The controllers for a cyber-physical system may be impacted by sensor measurement cyberattacks, actuator signal cyberattacks, or both types of attacks. Prior work in our group has developed a theory for handling cyberattacks on process sensors. However, sensor and actuator cyberattacks have a different character from one another. Specifically, sensor measurement attacks prevent proper inputs from being applied to the process by manipulating the measurements that the controller receives, so that the control law plays a role in the impact of a given sensor measurement cyberattack on a process. In contrast, actuator signal attacks prevent proper inputs from being applied to a process by bypassing the control law to cause the actuators to apply undesirable control actions. Despite these differences, this manuscript shows that we can extend and combine strategies for handling sensor cyberattacks from our prior work to handle attacks on actuators and to handle cases where sensor and actuator attacks occur at the same time. These strategies for cyberattack-handling and detection are based on the Lyapunov-based economic model predictive control (LEMPC) and nonlinear systems theory. We first review our prior work on sensor measurement cyberattacks, providing several new insights regarding the methods. We then discuss how those methods can be extended to handle attacks on actuator signals and then how the strategies for handling sensor and actuator attacks individually can be combined to produce a strategy that is able to guarantee safety when attacks are not detected, even if both types of attacks are occurring at once. We also demonstrate that the other combinations of the sensor and actuator attack-handling strategies cannot achieve this same effect. Subsequently, we provide a mathematical characterization of the “discoverability” of cyberattacks that enables us to consider the various strategies for cyberattack detection presented in a more general context. We conclude by presenting a reactor example that showcases the aspects of designing LEMPC.
more »
« less
A cyber‐secure control‐detector architecture for nonlinear processes
This work presents a detector‐integrated two‐tier control architecture capable of identifying the presence of various types of cyber‐attacks, and ensuring closed‐loop system stability upon detection of the cyber‐attacks. Working with a general class of nonlinear systems, an upper‐tier Lyapunov‐based Model Predictive Controller (LMPC), using networked sensor measurements to improve closed‐loop performance, is coupled with lower‐tier cyber‐secure explicit feedback controllers to drive a nonlinear multivariable process to its steady state. Although the networked sensor measurements may be vulnerable to cyber‐attacks, the two‐tier control architecture ensures that the process will stay immune to destabilizing malicious cyber‐attacks. Data‐based attack detectors are developed using sensor measurements via machine‐learning methods, namely artificial neural networks (ANN), under nominal and noisy operating conditions, and applied online to a simulated reactor‐reactor‐separator process. Simulation results demonstrate the effectiveness of these detection algorithms in detecting and distinguishing between multiple classes of intelligent cyber‐attacks. Upon successful detection of cyber‐attacks, the two‐tier control architecture allows convenient reconfiguration of the control system to stabilize the process to its operating steady state.
more » « less- NSF-PAR ID:
- 10457788
- Publisher / Repository:
- Wiley Blackwell (John Wiley & Sons)
- Date Published:
- Journal Name:
- AIChE Journal
- Volume:
- 66
- Issue:
- 5
- ISSN:
- 0001-1541
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
more » « less
Abstract In recent years, cyber‐security of networked control systems has become crucial, as these systems are vulnerable to targeted cyberattacks that compromise the stability, integrity, and safety of these systems. In this work, secure and private communication links are established between sensor–controller and controller–actuator elements using semi‐homomorphic encryption to ensure cyber‐security in model predictive control (MPC) of nonlinear systems. Specifically, Paillier cryptosystem is implemented for encryption‐decryption operations in the communication links. Cryptosystems, in general, work on a subset of integers. As a direct consequence of this nature of encryption algorithms, quantization errors arise in the closed‐loop MPC of nonlinear systems. Thus, the closed‐loop encrypted MPC is designed with a certain degree of robustness to the quantization errors. Furthermore, the trade‐off between the accuracy of the encrypted MPC and the computational cost is discussed. Finally, two chemical process examples are employed to demonstrate the implementation of the proposed encrypted MPC design.
-
The work provides a general model of communication attacks on a networked infinite dimensional system. The system employs a network of inexpensive control units consisting of actuators, sensors and control processors. In an effort to replace a reduced number of expensive high-end actuating and sensing devices implementing an observer-based feedback, the alternate is to use multiple inexpensive actuators/sensors with static output feedback. In order to emulate the performance of the high-end devices, the controllers for the multiple actuator/sensors implement controllers which render the system networked. In doing so, they become prone to communication attacks either as accidental or deliberate actions on the connectivity of the control nodes. A single attack function is proposed which models all types of communication attacks and an adaptive detection scheme is proposed in order to (i) detect the presence of an attack, (ii) diagnose the attack and (iii) accommodate the attack via an appropriate control reconfiguration. The reconfiguration employs the adaptive estimates of the controller gains and restructure the controller adaptively in order to minimize the detrimental effects of the attack on closed-loop performance. Numerical studies on a 1D diffusion PDE employing networked actuator/sensor pairs are included in order to further convey the special architecture of detection and accommodation of networked systems under communication attacks.more » « less
-
more » « less
Summary In this paper, we develop an adaptive control algorithm for addressing security for a class of networked vehicles that comprise a formation of
human‐driven vehicles sharing kinematic data and an autonomous vehicle in the aft of the vehicle formation receiving data from the preceding vehicles through wireless vehicle‐to‐vehicle communication devices. Specifically, we develop an adaptive controller for mitigating time‐invariant state‐dependent adversarial sensor and actuator attacks while guaranteeing uniform ultimate boundedness of the closed‐loop networked system. Furthermore, an adaptive learning framework is presented for identifying the state space model parameters based on input‐output data. This learning technique utilizes previously stored data as well as current data to identify the system parameters using a relaxed persistence of excitation condition. The effectiveness of the proposed approach is demonstrated by an illustrative numerical example involving a platoon of connected vehicles. -
null (Ed.)Ensuring the integrity of embedded programmable logic controllers (PLCs) is critical for safe operation of industrial control systems. In particular, a cyber-attack could manipulate control logic running on the PLCs to bring the process of safety-critical application into unsafe states. Unfortunately, PLCs are typically not equipped with hardware support that allows the use of techniques such as remote attestation to verify the integrity of the logic code. In addition, so far remote attestation is not able to verify the integrity of the physical process controlled by the PLC. In this work, we present PAtt, a system that combines remote software attestation with control process validation. PAtt leverages operation permutations—subtle changes in the operation sequences based on integrity measurements—which do not affect the physical process but yield unique traces of sensor readings during execution. By encoding integrity measurements of the PLC’s memory state (software and data) into its control operation, our system allows to remotely verify the integrity of the control logic based on the resulting sensor traces. We implement the proposed system on a real PLC controlling a robot arm, and demonstrate its feasibility. Our implementation enables the detection of attackers that manipulate the PLC logic to change process state and/or report spoofed sensor readings (with an accuracy of 97% against tested attacks).more » « less
