research-article

Stealthy deception attacks on water SCADA systems

Authors:

Xavier Litrico,

S. Shankar Sastry,

Alexandre M. BayenAuthors Info & Claims

HSCC '10: Proceedings of the 13th ACM international conference on Hybrid systems: computation and control

Pages 161 - 170

https://doi.org/10.1145/1755952.1755976

Published: 12 April 2010 Publication History

Abstract

This article investigates the vulnerabilities of Supervisory Control and Data Acquisition (SCADA) systems which monitor and control the modern day irrigation canal systems. This type of monitoring and control infrastructure is also common for many other water distribution systems. We present a linearized shallow water partial differential equation (PDE) system that can model water flow in a network of canal pools which are equipped with lateral offtakes for water withdrawal and are connected by automated gates. The knowledge of the system dynamics enables us to develop a deception attack scheme based on switching the PDE parameters and proportional (P) boundary control actions, to withdraw water from the pools through offtakes. We briefly discuss the limits on detectability of such attacks. We use a known formulation based on low frequency approximation of the PDE model and an associated proportional integral (PI) controller, to create a stealthy deception scheme capable of compromising the performance of the closed-loop system. We test the proposed attack scheme in simulation, using a shallow water solver; and show that the attack is indeed realizable in practice by implementing it on a physical canal in Southern France: the Gignac canal. A successful field experiment shows that the attack scheme enables us to steal water stealthily from the canal until the end of the attack.

References

[1]

Experiment Station Research for the modernization of irrigation canals. http://gis-rci.montpellier.cemagref.fr/.

[2]

SIC 3.0, a simulation of irrigation canals. http://www.canari.free.fr/sic/sicgb.htm.

[3]

J. de Halleux, C. Prieur, B. Andrea-Novel, and G. Bastin. Boundary feedback control in networks of open channels. Automatica, 39(8):1365--1376, 2003.

Digital Library

[4]

X. Litrico and V. Fromion. Analytical approximation of open-channel flow for controller design. Applied Mathematical Modeling, 28(7):677--695, 2004.

[5]

X. Litrico and V. Fromion. Boundary control of hyperbolic conservation laws using a frequency domain approach. Automatica, 45(3), 2009.

Digital Library

[6]

X. Litrico, P.-O. Malaterre, J.-P. Baume, P.-Y. Vion, and J. Ribot-Bruno. Automatic tuning of PI controllers for an irrigation canal pool. Journal of irrigation and drainage engineering, 133(1):27--37, 2007.

[7]

S. Amin, F. Hante, and A. Bayen. Exponential stability of switched hyperbolic systems in a bounded domain. Technical report, UC Berkeley, 2008.

[8]

S. Amin, F. M. Hante, and A. M. Bayen. On stability of switched linear hyperbolic conservation laws with reflecting boundaries. In HSCC, pages 602--605, 2008.

Digital Library

[9]

R. Anderson. Security Engineering. Wiley, 2001.

[10]

N. Bedjaoui, E. Weyer, and G. Bastin. Methods for the localization of a leak in open water channels. Networks and Heterogeneous Media, 4(2):189--210, 2009.

[11]

A. Cardenas, S. Amin, and S. Sastry. Research challenges for the security of control systems. In 3rd USENIX workshop on Hot Topics in Security (HotSec'08). Associated with the 17th USENIX Security Symposium, July 2008.

Digital Library

[12]

X. Litrico and V. Fromion. A link between riemann invariants and frequency domain approaches for boundary control of open channel flow. In 47th IEEE Conference on Decision and Control, December 2008.

[13]

X. Litrico and V. Fromion. Modeling and Control of Hydrosystems. Springer, 2009.

[14]

P. Malaterre and C. Chateau. SCADA interface of the sic software for easy real time application of advanced regulation algorithms. In Second Conference on SCADA and Related Technologies for Irrigation System Modernization, Denver, Colorado, 2007.

[15]

Astrom and Hagglund. PID controllers: Theory, design, and tuning. Instrument society of America, 1995.

Cited By

Vitekar APawar V(2024)A Systematic Approach to Detect Insider Attacks and Exploitation in Cyber Physical System2024 11th International Conference on Computing for Sustainable Global Development (INDIACom)10.23919/INDIACom61295.2024.10498830(883-888)Online publication date: 28-Feb-2024
https://doi.org/10.23919/INDIACom61295.2024.10498830
He ZWu NLi Z(2024)Estimation and Prevention of Actuator Enablement Attacks in Discrete-Event Systems Under Supervisory ControlIEEE Transactions on Automatic Control10.1109/TAC.2024.336765669:9(5963-5978)Online publication date: Sep-2024
https://doi.org/10.1109/TAC.2024.3367656
Harshbarger SNatarajan BVasserman EUmar MShadmand MAmariucai G(2024)On Zero-Dynamics Stealthy Attacks with Learned State Space Models2024 4th International Conference on Smart Grid and Renewable Energy (SGRE)10.1109/SGRE59715.2024.10428796(1-6)Online publication date: 8-Jan-2024
https://doi.org/10.1109/SGRE59715.2024.10428796
Show More Cited By

