A journal of IEEE and CAA , publishes high-quality papers in English on original theoretical/experimental research and development in all areas of automation
Volume 11 Issue 11
Nov.  2024

IEEE/CAA Journal of Automatica Sinica

  • JCR Impact Factor: 15.3, Top 1 (SCI Q1)
    CiteScore: 23.5, Top 2% (Q1)
    Google Scholar h5-index: 77, TOP 5
Turn off MathJax
Article Contents
M. Taheri, K. Khorasani, and  N. Meskin,  “On zero dynamics and controllable cyber-attacks in cyber-physical systems and dynamic coding schemes as their countermeasures,” IEEE/CAA J. Autom. Sinica, vol. 11, no. 11, pp. 2191–2203, Nov. 2024. doi: 10.1109/JAS.2024.124692
Citation: M. Taheri, K. Khorasani, and  N. Meskin,  “On zero dynamics and controllable cyber-attacks in cyber-physical systems and dynamic coding schemes as their countermeasures,” IEEE/CAA J. Autom. Sinica, vol. 11, no. 11, pp. 2191–2203, Nov. 2024. doi: 10.1109/JAS.2024.124692

On Zero Dynamics and Controllable Cyber-Attacks in Cyber-Physical Systems and Dynamic Coding Schemes as Their Countermeasures

doi: 10.1109/JAS.2024.124692
Funds:  The authors would like to acknowledge the financial support received from NATO under the Emerging Security Challenges Division program. K. Khorasani and N. Meskin would like to acknowledge the support received from NPRP (10-0105-17017) from the Qatar National Research Fund (a member of Qatar Foundation). K. Khorasani would also like to acknowledge the support received from the Natural Sciences and Engineering Research Council of Canada (NSERC) and the Department of National Defence (DND) under the Discovery Grant and DND Supplemental Programs. This work was also supported in part by funding from the Innovation for Defence Excellence and Security (IDEaS) program from the Department of National Defence (DND). Any opinions and conclusions in this work are strictly those of the authors and do not reflect the views, positions, or policies of - and are not endorsed by - IDEaS, DND, or the Government of Canada
More Information
  • In this paper, we study stealthy cyber-attacks on actuators of cyber-physical systems (CPS), namely zero dynamics and controllable attacks. In particular, under certain assumptions, we investigate and propose conditions under which one can execute zero dynamics and controllable attacks in the CPS. The above conditions are derived based on the Markov parameters of the CPS and elements of the system observability matrix. Consequently, in addition to outlining the number of required actuators to be attacked, these conditions provide one with the minimum system knowledge needed to perform zero dynamics and controllable cyber-attacks. As a countermeasure against the above stealthy cyber-attacks, we develop a dynamic coding scheme that increases the minimum number of the CPS required actuators to carry out zero dynamics and controllable cyber-attacks to its maximum possible value. It is shown that if at least one secure input channel exists, the proposed dynamic coding scheme can prevent adversaries from executing the zero dynamics and controllable attacks even if they have complete knowledge of the coding system. Finally, two illustrative numerical case studies are provided to demonstrate the effectiveness and capabilities of our derived conditions and proposed methodologies.

     

