access icon free Masking attack for sampled-data systems via input redundancy

This study discovers a new vulnerability of cyber-physical systems to malicious attack. It arises when the physical plant, that is modelled as a continuous-time LTI system, is controlled by a digital controller with periodic sampling and actuation. In the sampled-data framework, most anomaly detectors monitor the plant's output only at discrete time instants. Consequently, abnormal behaviour between sampling instants cannot be detected if output behaves normally at every sampling instant. This implies that if an actuator attack drives the plant's state to pass through the kernel of the output matrix at each sensing time, then the attack compromises the system while remaining stealthy. It is shown that this type of attack always exists when the sampled-data system has an input redundancy, i.e. the number of inputs being larger than that of outputs and/or the sampling rate of the actuators being higher than that of the sensors. Simulation results for the X-38 vehicle and other numerical examples illustrate this new attack strategy may result in disastrous consequences.

Inspec keywords: linear systems; continuous time systems; security of data; control system synthesis; discrete time systems; sampled data systems; digital control

Other keywords: malicious attack; masking attack; continuous-time LTI system; sampled-data system; cyber-physical systems; discrete time instants; periodic sampling; actuator attack; input redundancy; physical plant; digital controller

Subjects: Linear control systems; Data security; Discrete control systems; Control system analysis and synthesis methods

References

    1. 1)
      • 6. Mo, Y., Sinopoli, B.: ‘Secure control against replay attacks’. Proc. Annual Allerton Conf. on Communication, Control, and Computing, Monticello, USA, September 2009, pp. 911918.
    2. 2)
      • 10. Mo, Y., Sinopoli, B.: ‘False data injection attacks in control systems’. Proc. Workshop on Secure Control Systems, Stockholm, Sweden, April 2010.
    3. 3)
      • 21. Hagiwara, T., Araki, M.: ‘Design of a stable state feedback controller based on the multirate sampling of the plant output’, IEEE Trans. Autom. Control, 2002, 33, (9), pp. 812819.
    4. 4)
      • 11. Liu, Y., Ning, P., Reiter, M.K.: ‘False data injection attacks against state estimation in electric power grids’, ACM Trans. Inf. Syst. Secur., 2011, 14, (1), pp. 13-113:33.
    5. 5)
      • 3. Slay, J., Miller, M.: ‘Lessons learned from the Maroochy water breach’, Crit. Infrastruct. Prot., 2007, 253, pp. 7382.
    6. 6)
      • 7. Teixeira, A., Shames, I., Sandberg, H., et al: ‘Revealing stealthy attacks in control systems’. Proc. Annual Allerton Conf. on Communication, Control, and Computing, Monticello, USA, October 2012, pp. 18061813.
    7. 7)
      • 14. Park, G., Lee, C., Shim, H.: ‘On stealthiness of zero-dynamics attacks against uncertain nonlinear systems: a case study with quadruple-tank process’. Proc. Int. Symp. on Mathematical Theory of Networks and Systems, Hong Kong, July 2018, pp. 1017.
    8. 8)
      • 8. Andreas, H., Ping, Z.: ‘Detection of covert attacks and zero dynamics attacks in cyber-physical systems’. Proc. American Control Conf., Boston, USA, July 2016, pp. 302307.
    9. 9)
      • 2. Conti, J.P.: ‘The day the samba stopped’, Eng. Technol., 2010, 5, (4), pp. 4647.
    10. 10)
      • 20. Lavanya, K., Umamaheswari, B.: ‘Design of digital multi-rate controller using frequency domain analysis’, J. Circuits Syst. Comput., 2008, 17, (4), pp. 675684.
    11. 11)
      • 12. Park, G., Shim, H., Lee, C., et al: ‘When adversary encounters uncertain cyber-physical systems: robust zero-dynamics attack with disclosure resources’. Proc. IEEE Conf. on Decision and Control, Las Vegas, USA, December 2016, pp. 50855090.
    12. 12)
      • 9. Back, J., Kim, J., Lee, C., et al: ‘Enhancement of security against zero dynamics attack via generalized hold’. Proc. IEEE Conf. on Decision and Control, Melbourne, USA, December 2017, pp. 13501355.
    13. 13)
      • 4. Lee, R.M., Assante, M.J., Conway, T.: ‘Analysis of the cyber attack on the Ukrainian power grid’, Electricity Information Sharing and Analysis Center (E-ISAC), Washington, D.C., USA, 2016.
    14. 14)
      • 15. Naghnaeian, M., Hirzallah, N.H., Voulgaris, P.G.: ‘Security via multirate control in cyber-physical systems’, Syst. Control Lett., 2019, 124, pp. 1218.
    15. 15)
      • 22. Mizuochi, M., Tsuji, T., Ohnishi, K.: ‘Multirate sampling method for acceleration control system’, IEEE Trans. Ind. Electron., 2007, 53, (3), pp. 14621471.
    16. 16)
      • 13. Amin, S., Cardenas, A.A., Sastry, S.S.: ‘Safe and secure networked control systems under denial-of-service attacks’, Hybrid Syst., Comput. Control, 2009, pp. 3145.
    17. 17)
      • 18. Fujimoto, H., Kawakami, F., Kondo, S.: ‘Multirate repetitive control and applications’. Proc. American Control Conf., Denver, USA, June 2003, pp. 28752880.
    18. 18)
      • 25. Tian, E., Wang, Z., Zou, L., et al: ‘Probabilistic-constrained filtering for a class of nonlinear systems with improved static event-triggered communication’, Int. J. Robust Nonlinear Control, 2019, 29, (5), pp. 14841498.
    19. 19)
      • 16. Shieh, L.S., Wang, W.M.: ‘Design of lifted dual-rate digital controllers for X-38 vehicle’, J. Guid. Control Dyn., 2000, 23, (4), pp. 629639.
    20. 20)
      • 19. De la Sen, M., Alonso-Quesada, S.: ‘Model matching via multirate sampling with fast sampled input guaranteeing the stability of the plant zeros: extensions to adaptive control’, IET Control Theory Appl., 2007, 1, (1), pp. 210225.
    21. 21)
      • 1. Farwell, J.P., Rohozinski, R.: ‘Stuxnet and the future of cyber war’, Survival, 2011, 53, (1), pp. 2340.
    22. 22)
      • 17. Fujimoto, H., Hori, Y.: ‘High-performance servo systems based on multirate sampling control’, Control Eng. Pract., 2002, 10, (7), pp. 773781.
    23. 23)
      • 23. Kim, J., Park, G., Shim, H., et al: ‘Zero-stealty attack for sampled-data control systems: the case of faster actuation than sensing’. Proc. IEEE Conf. on Decision and Control, Las Vegas, USA, December 2016, pp. 59565961.
    24. 24)
      • 5. Teixeira, A., Shames, I., Sandberg, H., et al: ‘A secure control framework for resource-limited adversaries’, Automatica, 2015, 51, pp. 135148.
    25. 25)
      • 24. Bain, J., Sunkel, J.: ‘Autonomous control for subsonic flight of the X-38’. Proc. Guidance, Navigation, and Control Conf. and Exhibit, Boston, USA, 1998, pp. 909922.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-cta.2018.6075
Loading

Related content

content/journals/10.1049/iet-cta.2018.6075
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading