Analysis and design of secure cyber-physical systems

Abstract

Cyber-physical systems (CPSs) are new emerging systems that seamlessly integrate physical systems, communication systems and computation systems. Their wide use has been witnessed in the past decades in many crossdiscipline fields such as smart energy systems, industrial process control, aerospace and automobile engineering, health-care and assisted living, to just name a few. For many of these systems, secure operations are of key concerns. In particular, for some safety-critical applications, security is of paramount importance. Diverse motivations and strong incentives exist everywhere and at any time for launching malicious attacks on the CPSs, for example, economic reasons (e.g., by reducing or even not paying electricity charge) and terrorism the purpose of which is apparent. Unlike traditional wired and point-to-point control systems where an attacker may not easily launch any attack, the new generation CPSs widely utilize existing network infrastructure such as wireless communications, local area networks, etc., for information delivery and high-level supervisory monitoring and control. This, although brings unprecedented convenience to the system design and implementation, introduces security loopholes to the closedloop system where an attacker may launch various types of popular attacks that have rooted deeply in the intrinsic architecture of the network protocols pervasively used today. For example, attackers may launch the so-called Denialof-Service (DoS) attacks and may eavesdrop a communication channel and learn the content of the transmitted data when the data is conveyed over wireless channels. Worst of all, the attackers may intercept the data, inject some malicious content into it, and then send it out as if the data were intact. By properly manipulating the data content, the attackers may control the entire system and steer the system state to any arbitrary positions. Secure data transmission is almost taken for granted in early research of CPSs. Data imperfection is indeed widely considered. The models of such imperfection (e.g., in terms of random data packet drops and delays, quantization, etc.), however, are very much limited and do not include the possibility that the communicated data may not be the “true” data collected by the sensors or computed by the controllers, which may be already modified in a malicious way by the attackers. Very recently in July 2010, Stuxnet, which is a control system malware and targets vulnerable Supervisory Control And Data Acquisition (SCADA) systems in a power grid, raises new questions and inspires novel research on cyber-physical system security. The control and systems community has made significant progress in analyzing security issues arising in a CPS and designing counter measures to make the system more resilient to malicious attacks in the past few years. Various performance metrics have been proposed for different applications including indexes for state estimation (e.g., mean square errors of state estimation in a smart grid), feedback control (e.g., LQR or LQG cost of wireless networked control systems), etc. Most of the developed approaches, such as secure detection, estimation and robust control, which aim to identify the abnormality arising in a system state, can only provide limited counter measures to certain strict types of malicious attacks, such as replay attacks, DoS attacks, and integrity attacks on linear systems.