SMT-Based Observer Design for Cyber-Physical Systems under Sensor Attacks

Shoukry, Yasser; Chong, M. S.; Wakaiki, Masashi; Nuzzo, Pierluigi; Sangiovanni‐Vincentelli, Alberto; Seshia, Sanjit A.; Hespanha, João P.; Tabuada, Paulo

doi:10.1145/3078621

Cited by 61 publications

(30 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While the interaction with the physical world introduces new attack surfaces, it also provides opportunities to improve system resilience agains attacks. The use of control techniques that employ a physical model of the system's dynamics for attack detection and attack-resilient state estimation has drawn significant attention in recent years (e.g., [35], [36], [27], [4], [34], [24], [1], [26], [25], [30], and a recent survey [17]). One line of work is based on the use of unknown input observers (e.g., [34], [27]) and non-convex optimization for resilient estimation (e.g., [4], [25]), while another focuses on attackdetection and estimation guarantees in systems with standard Kalman filter-based state estimators (e.g., [22], [21], [11], [12], [24], [23], [10]).…”

Section: Introductionmentioning

confidence: 99%

Relaxing Integrity Requirements for Attack-Resilient Cyber-Physical Systems

Jovanov

Pajić

2019

IEEE Trans. Automat. Contr.

View full text Add to dashboard Cite

The increase in network connectivity has also resulted in several high-profile attacks on cyber-physical systems. An attacker that manages to access a local network could remotely affect control performance by tampering with sensor measurements delivered to the controller. Recent results have shown that with network-based attacks, such as Man-in-the-Middle attacks, the attacker can introduce an unbounded state estimation error if measurements from a suitable subset of sensors contain false data when delivered to the controller. While these attacks can be addressed with the standard cryptographic tools that ensure data integrity, their continuous use would introduce significant communication and computation overhead. Consequently, we study effects of intermittent data integrity guarantees on system performance under stealthy attacks. We consider linear estimators equipped with a general type of residual-based intrusion detectors (including χ 2 and SPRT detectors), and show that even when integrity of sensor measurements is enforced only intermittently, the attack impact is significantly limited; specifically, the state estimation error is bounded or the attacker cannot remain stealthy. Furthermore, we present methods to:(1) evaluate the effects of any given integrity enforcement policy in terms of reachable state-estimation errors for any type of stealthy attacks, and (2) design an enforcement policy that provides the desired estimation error guarantees under attack. Finally, on three automotive case studies we show that even with less than 10% of authenticated messages we can ensure satisfiable control performance in the presence of attacks.

show abstract

Section: Introductionmentioning

confidence: 99%

Relaxing Integrity Requirements for Attack-Resilient Cyber-Physical Systems

Jovanov

Pajić

2019

IEEE Trans. Automat. Contr.

View full text Add to dashboard Cite

show abstract

“…As this is the type of representation that is considered in e.g. [4], [23], [22], [7], we are now in a position to compare our results with the literature in this area. In contrast to our representation-free definition of "security index", much of the literature implicitly defines a similar notion in terms of the matrices A and C of the state space representation.…”

Section: Comparison With the Literaturementioning

confidence: 99%

“…For example [4] defines M -attack observability of a state space representation (A, C) in terms of the matrices A and C. In terms of our notion of security index δ(Σ), any observable state space representation (A, C) is δ(Σ)/2 -attack observable. Alternatively, in the terminology of [23], [22], this is phrased as (δ(Σ) − 1)-sparse attack observability.…”

Section: Comparison With the Literaturementioning

confidence: 99%

Linear system security—Detection and correction of adversarial sensor attacks in the noise-free case

et al. 2019

View full text Add to dashboard Cite

“…Compared with the existing resilient estimation algorithms in [9]- [15], the advantages of our scheme are as follows. First, it does not require any additional restrictive conditions other than the redundant observability (compared with [9], [11], [13], [15]). Second, an observer-based algorithm makes it possible to estimate the current state, not the initial state or delay information (compared with [9], [10], [12]).…”

Section: Introductionmentioning

confidence: 99%

On Redundant Observability: From Security Index to Attack Detection and Resilient State Estimation

Lee

Shim

Eun

2019

IEEE Trans. Automat. Contr.

View full text Add to dashboard Cite

The security of control systems under sensor attacks is investigated. Redundant observability is introduced, explaining existing security notions including the security index, attack detectability, and observability under attacks. Equivalent conditions between redundant observability and existing notions are presented. Based on a bank of partial observers utilizing Kalman decomposition and a decoder exploiting redundancy, an estimator design algorithm is proposed enhancing the resilience of control systems. This scheme substantially improves computational efficiency utilizing far less memory.

show abstract

SMT-Based Observer Design for Cyber-Physical Systems under Sensor Attacks

Cited by 61 publications

References 24 publications

Relaxing Integrity Requirements for Attack-Resilient Cyber-Physical Systems

Relaxing Integrity Requirements for Attack-Resilient Cyber-Physical Systems

Linear system security—Detection and correction of adversarial sensor attacks in the noise-free case

On Redundant Observability: From Security Index to Attack Detection and Resilient State Estimation

Contact Info

Product

Resources

About