Index Terms

Stealthy deception attacks on water SCADA systems

Recommendations

Attack models and scenarios for networked control systems
HiCoNS '12: Proceedings of the 1st international conference on High Confidence Networked Systems

Cyber-secure networked control is modeled, analyzed, and experimentally illustrated in this paper. An attack space defined by the adversary's system knowledge, disclosure, and disruption resources is introduced. Adversaries constrained by these ...
Stealthy deception attacks for cyber-physical systems
2017 IEEE 56th Annual Conference on Decision and Control (CDC)
We study the security of Cyber-Physical Systems (CPS) in the context of the supervisory control layer. Specifically, we propose a general model of a CPS attacker in the framework of Discrete Event Systems (DES) and investigate the problem of synthesizing ...
Security analysis for cyber-physical systems against stealthy cyber attacks
CERIAS '13: Proceedings of the 14th Annual Information Security Symposium

Security of Cyber-Physical Systems (CPS) against cyber attacks is an important yet challenging problem. Since most cyber attacks happen in erratic ways, it is difficult to describe them systematically. In this paper, instead of identifying a specific ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

HSCC '10: Proceedings of the 13th ACM international conference on Hybrid systems: computation and control

April 2010

308 pages

ISBN:9781605589558

DOI:10.1145/1755952

General Chairs:
Karl Henrik Johansson
KTH, Sweden
,
Wang Yi
Uppsala University, Sweden

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGBED: ACM Special Interest Group on Embedded Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 April 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

HSCC '10

Sponsor:

SIGBED

HSCC '10: The 13th ACM International Conference on Hybrid Systems: Computation and Control

April 12 - 15, 2010

Stockholm, Sweden

Acceptance Rates

Overall Acceptance Rate 153 of 373 submissions, 41%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

64
Total Citations
View Citations
1,044
Total Downloads

Downloads (Last 12 months)29
Downloads (Last 6 weeks)3

Reflects downloads up to 16 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Vitekar APawar V(2024)A Systematic Approach to Detect Insider Attacks and Exploitation in Cyber Physical System2024 11th International Conference on Computing for Sustainable Global Development (INDIACom)10.23919/INDIACom61295.2024.10498830(883-888)Online publication date: 28-Feb-2024
https://doi.org/10.23919/INDIACom61295.2024.10498830
He ZWu NLi Z(2024)Estimation and Prevention of Actuator Enablement Attacks in Discrete-Event Systems Under Supervisory ControlIEEE Transactions on Automatic Control10.1109/TAC.2024.336765669:9(5963-5978)Online publication date: Sep-2024
https://doi.org/10.1109/TAC.2024.3367656
Harshbarger SNatarajan BVasserman EUmar MShadmand MAmariucai G(2024)On Zero-Dynamics Stealthy Attacks with Learned State Space Models2024 4th International Conference on Smart Grid and Renewable Energy (SGRE)10.1109/SGRE59715.2024.10428796(1-6)Online publication date: 8-Jan-2024
https://doi.org/10.1109/SGRE59715.2024.10428796
Yan YFu MSeron M(2024)Anomaly Detection for Stochastic Networked Cyber-Physical Systems: A Statistical Approach2024 IEEE 18th International Conference on Control & Automation (ICCA)10.1109/ICCA62789.2024.10591811(18-23)Online publication date: 18-Jun-2024
https://doi.org/10.1109/ICCA62789.2024.10591811
Harkat HCamarinha-Matos LGoes JAhmed H(2024)Cyber-physical systems securityComputers and Industrial Engineering10.1016/j.cie.2024.109891188:COnline publication date: 17-Apr-2024
https://dl.acm.org/doi/10.1016/j.cie.2024.109891
Lu AYang G(2023)A Polynomial-Time Algorithm for the Secure State Estimation Problem Under Sparse Sensor Attacks via State Decomposition TechniqueIEEE Transactions on Automatic Control10.1109/TAC.2023.327883968:12(7451-7465)Online publication date: Dec-2023
https://doi.org/10.1109/TAC.2023.3278839
Abbaszadeh Chekan JLangbort C(2023)Regret bounds for online-learning-based linear quadratic control under database attacksAutomatica10.1016/j.automatica.2023.110876151(110876)Online publication date: May-2023
https://doi.org/10.1016/j.automatica.2023.110876
Babu JMohan GPraveena N(2023)A Generic Flow of Cyber-Physical systems—A Comprehensive SurveySmart Technologies in Data Science and Communication10.1007/978-981-19-6880-8_24(223-240)Online publication date: 1-Jan-2023
https://doi.org/10.1007/978-981-19-6880-8_24
Adedeji KPonnle AAbu-Mahfouz AKurien A(2022)Towards Digitalization of Water Supply Systems for Sustainable Smart City Development—Water 4.0Applied Sciences10.3390/app1218917412:18(9174)Online publication date: 13-Sep-2022
https://doi.org/10.3390/app12189174
Biroon RBiron ZPisu P(2022)False Data Injection Attack in a Platoon of CACC: Real-Time Detection and Isolation With a PDE ApproachIEEE Transactions on Intelligent Transportation Systems10.1109/TITS.2021.308519623:7(8692-8703)Online publication date: Jul-2022
https://doi.org/10.1109/TITS.2021.3085196
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents