Cheolhyeon Kwon

Security analysis for Cyber-Physical Systems against stealthy deception attacks

Security of Cyber-Physical Systems (CPS) against cyber attacks is an important yet challenging problem. Since most cyber attacks happen in erratic ways, it is difficult to describe them systematically. In this paper, instead of identifying a specific cyber attack model, we are focused on analyzing the systems response during cyber attacks. Deception attacks (or false data injection attacks), which are performed by tampering with system components or data, are not of particular concern if they can be easily detected by the systems monitoring system. However, intelligent cyber attackers can avoid being detected by the monitoring system by carefully design cyber attacks. Our main objective is to investigate the performance of such stealthy deception attacks from the systems perspective. We investigate three kinds of stealthy deception attacks according to the attackers ability to compromise the system. Based on the information about the dynamics of the system and existing hypothesis testing algorithms, we derive the necessary and sufficient conditions under which the attacker could perform each kind of attack without being detected. In the end, we illustrate the threat of these cyber attacks using an Unmanned Aerial Vehicle (UAV) navigation example.

Analysis and Design of Stealthy Cyber Attacks on Unmanned Aerial Systems

Cyber security has emerged as one of the most important issues in unmanned aerial systems for which the functionality heavily relies on onboard automation and intervehicle communications. In this paper, potential cyber threats and vulnerabilities in the unmanned aerial system’s state estimator to stealthy cyber attacks are identified, which can avoid being detected by the monitoring system. Specifically, this paper investigates the worst stealthy cyber attack that can maximize the state estimation error of the unmanned aerial system’s state estimator while not being detected. First, the condition that the system is vulnerable to the stealthy cyber attacks is derived, and then an analytical method is provided to identify the worst stealthy cyber attack. The proposed cyber attack analysis methods are demonstrated with illustrative examples of an onboard unmanned aerial system navigation system and an unmanned aerial system tracking application.

Cyber Security Analysis for State Estimators in Air Traffic Control Systems

Cyber security has emerged as one of the most important issues in modern Air Traffic Control (ATC) systems whose functionalities heavily rely on communications between networked agents in the system. Since the current ATC systems has not incorporated mechanisms specifically designed to protect their cyber security, potential cyber attacks such as GPS spoofing, false data injection and computer virus may threat the safety of the systems. This paper is focused on the cyber security of linear state estimators (Kalman filters) which are widely used in ATC systems for aircraft surveillance and control. Compared with other components in the ATC system, state estimators can be more easily attacked because they directly process the raw sensor and communication data which can be directly falsified by cyber attacks. Since cyber attacks rarely happen, accurately modeling cyber attacks is usually intractable. Therefore, this paper analyzes all possible attack cases to identify the estimator’s security hole in the worst case. Specifically for a class of linear estimators, namely, the α−β filter, which has wide applications, the optimization tools are used to identify the most dangerous attack sequence among all stealthy cyber attacks. The approach proposed in this paper is general and can be applied to other systems’ security analysis.

Hybrid robust controller design: Cyber attack attenuation for Cyber-Physical Systems

This paper considers controller design for Cyber-Physical Systems (CPSs) that are robust to various types of cyber attacks. While the previous studies have investigated a secure control by assuming a specific attack strategy, in this paper we propose a hybrid robust control scheme that contains multiple sub-controllers, each matched to a specific type of cyber attacks. Then the system can be adapted to various cyber attacks (including those that are not assumed for sub-controller design) by switching its sub-controllers to achieve the best performance. We propose a method for designing the secure switching logic to counter all possible cyber attacks and mathematically verify the systems performance and stability as well. The performance of the proposed control scheme is demonstrated by an example with the hybrid H2 - H∞ controller applied to an Unmanned Aerial System (UAS).

