Detecting Generalized Replay Attacks via Time-Varying Dynamic Watermarking

Cyber-physical systems (CPS) often rely on external communication for supervisory control or sensing. Unfortunately, these communications render the system vulnerable to cyber-attacks. Attacks that alter messages, such as replay attacks that record measurement signals and then play them back to the system, can cause devastating effects. Dynamic Watermarking methods, which inject a private excitation into control inputs to secure resulting measurement signals, have begun addressing the challenges of detecting these attacks, but have been restricted to linear time invariant (LTI) systems. Though LTI models are sufficient for some applications, other CPS, such as autonomous vehicles, require more complex models. This paper develops a linear time-varying (LTV) extension to previous Dynamic Watermarking methods by designing a matrix normalization factor to accommodate the temporal changes in the system. Implementable tests are provided with considerations for real-world systems. The proposed method is then shown to be able to detect generalized replay attacks both in theory and in simulation using a LTV vehicle model.

[1]  Ram Vasudevan,et al.  Dynamic watermarking for general LTI systems , 2017, 2017 IEEE 56th Annual Conference on Decision and Control (CDC).

[2]  Xiaohong Guan,et al.  Hidden Moving Target Defense in Smart Grids , 2017, SPSR-SG@CPSWeek.

[3]  Soummya Kar,et al.  Information flow for security in control systems , 2016, 2016 IEEE 55th Conference on Decision and Control (CDC).

[4]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[5]  Bruno Sinopoli,et al.  A Model Inversion Based Watermark for Replay Attack Detection with Output Tracking , 2019, 2019 American Control Conference (ACC).

[6]  Alberto Leon-Garcia,et al.  Probability and Random Processes For EE's (3rd Edition) , 2007 .

[7]  P. Spreij Probability and Measure , 1996 .

[8]  Bruno Sinopoli,et al.  Physical Authentication of Control Systems: Designing Watermarked Control Inputs to Detect Counterfeit Sensor Outputs , 2015, IEEE Control Systems.

[9]  Karl Henrik Johansson,et al.  Cyberphysical Security in Networked Control Systems: An Introduction to the Issue , 2015 .

[10]  Bharadwaj Satchidanandan,et al.  On the Design of Security-Guaranteeing Dynamic Watermarks , 2020, IEEE Control Systems Letters.

[11]  Bruno Sinopoli,et al.  Integrity attacks on cyber-physical systems , 2012, HiCoNS '12.

[12]  D. Brillinger Time series - data analysis and theory , 1981, Classics in applied mathematics.

[13]  Bruno Sinopoli,et al.  Detecting integrity attacks on control systems using robust physical watermarking , 2014, 53rd IEEE Conference on Decision and Control.

[14]  Bruno Sinopoli,et al.  Secure control against replay attacks , 2009, 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[15]  Ram Vasudevan,et al.  Sensor Switching Control Under Attacks Detectable by Finite Sample Dynamic Watermarking Tests , 2019, IEEE Transactions on Automatic Control.

[16]  Yilin Mo,et al.  Security in cyber-physical systems: Controller design against Known-Plaintext Attack , 2015, 2015 54th IEEE Conference on Decision and Control (CDC).

[17]  Roy S. Smith,et al.  A Decoupled Feedback Structure for Covertly Appropriating Networked Control Systems , 2011 .

[18]  Ram Vasudevan,et al.  Statistical Watermarking for Networked Control Systems , 2017, 2018 Annual American Control Conference (ACC).

[19]  Matthew Johnson-Roberson,et al.  Simulation and Real-World Evaluation of Attack Detection Schemes , 2018, 2019 American Control Conference (ACC).

[20]  Carlos Murguia,et al.  CUSUM and chi-squared attack detection of compromised sensors , 2016, 2016 IEEE Conference on Control Applications (CCA).

[21]  S. Shankar Sastry,et al.  Secure Control: Towards Survivable Cyber-Physical Systems , 2008, 2008 The 28th International Conference on Distributed Computing Systems Workshops.

[22]  Riccardo M. G. Ferrari,et al.  Detection and isolation of routing attacks through sensor watermarking , 2017, 2017 American Control Conference (ACC).

[23]  Bruno Sinopoli,et al.  Detecting integrity attacks on control systems using a moving target approach , 2015, 2015 54th IEEE Conference on Decision and Control (CDC).

