Zero-dynamics Attack, Variations, and Countermeasures
Hyungbo Shim, Juhoon Back, Yongsoon Eun, Gyunghoon Park, Jihan Kim
ZZero-dynamics Attack, Variations, andCountermeasures
Hyungbo Shim, Juhoon Back, Yongsoon Eun, Gyunghoon Park, and Jihan Kim
Abstract
This chapter presents an overview on actuator attacks that exploit zerodynamics, and countermeasures against them. First, zero-dynamics attack is re-introduced based on a canonical representation called normal form. Then it is shownthat the target dynamic system is at elevated risk if the associated zero dynamics isunstable. From there on, several questions are raised in series to ensure when thetarget system is immune to the attack of this kind. The first question is:
Is the targetsystem secure from zero-dynamics attack if it does not have any unstable zeros?
Ananswer provided for this question is:
No, the target system may still be at risk due toanother attack surface emerging in the process of implementation.
This is followedby a series of next questions, and in the course of providing answers, variants of theclassic zero-dynamics attack are presented, from which the vulnerability of the tar-get system is explored in depth. At the end, countermeasures are proposed to renderthe attack ineffective. Because it is known that the zero-dynamics in continuous-time systems cannot be modified by feedback, the main idea of the countermeasureis to relocate any unstable zero to a stable region in the stage of digital implemen-tation through modified digital samplers and holders. Adversaries can still attackactuators, but due to the re-located zeros, they are of little use in damaging the tar-get system.
Hyungbo ShimSeoul National University, Seoul, Korea, e-mail: [email protected] BackKwangwoon University, Seoul, Korea, e-mail: [email protected] EunDGIST, Daegu, Korea, e-mail: [email protected] ParkKIST, Seoul Korea, e-mail: [email protected] KimSeoul National University, Seoul, Korea, e-mail: [email protected] 1 a r X i v : . [ ee ss . S Y ] J a n Hyungbo Shim, Juhoon Back, Yongsoon Eun, Gyunghoon Park, and Jihan Kim
Modern control systems embrace the technology advances in communication andcomputing in order to increase their capability and applicability: feedback controlsystems now handle large scale systems whose subsystems are not necessarily collo-cated, and play key roles in societal infrastructures such as electrical power distribu-tion facilities, oil and gas pipelines, water distribution systems and sewage treatmentplants. The wide usage of Supervisory Control And Data Acquisition (SCADA)systems to monitor and control operations of the large scale plant is an example.However, what also increased along with the capability and applicability is the vul-nerability of the systems. Specifically, technological advances over the past decadehave seen these traditionally closed systems become open and internet-connected,which puts the system at risk from attacks with malicious intent. Incidents of Ira-nian nuclear facility [13], breach in Maroochy water sewage [24], massive outage inUkrainian power grid [14] show that the risk is not a possibility but a reality. Clearly,the effect of malfunction induced by malicious attack on control systems could becatastrophic as witnessed in [4, 13, 14, 21, 24]. Naturally, security of control systemshas become an active topic of research due to its importance.Figure 1 shows the modern control systems under consideration, where remotelylocated sensors and actuators are connected to computing units that execute feed-back control algorithms, monitoring of the operation, and a level of anomaly detec-tion. Here, values of sensor measurement, y ( t ) , are sent through the communicationnetwork and so are those for the actuators, u ( t ) . Attacks on sensors, denoted by a s ( t ) , potentially corrupt sensor measurement y ( t ) and so do the attacks on actua-tors, denoted by a a ( t ) , the actuation signals for the plant.Community of automatic control began to investigate not only countermeasuresto malicious attack but also mechanisms of various potential attacks on sensors,actuators, and controllers themselves [15,16,18–20]. What appears to be particularlydangerous is a class of attacks that are referred to be as stealthy . An attack beingstealthy means that its effect does not appear in the output of the system or the Fig. 1
Illustration of modern control systems with remote communication under a sensor attackand an actuator attackero-dynamics Attack, Variations, and Countermeasures 3 output of the anomaly detector which is often deployed for the purpose of attackdetection. A most well known one in this class is zero-dynamics attack [26]: it isan actuator attack that pushes the system states along the zero dynamics. Due tothe intrinsic property of zero dynamics, no sign shows in the output, which makesthis attack stealthy. Another notion that we would like to bring up is an attack being disruptive . This means that a portion of the system states diverges due to the attack.A zero-dynamics attack is disruptive if the associated zero dynamics is unstable.The central topic of this chapter is on the attacks that exploit the zero dynamicsand also their countermeasures. Specifically, it is shown that zero-dynamics attack isfeasible even without precise knowledge of the target systems (which is not the casein [26]). Also shown is that it may be too soon to conclude that the systems havingno zero dynamics are unsusceptible to such attacks: Sampling may bring a new vul-nerability, and unstable pole dynamics may pose a similar threat if sensor attacks (asopposed to actuator attacks) are considered. Finally, we discuss zero-dynamics at-tack for nonlinear systems. As potential countermeasures, we introduce methods ofmoving zeros by generalized hold or by generalized sampling. Two methods moveunstable zeros, that may be targets for the adversaries, to stable region in the com-plex plane. Then, although the systems can still be under stealthy attack, the attackslose effectiveness and the adversaries lose motivation. All the results described areillustrated with numerical examples to help readers grasp the concepts.
Among many potential threats to the control systems, zero-dynamics attack isknown to be lethal because it is fundamentally difficult to detect the attack. De-tection of the attack often takes place at the controller side, and so, the informationavailable for detection is the input data transmitted from the controller and the outputdata received from the plant, both of which may be compromised over the commu-nication networks. Based on this fact, the attacker deceives the controller in a waythat the transmitted input ( u in Figure 1) and the received output ( y c = y + a s inFigure 1) would appear to be consistent with the dynamics of the plant.From attacker’s perspective, attack specification consists of initiation time t > L hazard , and detection level L detect . With them, it is said that the attackis disruptive if there exists t ∗ ≥ t such that (cid:107) x ( t ∗ ) − x af ( t ∗ ) (cid:107) ≥ L hazard (1)where x is the actual plant’s state and x af is the attack-free state that would havebeen resulted if there were no attack. At the same time, the attack should be stealthy ,which means that (cid:107) y c ( t ) − y af ( t ) (cid:107) ≤ L detect for all t such that t ≤ t ≤ t ∗ (2) Hyungbo Shim, Juhoon Back, Yongsoon Eun, Gyunghoon Park, and Jihan Kim where y c is the received output and y af is the attack-free output that would have beenresulted if there were no attack. Violation of (2) indicates that the system is underattack, and the level of detection L detect is considered to be set by the defender,which is not to be zero for avoiding false alarm due to measurement noise andother perturbation. In practice, rather than y af (which is not simple to compute),the estimate ˆ y of y is often used for attack detection where ˆ y is computed by thecontroller using the history of the input (sent to the plant) and the output (receivedfrom the plant) with the system model. The idea behind the replacement of y af withˆ y is the following: If the estimator (that generates the estimate ˆ y ) is continuous withrespect to its input y c (for example, a dynamic system such as Luenberger observer),then (a) ˆ y ( t ) = y af ( t ) if the input to the estimator is y af ; (b) ˆ y ( t ) ≈ y af ( t ) if y c ( t ) ≈ y af ( t ) by continuity; and (c) (cid:107) y c ( t ) − ˆ y ( t ) (cid:107) ≤ (cid:107) y c ( t ) − y af ( t ) (cid:107) + (cid:107) y af ( t ) − ˆ y ( t ) (cid:107) , sothat an attack that yields the compromised output y c ( t ) arbitrarily close to y af ( t ) canmake (cid:107) y c ( t ) − ˆ y ( t ) (cid:107) arbitrarily small and thus is stealthy.In this section, the goal of attacker is to design an attack signal that is both dis-ruptive and stealthy. We restrict the focus on attacks that exploit zero dynamics ofthe target systems. Introduction of the zero-dynamics attack dates back at least to [26], where a geo-metric notion is employed to illustrate the idea of the zero-dynamics attack. In thissubsection, the zero-dynamics attack is re-interpreted in view of a canonical formthat is a special realization of an LTI system.Consider a continuous-time SISO LTI system represented by the following trans-fer function of relative degree r : G ( s ) = β n − r s n − r + · · · + β s + β s n + α n − s n − + · · · + α . It is known (from, e.g., [8, Example 13.4]) that a state-space minimal realization of G ( s ) , called the (Byrnes-Isidori) normal form, is given by y = x ˙ x = x ˙ x = x ...˙ x r − = x r ˙ x r = φ (cid:62) : x : + φ (cid:62) z x z + bu ˙ x z = Sx z + px where y is the output, u is the input, and the state x consists of x : = [ x , x , · · · , x r ] (cid:62) ∈ R r and x z ∈ R n − r . The system parameters are φ : ∈ R r , φ z ∈ R n − r , S ∈ R ( n − r ) × ( n − r ) , ero-dynamics Attack, Variations, and Countermeasures 5 p ∈ R ( n − r ) × , and b ∈ R . Here, it can be shown that the roots of zero polyno-mial β n − r s n − r + · · · + β s + β coincide with the eigenvalues of the matrix S ∈ R ( n − r ) × ( n − r ) (see [8, Example 13.4]). About zero dynamics:
Zero dynamics of a system is the residual sub-dynamics that remains when the output maintains identically zero by a pairof some initial condition and some input. A benefit of the normal form is thatthe zero dynamics is easily identified, which is simply ˙ x z = Sx z . The pair ofinitial condition and input that make the output identically zero, is also identi-fied as ( x : ( ) , x z ( )) = ( , ∆ ) and u ( t ) = − ( / b ) φ (cid:62) z x z ( t ) where ∆ is arbitrary.Rigorously speaking, the dynamics ˙ x z = Sx z + px is called ‘internal dynam-ics,’ but is sometimes called ‘zero dynamics’ by abuse.Suppose that an LTI dynamic controller C ( s ) = H ( sI − F ) − G internally stabi-lizes the closed-loop system, and that an adversary can inject malicious signal a a ( t ) (called ‘actuator attack’) into the input channel. Then, the closed-loop system withthe controller can be written as y = x ˙ x : = O x : + ( φ (cid:62) : x : + φ (cid:62) z x z + b ( Hc + a a )) ˙ x z = Sx z + px ˙ c = Fc + Gx (3)where c is the state of the controller. Under the stability assumption, the followinginequality holds for the system in (3): (cid:13)(cid:13)(cid:13)(cid:13)(cid:13)(cid:13) x : ( t ) x z ( t ) c ( t ) (cid:13)(cid:13)(cid:13)(cid:13)(cid:13)(cid:13) ≤ ke − λ t (cid:13)(cid:13)(cid:13)(cid:13)(cid:13)(cid:13) x : ( ) x z ( ) c ( ) (cid:13)(cid:13)(cid:13)(cid:13)(cid:13)(cid:13) (4)with some positives k and λ .The following proposition is another interpretation of [26] in terms of the normalform. Proposition 1.
