research-article

Public Access

Security of Cyber-Physical Systems in the Presence of Transient Sensor Faults

Authors:

Radoslav Ivanov,

Miroslav Pajic,

Insup LeeAuthors Info & Claims

ACM Transactions on Cyber-Physical Systems, Volume 1, Issue 3

Article No.: 15, Pages 1 - 23

https://doi.org/10.1145/3064809

Published: 09 May 2017 Publication History

Abstract

This article is concerned with the security of modern Cyber-Physical Systems in the presence of transient sensor faults. We consider a system with multiple sensors measuring the same physical variable, where each sensor provides an interval with all possible values of the true state. We note that some sensors might output faulty readings and others may be controlled by a malicious attacker. Differing from previous works, in this article, we aim to distinguish between faults and attacks and develop an attack detection algorithm for the latter only. To do this, we note that there are two kinds of faults—transient and permanent; the former are benign and short-lived, whereas the latter may have dangerous consequences on system performance. We argue that sensors have an underlying transient fault model that quantifies the amount of time in which transient faults can occur. In addition, we provide a framework for developing such a model if it is not provided by manufacturers.

Attacks can manifest as either transient or permanent faults depending on the attacker’s goal. We provide different techniques for handling each kind. For the former, we analyze the worst-case performance of sensor fusion over time given each sensor’s transient fault model and develop a filtered fusion interval that is guaranteed to contain the true value and is bounded in size. To deal with attacks that do not comply with sensors’ transient fault models, we propose a sound attack detection algorithm based on pairwise inconsistencies between sensor measurements. Finally, we provide a real-data case study on an unmanned ground vehicle to evaluate the various aspects of this article.

References

[1]

Claudio Basile, Meeta Gupta, Zbigniew Kalbarczyk, and Ravi K. Iyer. 2006. An approach for detecting and distinguishing errors versus attacks in sensor networks. In Proceedings of the International Conference on Dependable Systems and Networks (DSN’06). IEEE, 473--484.

Digital Library

[2]

Michèle Basseville, Igor V. Nikiforov, and others. 1993. Detection of Abrupt Changes: Theory and Application. Vol. 104. Prentice Hall, Englewood Cliffs, NJ.

Digital Library

[3]

Black-I. Robotics. 2015. LandShark UGV. Retrieved from http://blackirobotics.com/LandShark_UGV_UC0M.html.

[4]

R. R. Brooks and S. S. Iyengar. 1996. Robust distributed computing and sensing algorithm. Computer 29, 6 (Jun. 1996), 53--60.

Digital Library

[5]

S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno. 2011. Comprehensive experimental analyses of automotive attack surfaces. In Proceedings of the 20th USENIX Conference on Security (SEC’11). 6--6.

Digital Library

[6]

J. Chen and R. J. Patton. 2012. Robust Model-based Fault Diagnosis for Dynamic Systems. Springer.

Digital Library

[7]

P. Chew and K. Marzullo. 1991. Masking failures of multidimensional sensors. In Proceedings of the 10th Symposium on Reliable Distributed Systems (SRDS’91). 32--41.

[8]

Mark H. A. Davis. 1975. The application of nonlinear filtering to fault detection in linear systems. IEEE Trans. Autom. Contr. 20, 2 (1975), 257--259.

[9]

Cristobald De Kerchove and Paul Van Dooren. 2010. Iterative filtering in reputation systems. SIAM J. Matrix Anal. Appl. 31, 4 (2010), 1812--1834.

Digital Library

[10]

John R. Douceur. 2002. The sybil attack. In Proceedings of the International Workshop on Peer-to-Peer Systems. Springer, 251--260.

Digital Library

[11]

Nicolas Falliere, Liam O. Murchu, and Eric Chien. 2011. W32. stuxnet dossier. White Paper, Symantec Corp., Security Response (2011).

[12]

Hamza Fawzi, Paulo Tabuada, and Suhas Diggavi. 2011. Secure state-estimation for dynamical systems under active adversaries. In Proceedings of the 2011 49th Annual Allerton Conference on Communication, Control, and Computing (Allerton). IEEE, 337--344.

[13]

Paul M. Frank. 1990. Fault diagnosis in dynamic systems using analytical and knowledge-based redundancy: A survey and some new results. Automatica 26, 3 (1990), 459--474.

