(452a) Cyber-Security with Dynamic Watermarking for Process Control Systems

AIChE
2019

normal">

normal">Title: Cyber-security with
Dynamic Watermarking for Process Control Systems

background:white">Abstract:

text-indent:.5in;background:white">While advances in information
and communication technologies have resulted in greater flexibility,
scalability, interoperability, and easy administration of process control
systems, they have also enabled adversaries to exploit network or software
vulnerabilities to subvert sensors or actuators in process control. Adversarial
intruders can hack into the system through open networks and conduct malicious
attacks to cause critical damage to the entire system.

text-indent:.5in;background:white">In this paper, we
address the problem of cyber-security for process control systems. We
specifically address the problem of attacks on sensor measurements. When
incorrect sensor measurements are used in feedback control loops, it can lead
to incorrect actuation that cause instabilities or degrade performance,

text-indent:.5in;background:white">We investigate a general-purpose
solution called ÒDynamic WatermarkingÓ to detect tampering with sensor
measurements. It is shown in [1] that this technique can be used to secure linear
stochastic systems in the presence of malicious or sensor nodes or compromised
sensor measurements. In [2], it has been shown that Dynamic Watermarking can
detect attacks on autonomous vehicles. In this paper, we present experimental
results on employing Dynamic Watermarking and demonstrate that it can indeed
secure a coupled water tank system against attacks on sensor measurements,
including a stealthy attack and a replay attack.

text-indent:.5in;background:white">

text-indent:.5in;background:white">

background:white">            The
fundamental idea of the Dynamic Watermarking mechanism is that actuator nodes superimpose
a small private excitation signal on the actuation commands. This additive
private excitation signal to the ÒPlantÓ (i.e., the Process Control System)
results causes a change in the measurements made Sensor Nodes, in comparison to
what they would be if they were absent. However, by compromising a Sensor Node,
or intercepting a packet carrying the sensor measurement as it is being
transported over the network, a malicious agent can report an incorrect sensor
measurement to be reported to the Actuator. To detect such malicious attacks on
sensor measurements, we design an ÒAttack DetectorÓ that examines if the
reported sensor measurements are in conformity with the secret excitation
signal. Specifically, it conducts two statistical watermark tests on the
signals received inputs. It is shown in [1] that the Attack Detector can detect
such malicious activity.

text-indent:.5in;background:white">In this paper, we
experimentally demonstrate that dynamic watermarking mechanism can be used to
detect attacks on sensors in process control systems. We use a representative
process control system, a coupled water tanks system. It has two tanks and a
basin. The tanks and the basin are cascaded vertically, so that the upper tank
feeds the lower tank whose water flows down into the basin. The control
objective is to maintain the water level of the lower tank at a specified
set-point by controlling the voltage of the pump which drives the water from
the basin up to the upper tank. The pressure sensors provide a controller with
the level of water in each tank as a feedback.     

text-indent:.5in">We experimentally demonstrate this by considering
two different sensor attacks. The first attack scenario is a stealthy attack. The
attacker uses a model of the system dynamics to make simulated measurements, and
reports the simulated measurements rather than the real measurements. The
second one is a replay attack, where an attacker stores a series of past measurements
and replays them. It is this attack that was reportedly used in the Stuxnet
attack [2].

text-indent:.5in">

text-indent:.5in">First, we implement each attack and show that
each leads to the failure of the water tank control
system. When an attack begins, the fake measurements are delivered to a controller
component stabilizing the water levels in the tanks, thereby, causing overflows
in the water tanks.

text-indent:.5in">Next, we employ Dynamic Watermarking to secure
the coupled water tank system. It examines the purity of the reported
measurements by checking if they are appropriately correlated with the imposed watermark
signals. If the statistics of the measurements fail the tests of the Dynamic
Watermarking by exceeding predefined thresholds, the system concludes that the
watermarks were distorted or removed, and it halts the entire process for
system safety, preventing system failure. We present experimental results showing
that the Dynamic Watermarking mechanism indeed detects the malicious sensor
attacks, and thus secures the process control system.    

text-indent:.5in;background:white">We further thoroughly analyze
the relationship between the detection performance, such as the detection rate
and false alarm ratio, and the parameters of the Dynamic Watermarking mechanism.
We show that for quickly detecting a malicious sensor, one can reduce the size
of the thresholds or decrease the number of measurement samples of the
statistics for the Dynamic Watermarking tests.

line-height:115%">

normal">References:

[1]
Satchidanandan, B., & Kumar, P. R. (2017). Dynamic watermarking: Active
defense of networked cyberÐphysical systems. Proceedings of the IEEE, 105(2),
219-240.

[2]
Ko, W., Satchidanandan, B., and Kumar, P. R. (2016).
Theory and Implementation of Dynamic Watermarking for Cybersecurity of Advanced
Transportation Systems, IEEE CNS CPS-Sec workshop, pp. 235-239, Philadelphia,
Oct.

[3]
Langner, Ralph,
https://www.langner.com/wp-content/uploads/2017/03/to-kill-a-centrifuge.pdf