  • loading
  • [1]
    H. Sandberg, V. Gupta, and K. H. Johansson, “Secure networked control systems,” Annu. Rev. Control, Rob., Auton. Syst., vol. 5, pp. 445–464, May 2022. doi: 10.1146/annurev-control-072921-075953
    [2]
    F. Pasqualetti, F. Dörfler, and F. Bullo, “Attack detection and identification in cyber-physical systems,” IEEE Trans. Automat. Control, vol. 58, no. 11, pp. 2715–2729, Nov. 2013. doi: 10.1109/TAC.2013.2266831
    [3]
    A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson, “A secure control framework for resource-limited adversaries,” Automatica, vol. 51, pp. 135–148, Jan. 2015. doi: 10.1016/j.automatica.2014.10.067
    [4]
    X. Li, Z. Wang, C. Zhang, D. Du, and M. Fei, “A novel dynamic watermarking-based EKF detection method for FDIAs in smart grid,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 7, pp. 1319–1322, Jul. 2022. doi: 10.1109/JAS.2022.105704
    [5]
    Y. Mo, S. Weerakkody, and B. Sinopoli, “Physical authentication of control systems: Designing watermarked control inputs to detect counterfeit sensor outputs,” IEEE Control Syst. Mag., vol. 35, no. 1, pp. 93–109, Feb. 2015. doi: 10.1109/MCS.2014.2364724
    [6]
    W. Duo, M. C. Zhou, and A. Abusorrah, “A survey of cyber attacks on cyber physical systems: Recent advances and challenges,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 5, pp. 784–800, May 2022. doi: 10.1109/JAS.2022.105548
    [7]
    S. Oshnoei, M. R. Aghamohammadi, and M. H. Khooban, “Smart frequency control of cyber-physical power system under false data injection attacks,” IEEE Trans. Circuits Syst. Ⅰ: Regular Pap., 2024. doi: 10.1109/TCSI.2024.3396703
    [8]
    A. A. Cárdenas, S. Amin, Z. S. Lin, Y.-L. Huang, C. Y. Huang, and S. Sastry, “Attacks against process control systems: Risk assessment, detection, and response,” in Proc. 6th ACM Symp. Information, Computer and Communications Security, Hong Kong, China, 2011, pp. 355–366.
    [9]
    A. A. Cardenas, S. Amin, and S. Sastry, “Secure control: Towards survivable cyber-physical systems,” in Proc. 28th Int. Conf. Distributed Computing Systems Workshops, Beijing, China, 2008, pp. 495–500.
    [10]
    A. Teixeira, D. Pérez, H. Sandberg, and K. H. Johansson, “Attack models and scenarios for networked control systems,” in Proc. 1st Int. Conf. High Confidence Networked Systems, Beijing, China, 2012, pp. 55–64.
    [11]
    A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson, “Revealing stealthy attacks in control systems,” in Proc. 50th Annu. Allerton Conf. Communication, Control, and Computing (Allerton), Monticello, USA, 2012, pp. 1806–1813.
    [12]
    K. Zhang, C. Keliris, T. Parisini, B. Jiang, and M. M. Polycarpou, “Passive attack detection for a class of stealthy intermittent integrity attacks,” IEEE/CAA J. Autom. Sinica, vol. 10, no. 4, pp. 898–915, Apr. 2023. doi: 10.1109/JAS.2023.123177
    [13]
    Z. Zhao, Y. Yang, Y. Li, and R. Liu, “Security analysis for cyber-physical systems under undetectable attacks: A geometric approach,” Int. J. Robust Nonlinear Control, vol. 30, no. 11, pp. 4359–4370, Jul. 2020. doi: 10.1002/rnc.4419
    [14]
    A. Baniamerian and K. Khorasani, “Security index of linear cyber-physical systems: A geometric perspective,” in Proc. 6th Int. Conf. Control, Decision and Information Technologies, Paris, France, 2019, pp. 391–396.
    [15]
    A. Baniamerian, K. Khorasani, and N. Meskin, “Determination of security index for linear cyber-physical systems subject to malicious Cyber Attacks,” in Proc. IEEE 58th Conf. Decision and Control, Nice, France, 2019, pp. 4507–4513.
    [16]
    A. G. J. MacFarlane and N. Karcanias, “Poles and zeros of linear multivariable systems: A survey of the algebraic, geometric and complex-variable theory,” Int. J. Control, vol. 24, no. 1, pp. 33–74, Jul. 1976. doi: 10.1080/00207177608932805
