2022 |
Hyungbo Shim / Juhoon Back / Yongsoon Eun / Gyunghoon Park / Jihan Kim Zero-dynamics Attack, Variations, and Countermeasures Book Chapter In: Hideaki Ishii; Quanyan Zhu (Ed.): Security and Resilience of Control Systems, vol. 489, Chapter 2, pp. 31–61, Springer Cham, 1, 2022, ISBN: 978-3-030-83236-0. Abstract | Links | BibTeX | Tags: Cyber-physical systems, Security, Zero-dynamics @inbook{nokey, This chapter presents an overview of actuator attacks that exploit zero dynamics, and countermeasures against them. First, zero-dynamics attack is reintroduced based on a canonical representation called normal form. Then it is shown that the target dynamic system is at elevated risk if the associated zero dynamics is unstable. From there on, several questions are raised in series to ensure when the target system is immune to an attack of this kind. The first question is: Is the target system secure from zero-dynamics attack if it does not have any unstable zeros? An answer provided for this question is: No, the target system may still be at risk due to another attack surface emerging in the process of implementation. This is followed by a series of questions, and in the course of providing answers, variants of the classic zero-dynamics attack are presented, from which the vulnerability of the target system is explored in depth. In the end, countermeasures are proposed to render the attack ineffective. Because it is known that zero dynamics in continuous-time systems cannot be modified by feedback, the main idea of the countermeasure is to relocate any unstable zero to a stable region in the stage of digital implementation through modified digital samplers and holders. Adversaries can still attack actuators, but due to the relocated zeros, they are of little use in damaging the target system. |
2020 |
Joowon Lee / Junsoo Kim / Hyungbo Shim Zero-Dynamics Attack on Homomorphically Encrypted Control System Proceedings Article In: Proc. of 20th International Conference on Control, Automation and Systems (ICCAS), pp. 385-390, IEEE, Busan, Korea, 2020, ISBN: 978-89-93215-20-5. Abstract | Links | BibTeX | Tags: Controller encryption, Cyber-physical systems, Homomorphic encryption, Zero-dynamics @inproceedings{LeeKimShim20, Against recent cyber-attack strategies on networked control systems which commonly utilize information of control data, the notion of encrypted control system has been introduced, to protect private data in the network layer by encryption. However, even though the adversary cannot learn the information from the encrypted control signals or parameters, it is known that their values can be manipulated by the adversaries, based on homomorphic property of the cryptosystem. In this paper, we demonstrate that the injection of zero-dynamics attack is possible even for encrypted control systems. By injecting an attack signal, generated with knowledge of the plant model, directly on the encrypted controller output being transmitted to the actuator, we show that it disrupts the plant state while it is undetectable from the input and output of the controller. Simulation results are presented to demonstrate the effectiveness of the proposed attack. |
Jin Gyu Lee / Junsoo Kim / Hyungbo Shim Fully distributed resilient state estimation based on distributed median solver Journal Article In: IEEE Transactions on Automatic Control, vol. 65, no. 9, pp. 3935-3942, 2020, ISSN: 0018-9286. Abstract | Links | BibTeX | Tags: Analytical redundancy, Attack detection, Attack resilience, Blended dynamics, Cyber-physical systems, Heterogeneous multi-agents, Resilient state estimation, Strong coupling @article{Lee20b, In this article, we present a scheme of fully distributed resilient state estimation for linear dynamical systems under sensor attacks. The proposed state observer consists of a network of local observers, where each of them utilizes local measurements and information transmitted from the neighbors. As a fully distributed scheme, it does not necessarily collect a majority of sensing data for the sake of attack identification, whereas the compromised sensors are eventually identified by the distributed network and excluded from the observers. For this, the overall network (not the individual local observer) is assumed to have redundant sensors and assumed to be connected. The proposed scheme is based on a novel design of a distributed median solver, which approximately recovers the median value of local estimates. |
2018 |
Jiyeon Nam / Gyunghoon Park / Taekyoo Kim / Hyungbo Shim A Posteriori Detection of Moment of Attack on Cyber-physical Systems: A Back-and-forth Observer Approach Proceedings Article In: Proc. of 7th IFAC Workshop on Distributed Estimation and Control in Networked System, pp. 188-193, IFAC IFAC, Netherlands, 2018. Abstract | Links | BibTeX | Tags: Cyber-physical systems @inproceedings{NamParkKimShim18, In this paper, we address the problem of finding the moment at which an attack to a cyber-physical system initiates, which we call the “moment of attack.” The proposed algorithm is not a real-time method, but the search is performed a posteriori. Nevertheless, the problem becomes of particular interest for forensic evidence, or for high-cost manufacturing processes. In fact, when a production system is attacked, the manufactured output before the attack does not have to be discarded if exact time of the attack is found. To tackle the problem for “temporarily stealthy” sensor attack of polynomial types (with which the conventional real-time anomaly detectors hardly estimate the moment of attack), we propose a batch-type detection algorithm for the moment of attack via the back-and-forth observer approach. |
List of English Publication
2022 |
Zero-dynamics Attack, Variations, and Countermeasures Book Chapter In: Hideaki Ishii; Quanyan Zhu (Ed.): Security and Resilience of Control Systems, vol. 489, Chapter 2, pp. 31–61, Springer Cham, 1, 2022, ISBN: 978-3-030-83236-0. |
2020 |
Zero-Dynamics Attack on Homomorphically Encrypted Control System Proceedings Article In: Proc. of 20th International Conference on Control, Automation and Systems (ICCAS), pp. 385-390, IEEE, Busan, Korea, 2020, ISBN: 978-89-93215-20-5. |
Fully distributed resilient state estimation based on distributed median solver Journal Article In: IEEE Transactions on Automatic Control, vol. 65, no. 9, pp. 3935-3942, 2020, ISSN: 0018-9286. |
2018 |
A Posteriori Detection of Moment of Attack on Cyber-physical Systems: A Back-and-forth Observer Approach Proceedings Article In: Proc. of 7th IFAC Workshop on Distributed Estimation and Control in Networked System, pp. 188-193, IFAC IFAC, Netherlands, 2018. |