Suppose that an actuator attack signal a a is generated by ˙ z a = Sz a , a a = − b φ (cid:62) z z a (5) We use the notation O and 0 (of suitable size) as O = ···
00 0 1 ··· ···
10 0 0 ··· and 0 = . Hyungbo Shim, Juhoon Back, Yongsoon Eun, Gyunghoon Park, and Jihan Kim with an initial condition z a ( t ) = ∆ , and is injected from the time t > into theclosed-loop. If (cid:107) ∆ (cid:107) is sufficiently small, then the attack becomes stealthy. Moreover,if S has at least one eigenvalue whose real part is positive (i.e., the plant has anunstable zero, or, is non-minimum phase) and the initial condition ∆ excites theunstable mode, then the attack is disruptive.Proof. While the attack generator is valid only for t ≥ t , it can be equivalentlyrewritten as ˙ z a = Sz a + ∆ δ ( t − t ) with z a ( ) =
0, which is valid for t ≥
0, where δ is Dirac’s delta function. Then, with ˜ x z : = x z − z a , the closed-loop system can berewritten as y = x ˙ x : = O x : + ( φ (cid:62) : x : + φ (cid:62) z ˜ x z + bHc ) ˙˜ x z = S ˜ x z + px − ∆ δ ( t − t ) ˙ c = Fc + Gx . (6)By comparing (3) (without a a ) and (6), it is seen that they are the same exceptthe replacement of x z with ˜ x z and the perturbation ∆ . The perturbation causes atransient response after t . Because the attack-free response x af in (2) is the sameas the response of (6) with ∆ =
0, and because the system (6) is stable, it is seenthat y ( t ) (which is the same as y c ( t ) since there is no sensor attack) can be madearbitrarily close to y af ( t ) (which is the first component of x af ( t ) ) by choosing (cid:107) ∆ (cid:107) small enough. Hence, the attack is stealthy (for any t ∗ in (2)). Now, by choosing asmall ∆ that excites the unstable mode of (5), the state x z ( t ) diverges because z a ( t ) diverges while ˜ x z ( t ) = x z ( t ) − z a ( t ) exponentially converges to zero. This shows theattack is disruptive. (cid:117)(cid:116) Remark 1. If S is expressed in a coordinate where S = blockdiag ( S u , S s ) where allthe eigenvalues of S s have positive real parts, then the dimension of attack generator(5) can be reduced as ˙ z a = S s z a and a a = − ( / b ) φ (cid:62) z , s z a where φ z , s is the correspond-ing part of φ z . As a variation of the zero-dynamics attack, which is an actuator attack, we considerits dual ‘pole-dynamics attack’ that is a sensor attack studied in [7]. If we rewritethe controller using the normal form, the closed-loop system is written by u = c ˙ c : = O c : + ( φ (cid:62) : c : + φ (cid:62) z c z + b ( y + a s )) ˙ c z = Sc z + pc ˙ x = Ax + Bc , y = Cx (7)where x is the state of the plant C ( sI − A ) − B , and φ : , φ z , b , S , and p are the parame-ters of the controller. By comparison, it is seen that the same argument holds for thedesign of the sensor attack a s . ero-dynamics Attack, Variations, and Countermeasures 7 Proposition 2.
Suppose that a sensor attack signal a s is generated by ˙ z a = Az a , a s = − Cz a (8) with an initial condition z a ( t ) = ∆ , and is injected from the time t > into theclosed-loop. If (cid:107) ∆ (cid:107) is sufficiently small, then the attack becomes stealthy. Moreover,if A has at least one eigenvalue whose real part is positive (i.e., the plant has an un-stable pole, or the plant is unstable) and the initial condition ∆ excites the unstablemode, then the attack is disruptive.Proof. With ˜ x : = x − z a , we have u = c ˙ c : = O c : + ( φ (cid:62) : c : + φ (cid:62) z c z + bC ˜ x ) ˙ c z = Sc z + pc ˙˜ x = A ˜ x + Bc − ∆ δ ( t − t ) (9)so that ( x ( t ) − z a ( t )) exponentially converges to zero after t , so that x ( t ) divergesif ∆ excites unstable mode of A . Hence, the attack is disruptive. At the same time,with sufficiently small ∆ , the states of (9) can be made arbitrarily close to the statesof (7) without a s . Therefore, the received output y c = y − a s = Cx − Cz a = C ˜ x canbe made arbitrarily close to the output y of (7) without a s which corresponds to y af .Hence, the attack is stealthy by (2). (cid:117)(cid:116) The zero-dynamics attack is a stealthy attack regardless whether the plant hasunstable zeros or not. However, the attack becomes disruptive when there is an un-stable zero. At this moment, a natural question arises: “Does it mean that the controlsystem is secure from disruptive stealthy attacks if the plant has no unstable zeros?”
Unfortunately, a disruptive and stealthy attack that exploits zero dynamics can bedesigned even if there is no unstable zeros in continuous-time . Modern control sys-tems are mostly implemented by a digital controller, and thus, the continuous-timeoutput signal of the plant is sampled to a discrete-time signal, and the discrete-timecontrol input is converted to a continuous-time signal by zero-order hold (see Fig. 2).The role of sampler and zero-order hold is defined as• sampler: y [ k ] : = y ( kT s ) • zero-order hold: u ( t ) = u [ k ] , kT s ≤ t < ( k + ) T s where T s is the sampling period and k is the discrete-time index.Suppose that the continuous-time plant is given by G ( s ) whose relative degreeis r . Then, representation of the plant from the discrete-time input u [ k ] to output y [ k ] becomes the discrete-time transfer function ¯ G ( z ) . It is emphasized that the relativedegree ¯ r of ¯ G ( z ) is equal to 1 for almost all sampling periods T s , regardless of the Hyungbo Shim, Juhoon Back, Yongsoon Eun, Gyunghoon Park, and Jihan Kim
Fig. 2
Control system implemented with zero-order hold and sampler relative degree r of G ( s ) . This means that sampling introduces r − sampling zeros . The bad news is that, if r ≥ T s is small, then at least one of the sampling zeros is alwaysunstable, and so, the attacker can deploy the sampling-zero-dynamics attack even ifthe continuous-time plant has no unstable zeros. About sampling zeros:
Let us first ask why the discrete-time plant ¯ G ( z ) has r − G ( s ) for almostall T s . To see this, let us examine a typical step response of, e.g., G ( s ) =( − s + ) / ( s + s + s + ) as follows:Since the discrete-time step input u [ k ] is converted as a unit stepcontinuous-time input u ( t ) , the discrete-time step response y [ k ] can be foundfrom the plot, that is, y [ k ] = y ( kT s ) . Then, from the plot, it is seen that y [ ] = y ( T s ) (cid:54) = T s , i.e., except T s = α in the plot. This meansthat the relative degree of ¯ G ( z ) is 1 except the case T s = α , even if the relativedegree of G ( s ) is r =
2. Thus, there should be one sampling zero in ¯ G ( z ) .In fact, the following formal statement is taken from [27]: ero-dynamics Attack, Variations, and Countermeasures 9 Lemma 1.
