Statistical Watermarking for Networked Control Systems

Abstract: Watermarking can detect sensor attacks in control systems by injecting a private signal into the control, whereby attacks are identified by checking the statistics of the sensor measurements and private signal. However, past approaches assume full state measurements or a centralized controller, which is not found in networked LTI systems with subcontrollers. Since generally the entire system is neither controllable nor observable by a single subcontroller, communication of sensor measurements is required to en… Show more

“…• Remark 9. The privacy-enhancing signal introduced in this work is related to the dynamic watermarking signal [26], [29], [30], which are unique signatures that are available only to the controller. In contrast, in our setup (depicted in Fig.…”

“…On the other hand, the attacker can completely hijack the sensor and control signals that travel through a communication network that has been compromised. Previous watermarking techniques [26], [29], [30] are only effective at securing the system if the attacker has no access to the control signals, which is not the case here. On the other hand, since in our case, the attacker does not have full knowledge of the system dynamics, our privacyenhancing signal is used to hamper the learning process of the attacker during the learning phase, rather than providing a unique signature to the control signal as in the case of watermarking.…”

“…The first case is the replay attack, in which the attacker observes and records the legitimate system behavior for a given time window and then replays this recording periodically at the controller's input [26]- [28]. The second case is the statistical-duplicate attack, which assumes that the attacker has acquired complete knowledge of the dynamics and parameters of the system, and can construct arbitrarily long fictitious sensor readings that are statistically identical to the actual signals [25], [29], [30]. The replay attack assumes no knowledge of the system parameters-and as a consequence, it is relatively easy to detect.…”

“…The replay attack assumes no knowledge of the system parameters-and as a consequence, it is relatively easy to detect. An effective way to counter the replay attack consists of superimposing a random watermark signal, unknown to the attacker, on top of the control signal [30]- [34]. The statistical-duplicate attack assumes full knowledge of the system dynamics-and as a consequence, it requires a more sophisticated detection procedure, as well as additional assumptions on the attacker or controller behavior to ensure it can be detected.…”

Learning-Based Attacks in Cyber-Physical Systems

“…• Remark 9. The privacy-enhancing signal introduced in this work is related to the dynamic watermarking signal [26], [29], [30], which are unique signatures that are available only to the controller. In contrast, in our setup (depicted in Fig.…”

“…On the other hand, the attacker can completely hijack the sensor and control signals that travel through a communication network that has been compromised. Previous watermarking techniques [26], [29], [30] are only effective at securing the system if the attacker has no access to the control signals, which is not the case here. On the other hand, since in our case, the attacker does not have full knowledge of the system dynamics, our privacyenhancing signal is used to hamper the learning process of the attacker during the learning phase, rather than providing a unique signature to the control signal as in the case of watermarking.…”

“…The first case is the replay attack, in which the attacker observes and records the legitimate system behavior for a given time window and then replays this recording periodically at the controller's input [26]- [28]. The second case is the statistical-duplicate attack, which assumes that the attacker has acquired complete knowledge of the dynamics and parameters of the system, and can construct arbitrarily long fictitious sensor readings that are statistically identical to the actual signals [25], [29], [30]. The replay attack assumes no knowledge of the system parameters-and as a consequence, it is relatively easy to detect.…”

“…The replay attack assumes no knowledge of the system parameters-and as a consequence, it is relatively easy to detect. An effective way to counter the replay attack consists of superimposing a random watermark signal, unknown to the attacker, on top of the control signal [30]- [34]. The statistical-duplicate attack assumes full knowledge of the system dynamics-and as a consequence, it requires a more sophisticated detection procedure, as well as additional assumptions on the attacker or controller behavior to ensure it can be detected.…”

Learning-Based Attacks in Cyber-Physical Systems

“…Gairo et al [7], for example, randomly switch between the sensors used to detect otherwise stealthy attacks, while in [8] a random watermarking signal is injected into the CPS to make stealthy attacks detectable. However, the MTD strategies in [7] and [8] directly influence the closed-loop behavior of the CPS and can decrease its performance. Griffioen et al [9] propose a MTD scheme that introduces an auxiliary system to not influence the closed-loop behavior and simultaneously detect an attack.…”

A Nash equilibrium-based moving target defense against stealthy sensor attacks

Authentication of cyber-physical systems under learning-based attacks