authors:Fabio Pasqualetti, Florian DÖrFler,and Francesco bullo
CPS廣泛存在於現代社會的各個領域,如:能源生產、醫療和通信。CPS的例子有:傳感器網絡、工業自動化系統以及重要的基礎設施(交通網絡、電力生產和分配網、水與天然氣分配網絡和先進製造業)。在生產中結合信息技術可以提高系統的效率,同時,也增加了系統的脆弱性,降低了關鍵設施的可靠性。
具體例子有: 2000年3月Maroochy water breach[1],巴西多起停電事故[2],2003年1月Davis-Besse 核電站的SQL Slammer蠕蟲攻擊[3],2010年6月StuxNet 計算機蠕蟲[4],以及各種工業安全事件[5]。CPS系統側重於物理設施的故障和攻擊,cyberattack側重於管理層和通信層的攻擊[6,7]
對系統安全性的考慮不是個新問題,很多文獻研究了系統故障檢測、隔離和恢復測試問題[8][9].關於故障容忍控制的文章考慮一般或偶然的故障,但是,CPS系統的脆弱性和傳統系統不同,必須研究合適的檢測和鑑別技術。例如,CPS系統傳輸網絡的可靠性和傳輸測量和控制數據包的標準通信協議增加了 針對物理系統的故意和不可預測攻擊的可能性。 另一方面,信息安全方法只能保證安全通信和代碼執行,對於物理系統而言,可能不夠。事實上,安全方法如:授權、權限控制和消息完整性 不能保證測量和數據與底層運行和控制結構兼容,並且,對zero-day攻擊[10]或由對控制平臺、執行器和傳感器有權限的實體從內部進行的攻擊而言無效[1]。爲保護一個CPS系統,必須有一個結合信息安全機制與系統監視理論和安全方法的整體性方法。
StexNet攻擊是以物理系統爲攻擊對象的信息攻擊的典型案例[4]。2010年6月,一個精心設計的計算機蠕蟲病毒注入到伊朗的一個核濃縮電廠的控制系統中。這種通過標準USB硬件傳播的蠕蟲,劫持離心機的測量數據,顯示在正常運行狀態,同時,修改離心機的執行信號,使他們失控。這種攻擊不在信息保護機制之內,同時改變了測量和執行信號,造成實際系統的不穩定以致損壞。這個案例證明了CPS系統獨特的脆弱性,增加了對 研究綜合信息和物理保護方法的整體性方法以保證CPS安全的迫切性。
近年來,在外部攻擊下CPS系統的脆弱性分析得到了日益增長的關注。一般的方法研究 針對特定系統的特定攻擊。例如:[11]中定義了網絡化系統中的 欺騙和拒絕服務攻擊(Dos),對於後者,提出了基於半定規劃的對策。欺騙攻擊 危及控制或測量數據包的完整性,同時改變傳感器和執行器的動作。Dos攻擊,危及資源的可用性,如堵塞通信信道。
[12]中介紹了在靜態狀態估計器中注入錯誤數據的攻擊。錯誤數據攻擊是針對靜態估計器的特定欺騙攻擊。結果顯示,資源有限時,也能設計不可檢測的錯誤數據注入攻擊。
[13]中,研究了針對監督控制和數據獲取系統的偷偷欺騙攻擊。
[14]-[16]中,研究了legacy系統和remedial scheme中的 偷偷攻擊。
[17][18]中,討論了控制系統的重放攻擊。重放攻擊劫持傳感器,記錄一段時間的讀數,在向系統注入其他數據時,重複記錄好的讀數。有文章顯示可通過注入攻擊者無法預知的隨機信號,檢測出攻擊。
[19]中研究了針對控制系統的欺騙攻擊。特別的,一個參數化的解耦結構,可以保證一個欺騙單元,在改變物理系統行爲的同時,不被初始控制器檢測到。
[20]中研究了控制數據包被人類對手劫持的彈性控制問題,提出利用一個滾動時域 Stackelberg 控制律保證攻擊情形下的系統穩定。近來,測量被劫持的線性系統的狀態估計問題正在被大量研究。更詳細的,容忍的最大故障傳感器數目被提出。也提出了一種解碼算法檢測被劫持的測量。
特定CPS系統的安全性問題得到了衆多關注。例如:電力系統[22]-[27],有故障元件的線性網絡[28]-[30],以及水網[31]-[33]。
參考文獻:
[1] J. Slay and M. Miller, “Lessons learned from the Maroochy water
breach,” in Proc. Critical Infrastructure Protection, 2007, vol. 253, pp. 73–82.