For almost all T s > , ¯ G ( z ) = g γ r − ( z ) ∏ n − ri = ( z − ¯ z i ) ∏ ni = ( z − ¯ p i ) where• ¯ p i = e λ i T s is the pole where λ i is the pole of G ( s ) • ¯ z i is the zero (When T s is sufficiently small, ¯ z i gets close to e µ i T s where µ i isthe zero of G ( s ) . Since these zeros appear from the continuous-time zeros,they are called ‘intrinsic zeros.’)• γ r − ( z ) is a polynomial of order r − , dependent on the sampling time T s (As T s → , the coefficients of γ r − converge to those of the Euler-Frobeniuspolynomial P r − ( z ) of order r − . The roots of γ r − ( z ) are called ‘samplingzeros.’)• g is a constant defined by ( T s ) r ( lim s → ∞ s r G ( s )) / r ! . The Euler-Frobenius polynomial of order r − P r − ( z ) = β r − z r − + β r − z r − + · · · + β z + β where β i = ∑ ij = ( − ) i − j ( j + ) r (cid:0) r + i − j (cid:1) ,which is known to have at least one unstable root that is located outside ofthe unit circle in the complex plane whenever r ≥ G ( s ) has relative degree r ≥ T s is sufficiently small, then appearance of unstable sampling-zero is unavoid-able. All the roots of Euler-Frobenius polynomial are negative real. An im-plication is that the output-zeroing input corresponding to the sampling zeroshould have alternating signs.Since the relative degree of ¯ G ( z ) is 1 for almost all cases, let us suppose that ¯ G ( z ) is realized in the (discrete-time) normal form: y [ k ] = x [ k ] x [ k + ] = φ : x [ k ] + φ (cid:62) z x z [ k ] + b ( u [ k ] + a a [ k ]) x z [ k + ] = Sx z [ k ] + px [ k ] (10)where x z ∈ R n − . Proposition 3.
Suppose that an actuator attack signal a a [ k ] is generated byz a [ k + ] = Sz a [ k ] , a a [ k ] = − b φ (cid:62) z z a [ k ] (11) with z a [ k ] = ∆ where the attack initiates at t = k T s . If (cid:107) ∆ (cid:107) is sufficiently small,then the attack becomes stealthy. Moreover, if S has at least one eigenvalue outsideof the unit circle (which is either an instrinsic zero or a sampling zero) and the initialcondition ∆ excites the unstable mode, then the atack is disruptive.Proof. Define ˜ x z : = x − z a and consider the controller is given by ¯ C ( z ) = H ( zI − F ) − G . Then, the closed-loop system becomes Fig. 3
Two mass system withall parameters are set to 1.(Reprinted from [11], Copy-right 2020, with permissionfrom Elsevier) y [ k ] = x [ k ] x [ k + ] = φ : x [ k ] + φ (cid:62) z ˜ x z [ k ] + bHc [ k ] ˜ x z [ k + ] = S ˜ x z [ k ] + px [ k ] − ∆ δ [ k − k ] c [ k + ] = Fc [ k ] + Gx [ k ] (12)where δ is Kronecker’s delta. The rest of argument is similar to the proof of Propo-sition 1. (cid:117)(cid:116) Example 1.
The transfer function of Fig. 3 from u ( t ) to y ( t ) = x ( t ) is G ( s ) =( s + ) / ( s + s + s + s + ) , which is a minimum phase system having rela-tive degree 3. With T s = .
1, its discrete-time equivalent model can be written as(10) with S = .
86 2 . − . , p = , φ z = . . − . φ : = . , b = . × − . Fig. 4
The first plot is the state trajectory and the second is the outputs. Red color is the output y ( t ) , and the sampled output y [ k ] is marked as blue cross. (Reprinted from [11], Copyright 2020,with permission from Elsevier)ero-dynamics Attack, Variations, and Countermeasures 11 Note that the eigenvalues of S are − . − .
26, and 0 .
90, of which the first twoare sampling zeros. Clearly, there is an unstable zero of − .
64. With ∆ = − × [ , , ] T , the attack generated by (11) results in Fig. 4. (cid:117)(cid:116) Up to now, we have seen that even if the continuous-time plant does not haveunstable zero, sampling for discrete-time implementation of control system may in-troduce unstable sampling zeros in discrete-time domain. At this moment, a naturalquestion arises: “If the discrete-time plant has no unstable (sampling) zero, does itmean that the control system is secure from disruptive stealthy attacks?”
Unfortunately, even if the plant has no unstable zero in the discrete-time domain,there is some possibility to design a disruptive stealthy attack when there is morefreedom in actuation than sensing. Since sensing occurs only at discrete time in-stances, if an actuator attack drives the plant’s state to pass through the kernel of theoutput matrix at each sensing time while the state is enforced to behave disruptively,then the attack can remain stealthy while the state diverges (see Fig. 5 for example).This type of attack exists when the sampled-data system has an input redundancy,i.e., the number of inputs being larger than that of outputs and/or the sampling rateof the actuators being higher than that of the sensors. For the sake of brevity, onlythe latter case is explained in this chapter in detail.Consider a linear time-invariant plant˙ x ( t ) = Ax ( t ) + B ( u ( t ) + a a ( t )) ∈ R n , u ( t ) , a a ( t ) ∈ R p , y ( t ) = Cx ( t ) ∈ R q (13)where a a is the actuator attack, and the matrices B and C are assumed to have fullcolumn rank and full row rank, respectively. Let T s be the sampling period for theoutput measurement such that y [ k ] = y ( kT s ) Fig. 5
Solution diverges fromthe origin while it belongs tothe kernel of the output matrix C at each sampling instance.(©2020 IET. Reprinted, withpermission, from [12])2 Hyungbo Shim, Juhoon Back, Yongsoon Eun, Gyunghoon Park, and Jihan Kim and T a be the period for zero-order-hold such that u ( t ) + a a ( t ) = u [ i ] + a a [ i ] , iT a ≤ t < ( i + ) T a in which, it is assumed that a discrete-time attack a a [ i ] is injected in the commu-nication network so that it is converted together with u [ i ] . Then, the enforced-zero-dynamics attack a a [ i ] can be generated under the assumption that qT a < pT s . (14)It should be noted that (14) holds if the number of inputs, p , is large and/or thesampling period for actuation, T a , is small. Based on (14), a disruptive stealthy attackis proposed in [12], and the attack is termed as ‘masking attack.’In order to introduce the idea of the masking attack (we call it ‘enforced-zero-dynamics attack’ in this chapter), let us simplify the situation as p = q = , T s = T a (15)and refer to [12] for the general cases. Now, let A d : = e AT a and B d : = (cid:90) T a e A τ d τ B . Also, let ˜ x : = x − x af and ˜ y : = y − Cx af where x af is the solution of (13) when thereis no attack, and let the attack initiate at t = x ( ) = (cid:20) ˜ x ( T a ) ˜ x ( T a ) (cid:21) = (cid:20) B d A d B d B d (cid:21) (cid:20) a a [ ] a a [ ] (cid:21) (16a)˜ y [ ] = ˜ y ( T s ) = ˜ y ( T a ) = (cid:2) CA d B d CB d (cid:3) (cid:20) a a [ ] a a [ ] (cid:21) . (16b)Now, we assume that(a) ker (cid:2) CA d B d , CB d (cid:3) (cid:54)⊂ ker (cid:20) B d A d B d B d (cid:21) , (b) im CA d ⊂ im (cid:2) CA d B d , CB d (cid:3) , which automatically follow for almost all sampling periods from the assumption(15) and that the matrix B has full column rank. Indeed, item (a) holds because B d also has full column rank so that the right-hand is the trivial set while the left-handis not trivial because the matrix is fat. In addition, item (b) follows from the factsthat the relative degree of C ( zI − A d ) − B d is 1 for almost all sampling periods andthat CB d corresponds to the relative degree of the transfer function. It is emphasizedagain that(c) ker (cid:2) CA d B d , CB d (cid:3) is not trivial. ero-dynamics Attack, Variations, and Countermeasures 13 Now, it is ready to design an attack sequence a a [ i ] . The design proceeds sequen-tially as a pair; i.e., choosing the sequences α m , β m ∈ R such that (cid:20) a a [ m ] a a [ m + ] (cid:21) = β m + α m , m = , , . . . . (17)For the case m =
0, let β =
0, and pick α such that (cid:2) CA d B d CB d (cid:3) α = (cid:20) B d A d B d B d (cid:21) α (cid:54) = m =
0, it follows from(16) that ˜ y [ ] = x ( T a ) and ˜ x ( T a ) is non-zero. Moreover, bychoosing α to have sufficiently large magnitude, the non-zero one can be made ar-bitrarily large in magnitude. Therefore, both the stealthy property and the disruptiveproperty of the attack are satisfied in the attack period of 2 T a .However, it may require too much actuation effort to achieve the level of hazard L hazard in (1) within the period of 2 T a . In order to distribute the effort over time, letus design the attack (17) for next steps m ≥
