al. (2015). The approach complements the use of Kalman filters and linear quadratic regulators, by adding an authentication watermark signal for the detection of integrity attacks. We show that the approach only detects cyber adversaries, i.e., attackers with the ability to eavesdrop information from the system, but that do not attempt to acquire any knowledge about the system model itself. The detector fails at covering cyber-physical adversaries, i.e., attackers that, in addition to the capabilities of the cyber adversary, are also able to infer the system model to evade the detection. We discuss an enhanced scheme, based on a multi-watermark authentication signal, that properly detects the two adversary models.