    [17]
    J. Tokarzewski, “System zeros analysis via the Moore-Penrose pseudoinverse and SVD of the first nonzero markov parameter,” IEEE Trans. Autom. Control, vol. 43, no. 9, pp. 1285–1291, Sep. 1998.
    [18]
    J. Tokarzewski, Finite Zeros in Discrete Time Control Systems. Berlin, Germany: Springer, 2006.
    [19]
    R. Alisic and H. Sandberg, “Data-injection attacks using historical inputs and outputs,” in Proc. European Control Conf., Delft, Netherlands, 2021, pp. 1399–1405.
    [20]
    H. Sandberg and A. M. H. Teixeira, “From control system security indices to attack identifiability,” in Proc. Science of Security for Cyber-Physical Systems Workshop, Vienna, Austria, 2016, pp. 1–6.
    [21]
    J. Milošević, A. Teixeira, K. H. Johansson, and H. Sandberg, “Actuator security indices based on perfect undetectability: Computation, robustness, and sensor placement,” IEEE Trans. Autom. Control, vol. 65, no. 9, pp. 3816–3831, Sep. 2020. doi: 10.1109/TAC.2020.2981392
    [22]
    S. Gracy, J. Milošević, and H. Sandberg, “Security index based on perfectly undetectable attacks: Graph-theoretic conditions,” Automatica, vol. 134, p. 109925, Dec. 2021. doi: 10.1016/j.automatica.2021.109925
    [23]
    S. Weerakkody, X. Liu, S. H. Son, and B. Sinopoli, “A graph-theoretic characterization of perfect attackability for secure design of distributed control systems,” IEEE Trans. Control Netw. Syst., vol. 4, no. 1, pp. 60–70, Mar. 2017. doi: 10.1109/TCNS.2016.2573741
    [24]
    A. Baniamerian, K. Khorasani, and N. Meskin, “Monitoring and detection of malicious adversarial zero dynamics attacks in cyber-physical systems,” in Proc. IEEE Conf. Control Technology and Applications, Montreal, Canada, 2020, pp. 726–731.
    [25]
    M. Taheri, K. Khorasani, I. Shames, and N. Meskin, “Cyberattack and machine-induced fault detection and isolation methodologies for cyber-physical systems,” IEEE Trans. Control Syst. Technol., vol. 32, no. 2, pp. 502–517, Mar. 2024. doi: 10.1109/TCST.2023.3324870
    [26]
    A. Hoehn and P. Zhang, “Detection of covert attacks and zero dynamics attacks in cyber-physical systems,” in Proc. American Control Conf., Boston, USA, 2016, pp. 302–307.
    [27]
    R. M. G. Ferrari and A. M. H. Teixeira, “A switching multiplicative watermarking scheme for detection of stealthy cyber-attacks,” IEEE Trans. Autom. Control, vol. 66, no. 6, pp. 2558–2573, Jun. 2020.
    [28]
    F. Miao, Q. Zhu, M. Pajic, and G. J. Pappas, “Coding schemes for securing cyber-physical systems against stealthy data injection attacks,” IEEE Trans. Control Netw. Syst., vol. 4, no. 1, pp. 106–117, Mar. 2017. doi: 10.1109/TCNS.2016.2573039
    [29]
    S. Fang, K. H. Johansson, M. Skoglund, H. Sandberg, and H. Ishii, “Two-way coding in control systems under injection attacks: From attack detection to attack correction,” in Proc. 10th ACM/IEEE Int. Conf. Cyber-Physical Systems, Montreal, Canada, 2019, pp. 141–150.
    [30]
    Y. Chen, S. Kar, and J. M. Moura, “Dynamic attack detection in cyber-physical systems with side initial state information,” IEEE Trans. Autom. Control, vol. 62, no. 9, pp. 4618–4624, Sep. 2017. doi: 10.1109/TAC.2016.2626267
    [31]
    M. Taheri, K. Khorasani, I. Shames, and N. Meskin, “Data-driven covert-attack strategies and countermeasures for cyber-physical systems,” in Proc. 60th IEEE Conf. Decision and Control, Austin, USA, 2021, pp. 4170–4175.
    [32]
    J. Wang, D. Wang, H. Yan, and H. Shen, “Composite antidisturbance H control for hidden Markov jump systems with multi-sensor against replay attacks,” IEEE Trans. Autom. Control, vol. 69, no. 3, pp. 1760–1766, Mar. 2024. doi: 10.1109/TAC.2023.3326861
    [33]
    S. Weerakkody and B. Sinopoli, “Detecting integrity attacks on control systems using a moving target approach,” in Proc. 54th IEEE Conf. Decision and Control, Osaka, Japan, 2015, pp. 5820–5826.
