2022 |
Hyungbo Shim / Juhoon Back / Yongsoon Eun / Gyunghoon Park / Jihan Kim Zero-dynamics Attack, Variations, and Countermeasures Book Chapter In: Hideaki Ishii; Quanyan Zhu (Ed.): Security and Resilience of Control Systems, vol. 489, Chapter 2, pp. 31–61, Springer Cham, 1, 2022, ISBN: 978-3-030-83236-0. Abstract | Links | BibTeX | Tags: Cyber-physical systems, Security, Zero-dynamics @inbook{nokey,This chapter presents an overview of actuator attacks that exploit zero dynamics, and countermeasures against them. First, zero-dynamics attack is reintroduced based on a canonical representation called normal form. Then it is shown that the target dynamic system is at elevated risk if the associated zero dynamics is unstable. From there on, several questions are raised in series to ensure when the target system is immune to an attack of this kind. The first question is: Is the target system secure from zero-dynamics attack if it does not have any unstable zeros? An answer provided for this question is: No, the target system may still be at risk due to another attack surface emerging in the process of implementation. This is followed by a series of questions, and in the course of providing answers, variants of the classic zero-dynamics attack are presented, from which the vulnerability of the target system is explored in depth. In the end, countermeasures are proposed to render the attack ineffective. Because it is known that zero dynamics in continuous-time systems cannot be modified by feedback, the main idea of the countermeasure is to relocate any unstable zero to a stable region in the stage of digital implementation through modified digital samplers and holders. Adversaries can still attack actuators, but due to the relocated zeros, they are of little use in damaging the target system. |
2020 |
Joowon Lee / Junsoo Kim / Hyungbo Shim Zero-Dynamics Attack on Homomorphically Encrypted Control System Proceedings Article In: Proc. of 20th International Conference on Control, Automation and Systems (ICCAS), pp. 385-390, IEEE, Busan, Korea, 2020, ISBN: 978-89-93215-20-5. Abstract | Links | BibTeX | Tags: Controller encryption, Cyber-physical systems, Homomorphic encryption, Zero-dynamics @inproceedings{LeeKimShim20,Against recent cyber-attack strategies on networked control systems which commonly utilize information of control data, the notion of encrypted control system has been introduced, to protect private data in the network layer by encryption. However, even though the adversary cannot learn the information from the encrypted control signals or parameters, it is known that their values can be manipulated by the adversaries, based on homomorphic property of the cryptosystem. In this paper, we demonstrate that the injection of zero-dynamics attack is possible even for encrypted control systems. By injecting an attack signal, generated with knowledge of the plant model, directly on the encrypted controller output being transmitted to the actuator, we show that it disrupts the plant state while it is undetectable from the input and output of the controller. Simulation results are presented to demonstrate the effectiveness of the proposed attack. |
Jihan Kim / Juhoon Back / Gyunghoon Park / Chanhwa Lee / Hyungbo Shim / Petros G. Voulgaris Neutralizing zero dynamics attack on sampled-data systems via generalized holds Journal Article In: Automatica, vol. 113, pp. 108778, 2020, ISSN: 0005-1098. Abstract | Links | BibTeX | Tags: Cyber-physical system, Sampled-data control system, Secure control system, System security, Zero-dynamics @article{Kim20,Zero dynamics attacks can be lethal to cyber–physical systems because they can be harmful to physical plants and impossible to detect. Fortunately, if the given continuous-time physical system is minimum phase, the attack is not so effective even if it cannot be detected. However, the situation can become unfavorable if one uses digital control by sampling the sensor measurement and using a zero-order hold for actuation because of the ‘sampling zeros.’ When the continuous-time system has a relative degree greater than two and the sampling period is small, the sampled-data system must have unstable zeros (even if the continuous-time system is minimum phase), so that the cyber–physical system becomes vulnerable to ‘sampling zero dynamics attack.’ In this paper, we present an idea to neutralize the zero dynamics attack for single-input and single-output sampled-data systems by shifting the unstable discrete-time zeros into stable ones. This idea is realized by employing the so-called ‘generalized hold’ which replaces a standard zero-order hold. It is shown that, under mild assumptions, a generalized hold exists which places the discrete-time zeros at desired positions. Furthermore, we formulate the design problem as an optimization problem whose performance index is related to the inter-sample behavior of the physical plant, and propose an optimal gain which alleviates the performance degradation caused by generalized hold as much as possible. |
