Search for: All records

This paper considers the problem of continuous state estimation from discrete context-based measurements. Context measurements provide binary information as obtained from the system’s environment, e.g., a medical alarm indicating that a vital sign is above a certain threshold. Since they provide state infor- mation, these measurements can be used for estimation purposes, similar to standard continuous measurements, especially when standard sensors are biased or attacked. Context measurements are assumed to have a known probability of occurring given the state; in particular, we focus on the probit function to model threshold-based measurements such as the medical-alarm scenario. We develop a recursive context-aware filter by approx- imating the posterior distribution with a Gaussian distribution with the same first two moments as the true posterior. We show that the filter’s expected uncertainty is bounded when the probability of receiving context measurements is lower-bounded by some positive number for all system states. Furthermore, we provide an observability-like result – all eigenvalues of the filter’s covariance matrix converge to 0 after repeated updates if and only if a persistence of excitation condition holds for the context measurements. Finally, in addition to simulation evaluations, we applied the filter to the problem of estimating a patient’s blood oxygen content during surgery using real-patient data. 

We consider the problem of network-based attacks, such as Man-in-the-Middle attacks, on standard state estimators. To ensure graceful control degradation in the presence of attacks, existing results impose very strict integrity requirements on the number of noncompromised sensors. We study the effects of sporadic data integrity enforcement, such as message authentication, on control performance under stealthy attacks. We show that even with sporadic data integrity guarantees, the attacker cannot introduce an unbounded state estimation error while remaining stealthy. We present a design-time framework to derive safe integrity enforcement policies, and illustrate its use; we show that with even 20% of authenticated messages we can ensure satisfiable state estimation errors under attacks. 

Existing design techniques for providing security guarantees against network-based attacks in cyber-physical systems (CPS) are based on continuous use of standard cryptographic tools to ensure data integrity. This creates an apparent conflict with common resource limitations in these systems, given that, for instance, lengthy message authentication codes (MAC) introduce significant overheads. We present a framework to ensure both timing guarantees for real-time network messages and Quality-of-Control (QoC) in the presence of network-based attacks. We exploit physical properties of controlled systems to relax constant integrity enforcement requirements, and show how the problem of feasibility testing of intermittently authenticated real-time messages can be cast as a mixed integer linear programming problem. Besides scheduling a set of real-time messages with predefined authentication rates obtained from QoC requirements, we show how to optimally increase the overall system QoC while ensuring that all real-time messages are schedulable. Finally, we introduce an efficient runtime bandwidth allocation method, based on opportunistic scheduling, in order to improve QoC. We evaluate our framework on a standard benchmark designed for CAN bus, and show how an infeasible message set with strong security guarantees can be scheduled if dynamics of controlled systems are taken into account along with real-time requirements.