    [34]
    D. Umsonst, S. Sarıtaş, G. Dán, and H. Sandberg, “A Bayesian Nash equilibrium-based moving target defense against stealthy sensor attacks,” IEEE Trans. Autom. Control, vol. 69, no. 3, pp. 1659–1674, Mar. 2024. doi: 10.1109/TAC.2023.3328754
    [35]
    S. Oshnoei, M. R. Aghamohammadi, J. Heidary, and M. H. Khooban, “Watermarking-based defense mechanism in LFC of electricity grids compromised by covert attacks,” IEEE Trans. Circuits Syst. Ⅱ: Express Briefs, 2024. doi: 10.1109/TCSII.2024.3396734
    [36]
    H. L. Trentelman, A. A. Stoorvogel, and M. Hautus, Control Theory for Linear Systems. London, UK: Springer, 2012.
    [37]
    M. Sain and J. Massey, “Invertibility of linear time-invariant dynamical systems,” IEEE Trans. Autom. Control, vol. 14, no. 2, pp. 141–149, Apr. 1969. doi: 10.1109/TAC.1969.1099133
    [38]
    A. K. Hajdasinski and A. A. H. Damen, “Realization of the Markov parameter sequences using the singular value decomposition of the Hankel matrix,” Technische Hogeschool Eindhoven, 1979.
    [39]
    B. De Moor, J. Vandewalle, M. Moonen, L. Vandenberghe, and P. Van Mieghem, “A geometrical strategy for the identification of state space models of linear multivariable systems with singular value decomposition,” IFAC Proc. Vol., vol. 21, no. 9, pp. 493–497, Aug. 1988. doi: 10.1016/S1474-6670(17)54776-X
    [40]
    L. Ljung, “System identification,” in Wiley Encyclopedia of Electrical and Electronics Engineering, 1999, pp. 1–19.
    [41]
    J. F. Dong and M. Verhaegen, “Identification of fault estimation filter from I/O data for systems with stable inversion,” IEEE Trans. Autom. Control, vol. 57, no. 6, pp. 1347–1361, Jun. 2012. doi: 10.1109/TAC.2011.2173422
    [42]
    P. Van Overschee and B. De Moor, “N4SID: Subspace algorithms for the identification of combined deterministic-stochastic systems,” Automatica, vol. 30, no. 1, pp. 75–93, Jan. 1994. doi: 10.1016/0005-1098(94)90230-5
    [43]
    H. L. Trentelman, A. A. Stoorvogel, and M. Hautus, Control Theory for Linear Systems. London, UK: Springer, 2012.
    [44]
    R. C. Merkle, “Secure communications over insecure channels,” Commun. ACM, vol. 21, no. 4, pp. 294–299, Apr. 1978. doi: 10.1145/359460.359473
    [45]
    R. F. Schaefer, H. Boche, and H. V. Poor, “Secure communication under channel uncertainty and adversarial attacks,” Proc. IEEE, vol. 103, no. 10, pp. 1796–1813, Oct. 2015. doi: 10.1109/JPROC.2015.2459652
    [46]
    K. H. Johansson, “The quadruple-tank process: A multivariable laboratory process with an adjustable zero,” IEEE Trans. Control Syst. Technol., vol. 8, no. 3, pp. 456–465, May 2000. doi: 10.1109/87.845876
    [47]
    O. Härkegård and S. T. Glad, “Resolving actuator redundancy-optimal control vs. control allocation,” Automatica, vol. 41, no. 1, pp. 137–144, Jan. 2005.
    [48]
    B. Boussaid, C. Aubrun, J. Jiang, and M. N. Abdelkrim, “FTC approach with actuator saturation avoidance based on reference management,” Int. J. Robust Nonlinear Control, vol. 24, no. 17, pp. 2724–2740, Nov. 2014. doi: 10.1002/rnc.3020

Catalog

    通讯作者: 陈斌, [email protected]
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(6)

    Article Metrics

    Article views (405) PDF downloads(167) Cited by()

    Highlights

    • The vulnerability of Cyber-Physical Systems (CPS) to zero dynamics and controllable cyber-attacks is studied
    • Cyber-attacks are derived in terms of nonzero Markov parameters of the CPS and the entries of the observability matrix
    • The number of actuators that need to be compromised for zero dynamics and controllable cyber-attacks is studied
    • A dynamic coding scheme is developed to increase the number of input channels for executing these cyber-attacks

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return