[24]  Karl Henrik Johansson,et al.  Revealing stealthy attacks in control systems , 2012, 2012 50th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[25]  Navid Hashemi,et al.  Generalized chi-squared detector for LTI systems with non-Gaussian noise , 2019, 2019 American Control Conference (ACC).

[26]  Bruno Sinopoli,et al.  Detecting Integrity Attacks on SCADA Systems , 2011 .

[27]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2011, TSEC.

[28]  Riccardo M. G. Ferrari,et al.  Detection of Sensor Data Injection Attacks with Multiplicative Watermarking , 2018, 2018 European Control Conference (ECC).

[29]  Panganamala Ramana Kumar,et al.  Defending Cyber-Physical Systems from Sensor Attacks , 2017, COMSNETS.

[30]  Walter Lucia,et al.  A Novel Control Architecture for the Detection of False Data Injection Attacks in Networked Control Systems , 2019, 2019 American Control Conference (ACC).

[31]  Ehab Al-Shaer,et al.  Moving Target Defense for Hardening the Security of the Power System State Estimation , 2014, MTD '14.

[32]  Emanuele Garone,et al.  False data injection attacks against state estimation in wireless sensor networks , 2010, 49th IEEE Conference on Decision and Control (CDC).

[33]  Panganamala Ramana Kumar,et al.  Dynamic Watermarking: Active Defense of Networked Cyber–Physical Systems , 2016, Proceedings of the IEEE.

[34]  S. Shankar Sastry,et al.  Research Challenges for the Security of Control Systems , 2008, HotSec.

[35]  Bruno Sinopoli,et al.  An Optimal Design of a Moving Target Defense for Attack Detection in Control Systems , 2019, 2019 American Control Conference (ACC).

[36]  Bruno Sinopoli,et al.  Physical watermarking for securing cyber physical systems via packet drop injections , 2017, 2017 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[37]  G. Grimmett,et al.  Probability and random processes , 2002 .

[38]  Joaquín García,et al.  Event-Triggered Watermarking Control to Handle Cyber-Physical Integrity Attacks , 2016, NordSec.

[39]  Ping Zhang,et al.  Detection of covert attacks on cyber-physical systems by extending the system dynamics with an auxiliary system , 2017, 2017 IEEE 56th Annual Conference on Decision and Control (CDC).

[40]  Henrik Sandberg,et al.  Anomaly Detector Metrics for Sensor Data Attacks in Control Systems , 2018, 2018 Annual American Control Conference (ACC).

[41]  Bruno Sinopoli,et al.  A Bernoulli-Gaussian physical watermark for detecting integrity attacks in control systems , 2017, 2017 55th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[42]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[43]  Henrik Sandberg,et al.  On the Confidentiality of Linear Anomaly Detector States , 2019, 2019 American Control Conference (ACC).

[44]  Kyriakos G. Vamvoudakis,et al.  Switching for Unpredictability: A Proactive Defense Control Approach , 2019, 2019 American Control Conference (ACC).

[45]  T. W. Anderson An Introduction to Multivariate Statistical Analysis , 1959 .

[46]  Bruno Sinopoli,et al.  Active detection for exposing intelligent attacks in control systems , 2017, 2017 IEEE Conference on Control Technology and Applications (CCTA).

[47]  Panganamala Ramana Kumar,et al.  Theory and implementation of dynamic watermarking for cybersecurity of advanced transportation systems , 2016, 2016 IEEE Conference on Communications and Network Security (CNS).

[48]  R. G. Sanfelice,et al.  A Moving Target Defense to Detect Stealthy Attacks in Cyber-Physical Systems , 2019, 2019 American Control Conference (ACC).

[49]  Weiyi Liu,et al.  Security analysis for Cyber-Physical Systems against stealthy deception attacks , 2013, 2013 American Control Conference.

[50]  J. Schmee An Introduction to Multivariate Statistical Analysis , 1986 .

[51]  Riccardo M. G. Ferrari,et al.  Detection and Isolation of Replay Attacks through Sensor Watermarking , 2017 .

[52]  Karl Henrik Johansson,et al.  Attack models and scenarios for networked control systems , 2012, HiCoNS '12.

[53]  S. Shankar Sastry,et al.  Safe and Secure Networked Control Systems under Denial-of-Service Attacks , 2009, HSCC.

[54]  Takashi Tanaka,et al.  Designing optimal watermark signal for a stealthy attacker , 2016, 2016 European Control Conference (ECC).