INSE 6640: Smart Grids and Control System

Security

Lecture 11 - Introduction to Attack Detection in CPS

Prof. Walter Lucia

Fall 2020

Fall 2020 1 / 40
Outline

1 Recap: Stealthy Attack Against State Estimation in Smart Grid

2 Detection of Replay Attacks

3 Detection of Covert Attacks

4 Final Remarks

Fall 2020 2 / 40
Recap: Stealthy Attack Against State Estimation in
Smart Grid

Fall 2020 3 / 40
The Scenario: Power Transmission System and
Control over Network

• Good state estimation x̂ is needed to manage the power network

• Wrong estimation → wrong control action u(t)
Fall 2020 4 / 40
State Estimation Algorithm

y = Cx + e ← is the plant model (P)

• E.g. If e is zero mean and Gaussian, the weighted least square
estimation is obtained with the following formula

x̂ = (C T C)−1 C T y ← is the estimator model

Fall 2020 5 / 40
Bad Data Detector - Block Diagram

• Bad Data Detector Scheme

||y − C x̂|| ≶ τ

State Estimation

DC Power Flow

Residual Generation

Threshold Anomaly Detection Rule Test Result

• Can we use the same scheme to detect Cyber-FDI attacks?

Fall 2020 6 / 40
Stealthy Attack against State Estimation
State Estimation

DC Power Flow
+

Residual Generation

Threshold Anomaly Detection Rule Test Result

• Attack policy: Inject a bias in the power measurements y(k)

without generating alarm (i.e.||y − C x̂|| ≤ τ )
• Resources
• Model knowledge: DC power flow + Detector
• Disclosure resources: No
• Disruptive resources: Measurement channels where the bias
signal must be injected
ya = y + a
Fall 2020 7 / 40
Attack Impact on the State Estimation
• If d is the desired bias in the state estimation x̂bad = x̂ + d
• The attacker can achieve d while remain undetected by injecting
fake measurements a computed as follows

a = Cd

• An arbitrary large error can be injected

State Estimation

DC Power Flow
+
Residual Generation

Threshold Anomaly Detection Rule Test Result

Fall 2020 8 / 40
Perfect False Data Injection

• The attacker is successful (produce a state estimation error +

remain undetected) because the information exploited by the bad
date detector and attacker are the same

Fall 2020 9 / 40
Dynamic State Estimation: Recap

Fall 2020 10 / 40
Luenberger Observer

x(k + 1) = Ax(k) + Bu(k)
y(k) = Cx(k)

• The Luenberger observer is a particular state estimator that

exploit a dynamical model of the plant. It uses both model,
measurements and inputs
x̂(k + 1) = Ax̂(k) + Bu(k) + L(y(k) − C x̂(k))
| {z }
correction term
Fall 2020 11 / 40
State Estimator Design and Kalman Filter

Fall 2020 12 / 40
State Estimator Design and Kalman Filter

x̂(k + 1) = Ax̂(k) + Bu(k) + L(y(k) − C x̂(k))

| {z }
correction term

• L is not unique, many choices are possible. Minimum requirement

|λi | < 1, ∀ i (asymptotically stable)
e(k + 1) = (A − LC)e(k) → 0 → perfect estimation

• If a linear-time invariant system is subject to Gaussian process

(vx ) and measurement (vy ) noises,

x(k + 1) = Ax(k) + Bu(k) + vx (k)
y(k) = Cx(k) + vy (k)

then the optimal solution L is called Kalman Filter.

• L can be designed in matlab, see function Kalman.
Fall 2020 13 / 40
State-Estimation Attacks with Kalman Filter

• If we use a Kalman filter, is the previous state-estimation attack

a = Cd stealthy?

Controller

State Estimation
(Kalman Filter)
Plant Model
+

Residual Generation
?

Threshold Anomaly Detection Rule Test Result

Fall 2020 14 / 40
State-Estimation Attacks with Kalman Filter

• The answer is no. Why? What is the intuition behind?

Controller

State Estimation
(Kalman Filter)
Plant Model
+

Residual Generation
?

Threshold Anomaly Detection Rule Test Result

• The detection mechanism exploits information about the

dynamical model fo the plant (A, B, C) plus the information about
y(k) and u(k). The previously designed attack exploits only C

Fall 2020 15 / 40
Detection of Replay Attacks

Fall 2020 16 / 40
Replay Attack on Sensor Measurements - Recap

Replay Attack - Phase 1 record Replay Attack - Phase 2 replay

PHASE 1 PHASE 2

Attack policya
a
Stuxnet-like attack

• Phase I: Eavesdropping (Recording)


 ak = 0   
0 0 uk
 lk = lk−1 ∪
0 Υy yk

• Phase II: Replay:

