TY - GEN
T1 - Revisiting a Watermark-based Detection Scheme to Handle Cyber-Physical Attacks
AU - Rubio-Hernán, José
AU - De Cicco, Luca
AU - García-Alfaro, Joaquín
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/12/14
Y1 - 2016/12/14
N2 - We address detection of attacks against cyber-physical systems. Cyber-physical systems are industrial control systems upgraded with novel computing, communication and interconnection capabilities. In this paper we reexamine the security of a detection scheme proposed by Mo and Sinopoli (2009) and Mo et al. (2015). The approach complements the use of Kalman filters and linear quadratic regulators, by adding an authentication watermark signal for the detection of integrity attacks. We show that the approach only detects cyber adversaries, i.e., attackers with the ability to eavesdrop information from the system, but that do not attempt to acquire any knowledge about the system model itself. The detector fails at covering cyber-physical adversaries, i.e., attackers that, in addition to the capabilities of the cyber adversary, are also able to infer the system model to evade the detection. We discuss an enhanced scheme, based on a multi-watermark authentication signal, that properly detects the two adversary models.
AB - We address detection of attacks against cyber-physical systems. Cyber-physical systems are industrial control systems upgraded with novel computing, communication and interconnection capabilities. In this paper we reexamine the security of a detection scheme proposed by Mo and Sinopoli (2009) and Mo et al. (2015). The approach complements the use of Kalman filters and linear quadratic regulators, by adding an authentication watermark signal for the detection of integrity attacks. We show that the approach only detects cyber adversaries, i.e., attackers with the ability to eavesdrop information from the system, but that do not attempt to acquire any knowledge about the system model itself. The detector fails at covering cyber-physical adversaries, i.e., attackers that, in addition to the capabilities of the cyber adversary, are also able to infer the system model to evade the detection. We discuss an enhanced scheme, based on a multi-watermark authentication signal, that properly detects the two adversary models.
KW - Adversary model
KW - Attack detection
KW - Attack mitigation
KW - Critical infrastructures
KW - Cyber-physical security
KW - Networked control system
U2 - 10.1109/ARES.2016.2
DO - 10.1109/ARES.2016.2
M3 - Conference contribution
AN - SCOPUS:85015276052
T3 - Proceedings - 2016 11th International Conference on Availability, Reliability and Security, ARES 2016
SP - 21
EP - 28
BT - Proceedings - 2016 11th International Conference on Availability, Reliability and Security, ARES 2016
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 11th International Conference on Availability, Reliability and Security, ARES 2016
Y2 - 31 August 2016 through 2 September 2016
ER -