[2] J. P. Conti, “The day the samba stopped,” Eng. Technol., vol. 5, no. 4, pp.
46–47, Mar. 06–26, 2010.
[3] S. Kuvshinkova, “SQL Slammer worm lessons learned for consideration
by the electricity sector,” North Amer. Elec. Reliab. Council, Atlanta, GA,
Tech. Rep., 2003.
[4] J. P. Farwell and R. Rohozinski, “Stuxnet and the future of cyber war,”
Survival, vol. 53, no. 1, pp. 23–40, 2011.
[5] G. Richards, “Hackers vs slackers,” Eng. Technol., vol. 3, no. 19, pp. 40–43, 2008.
[6] A. R. Metke and R. L. Ekl, “Security technology for smart grid networks,” IEEE Trans. Smart Grid, vol. 1, no. 1, pp. 99–107, 2010.
[7] A. A. Cárdenas, S. Amin, and S. S. Sastry, “Research challenges for the
security of control systems,” in Proc. 3rd Conf. Hot Topics Security, Berkeley,
CA, 2008, pp. 6:1–6:6.
[8] M.-A. Massoumnia, G. C. Verghese, and A. S. Willsky, “Failure detection
and identification,” IEEE Trans. Autom. Contr., vol. 34, no. 3, pp. 316–321, 1989.
[9] M. Basseville and I. V. Nikiforov, Detection of Abrupt Changes: Theory and
Application. Englewood Cliffs, NJ: Prentice-Hall, 1993.
[10] R. Axelrod and R. Iliev, “Timing of cyber conflict,” Proc. Natl. Acad. Sci.,
vol. 111, no. 4, pp. 1298–1303, 2014.
[11] S. Amin, A. Cárdenas, and S. Sastry, “Safe and secure networked control systems under denial-of-service attacks,” in Proc. Hybrid Systems: Computation Control, Apr. 2009, vol. 5469, pp. 31–45.
[12] Y. Liu, M. K. Reiter, and P. Ning, “False data injection attacks against
state estimation in electric power grids,” in Proc. ACM Conf. Computer Communications Security, Chicago, IL, Nov. 2009, pp. 21–32.
[13] A. Teixeira, S. Amin, H. Sandberg, K. H. Johansson, and S. Sastry, “Cyber security analysis of state estimators in electric power systems,” in Proc.
IEEE Conf. Decision Control, Atlanta, GA, Dec. 2010, pp. 5991–5998.
[14] A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson, “Revealing
stealthy attacks in control systems,” in Proc. Allerton Conf. Communications,
Control Computing, Oct. 2012, pp. 1806–1813.
[15] S. D. Bopardikar and A. Speranzon, “On analysis and design of stealthresilient control systems,” in Proc. Int. Symp. Resilient Control Systems, San
Francisco, CA, Aug. 2013, pp. 48–53.
[16] J. Y. Keller and D. Sauter, “Monitoring of stealthy attack in networked
control systems,” in Proc. Conf. Control Fault-Tolerant Systems, Nice, France,
Oct. 2013, pp. 462–467.
[17] Y. Mo and B. Sinopoli, “Secure control against replay attacks,” in Proc.
Allerton Conf. Communications, Control Computing, Monticello, IL, Sept. 2010,
pp. 911–918.
[18] Y. Mo, T.-H. Kim, K. Brancik, D. Dickinson, H. Lee, A. Perrig, and B. Sinopoli, “Cyber-physical security of a smart grid infrastructure,” Proc. IEEE,
vol. 100, no. 1, pp. 195–209, 2012.
