Professional Documents
Culture Documents
Lecture 2
Lecture 2
Cyber-Physical Systems
Fall - 2022
Fall - 2022 1 / 68
Outline
Fall - 2022 2 / 68
Lecture 1 - Recap
Fall - 2022 3 / 68
Cyber-Physical Systems (CPSs)
Plant
+
Network +
Controller
actuators sensors
A S
A Plantstate x(t) S
Communication Channels
Fall - 2022 5 / 68
actuators sensors
A S
A Plantstate x(t) S
Communication Channels
Fall - 2022 7 / 68
Communication Channels
Adversary
y(t) ‘
y(t)
Feedback
Plant Communication Channel
Controller
state x(t)
‘
u(t) u(t)
Fall - 2022 9 / 68
Information Security & CPS - Integrity
Adversary
y(t) ‘
y(t)
Feedback
Plant Communication Channel
Controller
state x(t)
‘
u(t) u(t)
Fall - 2022 10 / 68
Adversary
‘
y(t)
y(t)
Feedback
Plant Communication Channel
Controller
state x(t)
‘
u(t) u(t)
Fall - 2022 11 / 68
Fall - 2022 12 / 68
Complete CPS Model
• By assuming that the defender needs to both detect and mitigate
cyber-attacks, the following networked control system is
considered:
‘
Plantstate x(t) y(t)
u(t)
Communication Channels
u(t) r(t) ‘
y(t)
control logic state estimator
anomaly detector
Networked Controller
Defender Model
‘
Plantstate x(t) y(t)
Region of danger (safety is at risk)
u(t)
Region of unacceptable performance
Region of required
u(t) r(t) ‘
y(t) performance
control logic state estimator
anomaly detector
Networked Controller
2
In other architectures, we might have other components
Fall - 2022 14 / 68
‘
Plantstate x(t) y(t)
u(t)
u(t) r(t) ‘
y(t)
control logic state estimator
anomaly detector
Communication Channels
Networked Controller
Fall - 2022 16 / 68
Adversary Models
Fall - 2022 17 / 68
Attacker’s Objectives
1 The attacker goal is to steer the plant’s state outside the region of
required performance (e.g., inside the region of
degraded/unacceptable/danger performance).
2 The attacker wants to minimize the chance to be detected by the
anomaly detector
‘
Plantstate x(t) y(t)
Region of danger (safety is at risk)
u(t)
Region of unacceptable performance
Region of required
u(t) r(t) ‘
y(t) performance
control logic state estimator
anomaly detector
Networked Controller
Fall - 2022 18 / 68
Undetectable/Stealthy Attack
‘
Plantstate x(t) y(t)
Region of danger (safety is at risk)
u(t)
Region of unacceptable performance
Region of required
u(t) r(t) ‘
y(t) performance
control logic state estimator
anomaly detector
Networked Controller
Fall - 2022 19 / 68
Communication Channels
Networked Controller
Communication Channels
Networked Controller
Fall - 2022 21 / 68
Basic attacks: eavesdropper and deception
Communication Channels
Networked Controller
• Eavesdropper attack:
Γu 0 u(t)
Ia (t) = Ia (t − 1) ∪
0 Γy y(t)
with Γu , Γy diagonal matrices containing {0, 1} on the diagonal
• Additive Deception/False Data Injection (FDI) attack
u′ (t) = u(t) + Ψu ua (t)
,
y ′ (t) = y(t) + Ψy ya (t)
with Ψu , Ψy diagonal matrices containing {0, 1} on the diagonal,
and ua (t), ya (t) the false data vectors
Fall - 2022 22 / 68
Model
Communication Channels
Disruptive Disclosure
Attacker Policy
Networked Controller
Fall - 2022 23 / 68
Fall - 2022 24 / 68
Attack Space: 3D modeling (1/3)
3D ATTACK SPACE
Model Knowledge
Model Knowledge
- Plant
-Controller
-Detector
Fall - 2022 25 / 68
3D ATTACK SPACE
Model Knowledge
Model Knowledge
- Plant Disclosure Resources
-Controller - Sensor measurements the attacker
-Detector can intercept
- Control Inputs the attacker can
intercept
Disclosure Resources
Fall - 2022 26 / 68
3D ATTACK SPACE
Model Knowledge
Model Knowledge
- Plant Disclosure Resources
-Controller - Sensor measurements the attacker
-Detector can intercept
- Control Inputs the attacker can
intercept
Disclosure Resources
s
ce
ur
o
es
eR
Disruptive Resources
tiv
Fall - 2022 27 / 68
Examples of Attacks against CPS
Fall - 2022 28 / 68
Fall - 2022 29 / 68
Model
Attacker Policy
Disruptive Disclosure
Attacker Policy
Attack policy at
• Prevent the actuator and/or sensor data from reaching their
respective destinations and producing an absence of data
(breaking the feedback loop).
