skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Theory and implementation of dynamic watermarking for cybersecurity of advanced transportation systems
We consider a prototypical intelligent transportation system with a control law that is specifically designed to avoid collisions. We experimentally demonstrate that, nevertheless, an attack on a position sensor can result in collisions between vehicles. This is a consequence of the feeding of malicious sensor measurements to the controller and the collision avoidance module built into the system. This is an instance of the broader concern of cybersecurity vulnerabilities opened up by the increasing integration of critical physical infrastructures with the cyber system. We consider a solution based on “dynamic watermarking” of signals to detect and stop such attacks on cyber-physical systems. We show how dynamic watermarking can handle nonlinearities arising in vehicular models. We then experimentally demonstrate that employing this nonlinear extension indeed restores the property of collision freedom even in the presence of attacks.  more » « less
Award ID(s):
1646449
PAR ID:
10037670
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
2016 IEEE Conference on Communications and Network Security (CNS)
Page Range / eLocation ID:
416-420
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; (, 9th International Conference on Communication Systems & Networks (COMSNETS 2017))
    We address the problem of security of cyber-physical systems where some sensors may be malicious. We consider a multiple-input, multiple-output stochastic linear dynamical system controlled over a network of communication and computational nodes which contains (i) a controller that computes the inputs to be applied to the physical plant, (ii) actuators that apply these inputs to the plant, and (iii) sensors which measure the outputs of the plant. Some of these sensors, however, may be malicious. The malicious sensors do not report the true measurements to the controller. Rather, they report false measurements that they fabricate, possibly strategically, so as to achieve any objective that they may have, such as destabilizing the closed-loop system or increasing its running cost. Recently, it was shown that under certain conditions, an approach of “dynamic watermarking” can secure such a stochastic linear dynamical system in the sense that either the presence of malicious sensors in the system is detected, or the malicious sensors are constrained to adding a distortion that can only be of zero power to the noise already entering the system. The first contribution of this paper is to generalize this result to partially observed MIMO systems with both process and observation noises, a model which encompasses some of the previous models for which dynamic watermarking was established to guarantee security. This result, similar to the prior ones, is shown to hold when the controller subjects the reported sequence of measurements to two particular tests of veracity. The second contribution of this paper is in showing, via counterexamples, that both of these tests are needed in order to secure the control system in the sense that if any one of these two tests of sensor veracity is dropped, then the above guarantee does not hold. The proposed approach has several potential applications, including in smart grids, automated transportation, and process control. 
    more » « less
  2. ; ; ; ; (, Journal of Computing and Information Science in Engineering)
    Abstract The advancement of sensing technology enables efficient data collection from manufacturing systems for monitoring and control. Furthermore, with the rapid development of the Internet of Things (IoT) and information technologies, more and more manufacturing systems become cyber-enabled, facilitating real-time data sharing and information exchange, which significantly improves the flexibility and efficiency of manufacturing systems. However, the cyber-enabled environment may pose the collected sensor data under high risks of cyber-physical attacks during the data and information sharing. Specifically, cyber-physical attacks could target the manufacturing process and/or the data transmission process to maliciously tamper the sensor data, resulting in false alarms or failures in anomaly detection in monitoring. In addition, the cyber-physical attacks may also enable illegal data access without authorization and cause the leakage of key product/process information. Therefore, it becomes critical to develop an effective approach to protect data from these attacks so that the cyber-physical security of the manufacturing systems could be assured in the cyber-enabled environment. To achieve this goal, this paper proposes an integrative blockchain-enabled data protection method by leveraging camouflaged asymmetry encryption. A real-world case study that protects cyber-physical security of collected sensor data in additive manufacturing is presented to demonstrate the effectiveness of the proposed method. The results demonstrate that malicious tampering could be detected in a relatively short time (less than 0.05ms) and the risk of unauthorized data access is significantly reduced as well. 
    more » « less
  3. ; ; (, Water Resources Research)
    Abstract The rise in smart water technologies has introduced new cybersecurity vulnerabilities for water infrastructures. However, the implications of cyber‐physical attacks on the systems like urban drainage systems remain underexplored. This research delves into this gap, introducing a method to quantify flood risks in the face of cyber‐physical threats. We apply this approach to a smart stormwater system—a real‐time controlled network of pond‐conduit configurations, fitted with water level detectors and gate regulators. Our focus is on a specific cyber‐physical threat: false data injection (FDI). In FDI attacks, adversaries introduce deceptive data that mimics legitimate system noises, evading detection. Our risk assessment incorporates factors like sensor noises and weather prediction uncertainties. Findings reveal that FDIs can amplify flood risks by feeding the control system false data, leading to erroneous outflow directives. Notably, FDI attacks can reshape flood risk dynamics across different storm intensities, accentuating flood risks during less severe but more frequent storms. This study offers valuable insights for strategizing investments in smart stormwater systems, keeping cyber‐physical threats in perspective. Furthermore, our risk quantification method can be extended to other water system networks, such as irrigation channels and multi‐reservoir systems, aiding in cyber‐defense planning. 
    more » « less
  4. ; (, Critical Infrastructure Protection XIV)
    Cyber-physical system security is a significant concern in the critical infrastructure. Strong interdependencies between cyber and physical components render cyber-physical systems highly susceptible to integrity attacks such as injecting malicious data and projecting fake sensor measurements. Traditional security models partition cyber-physical systems into just two domains – high and low. This absolute partitioning is not well suited to cyber-physical systems because they comprise multiple overlapping partitions. Information flow properties, which model how inputs to a system affect its outputs across security partitions, are important considerations in cyber-physical systems. Information flows support traceability analysis that helps detect vulnerabilities and anomalous sources, contributing to the implementation of mitigation measures. This chapter describes an automated model with graph-based information flow traversal for identifying information flow paths in the Automatic Dependent Surveillance-Broadcast (ADS-B) system used in civilian aviation, and subsequently partitioning the flows into security domains. The results help identify ADS-B system vulnerabilities to failures and attacks, and determine potential mitigation measures. 
    more » « less
  5. ; ; ; (, Frontiers in Chemical Engineering)
    The controllers for a cyber-physical system may be impacted by sensor measurement cyberattacks, actuator signal cyberattacks, or both types of attacks. Prior work in our group has developed a theory for handling cyberattacks on process sensors. However, sensor and actuator cyberattacks have a different character from one another. Specifically, sensor measurement attacks prevent proper inputs from being applied to the process by manipulating the measurements that the controller receives, so that the control law plays a role in the impact of a given sensor measurement cyberattack on a process. In contrast, actuator signal attacks prevent proper inputs from being applied to a process by bypassing the control law to cause the actuators to apply undesirable control actions. Despite these differences, this manuscript shows that we can extend and combine strategies for handling sensor cyberattacks from our prior work to handle attacks on actuators and to handle cases where sensor and actuator attacks occur at the same time. These strategies for cyberattack-handling and detection are based on the Lyapunov-based economic model predictive control (LEMPC) and nonlinear systems theory. We first review our prior work on sensor measurement cyberattacks, providing several new insights regarding the methods. We then discuss how those methods can be extended to handle attacks on actuator signals and then how the strategies for handling sensor and actuator attacks individually can be combined to produce a strategy that is able to guarantee safety when attacks are not detected, even if both types of attacks are occurring at once. We also demonstrate that the other combinations of the sensor and actuator attack-handling strategies cannot achieve this same effect. Subsequently, we provide a mathematical characterization of the “discoverability” of cyberattacks that enables us to consider the various strategies for cyberattack detection presented in a more general context. We conclude by presenting a reactor example that showcases the aspects of designing LEMPC. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email