[19] R. Smith, “A decoupled feedback structure for covertly appropriating
network control systems,” in Proc. Int. Federation Automatic Control World
Congr., Milan, Italy, Aug. 2011, pp. 90–95.
[20] M. Zhu and S. Martínez, “Stackelberg-game analysis of correlated attacks in cyber-physical systems,” in Proc. American Control Conf., San Francisco, CA, July 2011, pp. 4063–4068.
[21] H. Fawzi, P. Tabuada, and S. Diggavi, “Secure estimation and control
for cyber-physical systems under adversarial attacks,” IEEE Trans. Autom.
Contr., vol. 59, no. 6, pp. 1454–1467, 2014.
[22] C. L. De Marco, J. V. Sariashkar, and F. Alvarado, “The potential for malicious control in a competitive power systems environment,” in Proc. IEEE
Int. Conf. Control Applications, Dearborn, MI, 1996, pp. 462–467.
[23] G. Dan and H. Sandberg, “Stealth attacks and protection schemes for
state estimators in power systems,” in Proc. IEEE Int. Conf. Smart Grid Communications, Gaithersburg, MD, Oct. 2010, pp. 214–219.
[24] F. Pasqualetti, F. Dörfler, and F. Bullo, “Cyber-physical attacks in power
networks: Models, fundamental limitations and monitor design,” in Proc.
IEEE Conf. Decision Control European Control Conf., Orlando, FL, Dec. 2011,
pp. 2195–2201.
[25] A.-H. Mohsenian-Rad and A. Leon-Garcia, “Distributed internet-based
load altering attacks against smart power grids,” IEEE Trans. Smart Grid,
vol. 2, no. 4, pp. 667–674, 2011.
[26] S. Sridhar, A. Hahn, and M. Govindarasu, “Cyber–physical system security for the electric power grid,” Proc. IEEE, vol. 99, no. 1, pp. 1–15, 2012.
[27] A. Giani, E. Bitar, M. Garcia, M. McQueen, P. Khargonekar, and K.
Poolla, “Smart grid data integrity attacks: Characterizations and countermeasures,” in Proc. IEEE Int. Conf. Smart Grid Communications, Brussels, Belgium, 2011, pp. 232–237.
[28] S. Sundaram and C. Hadjicostis, “Distributed function calculation via
linear iterative strategies in the presence of malicious agents,” IEEE Trans.
Autom. Contr., vol. 56, no. 7, pp. 1495–1508, 2011.
[29] F. Pasqualetti, A. Bicchi, and F. Bullo, “Consensus computation in unreliable networks: A system theoretic approach,” IEEE Trans. Autom. Contr.,
vol. 57, no. 1, pp. 90–104, 2012.
[30] M. Zhu and S. Martínez, “On distributed convex optimization under
inequality and equality constraints,” IEEE Trans. Autom. Contr., vol. 57, no.
1, pp. 151–164, 2012.
[31] S. Amin, X. Litrico, S. S. Sastry, and A. M. Bayen, “Stealthy deception
attacks on water SCADA systems,” in Proc. Hybrid Systems: Computation
Control, Stockholm, Sweden, Apr. 2010, pp. 161–170.
[32] D. G. Eliades and M. M. Polycarpou, “A fault diagnosis and security
framework for water systems,” IEEE Trans. Control Syst. Technol., vol. 18, no.
6, pp. 1254–1265, 2010.
[33] A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson. (2012). A secure control framework for resource-limited adversaries. [Online]. Available: http://arxiv.org/abs/1212.0226
[34] F. Pasqualetti, F. Dörfler, and F. Bullo, “Attack detection and identification in cyber-physical systems,” IEEE Trans. Autom. Contr., vol. 58, no. 11,
pp. 2715–2729, 2013.
[35] T. Geerts, “Invariant subspaces and invertibility properties for singular
systems: The general case,” Linear Algebra Applicat., vol. 183, pp. 61–88, Apr.
1993.
[36] A. Abur and A. G. Exposito, Power System State Estimation: Theory and
Implementation. Boca Raton, FL: CRC Press, 2004.
[37] E. Scholtz, “Observer-based monitors and distributed wave controllers for
electromechanical disturbances in power systems,” Ph.D. dissertation, Dept.
Electr. Eng. Comput. Sci., Massachusetts Inst. Technol., Cambridge, MA, 2004.
[38] G. Basile and G. Marro, Controlled and Conditioned Invariants in Linear
System Theory. Englewood Cliffs, NJ: Prentice-Hall, 1991.
[39] W. M. Wonham, Linear Multivariable Control: A Geometric Approach, 3rd
ed. Berlin Heidelberg, Germany: Springer-Verlag, 1985.
[40] K. Zhou, J. C. Doyle, and K. Glover, Robust and Optimal Control. Englewood Cliffs, NJ: Prentice-Hall, 1996.
[41] J. M. Dion, C. Commault, and J. van der Woude, “Generic properties
and control of linear structured systems: A survey,” Automatica, vol. 39, no.
7, pp. 1125–1144, 2003.
[42] K. J. Reinschke, Multivariable Control: A Graph-Theoretic Approach. Berlin
Heidelberg, Germany: Springer-Verlag, 1988.
[43] F. Pasqualetti, F. Dörfler, and F. Bullo, “Cyber-physical security via
geometric control: Distributed monitoring and malicious attacks,” in Proc.
IEEE Conf. Decision Control, Maui, HI, Dec. 2012, pp. 3418–3425.
[44] F. Dörfler, F. Pasqualetti, and F. Bullo, “Continuous-time distributed
observers with discrete communication,” IEEE J. Sel. Topics Signal Processing, vol. 7, no. 2, pp. 296–304, 2013.
[45] D. J. Trudnowski, J. R. Smith, T. A. Short, and D. A. Pierre, “An application of Prony methods in PSS design for multimachine systems,” IEEE
Trans. Power Syst., vol. 6, no. 1, pp. 118–126, 1991.
[46] M. A. Hanley, “Frequency instability problems in North American interconnections,” Dept. Energy, Tech. Rep. DOE/NETL-2011/1473, June 2011.
[47] F. Pasqualetti, A. Bicchi, and F. Bullo, “A graph-theoretical characterization of power network vulnerabilities,” in Proc. American Control Conf.,
San Francisco, CA, June 2011, pp. 3918–3923.
[48] A. Osiadacz, Simulation and Analysis of Gas Networks. Houston, TX: Gulf
Publishing Co., 1987.
[49] A. Kumar and P. Daoutidis, Control of Nonlinear Differential Algebraic
Equation Systems. Boca Raton, FL: CRC Press, 1999.
[50] X. Litrico and V. Fromion, Modeling and Control of Hydrosystems. Berlin
Heidelberg, Germany: Springer-Verlag, 2009.
[51] J. Burgschweiger, B. Gnädig, and M. C. Steinbach, “Optimization models for operative planning in drinking water networks,” Optim. Eng., vol. 10,
no. 1, pp. 43–73, 2009.
[52] P. F. Boulos, K. E. Lansey, and B. W. Karney, Comprehensive Water Distribution Systems Analysis Handbook for Engineers and Planners. Denver, CO:
Amer. Water Works Assoc., 2006.
[53] L. A. Rossman, “EPANET 2, water distribution system modeling software,” U.S. Environ. Protection Agency, Water Supply and Water Resources
Div., Tech. Rep., 2000.
[54] Y. Mo and B. Sinopoli, “False data injection attacks in control systems,”
in Proc. 1st Workshop Secure Control Systems, Stockholm, Sweden, Apr. 2010.
[55] H. L. Trentelman, A. Stoorvogel, and M. Hautus, Control Theory for Linear Systems. Berlin Heidelberg, Germany: Springer-Verlag, 2001.
[56] F. L. Lewis, “A tutorial on the geometric analysis of linear time-invariant implicit systems,” Automatica, vol. 28, no. 1, pp. 119–137, 1992.
[57] C. D. Godsil and G. F. Royle, Algebraic Graph Theory (Graduate Texts in
Mathematics, vol. 207). Berlin Heidelberg, Germany: Springer-Verlag, 2001.