Cyber-physical systems (CPSs) represent a class of networked control systems with vast and promising applications. This class may include for instance smart cities, intelligent transportation systems based on fleets of cooperative and autonomous vehicles or distributed sensing and control solutions that leverage Internet-of-Things (IoT) devices. As a common trait, these systems are expected to provide important functionalities that may positively influence our life and society.
However, said positive outcomes may be hindered by novel threats to the safety of CPSs, such as malicious cyber-attacks that could negatively affect the physical domain. Furthermore, the sheer amount of data gathered, exchanged and processed by those architectures are going to pose fundamental societal interrogatives regarding privacy and confidentiality, and the fair use of such data (Ferrari & Teixeira, 2021).
Prevention, resilience and detection are key functionalities through which we can avoid that attacks in the cyber domain lead to loss of safety in the physical one.
We contributed to the problem of detecting stealthy cyber attacks in networked control systems by proposing a multiplicative sensor watermarking technique (Ferrari & Teixeira, 2021; Gallo et al., 2021). By taking inspiration from lightweight authentication techniques, we introduce a deterministic distortion into data sent by sensors to the controller, which is unknown to the attacker. This leads to a knowledge imbalance between an eavesdropping attacker and a defender, where the latter can use knowledge of the watermark and a model-based residual generator to detect otherwise stealthy attacks such as rerouting (Ferrari & Teixeira, 2017), replay (Ferrari & Teixeira, 2017) and zero-dynamics (Teixeira & Ferrari, 2018) injection ones. Differently than physical watermarking, our approach allows for perfect watermarking removal at controller level, thus unaffecting control performances.
We further explored the use of Differential Privacy (Dwork & Roth, 2014) to allow for privacy preserving distributed state estimation and anomaly detection, thus preventing the leakage of private data by eavesdroppers or by curious, although not necessarily malicious, third parties (Rostampour et al., 2018; Rostampour et al., 2020).
Currently we are working towards fast, real time implementations of Fully Homomorphic Encryption schemes as a tool to guarantee confidentiality and integrity in a much more robust, albeit computationally expensive way (Gentry et al., 2013).
Joint work with (mostly): André Teixeira, Twan Keijzer, Alex Gallo, Vahab Rostampour.
Publications
Secure State Estimation under Actuator and Sensor Attacks using Sliding Mode Observers
Keijzer, Twan,
Ferrari, Riccardo M.G.,
and Sandberg, Henrik
IEEE Control Systems Letters
2023
Privatized distributed anomaly detection for large-scale nonlinear uncertain systems
Rostampour, Vahab,
Ferrari, Riccardo M.G.,
Teixeira, André M.H.,
and Keviczky, Tamas
IEEE Transactions on Automatic Control
2020
A Switching Multiplicative Watermarking Scheme for Detection of Stealthy Cyber-Attacks
Ferrari, Riccardo M.G.,
and Teixeira, André M.H.
IEEE Transactions on Automatic Control
2021
Secure State Estimation under Actuator and Sensor Attacks using Sliding Mode Observers
Keijzer, Twan,
Ferrari, Riccardo M.G.,
and Sandberg, Henrik
In Conference on Decision and Control
2023
A Fully Homomorphic Encryption Scheme for Real-Time Safe Control
Stobbe, Pieter,
Keijzer, Twan,
and Ferrari, Riccardo M.G.
In Conference on Decision and Control
2022
Fully Homomorphic Encryption (FHE) has made it possible to perform addition and multiplication operations on encrypted data. Using FHE in control thus has the advantage that control effort for a plant can be calculated remotely without ever decrypting the exchanged information. FHE in its current form is however not practically applicable for real-time control as its computational load is very high compared to traditional encryption methods. In this paper a reformulation of the Gentry FHE scheme is proposed and applied on an FPGA to solve this problem. It is shown that the resulting FHE scheme can be implemented for real-time stabilization of an inverted double pendulum using discrete time control.
Hierarchical Cyber-Attack Detection in Large-Scale Interconnected Systems
Keijzer, Twan,
Gallo, Alexander J.,
and Ferrari, Riccardo M.G.
In Conference on Decision and Control
2022
In this paper we present a hierarchical scheme to detect cyber-attacks in a hierarchical control architecture for large-scale interconnected systems (LSS). We consider the LSS as a network of physically coupled subsystems, equipped with a two-layer controller: on the local level, decentralized controllers guarantee overall stability and reference tracking; on the supervisory level, a centralized coordinator sets references for the local regulators. We present a scheme to detect attacks that occur at the local level, with malicious agents capable of affecting the local control. The detection scheme is computed at the supervisory level, requiring only limited exchange of data and model knowledge. We offer detailed theoretical analysis of the proposed scheme, highlighting its detection properties in terms of robustness, detectability and stealthiness conditions.
Cryptographic switching functions for multiplicative watermarking in cyber-physical systems
Gallo, Alexander J.,
and Ferrari, Riccardo M.G.
In IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes
2022
In this paper we present a novel switching function for multiplicative watermarking systems. The switching function is based on the algebraic structure of elliptic curves over finite fields. The resulting function allows for both watermarking generator and remover to define appropriate system parameters, sharing only limited information, namely a private key. We prove that the resulting watermarking parameters lead to a stable watermarking scheme.
Design of multiplicative watermarking against covert attacks
Gallo, Alexander J.,
Anand, Sribalaji C.,
Teixeira, André M.H.,
and Ferrari, Riccardo M.G.
In Conference on Decision and Control
2021
Detection of Cyber-Attacks in a Collaborative Intersection Control Scenario
Keijzer, Twan,
Jarmolowitz, Fabian,
and Ferrari, Riccardo M.G.
In European Control Conference
2021
Detection of Network and Sensor Cyber-Attacks in Platoons of Cooperative Autonomous Vehicles: a Sliding-Mode Observer Approach
Keijzer, Twan,
and Ferrari, Riccardo M.G.
In European Control Conference
2021
A Sliding Mode Observer Approach for Attack Detection and Estimation in Autonomous Vehicle Platoons using Event Triggered Communication
Keijzer, Twan,
and Ferrari, Riccardo M.G.
In Conference on Decision and Control
2019
Privacy-Preserving of System Model with Perturbed State Trajectories Using Differential Privacy: With Application to a Supply Chain Network
Nandakumar, Lakshminarayanan,
Ferrari, Riccardo M.G.,
and Keviczky, Tamas
In IFAC Workshop on Distributed Estimation and Control in Networked Systems
2019
Differentially-Private Distributed Fault Diagnosis for Large-Scale Nonlinear Uncertain Systems
Rostampour, Vahab,
Ferrari, Riccardo M.G.,
Teixeira, André M.H.,
and Keviczky, Tamas
In IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes
2018
Attack Detection and Estimation in Cooperative Vehicles Platoons: A Sliding Mode Observer Approach
Jahanshahi, Niloofar,
and Ferrari, Riccardo M.G.
In IFAC Workshop on Distributed Estimation and Control in Networked Systems
2018
Detection of Sensor Data Injection Attacks with Multiplicative Watermarking
Teixeira, André M.H.,
and Ferrari, Riccardo M.G.
2018
Detection and Isolation of Replay Attacks through Sensor Watermarking
Ferrari, Riccardo M.G.,
and Teixeira, André M.H.
2017
A Message Passing Algorithm for Automatic Synthesis of Probabilistic Fault Detectors from Building Automation Ontologies
Ferrari, Riccardo M.G.,
Baldi, Simone,
and Dibowski, Henrik
In IFAC World Congress
2017
Detection and isolation of routing attacks through sensor watermarking
Ferrari, Riccardo M.G.,
and Teixeira, André M.H.
In American Control Conference
2017
In networked control systems, leveraging the peculiarities of the cyber-physical domains and their interactions may lead to novel detection and defense mechanisms against malicious cyber-attacks. In this paper, we propose a multiplicative sensor watermarking scheme, where each sensor’s output is separately watermarked by a Single Input Single Output (SISO) filter. Hence, such scheme does not require communication between multiple sensors, but can still lead to detection and isolation of malicious cyber-attacks. In particular, we analyze the benefits of the proposed watermarking scheme for two attack scenarios: the physical sensor re-routing attack and the cyber measurement re-routing one. For each attack scenario, detectability and isolability properties are analyzed with and without the proposed watermarking scheme and we show how the watermarking scheme can be leveraged to detect cyber sensor routing attacks. In order to detect compromised sensors, we design an observer-based detector with a robust adaptive threshold. Additionally, we identify the sensors involved in the re-routing attacks by means of a tailored Recursive Least Squares parameter estimation algorithm. The results are illustrated through a numerical example.
Safety, security, and privacy for cyber-physical systems
Springer
2021
Introduction
Ferrari, Riccardo M.G.,
and Teixeira, André M.H.
In Safety, security, and privacy for cyber-physical systems, Springer
2021
Detection of Cyber-Attacks: a Multiplicative Watermarking Scheme
Ferrari, Riccardo M.G.,
and Teixeira, André M.H.
In Safety, security, and privacy for cyber-physical systems, Springer
2021
Differentially Private Anomaly Detection for Interconnected Systems
Ferrari, Riccardo M.G.,
Degue, Kwassi H,
and Le Ny, Jerome
In Safety, security, and privacy for cyber-physical systems, Springer
2021
Conclusions
Ferrari, Riccardo M.G.
In Safety, security, and privacy for cyber-physical systems, Springer
2021
Additional References
The Algorithmic Foundations of Differential Privacy
Dwork, Cynthia,
and Roth, Aaron
Now Publishers
2014
Homomorphic Encryption from Learning with Errors:
Conceptually-Simpler, Asymptotically-Faster,
Attribute-Based
Gentry, Craig,
Sahai, Amit,
and Waters, Brent
In Advances in Cryptology – CRYPTO 2013
2013