Masking attack for sampled‐data systems via input redundancy

Kim, Jihan; Park, Gyunghoon; Shim, Hyungbo; Eun, Yongsoon

doi:10.1049/iet-cta.2018.6075

Cited by 5 publications

(7 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It should be noted that ( 14) holds if the number of inputs, p, is large and/or the sampling period for actuation, T a , is small. Based on ( 14), a disruptive stealthy attack is proposed in [12], and the attack is termed as 'masking attack.' In order to introduce the idea of the masking attack (we call it 'enforced-zerodynamics attack' in this chapter), let us simplify the situation as…”

Section: Enforced-zero-dynamics Attackmentioning

confidence: 99%

Zero-dynamics Attack, Variations, and Countermeasures

Shim

Back

Eun

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

This chapter presents an overview on actuator attacks that exploit zero dynamics, and countermeasures against them. First, zero-dynamics attack is reintroduced based on a canonical representation called normal form. Then it is shown that the target dynamic system is at elevated risk if the associated zero dynamics is unstable. From there on, several questions are raised in series to ensure when the target system is immune to the attack of this kind. The first question is: Is the target system secure from zero-dynamics attack if it does not have any unstable zeros? An answer provided for this question is: No, the target system may still be at risk due to another attack surface emerging in the process of implementation. This is followed by a series of next questions, and in the course of providing answers, variants of the classic zero-dynamics attack are presented, from which the vulnerability of the target system is explored in depth. At the end, countermeasures are proposed to render the attack ineffective. Because it is known that the zero-dynamics in continuoustime systems cannot be modified by feedback, the main idea of the countermeasure is to relocate any unstable zero to a stable region in the stage of digital implementation through modified digital samplers and holders. Adversaries can still attack actuators, but due to the re-located zeros, they are of little use in damaging the target system.

show abstract

Section: Enforced-zero-dynamics Attackmentioning

confidence: 99%

Zero-dynamics Attack, Variations, and Countermeasures

Shim

Back

Eun

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…In control security, a large number of attacks have focused on manipulating the outputs of a control task before it is applied to the physical plant [6]. These include biasinjection attacks [6], zero-dynamics attack 2 [6]- [11], replay attacks [12], etc. For example, a zero-dynamics attack happens when the attacker generates outputs that maliciously disguise as the unstable zero dynamics of the plant [8].…”

Section: Schedule-based Attacksmentioning

confidence: 99%

“…Similarly, in the domain of cyber-physical systems (CPS) security, the success of a large number of attacks that focus on compromising data integrity (e.g., to deceive the control task, degrade the performance of the system, or damage the environment) depends on the execution window of the attacker and the time at which the system interacts with its physical environment. For example, bias-injection attacks [6], zero-dynamics attack, [6]- [11], and replay attacks [12] affect the output of the controller and hence must be performed after the targeted task completes, while false-data injection attacks [13]- [17] must execute before the targeted task accesses its input data.…”

Section: Introductionmentioning

confidence: 99%

On the Pitfalls and Vulnerabilities of Schedule Randomization Against Schedule-Based Attacks

Nasri

Chantem

Bloom

et al. 2019

2019 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS)

View full text Add to dashboard Cite

Schedule randomization is one of the recently introduced security defenses against schedule-based attacks, i.e., attacks whose success depends on a particular ordering between the execution window of an attacker and a victim task within the system. It falls into the category of information hiding (as opposed to deterministic isolation-based defenses) and is designed to reduce the attacker's ability to infer the future schedule. This paper aims to investigate the limitations and vulnerabilities of schedule randomization-based defenses in real-time systems. We first provide definitions, categorization, and examples of schedulebased attacks, and then discuss the challenges of employing schedule randomization in real-time systems. Further, we provide a preliminary security test to determine whether a certain timing relation between the attacker and victim tasks will never happen in systems scheduled by a fixed-priority scheduling algorithm. Finally, we compare fixed-priority scheduling against schedule-randomization techniques in terms of the success rate of various schedule-based attacks for both synthetic and realworld applications. Our results show that, in many cases, schedule randomization either has no security benefits or can even increase the success rate of the attacker depending on the priority relation between the attacker and victim tasks.

show abstract

“…Denial of Service) [7][8][9]; and (iii) deception which is the corruption of signals (e.g. spoofing, false-data injection) [10][11][12][13][14][15][16][17][18].…”

Section: Introductionmentioning

confidence: 99%

“…outputs error, stability) [10][11][12][13][14]18]. In (b), the cyberattacks control directly the physical system at the attacker's convenience, with the aim to degrade the control performances [15][16][17]. In the literature, the degradation of the control performances have been investigated by providing analysis methods to compute the effect of such cyberattacks on the control.…”

Section: Introductionmentioning

confidence: 99%

Analysis, prevention, and feasibility assessment of stealthy ageing attacks on dynamical systems

Escudero

Massioni

Zamaï

et al. 2021

IET Control Theory & Appl

View full text Add to dashboard Cite

This article provides control theory methods to analyse, prevent, and assess the feasibility of stealthy ageing attacks on controlled physical systems, modelled as dynamical systems. This new type of attacks leads to premature failures of the physical system by accelerating its ageing and remains stealthy by maintaining the system outputs as in the attack-free case. An attacker with restrained capabilities is considered: it can only corrupt the control signals transmitted to the dynamical system. This article provides set-theoretic methods to analyse and prevent these attacks by restraining the control signals in amplitude, whether the system is stable or not. The proposed methods consist in solving optimisation problems under Linear Matrix Inequality constraints. Then, a method based on linear programming is proposed to assess the feasibility of such attacks by finding the optimal attack control signals. At the end of this article, the methods are applied on two application examples to show their relevances: a thin film manufacturing and a satellite reorientation manoeuvre.

show abstract

Masking attack for sampled‐data systems via input redundancy

Cited by 5 publications

References 23 publications

Zero-dynamics Attack, Variations, and Countermeasures

Zero-dynamics Attack, Variations, and Countermeasures

On the Pitfalls and Vulnerabilities of Schedule Randomization Against Schedule-Based Attacks

Analysis, prevention, and feasibility assessment of stealthy ageing attacks on dynamical systems

Contact Info

Product

Resources

About