1. Since (cid:20) ˜ x (( m + ) T a ) ˜ x ( ( m + ) T a ) (cid:21) = (cid:20) A d ˜ x ( mT a ) A d ˜ x ( mT a ) (cid:21) + (cid:20) B d A d B d B d (cid:21) (cid:20) a a [ m ] a a [ m + ] (cid:21) = (cid:20) A d ˜ x ( mT a ) A d ˜ x ( mT a ) (cid:21) + (cid:20) B d A d B d B d (cid:21) β m + (cid:20) B d A d B d B d (cid:21) α m (18a)˜ y [ m + ] = ˜ y (( m + ) T s ) = CA d ˜ x ( mT a ) + (cid:2) CA d B d CB d (cid:3) (cid:20) a a [ m ] a a [ m + ] (cid:21) = CA d ˜ x ( mT a ) + (cid:2) CA d B d CB d (cid:3) β m + (cid:2) CA d B d CB d (cid:3) α m , (18b)the vector β m is chosen first such that CA d ˜ x ( mT a ) + (cid:2) CA d B d CB d (cid:3) β m = β m is to cancel the effect ofprevious actuation in (18b) in order for the stealthiness of the step m . Then, with β m at hand, the vector α m is chosen in ker (cid:2) CA d B d , CB d (cid:3) , so that ˜ y [ m + ] = (cid:20) B d A d B d B d (cid:21) such that the states in (18a) can reach the level L hazard . By repeating the procedurefor m = , , · · · , a disruptive stealthy attack can be generated.It is noted that the attack generation can be performed off-line because it doesnot require any online information such as input and output signals. Therefore, theattack sequence a a [ i ] can be computed and stored before the attack initiation. Example 2.
Consider a model of X-38 vehicle in [22] which has 11 states, 3 inputs,and 9 outputs. The system admits a multi-rate controller (see [22]), and we suppose -1 -0.5 0 0.5 1 1.5 2-10-505 -4 -3 -2 -1 0 1 2 3 4-10010
Fig. 6
The system reaches its steady-state before the time t =
0, and enforced-zero-dynamicsattack begins at t =
0. While the sampled output ˜ y ( kT s ) remains identically zero, the continuous-time state deviation ˜ x ( t ) is diverging. (©2020 IET. Reprinted, with permission, from [12]) that T s = T a so that the inequality (14) holds. Following the procedure of [12],an actuator attack signal is generated off-line before the attack initiation. Fig. 6illustrates the outcome of the attack. (cid:117)(cid:116) All of the attacks discussed so far require exact knowledge of the plant. In prac-tice, exact model of the physical system is hard to obtain not only for attackers butalso for control designers. At this moment, a natural question arises: “It seems thatthese attack policies are too ideal. Is the real control system secure because exactmodel knowledge is hard to obtain?”
Unfortunately, exact model of physical plant is not necessary for generating disrup-tive stealthy attacks, if the attack policy is designed by employing a robust controlmethodology. In this subsection, let us investigate this possibility using a particularrobust control, called disturbance observer approach [23], and generate a disruptivestealthy actuator attack for continuous-time linear systems.For this, let us write the plant in the normal form again: y = x , ˙ x : = O x : + ( φ (cid:62) : x : + φ (cid:62) z x z + b ( u + a a )) , x : ∈ R r , ˙ x z = Sx z + px , x z ∈ R n − r . (19)While the proposed attack policy does not need exact values of the system param-eters φ : , φ z , b , S , and p , some information regarding the plant is still needed. Theyare: ero-dynamics Attack, Variations, and Countermeasures 15 • the input and the output of the plant: instead of using less knowledge on the plantmodel, the attacker relies more on the input and the output information (readersare reminded that the classical zero-dynamics attack does not use the output ofthe plant),• the relative degree r , and the sign of the high-frequency gain b , and nominalvalues φ : , n , φ z , n , b n , S n , p n ,• attack-free operating region X and Z such that x : ( t ) ∈ X and x z ( t ) ∈ Z , ∀ t ≥
0: these are the underlying sets for attack-free operation, and both X and Z areassumed to be compact sets; they can be taken conservatively,• the amount of variation of uncertain parameters: for example, (possibly conser-vative) interval to which the uncertain parameter b belongs; it is also assumedthat the nominal values belong to the intervals.The above information may be obtained by the attacker from a system identifi-cation procedure using the eavesdropped input and output signals, or from a leakedinformation about the design model that was used for constructing the feedbackcontroller. In any case, the amount of information required is not much differentfrom the knowledge to design a robust controller for the uncertain plant. Finally, fortechnical reason, we assume the following. Assumption.
The (uncertain) matrix S does not have eigenvalues on the imaginaryaxis in the complex plane.To understand the idea of robust zero-dynamics attack, suppose, for the timebeing, that the attacker generates the actuator attack signal (instead of (5)) by˙ z a = S n z a + p n y (20a) a ∗ a = b (cid:16) − φ (cid:62) : x : − φ (cid:62) z x z − bu + φ (cid:62) : , n x : + φ (cid:62) z , n z a + b n u (cid:17) . (20b)Of course, the signal a ∗ a is not available because many terms in the right-hand sideare unknown. This signal a ∗ a will be estimated by the disturbance observer later.With a a = a ∗ a , the plant (19) is rewritten (together with (20a)) by y = x ˙ x : = O x : + ( φ (cid:62) : , n x : + φ (cid:62) z , n z a + b n u ) (21a)˙ z a = S n z a + p n x (21b)˙ x z = Sx z + px . (21c)It is seen from the above equation that all the uncertain parameters are replaced withtheir nominal values. In particular, the attacker’s dynamics (21b) replaces the roleof the real zero dynamics (21c), and disguises as the plant’s internal dynamics. Thecontroller interacts with the attacker’s dynamics because the state z a is seen from theoutput y while the state x z becomes unobservable, and thus, the real zero dynamics(21c) is placed out of the feedback loop.It is reasonable to assume that the controller robustly stabilizes the uncertainplant whose parameters belong to the uncertainty interval, which also contains thenominal parameters. Then, since the controller stabilizes the plant (21) with the replaced nominal parameters, the output y and the state ( x : , z a ) behave as if thereis no attack. (This means that the trajectory of ( x : ( t ) , z a ( t )) corresponds to x af ( t ) in(2).) In this way, the attack becomes stealthy. On the other hand, if the uncertainplant has an unstable zero so that the matrix S has an unstable eigenvalue (havingpositive real parts), then the state x z tends to diverge for almost all values of x z ( t ) where t is the time of attack initiation. In this way, the attack becomes disruptive. Itshould be noted that the way of obtaining disruptive property is different from thatof the zero-dynamics attack in Section 2.1. Why not x z diverges for all x z ( t ) ? Even if a system is unstable, there isa measure-zero set of initial conditions from which the solution remainsbounded. For example, x ( ) = x = x yields abounded solution x ( t ) =
0. This is true even when the system has a boundedexternal input. An example is ˙ x = x + sin t . With x ( ) = − /
2, the solution x ( t ) = − ( / )( sin t + cos t ) remains bounded. Now, let us consider (21c).Even in the case when all the eigenvalues of S have positive real parts, theinitial condition x z ( t ) = (cid:90) ∞ t e − S ( t − t ) px ( t ) dt is well-defined because x ( t ) is bounded by the stability of the closed-loopsystem with the controller. Then, it can be shown that the solution x z ( t ) for t ≥ t is bounded. However, it is not possible to predict such a value x z ( t ) because the future trajectory of x ( t ) , as well as S and p , cannot be known attime t . Nevertheless, the set of these particular initial conditions has measurezero, and so, the bounded solution of x z ( t ) is not likely to happen in practice.Now, let us turn to the question how to estimate a ∗ a . In fact, (19) can be writtenas follows with a ∗ a :˙ x : = O x : + ( φ (cid:62) : x : + φ (cid:62) z x z + b ( u + a a ))= O x : + ( φ (cid:62) : , n x : + φ (cid:62) z , n z a + b n u + b ( a a − a ∗ a )) . (22)If a ∗ a is treated as an unknown disturbance and a a is the control input, then this isthe very situation where the disturbance observer technique can estimate a ∗ a witharbitrarily precision. More specifically, if all the initial conditions at t = a ∗ a ( t ) is bounded, then, for any ε >