Digital Library

[14]

Paul M. Frank and X. Ding. 1997. Survey of robust residual generation and evaluation methods in observer-based fault detection systems. J. Process Contr. 7, 6 (1997), 403--424.

[15]

G. Frehse, A. Hamann, S. Quinton, and M. Woehrle. 2014. Formal analysis of timing effects on closed-loop properties of control software. In Proceedings of the IEEE Real-Time Systems Symposium.

[16]

Andy Greenberg. 2015. Hackers Remotely Kill a Jeep on the Highway—With Me in It. Retrieved July 2015 from http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/.

[17]

Inseok Hwang, Sungwan Kim, Youdan Kim, and C. E. Seah. 2010. A survey of fault detection, isolation, and reconfiguration methods. IEEE Trans. Contr. Syst. Technol. 18, 3 (May 2010), 636--653.

[18]

Rolf Isermann. 1984. Process fault detection based on modeling and estimation methods—A survey. Automatica 20, 4 (1984), 387--404.

Digital Library

[19]

R. Ivanov, M. Pajic, and I. Lee. 2014a. Attack-resilient sensor fusion. In Proceedings of the Design, Automation and Test in Europe (DATE’14).

Digital Library

[20]

R. Ivanov, M. Pajic, and I. Lee. 2014b. Resilient multidimensional sensor fusion using measurement history. In Proceedings of the ACM International Conference on High Confidence Networked Systems (HiCoNS’14).

Digital Library

[21]

D. N. Jayasimha. 1994. Fault tolerance in a multisensor environment. In Proceedings of the 13th Symposium on Reliable Distributed Systems (SRDS’94). 2--11.

[22]

Guofei Jiang, Haifeng Chen, and K. Yoshihira. 2006. Modeling and tracking of transaction flow dynamics for fault detection in complex systems. IEEE Trans. Depend. Sec. Comput. 3, 4 (Oct. 2006), 312--326.

Digital Library

[23]

K. R. Joshi, M. A. Hiltunen, W. H. Sanders, and R. D. Schlichting. 2011. Probabilistic model-driven recovery in distributed systems. IEEE Trans. Depend. Sec. Comput. 8, 6 (Nov. 2011), 913--928.

Digital Library

[24]

R. E. Kalman. 1960. A new approach to linear filtering and prediction problems. Trans. ASME--J. Basic Eng. 82, Series D (1960), 35--45.

[25]

Man Ho Kim, Suk Lee, and Kyung Chang Lee. 2010. Kalman predictive redundancy system for fault tolerance of safety-critical systems. IEEE Trans. Industr. Inform. 6, 1 (Feb. 2010), 46--53.

[26]

K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage. 2010. Experimental security analysis of a modern automobile. In Proceedings of the IEEE Symposium on Security and Privacy (SP’10). 447--462.

Digital Library

[27]

Myeong-Hyeon Lee and Yoon-Hwa Choi. 2008. Fault detection of wireless sensor networks. Comput. Commun. 31, 14 (2008), 3469--3475.

Digital Library

[28]

Ren C. Luo, Chih-Chen Yih, and Kuo Lan Su. 2002. Multisensor fusion and integration: Approaches, applications, and future research directions. IEEE Sens. J. 2, 2 (2002), 107--119.

[29]

K. Marzullo. 1990. Tolerating failures of continuous-valued sensors. ACM Trans. Comput. Syst. 8, 4 (Nov. 1990), 284--304.

Digital Library

[30]

M. Milanese and C. Novara. 2004. Set membership identification of nonlinear systems. Automatica 40, 6 (2004), 957--975.

Digital Library

[31]

M. Milanese and C. Novara. 2011. Unified set membership theory for identification, prediction and filtering of nonlinear systems. Automatica 47, 10 (2011), 2141--2151.

Digital Library

[32]

M. Pajic, J. Weimer, N. Bezzo, P. Tabuada, O. Sokolsky, I. Lee, and G. J. Pappas. 2014. Robustness of attack-resilient state estimators. In Proceedings of the 2014 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS’14). 163--174.

Digital Library

[33]

Junkil Park, Radoslav Ivanov, James Weimer, Miroslav Pajic, and Insup Lee. 2015. Sensor attack detection in the presence of transient faults. In Proceedings of the 2015 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS’15).

Digital Library

[34]

S. Peterson and P. Faramarzi. 2011. Iran hijacked US drone, says Iranian engineer. Christian Science Monitor December 15 (2011). Retrieved April 2017 from http://www.csmonitor.com/World/Middle-East/2011/1215/Exclusive-Iran-hijacked-US-drone-says-Iranian-engineer.

