A study of packet-reordering integrity attack on remote state estimation

Recent years have witnessed the surge of interest of security issues in cyber-physical systems. In this paper, we consider malicious cyber attacks in a remote state estimation scenario using time division multiple access communication protocol. A gateway collects the local measurement innovation of each sensor every time instant, while only transmits data packets to a remote estimator during specific time slots. It is assumed that a residue-based detection algorithm is used at the remote side to detect data anomalies. We propose a novel packet-reordering attack strategy where the attacker is able to change the order of the transmitted data packets, without being detected, by compromising the gateway. Furthermore, the evolution of the remote estimation error covariance is derived and the degradation of system performance under the proposed attack is analyzed. Finally, we obtain a sufficient condition for the attack policy to be optimal using the terminal estimation error covariance as a performance metric. Simulations are provided to illustrate the theoretical results.

[1]  J. Favennec Smart sensors in industry , 1987 .

[2]  Lang Tong,et al.  Subspace Methods for Data Attack on State Estimation: A Data Driven Approach , 2014, IEEE Transactions on Signal Processing.

[3]  Panganamala Ramana Kumar,et al.  Cyber–Physical Systems: A Perspective at the Centennial , 2012, Proceedings of the IEEE.

[4]  Bill Cheswick,et al.  Firewalls and internet security - repelling the wily hacker , 2003, Addison-Wesley professional computing series.

[5]  Heejo Lee,et al.  This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination. INVITED PAPER Cyber–Physical Security of a Smart Grid Infrastructure , 2022 .

[6]  Karl Henrik Johansson,et al.  Secure Control Systems: A Quantitative Risk Management Approach , 2015, IEEE Control Systems.

[7]  Edward A. Lee Cyber Physical Systems: Design Challenges , 2008, 2008 11th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC).

[8]  Radha Poovendran,et al.  Optimal Jamming Attacks and Network Defense Policies in Wireless Sensor Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[9]  Afrand Agah,et al.  Preventing DoS Attacks in Wireless Sensor Networks: A Repeated Game Theory Approach , 2007, Int. J. Netw. Secur..

[10]  Wenyuan Xu,et al.  The feasibility of launching and detecting jamming attacks in wireless networks , 2005, MobiHoc '05.

[11]  Rafal Rohozinski,et al.  Stuxnet and the Future of Cyber War , 2011 .

[12]  B. Anderson,et al.  Optimal Filtering , 1979, IEEE Transactions on Systems, Man, and Cybernetics.

[13]  Alan S. Willsky,et al.  A survey of design methods for failure detection in dynamic systems , 1976, Autom..

[14]  Karl Henrik Johansson,et al.  Cyberphysical Security in Networked Control Systems: An Introduction to the Issue , 2015 .

[15]  Bruno Sinopoli,et al.  Secure control against replay attacks , 2009, 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[16]  Fatos Xhafa,et al.  Special issue on cyber physical systems , 2013, Computing.

[17]  Bruno Sinopoli,et al.  Integrity attacks on cyber-physical systems , 2012, HiCoNS '12.

[18]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2011, TSEC.

[19]  Ling Shi,et al.  Jamming Attacks on Remote State Estimation in Cyber-Physical Systems: A Game-Theoretic Approach , 2015, IEEE Transactions on Automatic Control.

[20]  S. Shankar Sastry,et al.  Secure Control: Towards Survivable Cyber-Physical Systems , 2008, 2008 The 28th International Conference on Distributed Computing Systems Workshops.

[21]  Zhuoqing Morley Mao,et al.  Accurate Real-time Identification of IP Prefix Hijacking , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[22]  Tamer Basar,et al.  Optimal control in the presence of an intelligent jammer with limited actions , 2010, 49th IEEE Conference on Decision and Control (CDC).

[23]  Bruno Sinopoli,et al.  Integrity Data Attacks in Power Market Operations , 2011, IEEE Transactions on Smart Grid.

[24]  Vijay Gupta,et al.  Security in stochastic control systems: Fundamental limitations and performance bounds , 2015, 2015 American Control Conference (ACC).

[25]  B. Brumback,et al.  A Chi-square test for fault-detection in Kalman filters , 1987 .