0, adisturbance observer and an input a a can be designed such that (cid:107) a a ( t ) − a ∗ a ( t ) (cid:107) ≤ ε , ∀ t ≥ ε . (23)But, the signal a ∗ a ( t ) is not bounded if x z ( t ) is unbounded, which is the goal ofattacker. Therefore, precise estimation of a ∗ a by a a is not possible for infinite timehorizon. However, this is enough for attackers because, until x z ( t ) diverges up to thelevel of hazard in (1) at time t ∗ (which takes a finite time duration t ∗ − t ), the signal ero-dynamics Attack, Variations, and Countermeasures 17 a ∗ a ( t ) can be treated as a bounded one and the disturbance observer can be designedto estimate it sufficiently closely.Finally, the following dynamics generates robust zero-dynamics attack signal a a ,which approximates a ∗ a of (20), for t ≤ t ≤ t ∗ :˙ z a = S n z a + p n y ˙ ξ i = ξ i + − q r − i τ i ξ + q τ r b n (cid:16) φ : , n , r − i + + q r − i τ i (cid:17) y , i = , · · · , r − , ˙ ξ r = − q τ r ξ + q τ r b n (cid:16) φ : , n , + q τ r (cid:17) y + q τ r (cid:18) b n φ (cid:62) z , n z a + u + a a (cid:19) a a = sat L (cid:18) ξ − q τ r b n y (cid:19) . (24)All initial conditions at t are set to zero, assuming that the plant is in the steady-stateat time t . The function sat L saturates at ± L , and the reason for introducing satura-tion is that, even if the estimation of (23) holds for t ≥ t + ε , nothing can be said for t ≤ t < t + ε . In order to prevent unnecessary peak of a a ( t ) during this period (thispeak tends to occur due to the peaking phenomenon [25], and by the peak, the tra-jectory (22) deviates from the attack-free trajectory hindering the stealthiness), weintroduce the saturation function. Now, the contants q i ( i = , · · · , r − L , and the constant τ are design parameters, which are chosen from allthe information available to the attacker. Proposition 4.
Let the polynomial s r − + q r − s r − + · · · + q be Hurwitz. If q > is chosen sufficiently small, L sufficiently large, and τ > sufficiently small, thenthe actuator attack generated through (24) is stealthy. If, in addition, the matrix Scontains at least one eigenvalue having positive real part, then the attack is disrup-tive for almost all initial conditions x z ( t ) . Finally, accuracy of estimation of a ∗ a bya a improves as τ gets smaller. The proof is omitted due to space limit, but can be found in [19], where the detailsof choosing q , L , and τ are presented. For more details on the disturbance observertechnique used for (24), refer to [2]. Example 3.
A non-minimum phase uncertain system depicted in Fig. 7 is consid-ered. It is supposed that the plant is controlled by a PID-type controller C ( s ) =( . s − . s + . ) / ( . s + s ) . The classical zero-dynamics attack in Section2.1 with the nominal parameter T P , n = q = L = , τ = . (cid:117)(cid:116) As seen in (21), the effect of the proposed attack is to replace the real zero dynamics (21c) with(21b) at time t . This is an abrupt change, and so, unless z a ( t ) is close to x z ( t ) , some transientresponse may occur after t and the attack may be detected. To avoid this possibility, the attackerwill carefully choose the time t such that the internal state x z ( t ) is easily guessed, like the steady-state at which z a ( t ) = Fig. 7
Power generatingplant with hydro turbine. F ∆ : frequency deviation, P ∆ :deviation in generated power, X ∆ : deviation in governor’svalve. The parameter T P isuncertain and belongs to theinterval [ , ] . Nominal T P , n is taken as 4, and T X = . T F = K F = R = . Governor Load & machineDroop characteristicHydro turbine
Time (sec)
Time (sec)
Fig. 8
Plots of the output F ∆ (left) and the state X ∆ (right). Attack starts at 60 sec. The black solidis the case when T P = T P , n = T P = T P =
6. With model uncertainty, the attack is easily detectable. (©2016 IEEE. Reprinted, withpermission, from [20])
Time (sec)
Time (sec)
Fig. 9
Plots of the output F ∆ (left) and the state X ∆ (right). Attack starts at 60 sec. The black solidis the case when T P = T P , n = T P = T P =
6. In spite of model uncertainty, the attack remains stealthy. (©2016 IEEE. Reprinted, withpermission, from [20])
As a dual to robust zero-dynamics attack, robust pole-dynamics attack is also possi-ble. Recall the closed-loop system in (7), which is written again as u = c ˙ c : = O c : + ( φ (cid:62) : c : + φ (cid:62) z c z + b ( Cx + a s )) ˙ c z = Sc z + pc y = Cx ˙ x = Ax + Bc . (25)When the plant’s parameters A , B , and C have uncertainty and/or the controller’sparameters φ : , φ z , b , S , and p are uncertain, the robust pole-dynamics attack can beemployed. In particular, the zero dynamics part in (25) and the uncertain parameterscan be replaced with their nominal counterparts as ero-dynamics Attack, Variations, and Countermeasures 19 ˙ c : = O c : + ( φ (cid:62) : , n c : + φ (cid:62) z , n z a , c + b n C n z a , x + b ( a s − a ∗ s )) (cid:20) ˙ z a , c ˙ z a , x (cid:21) = (cid:20) S n A n (cid:21) (cid:20) z a , c z a , x (cid:21) + (cid:20) p n B n (cid:21) c (26)where a ∗ s can be estimated by a s through the disturbance observer as before. For thedetails, refer to [7].Up to now, only linear systems are considered as target systems. Is it possible togenerate a disruptive stealthy attack for nonlinear systems? In fact, nonlinear systems are also vulnerable to disruptive stealthy attacks. When asingle-input-single-output smooth nonlinear system has a well-defined relative de-gree r , it can be converted into the nonlinear normal form as y = x ˙ x : = O x : + ( f ( x : , x z ) + g ( x : , x z )( u + a a )) ˙ x z = h ( x z , x : ) (27)where x : ∈ R r and x z ∈ R n − r . For this system, while it is not straightforward to applythe approach of Section 2.1, the approach of robust zero-dynamics attack can still beapplied as long as g ( x : , x z ) is a constant function such that g ( x : , x z ) = b , and h ( x z , x : ) depends only on ( x z , x ) . With˙ z a = h n ( z a , y ) a ∗ a = b ( − f ( x : , x z ) − bu + f n ( x : , z a ) + b n u ) the system is rewritten as y = x ˙ x : = O x : + ( f n ( x : , z a ) + b n u + b ( a a − a ∗ a )) ˙ z a = h n ( z a , x ) ˙ x z = h ( x z , x ) (28)Then, a ∗ a can be estimated by a nonlinear disturbance observer studied in [1]. In this section, we discuss how to protect the control system from the zero-dynamicsattacks when it is implemented in the sampled-data framework. In particular, weconsider a SISO LTI continuous-time system ˙ x ( t ) = Ax ( t ) + Bu ( t ) , y ( t ) = Cx ( t ) (29)that is implemented in the sampled-data framework with u ( t ) = u [ k ] ∀ t ∈ [ kT s , ( k + ) T s ) , y [ k ] = y ( kT s ) . (30)Because the attack cannot be detected by monitoring the sampled output y [ k ] , it isgenerally hard to conceive a countermeasure. Only a few protecting strategies areavailable in the literature. The idea of changing sensors and actuators is proposedin [26], and the idea of introducing a modulation block before the actuator in thefeedback configuration is proposed in [6]. Both methods are intended to modifythe system structure under the premise that the changes are kept confidential to theadversaries. Therefore, the security is compromised if the changes are disclosed toadversaries, and even if this is not the case, the sampling-zero-dynamics attack maystill be effective when the sampling period T s is very small. This is because, if T s isvery small, the sampling zeros approach the roots of Euler-Frobenius polynomial,and the Euler-Frobenius polynomial (which is known to the public) does not dependon the particular parameters of the target system (as long as the relative degree ofthe system is known).In this section, we present another strategy that can disarm the zero-dynamicsattack. The idea is to replace the conventional zero-order-hold or the sampler inthe plant-side with a generalized hold (GH) or a generalized sampler (GS), respec-tively. With this change, it is intended that the unstable zeros are relocated to thestable region in the discrete-time domain. Therefore, if the change is not known tothe adversaries then the attack will be detected, and even if the change is known sothat the attack is made stealthy, the attack is no more disruptive because all the zerosare stable. Eventually, the adversaries lose the motivation of attack.