[35]

Mohsen Rezvani, Aleksandar Ignjatovic, Elisa Bertino, and Somesh Jha. 2015. Secure data aggregation technique for wireless sensor networks in the presence of collusion attacks. IEEE Trans. Depend. Sec. Comput. 12, 1 (2015), 98--110.

[36]

Aviva Hope Rutkin. 2014. ‘Spoofers’ use fake GPS signals to knock a yacht off course. MIT Technol. Rev. (August 2014).

[37]

M. Serafini, P. Bokor, N. Suri, J. Vinter, A. Ademaj, W. Brandstätter, F. Tagliabò, and J. Koch. 2011. Application-level diagnostic and membership protocols for generic time-triggered systems. IEEE Trans. Depend. Sec. Comput. 8, 2 (Mar. 2011), 177--193.

Digital Library

[38]

M. Serafini, A. Bondavalli, and N. Suri. 2007. On-line diagnosis and recovery: On the choice and impact of tuning parameters. IEEE Trans. Depend. Sec. Comput. 4, 4 (Oct. 2007), 295--312.

Digital Library

[39]

D. Shepard, J. Bhatti, and T. Humphreys. 2012. Drone hack. GPS World 23, 8 (2012), 30--33.

[40]

Y. Shoukry, P. Martin, P. Tabuada, and M. Srivastava. 2013. Non-invasive spoofing attacks for anti-lock braking systems. In Cryptographic Hardware and Embedded Systems (CHES’13). Lecture Notes in Computer Science, Vol. 8086. 55--72.

Digital Library

[41]

Bruno Sinopoli, Luca Schenato, Massimo Franceschetti, Kameshwar Poolla, Michael I. Jordan, and Shankar S. Sastry. 2004. Kalman filtering with intermittent observations. IEEE Trans. Autom. Contr. 49, 9 (2004), 1453--1464.

[42]

A. Teixeira, D. Pérez, H. Sandberg, and K. H. Johansson. 2012. Attack models and scenarios for networked control systems. In Proceedings of the 1st International Conference on High Confidence Networked Systems (HiCoNS’12). ACM, New York, NY, 55--64.

Digital Library

[43]

Abraham Wald. 1973. Sequential Analysis. Courier Corporation.

[44]

Jon S. Warner and Roger G. Johnston. 2002. A simple demonstration that the global positioning system (GPS) is vulnerable to spoofing. J. Secur. Admin. 25, 2 (2002), 19--27.

[45]

A. S. Willsky. 1976. A survey of design methods for failure detection in dynamic systems. Automatica 12, 6 (1976), 601--611.

Digital Library

[46]

L. Xiao, S. Boyd, and S. Lall. 2005. A scheme for robust distributed sensor fusion based on average consensus. In IPSN’05. Article 9, 63--70.

Digital Library

[47]

Y. Zhu and B. Li. 2006. Optimal interval estimation fusion based on sensor interval estimates with confidence degrees. Automatica 42, 1 (2006), 101--108.

Digital Library

Cited By

Lee CAbbas W(2024)A Geometric Approach to Resilient Distributed Consensus Accounting for State Imprecision and Adversarial Agents2024 American Control Conference (ACC)10.23919/ACC60939.2024.10644219(220-225)Online publication date: 10-Jul-2024
https://doi.org/10.23919/ACC60939.2024.10644219
Sulieman MLiu MGursoy MKong F(2024)Path Planning for UAVs under GPS Permanent FaultsACM Transactions on Cyber-Physical Systems10.1145/36530748:3(1-23)Online publication date: 20-Mar-2024
https://dl.acm.org/doi/10.1145/3653074
Birnbach SEberz SMartinovic I(2022)Haunted House: Physical Smart Home Event Verification in the Presence of Compromised SensorsACM Transactions on Internet of Things10.1145/35068593:3(1-28)Online publication date: 11-Apr-2022
https://dl.acm.org/doi/10.1145/3506859
Show More Cited By

Index Terms

Security of Cyber-Physical Systems in the Presence of Transient Sensor Faults

Recommendations

Attack-Resilient Sensor Fusion for Safety-Critical Cyber-Physical Systems

This article focuses on the design of safe and attack-resilient Cyber-Physical Systems (CPS) equipped with multiple sensors measuring the same physical variable. A malicious attacker may be able to disrupt system performance through compromising a ...
Sensor attack detection in the presence of transient faults
ICCPS '15: Proceedings of the ACM/IEEE Sixth International Conference on Cyber-Physical Systems