Trustworthy design architecture: Cyber-physical system

Conventional cyber defenses require continual maintenance: virus, firmware, and software updates; costly functional impact tests; and dedicated staff within a security operations center. The conventional defenses require access to external sources for the latest updates. The whitelisted system, however, is ideally a system that can sustain itself freed from external inputs. Cyber-Physical Systems (CPS), have the following unique traits: digital commands are physically observable and verifiable; possible combinations of commands are limited and finite. These CPS traits, combined with a trust anchor to secure an unclonable digital identity (i.e., digitally unclonable function [DUF] — Patent Application #15/183,454; CodeLock), offers an excellent opportunity to explore defenses built on whitelisting approach called “Trustworthy Design Architecture (TDA).” There exist significant research challenges in defining what are the physically verifiable whitelists as well as the criteria for cyber-physical traits that can be used as the unclonable identity. One goal of the project is to identify a set of physical and/or digital characteristics that can uniquely identify an endpoint. The measurements must have the properties of being reliable, reproducible, and trustworthy. Given that adversaries naturally evolve with any defense, the adversary will have the goal of disrupting or spoofing this process. To protect against such disruptions, we provide a unique system engineering technique, when applied to CPSs (e.g., nuclear processing facilities, critical infrastructures), that will sustain a secure operational state without ever needing external information or active inputs from cybersecurity subject-matter experts (i.e., virus updates, IDS scans, patch management, vulnerability updates). We do this by eliminating system dependencies on external sources for protection. Instead, all internal communication is actively sealed and protected with integrity, authenticity and assurance checks that only cyber identities bound to the physical component can deliver. As CPSs continue to advance (i.e., IoTs, drones, ICSs), resilient-maintenance free solutions are needed to neutralize/reduce cyber risks. TDA is a conceptual system engineering framework specifically designed to address cyber-physical systems that can potentially be maintained and operated without the persistent need or demand for vulnerability or security patch updates.

Optimal discrete-time Kalman Consensus Filter

Following recent advances in networked communication technologies, sensor networks have been employed in a broad range of applications at a lower cost than centrally supervised systems. Their major functionality is to track and monitor targets using various distributed estimation techniques. Specifically, the distributed Kalman Consensus Filter (KCF) fuses data from different sensor agents by achieving two objectives for each sensor: 1) locally estimating the state of the target; and 2) reaching a consensus of the state estimate between neighboring agents through communication. Although the KCF has been proven to have superior performance in terms of stability and scalability, it relies on approximated suboptimal consensus gain to avoid algorithmic complexity. Specifically, we seek to address this problem of suboptimality, and analytically derive the closed form solution to the globally optimal consensus gain, which is characterized by the minimum mean square error for the estimation process. Illustrative simulation results are presented to demonstrate that the optimal consensus gain outperforms the suboptimal solution.

Constrained stochastic hybrid system modeling to road map - GPS integration for vehicle positioning

This paper considers the vehicle positioning problem of an automobile on-board navigation system which is mainly supported by Global Positioning System (GPS). To complement GPS, the existing navigation techniques incorporate additional vehicle sensors, together with the map data to match the positioning solution with the road map. We propose an advanced map-matching algorithm that integrates the additional map data with GPS and vehicle sensor measurements. Specifically, the detailed road map data, where individual road segments are subdivided into lanes, can impose further restriction on the vehicle as it is likely to move along the center of each lane and is rarely at boundary. Such a tendency can be mathematically interpreted as a statistical constraint in our map-matching algorithm. In addition, the lane change behavior of the vehicle can be accounted for by the discrete modes assigned to the individual road lanes. Then, the overall positioning process can be posed as a constrained stochastic hybrid system framework. The proposed map-matching algorithm provides more reliable vehicle positioning (continuous state estimate) and lane discrimination (discrete mode estimate) without needing costly sensor resources.

Recursive reachable set computation for on-line safety assessment of the Cyber-Physical System against stealthy cyber attacks

With recent progress in networked embedded control technology, cyber attacks have become one of the major threats to Cyber-Physical Systems (CPSs) due to their close integration of logical and physical processes. Since the conventional computer security techniques are unable to assure the underlying physical behavior against cyber attacks, this paper considers the safety of the compromised CPS from a controls domain perspective. Specifically, we propose an on-line algorithm to assess the safety of the CPS in the presence of stealthy cyber attacks which can be designed intelligently to avoid detection. The main idea is based on a reachability analysis that computes the reachable set of CPS states possibly reached by all potential stealthy cyber attacks. The reachable set computation typically demands a large computation cost and has mostly relied on the approximation techniques. However, our algorithm analytically derives the exact reachable set solution and further establishes a recursive computation structure that can perform in the real-time CPS operation. This significantly enhances the quality of the on-line safety assessment, enabling more reliable, less conservative, and computationally efficient process. The proposed algorithm is demonstrated with an illustrative example of an unmanned aircraft system (UAS) application.

Augmented sensing-based state estimation for cooperative Multi-Agent Systems

Distributed estimation and control schemes play an important role in cooperative Multi-Agent Systems (MASs), addressing various challenges of the insufficient capabilities of individual agents, such as limited sensing ranges. In this paper, we propose an augmented estimation algorithm that enables state estimation of agents which are out of sensing range from a local monitoring agent. The algorithm utilizes the probability of out-of-range agents affecting the behavior of in-range agents; this allows the monitoring agent to indirectly obtain information about unobserved agents. Then, based on a Bayesian approach, the proposed estimation algorithm recursively computes the state estimate by tracking the observed behaviors and their interactions with out-of-range agents. The performance of the proposed algorithm is demonstrated with numerical simulations of formation flight and cooperative surveillance.