In this subsection, we introduce the idea of using generalized hold (GH), whichis based on the work of [11]. Generalized hold [27] is a device that generates thecontinuous-time input to the plant from a given input sequence u [ k ] as u g ( t ) = h g ( t − kT s ) u [ k ] ∀ t ∈ [ kT s , ( k + ) T s ) (31)where h g is a function defined on [ , T s ) . Recall that if h g ( t ) = [ , T s ) , then GHrecovers zero-order-hold. With GH, the sampled-data model of (29) becomes x [ k + ] = A d x [ k ] + B g u [ k ] , y [ k ] = C d x [ k ] (32)where x [ k ] ∈ R n and The generalized hold and sampler have been actively studied in the 90s. For the details, referto [27].ero-dynamics Attack, Variations, and Countermeasures 21 A d = e AT s , B g : = (cid:90) T s e A ( T s − τ ) Bh g ( τ ) d τ , C d = C . The sampled-data transfer function from u [ k ] to y [ k ] , denoted by G d ( z ) , is then givenby G d ( z ) = C d ( zI n − A d ) − B g . Then, in most cases, by a suitable design of h g , the zeros of G d ( z ) can be assignedto arbitrary locations. To see this, let G ∗ d ( z ) = k d ( z − z d , ) · · · ( z − z d , n − ) det ( zI n − A d ) (33)be a desired transfer function where z d , , . . . , z d , n − ∈ C are the desired zeros (incomplex conjugate pairs) and k d is a desired gain. Lemma 2.
Suppose ( A d , C d ) is observable. Then, there exists a unique B g ∈ R n such that G d ( z ) = G ∗ d ( z ) .Proof. Let C ∗ ( zI n − A ∗ ) − B ∗ is a minimal realization of G ∗ d ( z ) . Then, G d ( z ) is iden-tical to G ∗ d ( z ) if and only if C d A k − d B g = C ∗ A k − ∗ B ∗ for all k = , , . . . , n . With O d being the observability matrix of ( A d , C d ) , it is equivalent to O d B g = C d C d A d ... C d A n − d B g = C ∗ B ∗ C ∗ A ∗ B ∗ ... C ∗ A n − ∗ B ∗ . (34)By the observability, O d is invertible. (cid:117)(cid:116) With B g obtained above, it remains to construct h g ( t ) such that B g = (cid:90) T s e A ( T s − τ ) Bh g ( τ ) d τ . (35)Then, it is immediate to see that such an h g exists if ( A , B ) is controllable becausethe form (35) reminds, for ˙ x = Ax + Bu , the problem of driving the state from theorigin to the vector B g at time T s by the input u ( t ) = h g ( t ) . So a solution is given by h g ( t ) = B (cid:62) e A (cid:62) ( T s − t ) W − ( , T s ) B g (36)where W ( , T s ) is the controllability Gramian W ( , T s ) = (cid:82) T s e A τ BB (cid:62) e A (cid:62) τ d τ . How-ever, this requires a device that can generates continuous-time signals, which maynot be very practical. It is well-known that, if ( A , C ) is observable, then ( A d , C d ) is observable for almost all samplingtimes T s .2 Hyungbo Shim, Juhoon Back, Yongsoon Eun, Gyunghoon Park, and Jihan Kim Alternatively, a piecewise constant function h g becomes of interest. Let N be thenumber of subintervals within which h g ( t ) is constant, namely h g ( t ) = h i , ( i − ) T s N ≤ t < iT s N , i = , . . . , N . (37)Substituting (37) into (35), one has B g = N ∑ i = (cid:90) iTsN ( i − ) TsN e A ( T s − τ ) Bd τ h i , which can be simply written, with ¯ h : = [ h , · · · , h N ] (cid:62) , as B g = (cid:104) A N − d , N B d , N , · · · , A d , N B d , N , B d , N (cid:105) ¯ h = : M B ¯ h (38)where A d , N = e AT s / N , B d , N = (cid:82) T s / N e A ( T s / N − τ ) Bd τ , and M B ∈ R n × N .Therefore, we obtain the following result. Lemma 3.
If B g belongs to the range space of M B , then the vector ¯ h exists. If ( A d , N , B d , N ) is controllable (which is the case for almost all T s when ( A , B ) is con-trollable), then the vector ¯ h exists for any B g with N = n, and ¯ h = M − B B g . The approach of moving the system zeros to the stable region by GH is effective indisarming the zero-dynamics attack. However, the response of the resulting systemwith GH is different from that with ZOH. In other words, the closed-loop systemperformance is affected by designing the GH and it may degrade from the originaldesign. The question “how can we design GH so that the performance degradationof the closed-loop system (from that with ZOH) is minimized?” naturally follows,which is the topic of this subsection.In order to design GH following the procedure developed in the previous sub-section, one needs to choose the desired zeros first, and computes B g and then h g inorder. But, then, the values of h g ( t ) may happen to be very different from those ofthe ZOH (which are 1). To overcome this drawback, by recalling that our interestis not to assign the zeros at specific locations but to make the system have stablediscrete-time zeros, we formulate an optimization problem to minimize the differ-ence between h g ( t ) and 1, under the constraints that the zeros are located inside theunit circle and that the integrations of h g ( t ) and 1 during one sampling period areequal.For building the stability constraint, we note that the realization of G ∗ d ( z ) of (33)in the controllable canonical form is given by ero-dynamics Attack, Variations, and Countermeasures 23 ¯ x [ k + ] = (cid:20) n − I n − − d · · · − d n − (cid:21) ¯ x [ k ] + (cid:20) n − (cid:21) u [ k ] = : A ∗ ¯ x [ k ] + B ∗ u [ k ] y [ k ] = (cid:2) c · · · c n − c n − (cid:3) ¯ x [ k ] = : C ∗ ¯ x [ k ] where the constants c , . . . , c n − , d , . . . , d n − are determined from the relationsdet ( zI n − A d ) = z n + d n − z n − + · · · + d k d n − ∏ i = ( z − z d , i ) = c n − z n − + c n − z n − + · · · + c . (39)Then, it follows from (34) and (38) that O d M B ¯ h = O d B g = C ∗ B ∗ ... C ∗ A n − ∗ B ∗ = B (cid:62)∗ ... B (cid:62)∗ ( A (cid:62)∗ ) n − C (cid:62)∗ = : C (cid:62)∗ C (cid:62)∗ (40)where C ∗ is the controllability matrix of ( A ∗ , B ∗ ) , and we used the fact that C ∗ A i − ∗ B ∗ is scalar in the derivation. Remark 2.
