Saurabh Amin, Alvaro Cardenas, Alex Bayen, Shankar Sastry
Citation
Saurabh Amin, Alvaro Cardenas, Alex Bayen, Shankar Sastry. "Secure Control and the Analysis of Denial of Service Attacks". Talk or presentation, 11, November, 2008.
Abstract
Control systems are computer-based systems that monitor and control physical processes. These systems represent a wide variety of networked information technology (IT) systems connected to the physical world. Depending on the application, these control systems are also called Process Control Systems (PCS), Supervisory Control and Data Acquisition (SCADA) systems (in industrial control or in the control of the critical infrastructures), or Cyber-Physical Systems (CPS) (to refer to embedded sensor and actuator networks).
Several control applications can be labeled as safety-critical: their failure can cause irreparable harm to the physical system being controlled and to the people who depend on it. SCADA systems, in particular, perform vital functions in national critical infrastructures, such as electric power distribution, oil and natural gas distribution, water and waste-water treatment, and transportation systems. They are also at the core of health-care devices, weapons systems, and transportation management. The disruption of these control systems could have a significant impact on public health, safety and lead to large economic losses. Control systems have been at the core of critical infrastructures and industrial plants for many decades, and yet, there have been very few confirmed cases of cyberattacks. Control systems, however, are more vulnerable now than before to computer vulnerabilities for many reasons, such as the use of commodity IT solutions, corporate network interconnections, they are more and more ubiquitous and there is an increasing number of people capable of launching computer attacks on control systems with different motivations including disgruntled employees, cyber crime, extortion, terrorism etc.
While it is clear that the security of control systems has become an active area in recent years, we believe that, so far, no one has been able to articulate what is new and fundamentally different in this field from a research point of view compared to traditional IT security. In general, information security has developed mature technologies and design principles (authentication, access control, message integrity, separation of privilege, etc.) that can help us prevent and react to attacks against control systems. However, research in computer security has focused traditionally on the protection of information. Researchers have not considered how attacks affect the estimation and control algorithms -and ultimately, how attacks affect the physical world. We argue that while the current tools of information security can give necessary mechanisms for the security of control systems, these mechanisms alone are not sufficient for the defense-in-depth of control systems.
We believe that by understanding the interactions of the control system with the physical world, we should be able to (1) better understand the consequences of an attack: so far there is no research on how an adversary would select an strategy once it has obtained unauthorized access to some control network devices; (2) design novel attack-detection algorithms: by understanding how the physical process should behave based on our control commands and sensor measurements, we can identify if an attacker is tampering with the control or sensor data; and (3) design new attack-resilient algorithms and architectures: if we detect an attack we may be able to change the control commands to increase the resiliency of the system.
To this end, we provide a taxonomy of attacks to control systems at the "systems level". We then focus our technical work in the analysis of Denial of Service Attacks.
Our two main contributions are (1) we formulate a new problem of denial of service attacks on predictive control of linear systems that need to satisfy certain safety constraints. We chose predictive control because it is one of the most used control algorithms in industrial settings. We also included safety constraints to describe security specifications. (2) we show how by analyzing a wider class of attack options than the ones assumed in networked control, an adversary can create novel attacks that have higher negative effects on the performance of the control system. We also show how to design an optimal control policy for these worst-case attacks.
Other technical contributions of this work are (1) we consider a set of affine state feedback policies. This class generalizes previous work; (2) we derive the Kalman filter equations for predictive control when there is a denial of service attack; (3) we prove that with an error feedback parameterization the closed loop response is affine in the control parameters; and (4) we show how our problem can be posed as a convex problem. In particular, we show that the optimal control can be found as the solution of a semi-definite program. This is an improvement over previous work which has solved similar problems using dynamic programming
Electronic downloads
- 14%20-%20Amin.pdf · application/pdf · 1334 kbytes
| Citation formats |
- HTML
Saurabh Amin, Alvaro Cardenas, Alex Bayen, Shankar Sastry. <a href="http://www.truststc.org/pubs/485.html" ><i>Secure Control and the Analysis of Denial of Service Attacks</i></a>, Talk or presentation, 11, November, 2008.
