week 7 - sensorwebs: security. sensor-based cps: major recent progress philips sand module ucb mm 3...
TRANSCRIPT
Week 7 - SensorWebs: Security
Sensor-based CPS: Major Recent Progress
Philips Sand module
UCB mm3 radio
UCB PicoCube
UCB Telos Mote
[Ref: Ambient Intelligence, W. Weber Ed., 2005]
IIMEC e-Cube
Ubiquitous Instrumentation
• Understanding phenomena:– Data collection for offline analysis
» Environmental monitoring, habitat monitoring
» Structural monitoring
Great Duck Island
Redwoods Wind ResponseOf Golden Gate Bridge
Soil monitoring
25 Motes onDamaged sidewall
Soil monitoring
Vineyards
Sensor Webs Everywhere
• Understanding phenomena:– Data collection for offline analysis
» Environmental monitoring, habitat monitoring
» Structural monitoring
• Detecting changes in the environment:– Thresholds, phase transitions, anomaly detection
» Security systems, surveillance, health care
» Wildfire detection
» Fault detection, threat detection
Fire Response
Health Care
Intel Research
Sensor Web Applications Taxonomy
• Understanding phenomena:– Data collection for offline analysis
» Environmental monitoring, habitat monitoring
» Structural monitoring
• Detecting changes in the environment:– Thresholds, phase transitions, anomaly detection
» Security systems, traffic surveillance
» Wildfire detection
» Fault detection, threat detection
• Real-time estimation and control:– Traffic control, building control, environmental control
– Manufacturing and plant automation, power grids, SCADA networks
– Service robotics, pursuit evasion games, active surveillance, search-and-rescue, and search-and-capture, telesurgery
– Multiple Target Tracking and Pursuit Evasion games
Building Comfort,Smart Alarms
Easier
Difficult
Heterogeneous Sensor Webs
•Low-bandwidth, high-bandwidth, & mobile sensors•Built on Intel Vision Library
UCB/ITRI CITRIC Mote
Major Progress but True Immersion not yet in Reach
Artificial Skin
Smart Objects“Microscopic” Health Monitoring
Interactive Surfaces
Courtesy of Jan Rabaey
“Societal Scale Cyber Physical Systems ”
• Characteristics– Ubiquitous, Pervasive, Disappearing, Perceptive, Ambient
– Always Connectable, Reliable, Scalable, Adaptive, Flexible
• The Emerging Service Models– Intelligent data access and extraction
– Immersion-based work and play
– Environmental control, energy management and safety in “high-performance” homes
– Automotive and avionic safety and control
– Management of metropolitan traffic flows
– Distributed health monitoring
– Power distribution with decentralized energy generation
Industrial Automation
• Motivation: Cost reduction– More than 85% reduction in cost
compared to wired systems (case study by Emerson)
– SCADA (Supervisory Control And Data Acquisition)
• Reliability is the number one issue– Robust estimation: Estimation of
parameters of interest from noisy measurements with high fidelity in the presence of unreliable communication
– Real-time control: A must for mission-critical systems
Random losses in the feedback loop
Sinopoli Schenato Franceschetti
Poolla Sastry Jordan IEEE Trans-AC (2004)
SystemSensor
web
ControllerState
estimator
WirelessMulti-hop
• What happens to the Kalman filter when some sensor readings are lost?
• Can we bound the error covariance
Optimal estimation with intermittent observations
PlantAggregate
SensorState
estimatorCommunication
Network
• Kalman Filter is still the optimal estimator
• We proved the existence of a threshold phenomenon:
maxmin
cmax
cPt
ctt
PtMPE
PPE
|)2| (
11
0condition initialany and 1for ][
0condition initial some and 0for ][lim
0
0
0
Kalman FilterKalman FilterSinopoli Schenato Franceschetti
Poolla Sastry Jordan IEEE Trans-AC (2004)
Optimal control with both intermittent observations and control packets
• What is the minimum arrival probability that guarantees “acceptable” performance of estimator and controller?
• How is the arrival rate related to the system dynamics?
• Can we design estimator and controller independently?
• Are the optimal estimator and controllers still linear?
• Can we provide design guidelines?