Suppose that we seek for a Schur stable polynomial of order q ; i.e., α q z q + α q − z q − + · · · + α . By utilizing the LMI condition for a strict positive realsystem, an LMI specification for the search can be formulated byfind ˜ C = [ α , α , · · · , α q − ] , ˜ D = α q > P > (cid:20) ˜ A (cid:62) ˜ P ˜ A − ˜ P , ˜ A (cid:62) ˜ P ˜ B − ˜ C (cid:62) ˜ B (cid:62) ˜ P ˜ A − ˜ C , ˜ B (cid:62) ˜ P ˜ B − D (cid:21) ≤ , where ˜ A = · · ·
00 0 1 · · · · · ·
10 0 0 · · · ∈ R q × q , ˜ B = ∈ R q . The underlying idea is to ask the solver to search for ˜ C and ˜ D such that˜ C ( zI − ˜ A ) − ˜ B + ˜ D = α q z q + · · · + α z q becomes strictly positive real (which is already stable since ˜ A is Schur) [5]. (cid:117)(cid:116) Based on the idea of Remark 2, an optimization problem is formulated as minimize ¯ h ∈ R N , ˜ P ∈ R ( n − ) × ( n − ) (cid:107) ¯ h − N (cid:107) (41a)subject to (cid:20) ˜ A (cid:62) ˜ P ˜ A − ˜ P , ˜ A (cid:62) ˜ P ˜ B ˜ B (cid:62) ˜ P ˜ A , ˜ B (cid:62) ˜ P ˜ B (cid:21) − ( C −(cid:62)∗ O d M B ¯ h ) e (cid:62) n − e n ( C −(cid:62)∗ O d M B ¯ h ) (cid:62) ≤ P > , (41c)and 1 (cid:62) N ¯ h = N , (41d)where 1 N ∈ R N is the vector with all elements being 1, and e n ∈ R n is the elementaryvector whose n -th element is 1 while all others are zero. Indeed, the column vec-tor ( C −(cid:62)∗ O d M B ¯ h ) is nothing but [ c , c , · · · , c n − ] (cid:62) due to (39) and (40). The taskof disarming the attack is achieved mainly by (41b) and (41c), and thus, the costfunction and the constraint (41d) can be modified to obtain different ¯ h . In this subsection, it is shown that, by using a generalized sampler (GS), the zeros ofthe discrete-time representation of the plant can also be placed inside the unit circle.Zero-dynamics attack may remain stealthy, but since all attack signals diminish,it becomes not disruptive. Along with the approach of using GH, the use of GSdisarms the zero-dynamics attack. This subsection is based on the work of [10].Generalized sampler [27] is a device that generates the output sample from thecontinuous-time output of the plant as y g [ k ] = (cid:90) T s h g ( t ) y ( t + ( k − ) T s ) dt (42)where h g is a (generalized) function defined on ( , T s ] . The conventional sampler y [ k ] = y ( kT s ) can be considered as a GS with h g ( t ) = δ ( t − T s ) . Recalling that y ( t + ( k − ) T s ) = Ce At x [ k − ] + C (cid:82) t e A τ Bd τ u [ k − ] for 0 < t ≤ T s , it is seen that y g [ k ] = (cid:18) (cid:90) T s h g ( t ) Ce At dt (cid:19) x [ k − ] + (cid:18) (cid:90) T s h g ( t ) C (cid:90) t e A τ Bd τ dt (cid:19) u [ k − ]= : C g x [ k − ] + D g u [ k − ] . (43)With x [ k + ] = e AT s x [ k ] + (cid:82) T s e A τ Bd τ u [ k ] = : A d x [ k ] + B d u [ k ] , the transfer functionfrom u [ k ] to y g [ k + ] is given by C g ( zI n − A d ) − B d + D g , and therefore, the transferfunction from u [ k ] to y g [ k ] becomes G d ( z ) = z − ( C g ( zI n − A d ) − B d + D g ) (44) Note that (cid:82) t e A ( t − τ ) Bd τ = (cid:82) t e A τ Bd τ .ero-dynamics Attack, Variations, and Countermeasures 25 which has dimension n + n ) due to the one-step delay. Then, in mostcases, by a suitable design of h g , the zeros of G d ( z ) can be assigned to arbitrarylocations. To see this, let G ∗ d ( z ) = k d z − ( z − z d , ) · · · ( z − z d , n ) det ( zI n − A d ) (45)be a desired transfer function where z d , , . . . , z d , n ∈ C are the desired zeros (in com-plex conjugate pairs) and k d is a desired gain. Lemma 4.
Suppose ( A d , B d ) is controllable. Then, there exists a unique pair C g ∈ R × n and D g ∈ R such that G d ( z ) = G ∗ d ( z ) .Proof. Let C ∗ ( zI n − A ∗ ) − B ∗ + D ∗ is a minimal realization of zG ∗ d ( z ) . Then, zG d ( z ) is identical to zG ∗ d ( z ) if and only if D g = D ∗ and C g A k − d B d = C ∗ A k − ∗ B ∗ for all k = , , . . . , n . With C d being the controllability matrix of ( A d , B d ) , it is equivalentto C g C d = C g (cid:2) B d , A d B d , · · · , A n − d B d (cid:3) = [ C ∗ B ∗ , C ∗ A ∗ B ∗ , · · · , C ∗ A n − ∗ B ∗ ] and D g = D ∗ = k d . (46)By the controllability, C d is invertible. (cid:117)(cid:116) From now on, let us consider the case when h g ( t ) = ∑ Ni = w i δ ( t − iT s / N ) , where N is a positive integer and w i ’s are constant weights, so that y g [ k ] = N ∑ i = w i y (cid:18) iN T s + ( k − ) T s (cid:19) . (47)While (42) requires continuous measurements over the interval, only finite numberof measurements are asked in (47), which is practical. Now let us look at the relation between the pair ( C g , D g ) and ¯ w : = [ w , · · · , w N ] (cid:62) .For this, note that, for i = , · · · , N , x (cid:18) iN T s + ( k − ) T s (cid:19) = e A iTsN x [ k − ] + (cid:90) iTsN e A ( iTsN − τ ) Bd τ u [ k − ]= A i d , N x [ k − ] + i ∑ j = A j − d , N B d , N u [ k − ] (48)where A d , N = e AT s / N and B d , N = (cid:82) T s / N e A ( T s / N − τ ) Bd τ = (cid:82) T s / N e A τ Bd τ . Then, bycomparing (47) and (48) with (43), it follows that It is well-known that, if ( A , B ) is controllable, then ( A d , B d ) is controllable for almost all samplingtimes T s . A similar strategy was presented in [17] where a multi-rate sampler is employed for attack detec-tion. However, all samples y ( iT s / N + ( k − ) T s ) , i = , ··· , N , are transmitted to the controller forattack detection.6 Hyungbo Shim, Juhoon Back, Yongsoon Eun, Gyunghoon Park, and Jihan Kim C g = ¯ w (cid:62) CA d , N CA d , N ... CA N d , N = : ¯ w (cid:62) M C , D g = ¯ w (cid:62) CB d , N CA d , N B d , N + CB d , N ... C ∑ Nj = A j − d , N B d , N = : ¯ w (cid:62) M D , (49)where M C ∈ R N × n and M D ∈ R N × . Therefore, we obtain the following result. Lemma 5. If [ C g , D g ] ∈ R × ( n + ) belongs to the row space of [ M C , M D ] ∈ R N × ( n + ) ,then the vector ¯ w exists as a solution to ¯ w (cid:62) [ M C , M D ] = [ C g , D g ] . (50) If the extended system ˜ x [ k + ] = (cid:20) A d , N B d , N (cid:21) ˜ x [ k ] , ˜ y [ k ] = (cid:2) CA d , N , CB d , N (cid:3) ˜ x [ k ] where ˜ x ∈ R n + is observable, then the vector ¯ w exists for any [ C g , D g ] with N = n + , and obtained by ¯ w (cid:62) = [ C g , D g ][ M C , M D ] − .Proof. The first claim is straightforward, and the second claim follows from the factthat the observability matrix of the extended system is [ M C , M D ] . (cid:117)(cid:116) Unlike the undesirable inter-sample behavior caused by the generalized hold, thegeneralized sampler does not affect the inter-sample behavior of the continuous-timesystem. Instead, the output y g [ k ] is different from the conventional output sample y [ k ] , which may not be desirable for monitoring or for other purposes. To mitigatethis difference, an optimization problem can be formulated. In particular, we wantto reduce (cid:107) y g [ k ] − y [ k ] (cid:107) under the constraints that the zeros are located inside theunit circle and that the sum of the weights is unity, i.e., 1 (cid:62) N ¯ w =