- Plain text
Saurabh Amin, Alvaro Cardenas, Alex Bayen, Shankar Sastry. "Secure Control and the Analysis of Denial of Service Attacks". Talk or presentation, 11, November, 2008.
- BibTeX
@presentation{AminCardenasBayenSastry08_SecureControlAnalysisOfDenialOfServiceAttacks, author = {Saurabh Amin and Alvaro Cardenas and Alex Bayen and Shankar Sastry}, title = {Secure Control and the Analysis of Denial of Service Attacks}, day = {11}, month = {November}, year = {2008}, abstract = {Control systems are computer-based systems that monitor and control physical processes. These systems represent a wide variety of networked information technology (IT) systems connected to the physical world. Depending on the application, these control systems are also called Process Control Systems (PCS), Supervisory Control and Data Acquisition (SCADA) systems (in industrial control or in the control of the critical infrastructures), or Cyber-Physical Systems (CPS) (to refer to embedded sensor and actuator networks). Several control applications can be labeled as safety-critical: their failure can cause irreparable harm to the physical system being controlled and to the people who depend on it. SCADA systems, in particular, perform vital functions in national critical infrastructures, such as electric power distribution, oil and natural gas distribution, water and waste-water treatment, and transportation systems. They are also at the core of health-care devices, weapons systems, and transportation management. The disruption of these control systems could have a significant impact on public health, safety and lead to large economic losses. Control systems have been at the core of critical infrastructures and industrial plants for many decades, and yet, there have been very few confirmed cases of cyberattacks. Control systems, however, are more vulnerable now than before to computer vulnerabilities for many reasons, such as the use of commodity IT solutions, corporate network interconnections, they are more and more ubiquitous and there is an increasing number of people capable of launching computer attacks on control systems with different motivations including disgruntled employees, cyber crime, extortion, terrorism etc. While it is clear that the security of control systems has become an active area in recent years, we believe that, so far, no one has been able to articulate what is new and fundamentally different in this field from a research point of view compared to traditional IT security. In general, information security has developed mature technologies and design principles (authentication, access control, message integrity, separation of privilege, etc.) that can help us prevent and react to attacks against control systems. However, research in computer security has focused traditionally on the protection of information. Researchers have not considered how attacks affect the estimation and control algorithms -and ultimately, how attacks affect the physical world. We argue that while the current tools of information security can give necessary mechanisms for the security of control systems, these mechanisms alone are not sufficient for the defense-in-depth of control systems. We believe that by understanding the interactions of the control system with the physical world, we should be able to (1) better understand the consequences of an attack: so far there is no research on how an adversary would select an strategy once it has obtained unauthorized access to some control network devices; (2) design novel attack-detection algorithms: by understanding how the physical process should behave based on our control commands and sensor measurements, we can identify if an attacker is tampering with the control or sensor data; and (3) design new attack-resilient algorithms and architectures: if we detect an attack we may be able to change the control commands to increase the resiliency of the system. To this end, we provide a taxonomy of attacks to control systems at the "systems level". We then focus our technical work in the analysis of Denial of Service Attacks. Our two main contributions are (1) we formulate a new problem of denial of service attacks on predictive control of linear systems that need to satisfy certain safety constraints. We chose predictive control because it is one of the most used control algorithms in industrial settings. We also included safety constraints to describe security specifications. (2) we show how by analyzing a wider class of attack options than the ones assumed in networked control, an adversary can create novel attacks that have higher negative effects on the performance of the control system. We also show how to design an optimal control policy for these worst-case attacks. Other technical contributions of this work are (1) we consider a set of affine state feedback policies. This class generalizes previous work; (2) we derive the Kalman filter equations for predictive control when there is a denial of service attack; (3) we prove that with an error feedback parameterization the closed loop response is affine in the control parameters; and (4) we show how our problem can be posed as a convex problem. In particular, we show that the optimal control can be found as the solution of a semi-definite program. This is an improvement over previous work which has solved similar problems using dynamic programming }, URL = {http://www.truststc.org/pubs/485.html} }
Posted by Jessica Gamble on 23 Jan 2009.
For additional information, see the
Publications FAQ or
contact webmaster at www truststc org.
Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.