Defending Cyber-Physical Systems from Sensor Attacks

  • Bharadwaj SatchidanandanEmail author
  • P. R. Kumar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10340)


We address the problem of security of cyber-physical systems where some sensors may be malicious. We consider a multiple-input, multiple-output stochastic linear dynamical system controlled over a network of communication and computational nodes which contains (i) a controller that computes the inputs to be applied to the physical plant, (ii) actuators that apply these inputs to the plant, and (iii) sensors which measure the outputs of the plant. Some of these sensors, however, may be malicious. The malicious sensors do not report the true measurements to the controller. Rather, they report false measurements that they fabricate, possibly strategically, so as to achieve any objective that they may have, such as destabilizing the closed-loop system or increasing its running cost. Recently, it was shown that under certain conditions, an approach of “dynamic watermarking” can secure such a stochastic linear dynamical system in the sense that either the presence of malicious sensors in the system is detected, or the malicious sensors are constrained to adding a distortion that can only be of zero power to the noise already entering the system. The first contribution of this paper is to generalize this result to partially observed MIMO systems with both process and observation noises, a model which encompasses some of the previous models for which dynamic watermarking was established to guarantee security. This result, similar to the prior ones, is shown to hold when the controller subjects the reported sequence of measurements to two particular tests of veracity. The second contribution of this paper is in showing, via counterexamples, that both of these tests are needed in order to secure the control system in the sense that if any one of these two tests of sensor veracity is dropped, then the above guarantee does not hold. Finally, a survey of recent results in Dynamic Watermarking is presented, along with a laboratory demonstration in securing a prototypical intelligent transportation system. The proposed approach has several potential applications, including in smart grids, automated transportation, and process control.



The laboratory demonstration of Dynamic Watermarking, summarized in Sect. 6.2, is from [31].