Fall - 2022 30 / 68
Denial-of-Service Attack (DoS) - resources
Model
Attacker Policy
Disruptive Disclosure
Attacker Policy
3D Modeling
• Model knowledge: Ma = ∅
• Disclosure Resources: Γu = 0, Γy = 0
• Disruption Resources: Ψu (i, i) = 1, Ψy (j, j) = 1 on all the
channels i, j where the DoS attack is performed (e.g., where then
attacker can congest/jam the communications creating a loss of
transmission)
Fall - 2022 31 / 68
Model
Attacker Policy
Disruptive Disclosure
Attacker Policy
Attack Performance
1 Trivially not a stealthy attack. However, DoS attacks may be
misdiagnosed as a poor network condition.
2 DoS attacks affect the plant performance. With DoS, the control
system operates in open-loop!
Fall - 2022 32 / 68
Attack policy
• Phase I: Measurement eavesdropping (0 ≤ t ≤ T )
0 0 u(t)
Ia (t) = Ia (t − 1) ∪ , ua (t) = 0, ya (t) = 0
0 Γy y(t)
Model
Disruptive Disclosure
Attacker Policy
3D Modeling
• Model knowledge: ?
• Disclosure Resources: ?
• Disruption Resources: ?
Fall - 2022 34 / 68
Model
Disruptive Disclosure
Attacker Policy
3D Modeling
• Model knowledge: Ma = ∅
• Disclosure Resources: Γy = I
• Disruption Resources: Ψy = I, Ψu (i, i) = 1 (in the input
channels i where the FDI is injected)
Fall - 2022 35 / 68
t t
t t
recording replay + FDI recording replay + FDI
Attack Performance
• The plant performance can be damaged because the attacker has
an arbitrary control on the actuation channel
• If the plant is in steady-state conditionsa then the attack is
undetectable/stealthyb
a
Steady-state = the variables are unchanging in time
b
For the basic passive detector assumed so far. To detect replay-attacks, we will study the active detector
proposed in [Mo, 2009].
Fall - 2022 36 / 68
Zero-stealthy attack
Attack policy
• Inject in the actuation channel an attack signal ua (t) that changes
x(t) but leaves unchanged y(t).
Fall - 2022 37 / 68
Model
Disruptive Disclosure
Attacker Policy
3D Modeling
• Model knowledge: Ma = P̂ ≡ P
• Disclosure Resources: Γu = 0, Γy = 0
• Disruption Resources: Ψy = 0 and Ψu (i, i) = 1 (in the input
channels i where the zero-stealthy attack is injected)
Fall - 2022 38 / 68
Attack Performance
• The attack is, by construction, undetectable for D and it can
potentially create great damage to the plant (e.g., x(t) keeps
increasing over time possibly reaching a fatal condition for the
plant)
• Fortunately, such an attack is doable only against CPSs with
specific properties (e.g., if the plant has an unstable zero), see
[Teixeira, 2015] if you are interested in further details.
