On minimal tests of sensor veracity for dynamic watermarking-based defense of cyber-physical systems

2017 9th International Conference on Communication Systems and Networks (COMSNETS) Pub Date : 1900-01-01 DOI:10.1109/COMSNETS.2017.7945354

Bharadwaj Satchidanandan, P. Kumar

{"title":"On minimal tests of sensor veracity for dynamic watermarking-based defense of cyber-physical systems","authors":"Bharadwaj Satchidanandan, P. Kumar","doi":"10.1109/COMSNETS.2017.7945354","DOIUrl":null,"url":null,"abstract":"We address the problem of security of cyber-physical systems where some sensors may be malicious. We consider a multiple-input, multiple-output stochastic linear dynamical system controlled over a network of communication and computational nodes which contains (i) a controller that computes the inputs to be applied to the physical plant, (ii) actuators that apply these inputs to the plant, and (iii) sensors which measure the outputs of the plant. Some of these sensors, however, may be malicious. The malicious sensors do not report the true measurements to the controller. Rather, they report false measurements that they fabricate, possibly strategically, so as to achieve any objective that they may have, such as destabilizing the closed-loop system or increasing its running cost. Recently, it was shown that under certain conditions, an approach of “dynamic watermarking” can secure such a stochastic linear dynamical system in the sense that either the presence of malicious sensors in the system is detected, or the malicious sensors are constrained to adding a distortion that can only be of zero power to the noise already entering the system. The first contribution of this paper is to generalize this result to partially observed MIMO systems with both process and observation noises, a model which encompasses some of the previous models for which dynamic watermarking was established to guarantee security. This result, similar to the prior ones, is shown to hold when the controller subjects the reported sequence of measurements to two particular tests of veracity. The second contribution of this paper is in showing, via counterexamples, that both of these tests are needed in order to secure the control system in the sense that if any one of these two tests of sensor veracity is dropped, then the above guarantee does not hold. The proposed approach has several potential applications, including in smart grids, automated transportation, and process control.","PeriodicalId":168357,"journal":{"name":"2017 9th International Conference on Communication Systems and Networks (COMSNETS)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 9th International Conference on Communication Systems and Networks (COMSNETS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/COMSNETS.2017.7945354","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 23

Abstract

We address the problem of security of cyber-physical systems where some sensors may be malicious. We consider a multiple-input, multiple-output stochastic linear dynamical system controlled over a network of communication and computational nodes which contains (i) a controller that computes the inputs to be applied to the physical plant, (ii) actuators that apply these inputs to the plant, and (iii) sensors which measure the outputs of the plant. Some of these sensors, however, may be malicious. The malicious sensors do not report the true measurements to the controller. Rather, they report false measurements that they fabricate, possibly strategically, so as to achieve any objective that they may have, such as destabilizing the closed-loop system or increasing its running cost. Recently, it was shown that under certain conditions, an approach of “dynamic watermarking” can secure such a stochastic linear dynamical system in the sense that either the presence of malicious sensors in the system is detected, or the malicious sensors are constrained to adding a distortion that can only be of zero power to the noise already entering the system. The first contribution of this paper is to generalize this result to partially observed MIMO systems with both process and observation noises, a model which encompasses some of the previous models for which dynamic watermarking was established to guarantee security. This result, similar to the prior ones, is shown to hold when the controller subjects the reported sequence of measurements to two particular tests of veracity. The second contribution of this paper is in showing, via counterexamples, that both of these tests are needed in order to secure the control system in the sense that if any one of these two tests of sensor veracity is dropped, then the above guarantee does not hold. The proposed approach has several potential applications, including in smart grids, automated transportation, and process control.

查看原文本刊更多论文

基于动态水印的网络物理系统防御传感器准确性最小测试

我们解决了网络物理系统的安全问题，其中一些传感器可能是恶意的。我们考虑一个由通信和计算节点组成的网络控制的多输入、多输出随机线性动力系统，该系统包含(i)计算应用于物理工厂的输入的控制器，(ii)将这些输入应用于工厂的执行器，以及(iii)测量工厂输出的传感器。然而，其中一些传感器可能是恶意的。恶意传感器不向控制器报告真实的测量结果。相反，他们报告了他们捏造的错误测量结果，可能是出于战略目的，以便达到他们可能有的任何目标，例如破坏闭环系统的稳定或增加其运行成本。最近，研究表明，在一定条件下，“动态水印”方法可以保护这样一个随机线性动力系统，在某种意义上，要么检测到系统中存在恶意传感器，要么约束恶意传感器在已经进入系统的噪声上添加只能为零功率的失真。本文的第一个贡献是将这一结果推广到同时存在过程噪声和观测噪声的部分观测MIMO系统，该模型包含了之前建立了动态水印以保证安全性的一些模型。当控制器将报告的测量序列进行两个特定的准确性测试时，该结果与前面的结果相似。本文的第二个贡献是通过反例表明，为了保证控制系统的安全，这两个测试都是必要的，因为如果这两个传感器准确性测试中的任何一个被丢弃，那么上述保证就不成立。提出的方法有几个潜在的应用，包括智能电网、自动化运输和过程控制。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2017 9th International Conference on Communication Systems and Networks (COMSNETS)

自引率

0.00%

发文量