State Consistencies for Cyber- Physical System Recovery Fanxin Kong, - PowerPoint PPT Presentation

State Consistencies for Cyber- Physical System Recovery Fanxin Kong, S yracuse Universit y okolsky, James Weimer, Insup Lee, Universit y of Oleg S Pennsylvania April 15, 2019 Department of Electrical Engineering and Computer S cience

Cyber-Physical Systems We are living in a Cyber-Physical System world! 2

Security 3

CPS Attack Surfaces • Cyber attack surfaces e.g., communication, ‐ networks, computers, ... • Environmental attack surfaces e.g., GPS signal, electro- ‐ magnetic interference, ... • Physical attack surfaces e.g., locks, casings, cables, ‐ … • Human attack surfaces e.g., phishing, blackmail, … ‐ 4

What we study and why? Target : Sensor Attacks • The attacker can arbitrarily Physical system change sensor measurements - environmental attack surfaces Malicious Actuator Sensor signals - cyber attack surfaces Malicious packets Network Controller 100mi/h 30mi/h 5

What we study and why? Target : Sensor Attacks • The attacker can arbitrarily Physical system change sensor measurements - environmental attack surfaces Malicious Actuator Sensor signals - cyber attack surfaces Malicious Goal : Resilience packets Network • To ensure control performance under sensor attacks Controller 6

Ideally… Speed sensor attack • Ideally, the system performs (almost) the same as if there is no attack - Example: cruise control under a speed sensor attack 7

Outline • Background • Review on CPS recovery • Roll‐forward recovery • How well does it work • S tate consistencies for CPS recovery • Consistency definitions • Evaluation • Conclusion 8

CPS recovery Roll-forw ard recovery: Rolling the system to the current tim e by starting from a consistent cyber-physical-state Prediction using historical state Estimated � speed • Example: model-based prediction (ICCPS2018) 9

Scenario: travelling in a straight line • Testbed: an unmanned vehicle. Each front wheel is driven by a motor, and each motor has a speed sensor • Goal: to keep a vehicle travel in a straight line, i.e., the two front wheels have the same speed • Controller: a PID controller supervises and controls the speed difference of the two front wheels • Attack: the attacker modifies a speed sensor’s measurements to a constant value 10

How well does it work? No protection difference speed large The vehicle keeps turning With protection recovery difference speed small The vehicle travels almost straightly --- desired ∆ ― actual ∆ 11

What kind of states is used? We use Consistent Cy ber-Phy sica l Sta tes • Cyber-physical st at es : the cyber information that reflects physical states • Cyber-physical consist ency : whether the physical state can be accurately reflected by the corresponding cyber information Cyber‐physical logic‐consistency Cyber‐physical timing‐consistency Synchronization Freshness 12

A system diagram of CPS Physical System Physical space Cyber space Controller A cyber‐physical state is denoted as 13

Cyber-Physical Logic-Consistency sample sample 𝑦̅ � 𝑦 � The logic‐consistency is confined � 𝑦̅ � 𝑦 � to values, is NOT enough. 𝑦̅ � 𝑦 � 𝑗 � 1 𝑈 𝑗𝑈 � � 14

Cyber-Physical Timing-Consistency 15

(1) Syn-Timing-Consistency (1/ 2) sample sample sample sample � � � � � � � � � � � � � � � � � YES NO 16

(1) Syn-Timing-Consistency (2/ 2) sample sample sample actuate actuate actuate � � � � time � � : NO � : YES � � � 17

(2) Exp-Timing-Consistency Calculating the expire tim e time The error of state prediction is unacceptable 18

Evaluation • Goal: to keep a vehicle travel at a constant speed • Simulator: DC motor speed control using PID controller � � � � � � � � � � � � � • Scenario: an attack is found out and the system performs recovery ONCE to predict the current state 19

Violating Logic-Consistency 20

Violating Syn-Timing-Consistency Current ( ) and speed ( ) have different tim e stam ps 21

Need of Exp-Timing-Consistency Using older states for recovery resulting in larger drifts 22

Conclusion • Review on CPS recovery • Model‐based roll‐forward recovery • How well does it work • S tate consistencies for CPS recovery • Defined logic and timing consistencies • Why the consistencies is needed Thank you! Q&A 23