Active Detection Against Replay Attack: A Survey on Watermark Design for Cyber-Physical Systems

Liu, Hanxiao; Mo, Yilin; Johansson, Karl Henrik

doi:10.1007/978-3-030-65048-3_8

Cited by 10 publications

(5 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Due to the interconnected nature of a cyber-physical system like a PCS, a comprehensive solution to enhancing the cybersecurity of PCSs may involve adopting a multi-faceted approach that involves both information technology-based and operational technologybased approaches. The approaches proposed in the literature broadly include those that reinforce information technology-based infrastructure (e.g., firewalls [3] and network design-based approaches [4,5]), approaches that involve cybersecure architecture design (e.g., [6]), approaches for process equipment design to mitigate adverse impacts of a cyberattack (e.g., [7,8]), and the design of operational technology (OT)-based approaches for detecting, identifying, and successfully recovering from an ongoing cyberattack [6,[9][10][11][12][13][14][15][16][17][18][19][20].…”

Section: Introductionmentioning

confidence: 99%

Detection of Multiplicative False Data Injection Cyberattacks on Process Control Systems via Randomized Control Mode Switching

Narasimhan,

Ellis,

El-Farra

2024

Processes

View full text Add to dashboard Cite

A fundamental problem at the intersection of process control and operations is the design of detection schemes monitoring a process for cyberattacks using operational data. Multiplicative false data injection (FDI) attacks modify operational data with a multiplicative factor and could be designed to be detection evading without in-depth process knowledge. In a prior work, we presented a control mode switching strategy that enhances the detection of multiplicative FDI attacks in processes operating at steady state (when process states evolve within a small neighborhood of the steady state). Control mode switching on the attack-free process at steady-state may induce transients and generate false alarms in the detection scheme. To minimize false alarms, we subsequently developed a control mode switch-scheduling condition for processes with an invertible output matrix. In the current work, we utilize a reachable set-based detection scheme and use randomized control mode switches to augment attack detection capabilities. The detection scheme eliminates potential false alarms occurring from control mode switching, even for processes with a non-invertible output matrix, while the randomized switching helps bolster the confidentiality of the switching schedule, preventing the design of a detection-evading “smart” attack. We present two simulation examples to illustrate attack detection without false alarms, and the merits of randomized switching (compared with scheduled switching) for the detection of a smart attack.

show abstract

Section: Introductionmentioning

confidence: 99%

Detection of Multiplicative False Data Injection Cyberattacks on Process Control Systems via Randomized Control Mode Switching

Narasimhan,

Ellis,

El-Farra

2024

Processes

View full text Add to dashboard Cite

show abstract

“…Refs. [19][20][21] demonstrated that watermarks could be employed to detect replay attacks, thus improving wireless network security. However, in an RF/NFC relay attack which can be different from replay attacks, the attacker does not read or modify the content of transmitted signals throughout the attack, and the signals are simply relayed as a whole.…”

Section: Introductionmentioning

confidence: 99%

Deep-Learning-Aided RF Fingerprinting for NFC Relay Attack Detection

2023

View full text Add to dashboard Cite

Near field communication (NFC) has been a widely used radiofrequency identification (RFID) technology, credited to its convenience and security features. However, the transmitted signals can be easily eavesdropped or relayed in an open wireless channel. One of the challenges is relay attack, where an attacker simply relays the signal and bypasses encryption or other means in the application layer. Prior works on relay attack countermeasures have focused on distance-bounding protocols or ambient-based solutions. This paper focuses on ISO/IEC 14443-A and proposes an NFC relay detection method based on RF fingerprinting of transmitted wireless signals in the physical layer. To this end, we first designed and implemented two realizations of NFC relay attacks, wired and wireless relays, and built an SDR-based testbed. We collected the normal and relayed signals of four NFC tags, and the answer to request type A (ATQA) segments were selected for RF fingerprinting. The created dataset comprised 66,366 samples, with four tags’ normal and wired relayed signals and the wireless relayed signals. The dataset was then fed into a deep CNN for training. Finally, our experiment results showed that the method effectively distinguished normal and relayed signals with a high accuracy of 99%, confirming that RF fingerprinting can be a promising countermeasure to NFC relay attacks.

show abstract

“…Otherwise, regarding model-based detection techniques: in the pioneering work [11], the authors not only model and analyze the effect of replay attacks in the framework of stationary Gaussian processes, but also propose the injection of an exogenous signal into the control loop in order to improve the detectability of the attack. From this moment on, the design of these exogenous signals, which are denoted with the term physical watermarking [12], has been intensively studied until becoming a well-adopted technique for the detection of replay attacks [13].…”

mentioning

confidence: 99%

“…On the other hand, in additive watermarking schemes an exogenous signal is injected from the controller side at the cost of inducing some closed-loop performance degradation. In this regard, in [11], [12], an additive Gaussian signal is injected in the control loop for increasing the attack detection rate of a statistical detector. A similar watermarking scheme has been also analyzed in [16].…”

mentioning

confidence: 99%

See 1 more Smart Citation

A Zonotopic-Based Watermarking Design to Detect Replay Attacks

Trapiello

Puig

2022

IEEE/CAA J. Autom. Sinica

View full text Add to dashboard Cite

This paper suggests the use of zonotopes for the design of watermark signals. The proposed approach exploits the recent analogy found between stochastic and zonotopic-based estimators to propose a deterministic counterpart to current approaches that study the replay attack in the context of stationary Gaussian processes. In this regard, the zonotopic analogous case where the control loop is closed based on the estimates of a zonotopic Kalman filter (ZKF) is analyzed. This formulation allows to propose a new performance metric that is related to the Frobenius norm of the prediction zonotope. Hence, the steadystate operation of the system can be related with the size of the minimal Robust Positive Invariant set of the estimation error. Furthermore, analogous expressions concerning the impact that a zonotopic/Gaussian watermark signal has on the system operation are derived. Finally, a novel zonotopically bounded watermark signal that ensures the attack detection by causing the residual vector to exit the healthy residual set during the replay phase of the attack is introduced. The proposed approach is illustrated in simulation using a quadruple-tank process.

show abstract

Active Detection Against Replay Attack: A Survey on Watermark Design for Cyber-Physical Systems

Cited by 10 publications

References 27 publications

Detection of Multiplicative False Data Injection Cyberattacks on Process Control Systems via Randomized Control Mode Switching

Detection of Multiplicative False Data Injection Cyberattacks on Process Control Systems via Randomized Control Mode Switching

Deep-Learning-Aided RF Fingerprinting for NFC Relay Attack Detection

A Zonotopic-Based Watermarking Design to Detect Replay Attacks

Contact Info

Product

Resources

About