State Consistencies for Cyber- Physical System Recovery Fanxin Kong, - - PowerPoint PPT Presentation

▶

Aug 06, 2023 215 likes •457 views

State Consistencies for Cyber- Physical System Recovery Fanxin Kong, S yracuse Universit y okolsky, James Weimer, Insup Lee, Universit y of Oleg S Pennsylvania April 15, 2019 Department of Electrical Engineering and Computer S cience

SLIDE 1

State Consistencies for Cyber- Physical System Recovery

Fanxin Kong, S

yracuse Universit y

Oleg S

kolsky, James Weimer, Insup Lee, Universit y of

Pennsylvania

April 15, 2019

Department of Electrical Engineering and Computer S cience

SLIDE 2

Cyber-Physical Systems

We are living in a Cyber-Physical System world!

SLIDE 3

Security

SLIDE 4

CPS Attack Surfaces

Cyber attack surfaces

‐ e.g., communication, networks, computers, ...

Environmental attack

surfaces

‐ e.g., GPS signal, electro- magnetic interference, ...

Physical attack surfaces

‐ e.g., locks, casings, cables, …

Human attack surfaces

‐ e.g., phishing, blackmail, …

SLIDE 5

What we study and why?

Target: Sensor Attacks

The attacker can arbitrarily

change sensor measurements

environmental attack surfaces
cyber attack surfaces

Controller Physical system Sensor Actuator Network Malicious signals Malicious packets 30mi/h 100mi/h

SLIDE 6

What we study and why?

Target: Sensor Attacks

The attacker can arbitrarily

change sensor measurements

environmental attack surfaces
cyber attack surfaces

Controller Physical system Sensor Actuator Network Malicious signals Malicious packets

Goal: Resilience

To ensure control performance

under sensor attacks

SLIDE 7

Ideally…

Ideally, the system performs (almost) the same as

if there is no attack

Example: cruise control under a speed sensor attack

Speed sensor attack

SLIDE 8

Outline

Background
Review on CPS

recovery

Roll‐forward recovery
How well does it work
S

tate consistencies for CPS recovery

Consistency definitions
Evaluation
Conclusion

SLIDE 9

CPS recovery

Roll-forw ard recovery: Rolling the system to the current tim e by starting from a consistent cyber-physical-state

Estimated

speed Prediction using historical state

Example: model-based prediction (ICCPS2018)

SLIDE 10

Scenario: travelling in a straight line

Testbed: an unmanned vehicle. Each

front wheel is driven by a motor, and each motor has a speed sensor

Goal: to keep a vehicle travel in a

straight line, i.e., the two front wheels have the same speed

Controller: a PID controller supervises and controls

the speed difference of the two front wheels

Attack: the attacker modifies a speed sensor’s

measurements to a constant value

SLIDE 11

How well does it work?

No protection With protection

speed difference speed difference

-- desired ∆ ―actual ∆

recovery large

The vehicle keeps turning

small

The vehicle travels almost straightly

SLIDE 12

What kind of states is used?

Cyber-physical st at es: the cyber information

that reflects physical states

Cyber-physical consist ency: whether the

physical state can be accurately reflected by the corresponding cyber information

We use Consistent Cy ber-Phy sica l Sta tes

Cyber‐physical logic‐consistency Cyber‐physical timing‐consistency Synchronization Freshness

SLIDE 13

A system diagram of CPS

Physical System Controller Physical space Cyber space A cyber‐physical state is denoted as

SLIDE 14

Cyber-Physical Logic-Consistency

The logic‐consistency is confined to values, is NOT enough.

𝑦 𝑦 𝑦 𝑦̅

sample

sample 𝑗 1 𝑈

𝑗𝑈
𝑦̅

𝑦̅

SLIDE 15

Cyber-Physical Timing-Consistency

SLIDE 16

(1) Syn-Timing-Consistency (1/ 2)

sample

sample

sample

sample

YES

SLIDE 17

(1) Syn-Timing-Consistency (2/ 2)

sample

sample actuate actuate

sample

actuate time

: NO
: YES

SLIDE 18

(2) Exp-Timing-Consistency

Calculating the expire tim e time The error of state prediction is unacceptable

SLIDE 19

Evaluation

Simulator: DC motor speed control using PID controller
Goal: to keep a vehicle travel at a constant speed
Scenario: an attack is found out and the system

performs recovery ONCE to predict the current state

SLIDE 20

Violating Logic-Consistency

SLIDE 21

Violating Syn-Timing-Consistency

Current ( ) and speed ( ) have different tim e stam ps

SLIDE 22

Need of Exp-Timing-Consistency

Using older states for recovery resulting in larger drifts

SLIDE 23

Conclusion

Review on CPS

recovery

Model‐based roll‐forward recovery
How well does it work
S

tate consistencies for CPS recovery

Defined logic and timing consistencies
Why the consistencies is needed

State Consistencies for Cyber- Physical System Recovery

Fanxin Kong, S

yracuse Universit y

Oleg S

Pennsylvania

Cyber-Physical Systems

We are living in a Cyber-Physical System world!

CPS Attack Surfaces

surfaces

What we study and why?

Target: Sensor Attacks

change sensor measurements

What we study and why?

Target: Sensor Attacks

change sensor measurements

Goal: Resilience

under sensor attacks

Ideally…

if there is no attack

Speed sensor attack

Outline

recovery

tate consistencies for CPS recovery

CPS recovery

Roll-forw ard recovery: Rolling the system to the current tim e by starting from a consistent cyber-physical-state

speed Prediction using historical state

Scenario: travelling in a straight line

front wheel is driven by a motor, and each motor has a speed sensor

straight line, i.e., the two front wheels have the same speed

the speed difference of the two front wheels

measurements to a constant value

How well does it work?

recovery large

small

What kind of states is used?

that reflects physical states

physical state can be accurately reflected by the corresponding cyber information

We use Consistent Cy ber-Phy sica l Sta tes

Cyber‐physical logic‐consistency Cyber‐physical timing‐consistency Synchronization Freshness

A system diagram of CPS

Physical System Controller Physical space Cyber space A cyber‐physical state is denoted as

Cyber-Physical Logic-Consistency

The logic‐consistency is confined to values, is NOT enough.

Cyber-Physical Timing-Consistency

(1) Syn-Timing-Consistency (1/ 2)

sample

sample

YES

(1) Syn-Timing-Consistency (2/ 2)

sample actuate actuate

actuate time

(2) Exp-Timing-Consistency

Calculating the expire tim e time The error of state prediction is unacceptable

Evaluation

performs recovery ONCE to predict the current state

Violating Logic-Consistency

Violating Syn-Timing-Consistency

Current ( ) and speed ( ) have different tim e stam ps

Need of Exp-Timing-Consistency

Using older states for recovery resulting in larger drifts

Conclusion

recovery

tate consistencies for CPS recovery

Thank you! Q&A