Securing state reconstruction under sensor and actuator attacks: Theory and design

Abstract This paper discusses the problem of reconstructing the state of a linear time invariant system when some of its actuators and sensors are compromised by an adversarial agent. In the model considered in this paper, the adversarial agent attacks an input (output) by manipulating its value arbitrarily, i.e., we impose no constraints (statistical or otherwise) on how control commands (sensor measurements) are changed by the adversary other than a bound on the number of attacked actuators and sensors In the first part of this paper, we introduce the notion of sparse strong observability and we show that is a necessary and sufficient condition for correctly reconstructing the state despite the considered attacks. In the second half of this work, we propose an observer to harness the complexity of this intrinsically combinatorial problem, by leveraging satisfiability modulo theory solving. Numerical simulations illustrate the effectiveness and scalability of our observer.

[1]  Paulo Tabuada,et al.  Secure state estimation: Optimal guarantees against sensor attacks in the presence of noise , 2015, 2015 IEEE International Symposium on Information Theory (ISIT).

[2]  E. F. Vogel,et al.  A plant-wide industrial process control problem , 1993 .

[3]  Bruno Sinopoli,et al.  Secure control against replay attacks , 2009, 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[4]  Paulo Tabuada,et al.  An SMT-based approach to secure state estimation under sensor and actuator attacks , 2017, 2017 IEEE 56th Annual Conference on Decision and Control (CDC).

[5]  Danial Senejohnny,et al.  A Jamming-Resilient Algorithm for Self-Triggered Network Coordination , 2016, IEEE Transactions on Control of Network Systems.

[6]  Bruno Sinopoli,et al.  On the Performance Degradation of Cyber-Physical Systems Under Stealthy Integrity Attacks , 2016, IEEE Transactions on Automatic Control.

[7]  Henrik Sandberg,et al.  From control system security indices to attack identifiability , 2016, 2016 Science of Security for Cyber-Physical Systems Workshop (SOSCYPS).

[8]  Cesare Tinelli,et al.  Satisfiability Modulo Theories , 2018, Handbook of Model Checking.

[9]  Vijay Gupta,et al.  Data-injection attacks in stochastic control systems: Detectability and performance tradeoffs , 2017, Autom..

[10]  Pietro Tesi,et al.  Input-to-State Stabilizing Control Under Denial-of-Service , 2015, IEEE Transactions on Automatic Control.

[11]  Necmiye Ozay,et al.  Guaranteed model-based fault detection in cyber-physical systems: A model invalidation approach , 2016, Autom..

[12]  Paulo Tabuada,et al.  Secure State Estimation for Cyber-Physical Systems Under Sensor Attacks: A Satisfiability Modulo Theory Approach , 2014, IEEE Transactions on Automatic Control.

[13]  Saurabh Amin,et al.  In quest of benchmarking security risks to cyber-physical systems , 2013, IEEE Network.

[14]  Emilio Frazzoli,et al.  Robust and resilient estimation for Cyber-Physical Systems under adversarial attacks , 2016, 2016 American Control Conference (ACC).

[15]  Tamer Basar,et al.  Optimal control in the presence of an intelligent jammer with limited actions , 2010, 49th IEEE Conference on Decision and Control (CDC).

[16]  Bruno Sinopoli,et al.  Detecting Integrity Attacks on SCADA Systems , 2014, IEEE Transactions on Control Systems Technology.

[17]  Heejo Lee,et al.  This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination. INVITED PAPER Cyber–Physical Security of a Smart Grid Infrastructure , 2022 .

[18]  Vijay Gupta,et al.  On Kalman Filtering with Compromised Sensors: Attack Stealthiness and Performance Bounds , 2017, IEEE Transactions on Automatic Control.

[19]  Shreyas Sundaram,et al.  The wireless control network: Monitoring for malicious behavior , 2010, 49th IEEE Conference on Decision and Control (CDC).

[20]  Roy S. Smith,et al.  Covert Misappropriation of Networked Control Systems: Presenting a Feedback Structure , 2015, IEEE Control Systems.

[21]  João Pedro Hespanha,et al.  Observability of linear systems under adversarial attacks , 2015, 2015 American Control Conference (ACC).

[22]  Emanuele Garone,et al.  False data injection attacks against state estimation in wireless sensor networks , 2010, 49th IEEE Conference on Decision and Control (CDC).

[23]  N. Lawrence Ricker,et al.  Model predictive control of a continuous, nonlinear, two-phase reactor , 1993 .

[24]  Yilin Mo,et al.  Dynamic state estimation in the presence of compromised sensory data , 2015, 2015 54th IEEE Conference on Decision and Control (CDC).

[25]  S. Shankar Sastry,et al.  Research Challenges for the Security of Control Systems , 2008, HotSec.

[26]  Tsuneo Yoshikawa,et al.  Partial uniqueness: Observability and input identifiability , 1975 .

[27]  Henrik Sandberg,et al.  A Survey of Physics-Based Attack Detection in Cyber-Physical Systems , 2018, ACM Comput. Surv..

[28]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[29]  Paulo Tabuada,et al.  System identification in the presence of adversarial outputs , 2016, 2016 IEEE 55th Conference on Decision and Control (CDC).

[30]  Sonia Martínez,et al.  On the Performance Analysis of Resilient Networked Control Systems Under Replay Attacks , 2013, IEEE Transactions on Automatic Control.

[31]  Paulo Tabuada,et al.  Secure system identification , 2016, 2016 54th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[32]  M. Hautus Strong detectability and observers , 1983 .

[33]  Paulo Tabuada,et al.  Event-Triggered State Observers for Sparse Sensor Noise/Attacks , 2013, IEEE Transactions on Automatic Control.

[34]  Paulo Tabuada,et al.  Robustness of attack-resilient state estimators , 2014, 2014 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS).

[35]  Daniel Le Berre,et al.  The Sat4j library, release 2.2 , 2010, J. Satisf. Boolean Model. Comput..

[36]  Paulo Tabuada,et al.  Secure Estimation and Control for Cyber-Physical Systems Under Adversarial Attacks , 2012, IEEE Transactions on Automatic Control.

[37]  Florian Dörfler,et al.  Attack Detection and Identification in Cyber-Physical Systems -- Part II: Centralized and Distributed Monitor Design , 2012, ArXiv.