This paper addresses the problem of detection and identification of sensor attacks in the presence of transient faults. We consider a system with multiple sensors measuring the same physical variable, where some sensors might be under attack and provide ...
Resilient multidimensional sensor fusion using measurement history
HiCoNS '14: Proceedings of the 3rd international conference on High confidence networked systems

This work considers the problem of performing resilient sensor fusion using past sensor measurements. In particular, we consider a system with n sensors measuring the same physical variable where some sensors might be attacked or faulty. We consider a ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Cyber-Physical Systems

ACM Transactions on Cyber-Physical Systems Volume 1, Issue 3

July 2017

91 pages

ISSN:2378-962X

EISSN:2378-9638

DOI:10.1145/3068423

Editor:
Tei-Wei Kuo
National Taiwan University, and Academia Sinica, Taiwan

Issue’s Table of Contents

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 09 May 2017

Accepted: 01 March 2017

Revised: 01 July 2016

Received: 01 October 2015

Published in TCPS Volume 1, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

NSF
NRF and the DGIST Research and Development Program (CPS Global Center)
DARPA
ONR
Intel-NSF Partnership for Cyber-Physical Systems Security and Privacy
Global Research Laboratory Program
Ministry of Science, ICT 8 Future Planning

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
863
Total Downloads

Downloads (Last 12 months)89
Downloads (Last 6 weeks)25

Reflects downloads up to 11 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Lee CAbbas W(2024)A Geometric Approach to Resilient Distributed Consensus Accounting for State Imprecision and Adversarial Agents2024 American Control Conference (ACC)10.23919/ACC60939.2024.10644219(220-225)Online publication date: 10-Jul-2024
https://doi.org/10.23919/ACC60939.2024.10644219
Sulieman MLiu MGursoy MKong F(2024)Path Planning for UAVs under GPS Permanent FaultsACM Transactions on Cyber-Physical Systems10.1145/36530748:3(1-23)Online publication date: 20-Mar-2024
https://dl.acm.org/doi/10.1145/3653074
Birnbach SEberz SMartinovic I(2022)Haunted House: Physical Smart Home Event Verification in the Presence of Compromised SensorsACM Transactions on Internet of Things10.1145/35068593:3(1-28)Online publication date: 11-Apr-2022
https://dl.acm.org/doi/10.1145/3506859
Zampetti FKapur RDi Penta MPanichella S(2022)An empirical characterization of software bugs in open-source Cyber-Physical SystemsJournal of Systems and Software10.1016/j.jss.2022.111425(111425)Online publication date: Jun-2022
https://doi.org/10.1016/j.jss.2022.111425
Oliveira VCabral FMoreira M(2022)K-loss robust codiagnosability of Discrete-Event SystemsAutomatica10.1016/j.automatica.2022.110222140(110222)Online publication date: Jun-2022
https://doi.org/10.1016/j.automatica.2022.110222
Krishnamurthy PKhorrami F(2021)Resilient redundancy-based control of cyber–physical systems through adaptive randomized switchingSystems & Control Letters10.1016/j.sysconle.2021.105066158(105066)Online publication date: Dec-2021
https://doi.org/10.1016/j.sysconle.2021.105066
Luo XPajic MZavlanos M(2021)An optimal graph-search method for secure state estimationAutomatica10.1016/j.automatica.2020.109323123(109323)Online publication date: Jan-2021
https://doi.org/10.1016/j.automatica.2020.109323
Sniatala PAmini MBoroojeni KSniatala PAmini MBoroojeni K(2020)Ubiquitous Brooks–Iyengar’s Robust Distributed Real-Time Sensing Algorithm: Past, Present, and FutureFundamentals of Brooks–Iyengar Distributed Sensing Algorithm10.1007/978-3-030-33132-0_10(175-184)Online publication date: 6-Feb-2020
https://doi.org/10.1007/978-3-030-33132-0_10
Elfar MZhu HCummings MPajic M(2019)Security-Aware Synthesis of Human-UAV Protocols2019 International Conference on Robotics and Automation (ICRA)10.1109/ICRA.2019.8794385(8011-8017)Online publication date: May-2019
https://doi.org/10.1109/ICRA.2019.8794385

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents