On the Design of Security-Guaranteeing Dynamic Watermarks

Dynamic watermarking is a defense mechanism to secure cyberphysical systems from arbitrary sensor attacks. The approach involves the actuators of a plant superimposing on the control policy-specified input a “small” random signal called the dynamic watermark (DW), and conducting certain carefully designed tests to detect the presence of adversarial sensors. Prior works on this topic have restricted attention to systems where the process and measurement noises affecting the system are Gaussian random processes. In this letter, we go beyond the class of Gaussian systems and address the problem of designing watermarks for linear systems affected by arbitrarily distributed noise. We first show how the fundamental security guarantee of DW can fail when the statistics of the watermark are not chosen appropriately taking into account the parameters of the noise process that affects the system. Subsequently, we address the problem of how security-guaranteeing DWs should be designed. Specifically, we consider the class of finite-dimensional, perfectly observed, linear stochastic systems with arbitrary process noise distributions, and derive for any such system the necessary and sufficient conditions that the statistics of the watermark should satisfy in order for the fundamental security guarantee to hold.

[1]  Ram Vasudevan,et al.  Statistical Watermarking for Networked Control Systems , 2017, 2018 Annual American Control Conference (ACC).

[2]  Bruno Sinopoli,et al.  A Bernoulli-Gaussian physical watermark for detecting integrity attacks in control systems , 2017, 2017 55th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[3]  Takashi Tanaka,et al.  Designing optimal watermark signal for a stealthy attacker , 2016, 2016 European Control Conference (ECC).

[4]  Paulo Tabuada,et al.  Secure Estimation and Control for Cyber-Physical Systems Under Adversarial Attacks , 2012, IEEE Transactions on Automatic Control.

[5]  Florian Dörfler,et al.  Attack Detection and Identification in Cyber-Physical Systems -- Part II: Centralized and Distributed Monitor Design , 2012, ArXiv.

[6]  Panganamala Ramana Kumar,et al.  Secure control of networked cyber-physical systems , 2016, 2016 IEEE 55th Conference on Decision and Control (CDC).

[7]  Ram Vasudevan,et al.  Dynamic watermarking for general LTI systems , 2017, 2017 IEEE 56th Annual Conference on Decision and Control (CDC).

[8]  Bharadwaj Satchidanandan,et al.  Control Systems Under Attack: The Securable and Unsecurable Subspaces of a Linear Stochastic System , 2018 .

[9]  Panganamala Ramana Kumar,et al.  The securable subspace of a linear stochastic system with malicious sensors and actuators , 2017, 2017 55th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[10]  Paulo Tabuada,et al.  Secure state estimation: Optimal guarantees against sensor attacks in the presence of noise , 2015, 2015 IEEE International Symposium on Information Theory (ISIT).

[11]  Bruno Sinopoli,et al.  Detecting integrity attacks on control systems using robust physical watermarking , 2014, 53rd IEEE Conference on Decision and Control.

[12]  Matthew Johnson-Roberson,et al.  Simulation and Real-World Evaluation of Attack Detection Schemes , 2018, 2019 American Control Conference (ACC).

[13]  Paulo Tabuada,et al.  Secure state-estimation for dynamical systems under active adversaries , 2011, 2011 49th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[14]  T. Lai,et al.  Least Squares Estimates in Stochastic Regression Models with Applications to Identification and Control of Dynamic Systems , 1982 .

[15]  Panganamala Ramana Kumar,et al.  On minimal tests of sensor veracity for dynamic watermarking-based defense of cyber-physical systems , 2017, 2017 9th International Conference on Communication Systems and Networks (COMSNETS).

[16]  Panganamala Ramana Kumar,et al.  Dynamic Watermarking: Active Defense of Networked Cyber–Physical Systems , 2016, Proceedings of the IEEE.

[17]  Panganamala Ramana Kumar,et al.  Theory and implementation of dynamic watermarking for cybersecurity of advanced transportation systems , 2016, 2016 IEEE Conference on Communications and Network Security (CNS).

[18]  Bruno Sinopoli,et al.  Secure control against replay attacks , 2009, 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[19]  Panganamala Ramana Kumar,et al.  On the Operational Significance of the Securable Subspace for Partially Observed Linear Stochastic Systems , 2018, 2018 IEEE Conference on Decision and Control (CDC).

[20]  Bruno Sinopoli,et al.  Detecting Integrity Attacks on SCADA Systems , 2011 .