1. Reducing thedifference (cid:107) y g [ k ] − y [ k ] (cid:107) is related to the selection of ¯ w because y g [ k ] = ¯ w (cid:62) [ M C , M D ] (cid:20) x [ k − ] u [ k − ] (cid:21) and y [ k ] = e (cid:62) N [ M C , M D ] (cid:20) x [ k − ] u [ k − ] (cid:21) where e N = [ , · · · , , ] (cid:62) ∈ R N , in which the left equation follows from (43) and(49), and the right equation is from (47) by observing that (47) becomes y [ k ] = y ( kT s ) when w N = w i = i (cid:54) = N .Now, we need to relate ¯ w with the stability of the zero polynomial in (45). Thisis achieved by realizing zG ∗ d ( z ) in the controllable canonical form as This subsection is a brief summary of the contribution of [9].ero-dynamics Attack, Variations, and Countermeasures 27 ¯ x [ k + ] = (cid:20) n − I n − − d · · · − d n − (cid:21) ¯ x [ k ] + (cid:20) n − (cid:21) u [ k ] = : A ∗ ¯ x [ k ] + B ∗ u [ k ] y g [ k + ] = (cid:2) c · · · c n − c n − (cid:3) ¯ x [ k ] + k d u [ k ] = : C ∗ ¯ x [ k ] + D ∗ u [ k ] where D ∗ = k d and the constants c , . . . , c n − , d , . . . , d n − are determined from therelations det ( zI n − A d ) = z n + d n − z n − + · · · + d k d (cid:32) n ∏ i = ( z − z d , i ) − det ( zI n − A d ) (cid:33) = c n − z n − + c n − z n − + · · · + c . (51)With C ∗ = [ c , · · · , c n − ] and D ∗ = k d , it follows from (50) and (46) that¯ w (cid:62) M C = C g = (cid:2) C ∗ B ∗ , · · · , C ∗ A n − ∗ B ∗ (cid:3) C − d = C ∗ (cid:2) B ∗ , · · · , A n − ∗ B ∗ (cid:3) C − d = : C ∗ C ∗ C − d , ¯ w (cid:62) M D = D g = D ∗ = k d . Finally, the convex optimization problem is given byminimize ¯ w ∈ R N , ˜ P ∈ R n × n (cid:107) [ M C , M D ] (cid:62) ( ¯ w − e N ) (cid:107) (52a)subject to (cid:20) ˜ A (cid:62) ˜ P ˜ A − ˜ P , ˜ A (cid:62) ˜ P ˜ B − ˜ C (cid:62) ˜ B (cid:62) ˜ P ˜ A − ˜ C , ˜ B (cid:62) ˜ P ˜ B − D (cid:21) ≤ , ˜ P > , (52b)and ˜ C = C −(cid:62)∗ C (cid:62) d M (cid:62) C ¯ w + ( M (cid:62) D ¯ w ) ¯ d , ˜ D = M (cid:62) D ¯ w (52c)and 1 (cid:62) N ¯ w = d : = [ d , d , · · · , d n − ] (cid:62) . The constraints (52b) and (52c) are for stability ofthe zero polynomial k d ∏ ni = ( z − z d , i ) , derived from (51) and Remark 2. The taskof disarming the attack is achieved mainly by (52b) and (52c), and thus, the costfunction and the constraint (52d) can be modified to obtain different ¯ w . This chapter introduces an actuator attack that is both stealthy and disruptive. Inparticular, the attack exploits the zero dynamics of the system, which is either fromintrinsic zeros or from sampling zeros. Also presented is the robust zero-dynamicsattack that is both disruptive and stealthy but the design of which does not require ex-act knowledge of the target system. This implies that the target control system maybe in a greater danger than one would imagine. The attack extends to the case of non-linear systems. As a dual problem of the zero-dynamics attack, two sensor attacksare briefly introduced as well, which are referred to as pole-dynamics attack and robust pole-dynamics attack, respectively. These are attacks on sensors that exploitthe plant pole dynamics. Finally, two methods are introduced that render the zero-dynamics attack to be little of a threat. It is shown that by designing a generalizedhold or sample, unstable zeros move to a stable region in the complex plane. Thus,the attacks designed for the zeros are no longer disruptive. This kind of solutionsare effective compared to other countermeasures against zero-dynamics attack, butrequire a redesign of feedback controllers because the discrete-time transfer func-tion is changed by the generalized hold or sampler. In addition, robustness of thedesigned hold or sampler against uncertainty of the plant needs to be investigated asthe issue has been raised in, e.g., [3].
Acknowledgement
The authors are grateful to Hyuntae Kim at Seoul National University for his idea ofRemark 2. This work was supported by Institute for Information & communicationsTechnology Promotion grant funded by MSIT, the Korean government (2014-0-00065, Resilient Cyber-Physical Systems Research).
References
1. Back, J., Shim, H.: Adding robustness to nominal output-feedback controllers for uncertainnonlinear systems: A nonlinear version of disturbance observer. Automatica (10), 2528–2537 (2008)2. Back, J., Shim, H.: Reduced-order implementation of disturbance observers for robust trackingof non-linear systems. IET Control Theory & Applications (17), 1940–1948 (2014)3. Freudenberg, J. S., Middleton, R. H., Braslavsky, J. H.: Robustness of zero shifting via gener-alized sampled-data hold functions. IEEE Transactions on Automatic Control (12), 1681–1692 (1997)4. Giles, M.: Triton is the world’s most murderous malware, and it’s spreading. MIT TechnologyReview, March 5 (2019)5. Hitz, B.E., Anderson, B.D.O.: Discrete positive-real functions and their application to systemstability. Proc. of IEE (1), pp. 153–155, 19696. Hoehn, A., Zhang, P.: Detection of covert attacks and zero dynamics attacks in cyber-physicalsystems. In: Proc. of American Control Conference, pp. 302–307 (2016)7. Jeon, H., Aum, S., Shim, H., Eun, Y.: Resilient state estimation for control systems usingmultiple observers and median operation. Mathematical Problems in Engineering, HindawiPublishing Corporation (2016).8. Khalil, H.K.: Nonlinear Control, 3rd edn. Pearson Higher Ed (2014)9. Kim, D., Ryu, K., Back, J.: Zero Assignment via Generalized Sampler: A Countermeasureagainst Zero-Dynamics Attack. submitted to Automatica10. Kim, D., Ryu, K., Back, J.: Security enhancement of sampled-data systems: Zero assignmentvia generalized sampler. In: Proc. of IFAC World Congress (2020)11. Kim, J., Back, J., Park, G., Lee, C., Shim, H., Voulgaris, P.G.: Neutralizing zero dynam-ics attack on sampled-data systems via generalized holds. Automatica (2020). DOI10.1016/j.automatica.2019.108778.ero-dynamics Attack, Variations, and Countermeasures 2912. Kim, J., Park, G., Shim, H., Eun, Y.: Masking attack for sampled-data systems via input re-dundancy. IET Control Theory & Applications (14), 2300–2308 (2019). DOI 10.1049/iet-cta.2018.6075.13. Langner, R.: Stuxnet: Dissecting a cyberwarfare weapon. IEEE Security and Privacy (3),49–51 (2011)14. Lee, R.M., Assante, M.J., and Conway, T.: Analysis of the cyber attack on the Ukrainian powergrid. SANS Industrial Control Systems, Washington, DC. USA, Tech. Rep. (2016)15. Lee, C., Shim, H., Eun, Y.: On redundant observability: From security index to attack detec-tion and resilient state estimation. IEEE Transactions on Automatic Control (2), 775–782(2019). DOI 10.1109/TAC.2018.2837107.16. Lee, J.G., Kim, J., Shim, H.: Fully distributed resilient state estimation based on dis-tributed median solver. IEEE Transactions on Automatic Control (2020). DOI10.1109/TAC.2020.2989275.17. Naghnaeian, M., Hirzallah, N.H., Voulgaris, P.G.: Security via multirate control in cy-ber–physical systems. Systems & Control Letters , 12 – 18 (2019). DOI10.1016/j.sysconle.2018.12.00118. Park, G., Lee, C., Shim, H.: On stealthiness of zero-dynamics attacks against uncertain nonlin-ear systems: A case study with quadruple-tank process. In Proc. of International Symposiumon Mathematical Theory of Networks and Systems (MTNS), Hong Kong (2018).19. Park, G., Lee, C., Shim, H., Eun, Y., Johansson, K.H.: Stealthy adversaries against uncertaincyber-physical systems: Threat of robust zero-dynamics attack. IEEE Transactions on Auto-matic Control (12), 4907–4919 (2019). DOI 10.1109/TAC.2019.2903429.20. Park, G., Shim, H., Lee, C., Eun, Y., Johansson, K.H.: When adversary encounters uncer-tain cyber-physical systems: Robust zero-dynamics attack with disclosure resources. In:2016 IEEE 55th Conference on Decision and Control, pp. 5085–5090 (2016). DOI10.1109/CDC.2016.779904721. Shane, S., Sanger, D.E.: Drone crash in Iran reveals secret US surveillance effort. The NewYork Times, December 8, (2011).22. Shieh, L.S., Wang, W.M., Bain, J., Sunkel, J.W.: Design of lifted dual-rate digital controllersfor X-38 vehicle. Journal of Guidance, Control, and Dynamics (4), 629–639 (2000)23. Shim, H., Park, G., Joo, Y., Back, J., Jo, N.H.: Yet another tutorial of disturbance observer:Robust stabilization and recovery of nominal performance. Control Theory and Technology (3), 237–249 (2016)24. Slay, J., Miller, M.: Lessons learned from the Maroochy water breach. Critical InfrastructureProtection , 73–82 (2007)25. Sussmann, H., Kokotovic, P.: The peaking phenomenon and the global stabilization of nonlin-ear systems. IEEE Transactions on Automatic Control36