Covert Attacks in Cyber-Physical Control Systems

de, Alan Oliveira; Carmo, Luiz Fernando Rust da Costa; Machado, Raphael C. S.

doi:10.1109/tii.2017.2676005

Cited by 102 publications

(103 citation statements)

References 30 publications

Supporting

Mentioning

102

Contrasting

Order By: Relevance

“…By virtue of these advantages, the number of NCSs applied to industrial processes and critical infrastructure systems is increasing [1][2][3][4][5][6][7][8][9][10]. A diagram of an NCS is depicted in Networked control system (NCS) [12] plant's behavior are physically difficult to be perceived. For this reason, this attack is classified as physically covert [12].…”

Section: Introductionmentioning

confidence: 99%

“…A diagram of an NCS is depicted in Networked control system (NCS) [12] plant's behavior are physically difficult to be perceived. For this reason, this attack is classified as physically covert [12]. To ensure that the attack proposed in [12] is physically covert, the authors indicate that the attacker must plan the offensive based on an accurate knowledge about the system dynamics -otherwise the consequences of the attack may be unpredictable.…”

Section: Introductionmentioning

confidence: 99%

“…For this reason, this attack is classified as physically covert [12]. To ensure that the attack proposed in [12] is physically covert, the authors indicate that the attacker must plan the offensive based on an accurate knowledge about the system dynamics -otherwise the consequences of the attack may be unpredictable. In this case, the unpredictable behavior of the plant can provide physical evidence that it is being manipulated, drawing the attention to the possibility of a cyber-physical attack.…”

Section: Introductionmentioning

confidence: 99%

“…Another way to gather information about the targeted system is through a Cyber-Physical Intelligence attacks [12]. To this end, the authors of [12] propose a metaheuristic-based Passive System Identification attack, which aims to collect information about the plant's transfer function G(z) and the controller's control function C(z) of an NCS. As shown in Fig.…”

Section: Introductionmentioning

confidence: 99%

“…2 (draw based on the taxonomy proposed in [12]), the Passive System Identification attack constitutes a path to build sophisticated model-dependent attacks, once they are capable to provide the attacker with the required system knowledge. Indeed, the results of [12] demonstrate the effectiveness of the Passive System Identification attack in supporting the design of covert/model-dependent attacks.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

A controller design for mitigation of passive system identification attacks in networked control systems

Sá

Carmo

Machado

2018

J Internet Serv Appl

Self Cite

View full text Add to dashboard Cite

The literature regarding attacks in Networked Control Systems (NCS) indicates that covert and accurate attacks must be designed based on an accurate knowledge about the model of the attacked system. In this context, the literature on NCS presents the Passive System Identification attack as a metaheuristic-based tool to provide the attacker with the required system models. However, the scientific literature does not report countermeasures to mitigate the identification process performed by such passive metaheuristic-based attack. In this sense, this work proposes the use of a randomly switching controller as a countermeasure for the Passive System Identification attack, in case of failure of other conventional security mechanisms -such as encryption, network segmentation and firewall policies. This novel countermeasure aims to hinder the identification of the controller, so that the model obtained by the attacker is imprecise or ambiguous, in such a way that the attacker hesitates to launch covert or model-dependent attacks against the NCS. The simulation results indicate that this countermeasure is capable to mitigate the mentioned attack at the same time that it performs a satisfactory plant control.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

A controller design for mitigation of passive system identification attacks in networked control systems

Sá

Carmo

Machado

2018

J Internet Serv Appl

Self Cite

View full text Add to dashboard Cite

show abstract

Resilient control of cyber‐physical systems under sensor and actuator attacks driven by adaptive sliding mode observer

Nateghi

Shtessel

Edwards

2021

Intl J Robust & Nonlinear

View full text Add to dashboard Cite

The problem of resilient control of linear cyber-physical systems with cyber-attacked sensor measurements and actuator commands is studied in this article. Online reconstruction of unknown cyber-attacks is accomplished by an adaptive sliding mode observer with a novel injection term in the form of a dynamically extended equivalent control. Then, the attacked/corrupted sensor's measurements and the actuators are proposed to be cleaned up using the reconstructed attacks. The performance of the system prior to the attacks is shown to be retained after a transient response required for the attack reconstruction/estimation. The efficacy of the proposed algorithms is validated on an electrical power network. K E Y W O R D Scyber-physical systems, electric power networks, sliding mode observer INTRODUCTIONA collection of units that bridge the cyber-world of computing and communications with the physical world are called cyber-physical systems (CPSs). 1 A variety of CPSs exist in critical infrastructures, including electric power networks, water resources, oil and gas distribution networks, medical devices (pacemakers, insulin pumps, etc.), chemical process industries, transportation and vehicles, and distributed robotics. [1][2][3] In CPSs, cyber components make the physical devices "smarter" and allow building intelligent systems that far exceed the capabilities of the simple embedded system components. However, the cyber components of a CPS are susceptible to unprecedented vulnerabilities in terms of malicious cyber-attacks named "attacks" throughout the article.Note that in CPSs the cyber and physical worlds are so integrated, sometimes it is not clear whether the functional properties are due to the cyber or physical components, or both. 1 Availability, confidentiality, and integrity are three major security features that should be provided to a CPS, and the lack of them leads to denial of service, disclosure, and deception attacks. 4 The focus of this work is on reconstructing deception attacks on sensors and actuator commands. Using the attacked/corrupted measurements for feedback control of the CPS allows the propagation of sensor attacks within the CPS causing CPS performance degradation-up to the loss of stability.Recent events have shown attackers using increasingly sophisticated attacks against industrial control systems, and numerous countries have acknowledged that cyber-attacks have targeted their critical infrastructures. 5,6 A specific kind of deception attack, called a replay attack, has been investigated, when the system model is unknown to the attackers but they have access to the all sensors. 7 Replay attacks are carried out by "hijacking" the sensors, recording the readings for a certain time, and repeating such readings while injecting them as exogenous signal into the CPS's sensors. In the case when the system's dynamic model is known to the attacker, another kind of deception attack, called a covert attack, has

show abstract