Team for Research in
Ubiquitous Secure Technology

Secure Control Against Replay Attacks
Bruno Sinopoli

Citation
Bruno Sinopoli. "Secure Control Against Replay Attacks". Talk or presentation, 29, November, 2009.

Abstract
This work analyzes the effect of replay attacks on a control system. We assume an attacker wishes to disrupt the operation of a control system in steady state. In order to inject an exogenous control input without being detected the attacker will hijack the sensors, observe and record their readings for a certain amount of time and repeat them while carrying out his attack. This is a very common and natural attack (we have seen numerous times intruders recording and replaying security videos while performing their attack undisturbed) for an attacker who does not know the dynamics of the system but is aware of the fact that the system itself is expected to be in steady state for the duration of the attack. We assume the control system to be a discrete time linear time invariant Gaussian system applying an infinite horizon Linear Quadratic Gaussian (LQG) controller. We also assume that the system is equipped with a Chi Square failure detector. The main contributions of this work, beyond the novelty of the problem formulation, consist in 1) providing conditions on the feasibility of the replay attack on the aforementioned system and 2) proposing a countermeasure that guarantees a desired probability of detection (with a fixed false alarm rate) by trading off either detection delay or closed loop system performance.

Electronic downloads

Citation formats  
  • HTML
    Bruno Sinopoli. <a
    href="http://www.truststc.org/pubs/634.html"
    ><i>Secure Control Against Replay
    Attacks</i></a>, Talk or presentation,  29,
    November, 2009.
  • Plain text
    Bruno Sinopoli. "Secure Control Against Replay
    Attacks". Talk or presentation,  29, November, 2009.
  • BibTeX
    @presentation{Sinopoli09_SecureControlAgainstReplayAttacks,
        author = {Bruno Sinopoli},
        title = {Secure Control Against Replay Attacks},
        day = {29},
        month = {November},
        year = {2009},
        abstract = {This work analyzes the effect of replay attacks on
                  a control system. We assume an attacker wishes to
                  disrupt the operation of a control system in
                  steady state. In order to inject an exogenous
                  control input without being detected the attacker
                  will hijack the sensors, observe and record their
                  readings for a certain amount of time and repeat
                  them while carrying out his attack. This is a very
                  common and natural attack (we have seen numerous
                  times intruders recording and replaying security
                  videos while performing their attack undisturbed)
                  for an attacker who does not know the dynamics of
                  the system but is aware of the fact that the
                  system itself is expected to be in steady state
                  for the duration of the attack. We assume the
                  control system to be a discrete time linear time
                  invariant Gaussian system applying an infinite
                  horizon Linear Quadratic Gaussian (LQG)
                  controller. We also assume that the system is
                  equipped with a Chi Square failure detector. The
                  main contributions of this work, beyond the
                  novelty of the problem formulation, consist in 1)
                  providing conditions on the feasibility of the
                  replay attack on the aforementioned system and 2)
                  proposing a countermeasure that guarantees a
                  desired probability of detection (with a fixed
                  false alarm rate) by trading off either detection
                  delay or closed loop system performance.},
        URL = {http://www.truststc.org/pubs/634.html}
    }
    

Posted by Larry Rohrbough on 5 Nov 2009.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.