  1. 1.
    Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49–51 (2011)CrossRefGoogle Scholar
  2. 2.
    Mo, Y., Sinopoli, B.: Secure control against replay attacks. In: 47th Annual Allerton Conference on Communication, Control, and Computing, September 2009Google Scholar
  3. 3.
    Mo, Y., Chabukswar, R., Sinopoli, B.: Detecting integrity attacks on SCADA systems. IEEE Trans. Control Syst. Technol. 22(4), 1396–1407 (2014)CrossRefGoogle Scholar
  4. 4.
    Cardenas, A., Amin, S., Sinopoli, B., Giani, A., Perrig, A., Sastry, S.: Challenges for securing cyber physical systems. In: Workshop on Future Directions in Cyber-Physical Systems Security (2009)Google Scholar
  5. 5.
    Abrams, M.: Malicious Control System Cyber Security Attack Case Study-Maroochy Water Services, Australia (2008)Google Scholar
  6. 6.
    Satchidanandan, B., Kumar, P.R.: Dynamic watermarking: active defense of networked cyber-physical systems. Proc. IEEE 105(2), 219–240 (2017)CrossRefGoogle Scholar
  7. 7.
    Ponniah, J., Hu, Y.-C., Kumar, P.R.: A clean slate approach to secure wireless networking. Found. Trends Netw. 9(1), 1–105 (2014). doi: 10.1561/1300000037 CrossRefzbMATHGoogle Scholar
  8. 8.
    Hou, I.-H., Borkar, V., Kumar, P.R.: A theory of QoS for wireless. In: IEEE INFOCOM. IEEE (2009)Google Scholar
  9. 9.
    Satchidanandan, B., Kumar, P.R.: On minimal tests of sensor veracity for dynamic watermarking-based defense of cyber-physical systems. In: 9th International Conference on Communication Systems and Networks (COMSNETS) (2017, to appear)Google Scholar
  10. 10.
    Cardenas, A.A., Amin, S., Sastry, S.: Secure control: towards survivable cyber-physical systems. In: The 28th International Conference on Distributed Computing Systems Workshops. IEEE (2008)Google Scholar
  11. 11.
    Cardenas, A.A., Amin, S., Sastry, S.: Research challenges for the security of control systems (2008)Google Scholar
  12. 12.
    Amin, S., Cárdenas, A.A., Sastry, S.S.: Safe and secure networked control systems under denial-of-service attacks. In: Majumdar, R., Tabuada, P. (eds.) HSCC 2009. LNCS, vol. 5469, pp. 31–45. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-00602-9_3 CrossRefGoogle Scholar
  13. 13.
    Abur, A., Exposito, A.G.: Power System State Estimation: Theory and Implementation. CRC Press, Boca Raton (2004)CrossRefGoogle Scholar
  14. 14.
    Sou, K.C., Sandberg, H., Johansson, K.H.: Data attack isolation in power networks using secure voltage magnitude measurements. IEEE Trans. Smart Grid 5(1), 14–28 (2014)CrossRefGoogle Scholar
  15. 15.
    Sandberg, H., Teixeira, A., Johansson, K.H.: On security indices for state estimators in power networks. In: First Workshop on Secure Control Systems (SCS), Stockholm (2010)Google Scholar
  16. 16.
    Hendrickx, J.M., Johansson, K.H., Jungers, R.M., Sandberg, H., Sou, K.C.: Efficient computations of a security index for false data attacks in power networks. IEEE Trans. Autom. Control 59(12), 3194–3208 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Guo, Z., Johansson, K.H., Shi, L.: A study of packet-reordering integrity attack on remote state estimation. In: 2016 35th Chinese Control Conference (CCC), pp. 7250–7255, July 2016Google Scholar
  18. 18.
    Guo, Z., Shi, D., Johansson, K.H., Shi, L.: Optimal linear cyber-attack on remote state estimationGoogle Scholar
  19. 19.
    Teixeira, A., Shames, I., Sandberg, H., Johansson, K.H.: A secure control framework for resource-limited adversaries. Automatica 51, 135–148 (2015)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Pasqualetti, F., Dörfler, F., Bullo, F.: Attack detection and identification in cyber-physical systems. IEEE Trans. Autom. Control 58(11), 2715–2729 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Fawzi, H., Tabuada, P., Diggavi, S.: Secure state-estimation for dynamical systems under active adversaries. In: 49th Annual Allerton Conference on Communication, Control, and Computing (Allerton). IEEE (2011)Google Scholar
  22. 22.
    Fawzi, H., Tabuada, P., Diggavi, S.: Secure estimation and control for cyber-physical systems under adversarial attacks. IEEE Trans. Autom. Control 59(6), 1454–1467 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Teixeira, A., Shames, I., Sandberg, H., Johansson, K.H.: Revealing stealthy attacks in control systems. In: 2012 50th Annual Allerton Conference on Communication, Control, and Computing (Allerton), pp. 1806–1813, October 2012Google Scholar
  24. 24.
    Gisdakis, S., Giannetsos, T., Papadimitratos, P.: SHIELD: a data verification framework for participatory sensing systems. In: Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015. ACM, New York (2015).
  25. 25.
    Weerakkody, S., Mo, Y., Sinopoli, B.: Detecting integrity attacks on control systems using robust physical watermarking. In: 53rd IEEE Conference on Decision and Control, pp. 3757–3764, December 2014Google Scholar
  26. 26.
    Mo, Y., Weerakkody, S., Sinopoli, B.: Physical authentication of control systems: designing watermarked control inputs to detect counterfeit sensor outputs. IEEE Control Syst. 35(1), 93–109 (2015)MathSciNetCrossRefGoogle Scholar
  27. 27.
    Satchidanandan, B., Kumar, P.R.: Secure control of networked cyber-physical systems. In: 2016 IEEE 55th Conference on Decision and Control (CDC), pp. 283–289, December 2016Google Scholar
  28. 28.
    Kumar, P.R., Varaiya, P.: Stochastic Systems: Estimation, Identification and Adaptive Control. SIAM Classics in Applied Mathematics. SIAM, Philadelphia (2015)CrossRefzbMATHGoogle Scholar
  29. 29.
    Lai, T.L., Wei, C.Z.: Least squares estimates in stochastic regression models with applications to identification and control of dynamic systems. In: The Annals of Statistics, pp. 154–166 (1982)Google Scholar
  30. 30.
    Kailath, T.: The innovations approach to detection and estimation theory. Proc. IEEE 58(5), 680–695 (1970)MathSciNetCrossRefGoogle Scholar
  31. 31.
    Ko, W.-H., Satchidanandan, B., Kumar, P.R.: Theory and application of dynamic watermarking for cybersecurity of advanced transportation systems. In: International Workshop on Cyber-Physical Systems Security (to appear)Google Scholar
  32. 32.
    Robinson, C.L., Schutz, H.-J., Baliga, G., Kumar, P.: Architecture and algorithm for a laboratory vehicle collision avoidance system. In: IEEE 22nd International Symposium on Intelligent Control, vol. 2007, pp. 23–28. IEEE (2007)Google Scholar
  33. 33.
    Secure control of an intelligent transportation system.

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Texas A&M UniversityCollege StationUSA

Personalised recommendations