Fall - 2022 39 / 68
Covert Attack
Covert Attack
Attack policy
Inject in the actuation and measurement channels two attack vectors
ua (t) and ya (t) such that
• ua (t) produces a damage to the the plant
• ya (t) cancels out the effect of ua (t) from the sensor
measurements y(t)
Fall - 2022 40 / 68
Covert Attack
Model
Covert Attack
Disruptive Disclosure
Attacker Policy
3D Modeling
• Model knowledge: Ma = P̂ ≡ P
• Disclosure Resources:
• If the plant has a linear behavior: no disclosure resources are needed
• If the plant has a nonlinear behavior: Γu = I (or alternatively Γy = I)
• Disruption Resources: Ψy = I and Ψu = I
Fall - 2022 42 / 68
Covert Attack - performance
Model
Covert Attack
Disruptive Disclosure
Attacker Policy
Attack Performance
• A covert attack is a perfect stealthy attack that cannot be detected
by any detector located in the control center, see [Smith, 2011].
• Specific detection architecture have been developed to detect
such attacks.a
a
We will study the Moving Target detection schemes developed in [Schellenberger, 2017] and [Weerakkody, 2015].
Fall - 2022 43 / 68
4
bias injection = FDI
Fall - 2022 44 / 68
Fall - 2022 45 / 68
Smart Grid: Power Transmission System
x(t)= grid state vector (Status)
PMU
PMU
PMU PMU
cyber-attack
Fall - 2022 46 / 68
Fall - 2022 47 / 68
PMU
PMU PMU
cyber-attack
Fall - 2022 48 / 68
Plant Model
Fall - 2022 49 / 68
PMU
PMU PMU
Communication Channels
cyber-attack
Networked Controller
Communication Channels
Networked Controller
• Let us denote with x(t) the state of the system 5 with y(t) the
available measurements, i.e.,
x = [x1 , x2 , . . . , xn ]T , y = [y1 , y2 , . . . , ym ]T , n, m ∈ Z + , xi , yi ∈ R
• The linearized static power flow equation (plant model) has the
following structure, also known as DC power model
PMU
PMU PMU
cyber-attack
• Problem: How can we find the best fit x(t) for a given y(t)?
• We have to solve a system with n unknown and m equations,
where m > n, and C is full rank.
Fall - 2022 52 / 68
State Estimator
Fall - 2022 53 / 68
Fall - 2022 54 / 68
Anomaly Detector/Bad Data Detector
Fall - 2022 55 / 68
• If we have faulty sensors, some of the data y(t) received might not
be correct. How can we detect bad data?
• Once we get a state estimation x̂(t), we can build the so-called
measurement residual:
residual signal → r(t) = y(t) − C x̂(t)
ky − C x̂k ≤ τ
Fall - 2022 57 / 68
Bad Data Detector (3/3)
ky − C x̂k > τ
Fall - 2022 58 / 68
2011 Discovery
PMU
PMU PMU
Communication Channels
cyber-attack
Networked Controller
Fall - 2022 59 / 68
Fall - 2022 60 / 68
Attacker’s Objective and Resources
Model
Disruptive Disclosure
Attacker Policy
Fall - 2022 61 / 68
FDI Attack
y ′ = y + ya
Fall - 2022 62 / 68
Fall - 2022 63 / 68
Attack Impact on the State Estimation (2/2)
||y − C x̂|| ≤ τ
• Proof:
Since y can pass the detection, we have that ||y − C x̂|| ≤ τ. If we
consider the attack, we have that
Fall - 2022 64 / 68
Steps:
1 The attacker decides the bias d to cause on the state estimation
x̂bad = x̂ + d
ya = Cd
y ′ = y + ya
Result: The above attack bypasses the bad data detector, i.e.
||y − C x̂|| ≤ τ
Fall - 2022 65 / 68
Thank you!
Fall - 2022 66 / 68
References I
D. Kundur
Cyber Security of Smart Grid
Class: Cyber-Physical Security of the Smart Grid
H. Tebianian, B. Jeyasurya
Dynamic state estimation in power systems: Modeling, and challenges
Electric Power Systems Research, 2015.
Fall - 2022 67 / 68
References II
S. R. Smith
A decoupled feedback structure for covertly appropriating networked control
systems
IFAC Proceedings, 44.1, 90–95, 2011.
S. Weerakkody, B. Sinopoli
Detecting integrity attacks on control systems using a moving target approach
IEEE 54th Annual Conference on Decision and Control (CDC), 2015.
Fall - 2022 68 / 68