2019 |
Jongsoo Ha / Hyungbo Shim Study on Realizable Generalized Hold Functions As a Countermeasure against Zero Dynamics Attack Proceedings Article In: Proc. of 2019 IEEE 58th Conference on Decision and Control, pp. 5362-5367, IEEE, Nice, France, 2019. Abstract | Links | BibTeX | Tags: Generalized hold, Zero-dynamics @inproceedings{HaShim19,Zero dynamics attacks are known to be lethal in the sense that they are stealthy in principle and are not detected from output measurements. Therefore, instead of detecting the zero dynamics attacks, an idea to mitigate the effect of the zero dynamics attack has been proposed recently, which is to enforce the zeros to become stable by changing the zero-order hold to a generalized hold in the sampled data framework. Once all the zeros become stable, then even if the zero dynamics attack is engaged, its effect on the plant is negligible. However, it was observed that the amplitude of the generalized hold becomes unrealistically large in some cases, which leads to a large input to the physical plant. This paper studies this phenomenon at a deeper level and figures out that changing the intrinsic zeros requires an excessively large amplitude of the generalized hold while changing the sampling zeros can be done with a reasonable amplitude. |
2018 |
Gyunghoon Park / Chanhwa Lee / Hyungbo Shim On Stealthiness of Zero-dynamics Attacks against Uncertain Nonlinear Systems: A Case Study with Quadruple-tank Process Proceedings Article In: Proc. of 23rd International Symposium on Mathematical Theory of Networks and Systems, pp. 10-17, Hong Kong, 2018. Abstract | Links | BibTeX | Tags: Zero-dynamics @inproceedings{ParkLeeShim18,This paper studies the problem of constructing a zero-dynamics attack on “nonlinear and uncertain” cyberphysical systems being of non-minimum phase, particularly for the case of the quadruple-tank rocess. In most of the previous works, the zero-dynamics attack is usually designed by linearizing the nonlinear system at an operating point. As a consequence, the stealthiness of the attack may be easily violated whenever the plant has even small model uncertainty or the state trajectory under the attack moves too far from the operating point (so that the linearization is not accurate enough). Without relying on the linearization of the plant at all, in this paper we propose a nonlinear zero-dynamics attack based on the Byrnes-Isidori normal form representation. In particular, it is shown via the Lyapunov analysis that the proposed attack for the quadruple-tank process always remains stealthy until some of the tanks become empty or overflow even in the presence of small parametric uncertainty, which cannot be ensured by the existing methods. Simulation results are presented to verify the performance of the proposed attack. |
List of English Publication
2022 |
Zero-dynamics Attack, Variations, and Countermeasures Book Chapter In: Hideaki Ishii; Quanyan Zhu (Ed.): Security and Resilience of Control Systems, vol. 489, Chapter 2, pp. 31–61, Springer Cham, 1, 2022, ISBN: 978-3-030-83236-0. |
2020 |
Zero-Dynamics Attack on Homomorphically Encrypted Control System Proceedings Article In: Proc. of 20th International Conference on Control, Automation and Systems (ICCAS), pp. 385-390, IEEE, Busan, Korea, 2020, ISBN: 978-89-93215-20-5. |
Neutralizing zero dynamics attack on sampled-data systems via generalized holds Journal Article In: Automatica, vol. 113, pp. 108778, 2020, ISSN: 0005-1098. |
2019 |
Study on Realizable Generalized Hold Functions As a Countermeasure against Zero Dynamics Attack Proceedings Article In: Proc. of 2019 IEEE 58th Conference on Decision and Control, pp. 5362-5367, IEEE, Nice, France, 2019. |
2018 |
On Stealthiness of Zero-dynamics Attacks against Uncertain Nonlinear Systems: A Case Study with Quadruple-tank Process Proceedings Article In: Proc. of 23rd International Symposium on Mathematical Theory of Networks and Systems, pp. 10-17, Hong Kong, 2018. |