ũk = uk + ua , ỹk = yk−τ

Fall 2020 17 / 40
Replay Attack - Resources

Replay Attack - Phase 1 record Replay Attack - Phase 2 replay

PHASE 1 PHASE 2

3D Modeling
• Model knowledge: No needed
• Disclosure Resources: On the measurement channel
• Disruption Resources: Needed on both channels

Fall 2020 18 / 40
Replay Attack - Performance

+ Controller

M
State Estimation I
(Kalman Filter)
Plant Model
+

Residual Generation 6 6

Threshold Test Result

Anomaly Detection Rule

Attack Performance
• It is usually employed in steady-state conditions otherwise it is
easy to detect
• In steady state conditions: a FDI on the input is not detectable if a
coordinated Replay attack is performed on the measurements

Fall 2020 19 / 40
Replay Attack Detection: Physical Authentication of
Control Systems

• Watermarking Idea [Mo, 2009]: Add on top of the control signal a

random zero-mean signal ∆u (k)
Controller and Waltermarkig
+ Controller
+

State Estimation
(Kalman Filter)
Plant Model
+

Residual Generation

Threshold Test Result

Anomaly Detection Rule

• What is the intuition behind watermarking?

• a random watermarking signal keeps the system never exactly in a
steady-state condition

Fall 2020 20 / 40
Replay Attack Detection: Physical Authentication of
Control Systems

AM M
MtM

Controller and Waltermarkig

+ Controller
+

State Estimation
(Kalman Filter)
Plant Model
+

Residual Generation

TePLAY www.
ELAY
Threshold
Anomaly Detection Rule
Test Result
A G
IToUT WA TEA 1AhIN
TATrnnkw

The replied sensor measurements contains the old watermarking that

is different from the one expected by the controller

Fall 2020 21 / 40
Watermarking Advantage vs Drawback

• Advantage: Stealthy replay attacks are avoided

• Drawback or trade off: By increasing the covariance of the
watermarking signal ∆u (k) the detection rate improves but the
control performance decreases.
Controller and Waltermarkig
+ Controller
+

State Estimation
(Kalman Filter)
Plant Model
+

Residual Generation

Threshold Test Result

Anomaly Detection Rule

Fall 2020 22 / 40
Detection of Covert Attacks

Fall 2020 23 / 40
Covert Attack

Covert Attack

Attack policy
Design an FDI attack on both communication channels such that the
effect of the attack on the input signal is canceled in the measurement
channel.

Fall 2020 24 / 40
Covert Attack

Covert Attack

3D Modeling
• Model knowledge: Complete knowledge of P
• Disclosure Resources:
• If the plant has a linear behavior: no disclosure resources are
needed
• If the plant has a nonlinear behavior, then disclosure resources on
the actuation channel are needed
• Disruption Resources: Needed on both channels
Fall 2020 25 / 40
Covert Attack and Anomaly Detector

• A covert attack is stealthy [Smith, 2011].

+ Controller

State Estimation
(Kalman Filter)
Plant Model
+

Residual Generation

Threshold Test Result

Anomaly Detection Rule

• Can we use watermarking to solve the problem?

• Can we solve the problem by changing the controller strategy/the
state estimation/the detection rule?
Fall 2020 26 / 40
Covert Attack and Anomaly Detector

• If the attacker has complete access to both channel and

knowledge of the plant model, the perfect attack is stealthy
regardless of the controller/estimator/detector operations!!
+ Controller

State Estimation
(Kalman Filter)
Plant Model
+

Residual Generation

Threshold Test Result

Anomaly Detection Rule

• What should we do in this case?

Fall 2020 27 / 40
Covert Attacks: Possible Solutions
• We need to prevent one of the conditions that make the attack
covert, e.g.
• Secure at least one channel
• Make sure that attacker cannot exactly understand the plant model
(so it cannot compute y a )
+ Controller

State Estimation
(Kalman Filter)
Plant Model
+

Residual Generation

Threshold Test Result

Anomaly Detection Rule

Fall 2020 28 / 40
Moving Target against Covert Attack
• Moving Target Idea [Weerakkody, 2015], [Schellenberger, 2017]:
Add auxiliary and randomly changing dynamics coupled with the
plant.
+ Controller

State Estimation
Plant Model for the Augmented Plant

Time-Varying (randomly) Residual Generation

Auxiliary Dynamics (Not Real, Emulated)

Threshold Test Result

Anomaly Detection Rule

Augmented Plant

Effects:
• Any input attack ua (k) will be reflected on the auxiliary.
• The effects on the auxiliary is unknown and it cannot be canceled
with y a (k). Fall 2020 29 / 40
Moving Target Advantage vs Drawback

• Advantage: Stealthy covert attacks are avoided

• Drawback: We need computation capabilities on the plant side. A
secret seed γ needs to be shared between the plant and the
state-estimator. More data are transmitted in the measurement
channel.
+ Controller

