Software-based Realtime Recovery from Sensor Attacks on Robotic Vehicles

We present a novel technique to recover robotic vehicles (RVs) from various sensor attacks with so-called software sensors. Specifically, our technique builds a predictive statespace model based on the generic system identification technique. Sensor measurement prediction based on the statespace model runs as a software backup of the corresponding physical sensor. When physical sensors are under attacks, the corresponding software sensors can isolate and recover the compromised sensors individually to prevent further damage. We apply our prototype to various sensor attacks on six RV systems, including a real quadrotor and a rover. Our evaluation results demonstrate that our technique can practically and safely recover the vehicle from various attacks on multiple sensors under different maneuvers, preventing crashes.

[1]  Srdjan Capkun,et al.  On the requirements for successful GPS spoofing attacks , 2011, CCS '11.

[2]  Ing-Ray Chen,et al.  Behavior Rule Specification-Based Intrusion Detection for Safety Critical Medical Cyber Physical Systems , 2015, IEEE Transactions on Dependable and Secure Computing.

[3]  Ing-Ray Chen,et al.  Adaptive Intrusion Detection of Malicious Unmanned Air Vehicles Using Behavior Rule Specifications , 2014, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[4]  Khurum Nazir Junejo,et al.  Behaviour-Based Attack Detection and Classification in Cyber Physical Systems Using Machine Learning , 2016, CPSS@AsiaCCS.

[5]  Bruno Sinopoli,et al.  Secure Estimation in the Presence of Integrity Attacks , 2013, IEEE Transactions on Automatic Control.

[6]  Thomas C. O'Haver,et al.  A Pragmatic Introduction to Signal Processing: with applications in scientific measurement , 2016 .

[7]  Yongdae Kim,et al.  Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors , 2015, USENIX Security Symposium.

[8]  Patrick C. Hickey,et al.  TrackOS: A Security-Aware Real-Time Operating System , 2016, RV.

[9]  B. Bradie A Friendly Introduction to Numerical Analysis , 2003 .

[10]  Kevin M. Lynch,et al.  Modern Robotics: Mechanics, Planning, and Control , 2017 .

[11]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[12]  Neville A. Stanton,et al.  Takeover Time in Highly Automated Vehicles: Noncritical Transitions to and From Manual Control , 2017, Hum. Factors.

[13]  Paulo Tabuada,et al.  Secure Estimation and Control for Cyber-Physical Systems Under Adversarial Attacks , 2012, IEEE Transactions on Automatic Control.

[14]  Wenyuan Xu,et al.  WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[15]  Hao Wu,et al.  Controlling UAVs with Sensor Input Spoofing Attacks , 2016, WOOT.

[16]  Jonathan Petit,et al.  Remote Attacks on Automated Vehicles Sensors : Experiments on Camera and LiDAR , 2015 .

[17]  Peng Shi,et al.  Novel Neural Networks-Based Fault Tolerant Control Scheme With Fault Alarm , 2014, IEEE Transactions on Cybernetics.

[18]  Lennart Ljung,et al.  System Identification: Theory for the User , 1987 .

[19]  Jingqing Han,et al.  From PID to Active Disturbance Rejection Control , 2009, IEEE Trans. Ind. Electron..

[20]  Frank Mueller,et al.  Time-based intrusion detection in cyber-physical systems , 2010, ICCPS '10.

[21]  Paulo Tabuada,et al.  Non-invasive Spoofing Attacks for Anti-lock Braking Systems , 2013, CHES.

[22]  Paulo Tabuada,et al.  Secure State Estimation for Cyber-Physical Systems Under Sensor Attacks: A Satisfiability Modulo Theory Approach , 2014, IEEE Transactions on Automatic Control.

[23]  Maninder Singh,et al.  Automatic attack signature generation systems: A review , 2013, IEEE Security & Privacy.

[24]  S. Iyengar,et al.  Multi-Sensor Fusion: Fundamentals and Applications With Software , 1997 .

[25]  A. Singh,et al.  Fault-tolerant systems , 1990, Computer.

[26]  Wen-Chuan Lee,et al.  Detecting Attacks Against Robotic Vehicles: A Control Invariant Approach , 2018, CCS.

[27]  Paul M. Frank,et al.  Fault diagnosis in dynamic systems using analytical and knowledge-based redundancy: A survey and some new results , 1990, Autom..

[28]  Wei Gao,et al.  On Cyber Attacks and Signature Based Intrusion Detection for MODBUS Based Industrial Control Systems , 2014, J. Digit. Forensics Secur. Law.

[29]  R. E. Kalman,et al.  Contributions to the Theory of Optimal Control , 1960 .

[30]  Wilfried Elmenreich,et al.  Sensor Fusion in Time-Triggered Systems , 2002 .

[31]  Klaus Bengler,et al.  “Take over!” How long does it take to get the driver back into the loop? , 2013 .

[32]  Qixin Wang,et al.  A System Identification Based Oracle for Control-CPS Software Fault Localization , 2019, 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE).

[33]  S. Chiba,et al.  Dynamic programming algorithm optimization for spoken word recognition , 1978 .

[34]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[35]  Wenyuan Xu,et al.  Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors , 2013, 2013 IEEE Symposium on Security and Privacy.

[36]  J. S. Warner,et al.  A Simple Demonstration that the Global Positioning System ( GPS ) is Vulnerable to Spoofing , 2012 .

[37]  Yongdae Kim,et al.  This Ain't Your Dose: Sensor Spoofing Attack on Medical Infusion Pump , 2016, WOOT.

[38]  Gene F. Franklin,et al.  Feedback Control of Dynamic Systems , 1986 .

[39]  Bin Yao,et al.  Advanced motion control: From classical PID to nonlinear adaptive robust control , 2010, 2010 11th IEEE International Workshop on Advanced Motion Control (AMC).