Integrating Security in Resource-Constrained Cyber-Physical Systems

Lesi, Vuk; Jovanov, Ilija; Pajić, Miroslav

doi:10.1145/3380866

Cited by 25 publications

(12 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A body of existing work also explores enhancing security in legacy networks (e.g., based on CAN bus) by retrofitting of authentication services (e.g., [23]) or modifying the execution paradigm (e.g., [24]). All these works rely on the ability to perform some level of modification to the firmware executed by legacy ECUs (e.g., running additional security services, performing changes to real-time scheduling policies, etc.…”

Section: Related Work and Discussionmentioning

confidence: 99%

Intrusion Detection and Localization for Networked Embedded Control Systems

Lesi¹,

Juliato²,

Ahmed³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

Closed-loop control systems employ continuous sensing and actuation to maintain controlled variables within preset bounds and achieve the desired system output. Intentional disturbances in the system, such as in the case of cyberattacks, can compromise reachability of control goals, and in several cases jeopardize safety. The increasing connectivity and exposure of networked control to external networks has enabled attackers to compromise these systems by exploiting security vulnerabilities. Attacks against safety-critical control loops can not only drive the system over a trajectory different from the desired, but also cause fatal consequences to humans. In this paper we present a physicsbased Intrusion Detection System (IDS) aimed at increasing the security in control systems. In addition to conventional process state estimation for intrusion detection, since the controller cannot be trusted, we introduce a controller state estimator. Additionally, we make our detector context-aware by utilizing sensor measurements from other control loops, which allows to distinguish and characterize disturbances from attacks. We introduce adaptive thresholding and adaptive filtering as means to achieve context-awareness. Together, these methodologies allow detection and localization of attacks in closed-loop controls. Finally, we demonstrate feasibility of the approach by mounting a series of attacks against a networked Direct Current (DC) motor closed-loop speed control deployed on an ECU testbed, as well as on a simulated automated lane keeping system. Among other application domains, this set of approaches is key to support security in automotive systems, and ultimately increase road and passenger safety.

show abstract

Section: Related Work and Discussionmentioning

confidence: 99%

Intrusion Detection and Localization for Networked Embedded Control Systems

Lesi¹,

Juliato²,

Ahmed³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…To perform an extensive comparison, we generate 1000 trials under each parameter setting. Each trial contains a task set T = {τ 1 , τ 2 , ..., τ n }, where n ∈ [1,50]. The task periods are randomly set in [10,10000].…”

Section: A Experimental Setupmentioning

confidence: 99%

“…However, the network scheduling is not guaranteed to be real-time because of the CAN protocol considered in the model. The work in [50] studies how to integrate security guarantees with end-toend timeliness requirements for control tasks in resourceconstrained NCSs. The proposed sensing-control-actuation model is similar to our CRS model, but the sensing, computing and actuating segments in the proposed model have designed release times and deadlines.…”

Section: Related Workmentioning

confidence: 99%

Composite Resource Scheduling for Networked Control Systems

Wu¹,

Fu²,

Wang³

et al. 2021

Preprint

View full text Add to dashboard Cite

Real-time end-to-end task scheduling in networked control systems (NCSs) requires the joint consideration of both network and computing resources to guarantee the desired quality of service (QoS). This paper introduces a new model for composite resource scheduling (CRS) in real-time networked control systems, which considers a strict execution order of sensing, computing, and actuating segments based on the control loop of the target NCS. We prove that the general CRS problem is NP-hard and study two special cases of the CRS problem. The first case restricts the computing and actuating segments to have unit-size execution time while the second case assumes that both sensing and actuating segments have unit-size execution time. We propose an optimal algorithm to solve the first case by checking the intervals with 100% network resource utilization and modify the deadlines of the tasks within those intervals to prune the search. For the second case, we propose another optimal algorithm based on a novel backtracking strategy to check the time intervals with the network resource utilization larger than 100% and modify the timing parameters of tasks based on these intervals. For the general case, we design a greedy strategy to modify the timing parameters of both network segments and computing segments within the time intervals that have network and computing resource utilization larger than 100%, respectively. The correctness and effectiveness of the proposed algorithms are verified through extensive experiments.

show abstract

“…Among many different CPS attacks, FDIA can be considered to be one of the most prominent attacks [5]. The FDIA injects a modified control input [13] or modified measurement [17] [18] or both [8] to degrade the performance of a control system. Even though FDIA was considered as a specific deception attack in the sense that the FDIA as the attack to the state estimator [6], MitM, FDIA, a replay attack and a deception attack [11] can be regarded as the attack of the same class.…”

Section: Introductionmentioning

confidence: 99%

“…To improve the state estimation in the presence of FDIA on measurement data, deep learning with a generative adversarial network (GAN) was also introduced [17]. Attack detector and the intermittent message authentication were proposed to improve robust control for CPS operating on the resource-constrained network in the presence of the FDIA at the measurement [18].…”

Section: Introductionmentioning

confidence: 99%

A Controllable False Data Injection Attack for a Cyber Physical System

Yang

2021

IEEE Access

View full text Add to dashboard Cite

Integrating Security in Resource-Constrained Cyber-Physical Systems

Cited by 25 publications

References 41 publications

Intrusion Detection and Localization for Networked Embedded Control Systems

Intrusion Detection and Localization for Networked Embedded Control Systems

Composite Resource Scheduling for Networked Control Systems

A Controllable False Data Injection Attack for a Cyber Physical System

Contact Info

Product

Resources

About