State Estimation
Plant Model for the Augmented Plant

Time-Varying (randomly) Residual Generation

Auxiliary Dynamics (Not Real, Emulated)

Threshold Test Result

Anomaly Detection Rule

Augmented Plant

Fall 2020 30 / 40
Final Remarks

Fall 2020 31 / 40
Security of Smart Grid and CPS

• In Smart Grid, or in general in CPSs, IT security tools and Control

System techniques can be both leveraged to detect cyber-attacks.
• Several detection strategies exists to detect the presence of cyber
attacks, however, the integration of cyber and physical tools is still
a research topic.
• The resiliency of Smart Grid/CPS under attack is a hot research
topic. There are very few solutions, and most of them are not
widely recognized or too specific (targeting specif problems).

Fall 2020 32 / 40
INSE 6640 - Overview

Background and Privacy problem in Netowked Attacks

Securing the SCADA Systems Fedback Control
Preliminaries on Hacking the Smart Grid
Smart Grid Smart Grid Modeling System Operations against CPS
Smart Grids

- Introduction to - Scanning, Enumera- -Advanced Metering Security Models for - Networked Con- - Cyber-attack
- Control Design
Smart Grid tion, Penetration, and Infrastructure and Smart Grid trol System classification and
Infection Privacy Concerns abstraction modeling
- State Estimator
- Smart Grid Archi- - NISTIR 7628 Design and Bad
tecture - Vulnerabilities (De- - Techniques for smart - ISA 99/IEC 62443 - Plant Model - Intelligent attacks
Data Detector
vice Vulnerabilities, metering privacy (zone and conduit Design
- Smart Grid Vulner- Protocol Vulnerabili- protection model) - Stealthy attack
abilities to cyber-at- ties) against state-esti-
tacks mation in Smart
- Attack Tools Grid

- Attack Methods - Itroduction to

advancced attack
detection strategies

Fall 2020 33 / 40
Final Exam - Content (boxes)

Background and
Preliminaries on Privacy problem in Securing the SCADA Systems Fedback Control Netowked Attacks
Hacking the Smart Grid
Smart Grids Smart Grid Smart Grid Modeling System Operations against CPS

- Introduction to - Scanning, Enumera- -Advanced Metering Security Models for - Networked Con- - Cyber-attack
- Control Design
Smart Grid tion, Penetration, and Infrastructure and Smart Grid trol System classification and
Infection Privacy Concerns abstraction modeling
- State Estimator
- Smart Grid Archi- - NISTIR 7628 Design and Bad
tecture - Vulnerabilities (De- - Techniques for smart - ISA 99/IEC 62443 - Plant Model - Intelligent attacks
Data Detector
vice Vulnerabilities, metering privacy (zone and conduit Design
- Smart Grid Vulner- Protocol Vulnerabili- protection model) - Stealthy attack
abilities to cyber-at- ties) Lectures 7-8 against state-esti-
tacks mation in Smart
- Attack Tools Grid
Lectures 1-2 - Attack Methods - Itroduction to
advancced attack
Lectures 3-6 detection strategies

Lectures 9-11

Fall 2020 34 / 40
Sample Questions

Fall 2020 35 / 40
Question 1

• Given a discrete-time linear dynamical system, under which

condition can we correctly estimate the state space vector x from
the available measurements and control inputs?

Fall 2020 36 / 40
Question 2

• According to Moving Target Idea and to the scheme below, what

do we need to keep secret?
+ Controller

State Estimation
Plant Model for the Augmented Plant

Time-Varying (randomly) Residual Generation

Auxiliary Dynamics (Not Real, Emulated)

Threshold Test Result

Anomaly Detection Rule

Augmented Plant

2 The Plant
2 The Controller, the Plant, the State Estimator, and the Anomaly
Detector
2 The Detection threshold
2 The Seed
Fall 2020 37 / 40
Question 3

• What is the idea behind watermarked control inputs? What are the
drawbacks and advantages?

Fall 2020 38 / 40
 Thank you!
Grazie!← in Italian
Good Luck with the Project and Final!

Fall 2020 39 / 40
References I

S. R. Smith
A decoupled feedback structure for covertly appropriating networked control
systems
IFAC Proceedings, 44.1, 90–95, 2011.

Y. Mo, B. Sinopoli
Secure control against replay attacks
IEEE Allerton Conference, pp. 911–918, 2009.

S. Weerakkody, B. Sinopoli
Detecting integrity attacks on control systems using a moving target approach
IEEE 54th Annual Conference on Decision and Control (CDC), 2015.

C. Schellenberger, P. Zhang
Detection of covert attacks on cyber-physical systems by extending the system
dynamics with an auxiliary system
IEEE 56th Annual Conference on Decision and Control (CDC) 2017

Fall 2020 40 / 40