PlantAggregate
Sensor
ControllerState
estimator
CommunicationNetwork
CommunicationNetwork
LQG control with intermittent observations and control
PlantAggregate
Sensor
ControllerState
estimator
CommunicationNetwork
CommunicationNetwork
Ack is always
present Ack is
relevant
We’ll group all communication protocols in two classes: TCP-like (acknowledgement is available) UDP-like (acknowledgement is absent)
UDP-like and TCP-like optimal static LQG design
unbounded
1
1bounded
estimator controller
OPTIMAL LQG CONTROL w/ CONSTANT GAINS
Much better performanceof TCP compared to UDP
Diagram of U.S. EnergyUnits: US quads/year
Energy: Supply & DemandDemandSupply
Buildings
Industry
Transportation
3 Major Demand Sectors
Building Operating Platform (BOP) Sensors, Communication, Controls,
Real-Time Optimization for Cost, Energy Use, CO2 Footprint
Building Design Platform (BDP)Tool for Architects to Design New Buildings
With Embedded Energy Analysis
Windows & Lighting
HVAC
Onsite Power & Heat
Natural Ventilation, Indoor Environment
Building Materials
Appliances
Thermal & ElectricalStorage
Building Operating System
Courtesy of Arun Majumdar
Autocad + DoE-2 = Building-EDA?
Components and their model Interconnection of all the components External drivers Observe behavior over time, validate, “what-if”, …
Electricity
Water
Supply Air
People
Waste Water
Return Air
Heat
Cooperative Continuous Reduction
Automated Control
Facility Mgmt
User Demand
Supervisory Control
Community Feedback
High-fidelity visibility
50% reduction over 4 years across the Campus
Closing the Loop!
LochNess*: A Real-Time Sensor Network-Based Control System
Multiple layers of data fusion for robustness and to reduce communication load
* LochNess (Large-scale “On-time” Collaborative Heterogeneous Networked Embedded SystemS). [Oh, Schenato, Chen, Sastry, PIEEE, 2007]
Hierarchical architecture for real-time operation
Multi-Target Tracking (MTT) Problem
• Given– Multiple dynamics and measurement models
– Sensor and clutter (false alarms) models
– Target appearance and disappearance models
– Set of noisy unlabeled observations Y
• Find– Number of targets
– States of all targets
• Requires solutions to both– Data association
– State estimation
Joint Work with Songhwai Oh and Stuart Russell
Fully Polynomial Randomized Approximation Scheme
[Oh, Sastry, ACC 2005]
First data association algorithm with guaranteed error bounds !
Simulation ResultsRobustness against Transmission Failure
• Each single-hop transmission fails with probability (transmission failure rate)
• Tolerates up to 50% lost-to-total packet ratio
Simulation ResultsRobustness against Communication Delay
• Each single-hop transmission gets delayed with probability (communication delay rate)
• Tolerates up to 90% delayed-to-total packet ratio
Sensor Webs in Air Traffic Control
Air Traffic Control*
* [Oh, Hwang, Roy, Sastry AIAA and Oh, Schenato, Chen, and Sastry, Journal of Guidance, Control, and Dynamics (to appear), Hwang, Balakrishnan, Tomlin, IEE
Proceedings]
Vulnerabilities of Cyber-physical systems
• Controllers are computers
• Networked
• Commodity IT solutions
• New functionalities (smart infrastructures)
• Many devices (sensor webs)
• Highly skilled IT global workforce (creating attacks is easier)
• Cybercrime
Jt work with Saurabh Amin and Alvaro Cardenas
Vulnerabilities can be Exploited
2008 Huntington Beach offshore oil platforms
2000 Maroochy Shire sewage control system.
2007 Tehama-Colusa Canal 2007 Cal-ISO power marketing operations
Vulnerabilities can be Exploited
Attacks
Secure Control: What is New and Fundamentally Different?
• So security is important; but are there new research problems, or can problems be solved with – Traditional IT security?
– Fault-tolerant control? Trust and Adversary Model
• Prevention– Authentication, access control, software security, trusted computing,
white listing
• Detection– Intrusion detection systems, anomaly detection
• Resiliency– Separation of duty, least privilege principle
CPS Security vs. Traditional Security
• What is new and fundamentally different in control systems security?
– Model interaction with the physical world
• By modeling the interaction with the physical world we can obtain 3 new research directions
– Threat assessment: how attacker may manipulate control variables to achieve goals and study consequences to the physical system
– Attack-detection by using models of the physical system: Study stealthy attacks (undetected attacks), Ensure safety of any automated response mechanism
– Attack-resilient control algorithms
Our Results in these 3 New Research Topics
• Threat assessment of control systems– Ad Hoc Networks 2009
– Journal of Critical Infrastructure Protection 2009
• Detecting attacks to control systems– Work in progress
– Power grid, chemical reactor etc.
• Resilient control algorithms– HSCC 2009
We focus on “Detection” in the remaining part of this presentation
4 Key Problems
• Estimate model of the physical process
• Propose a detection scheme
• Study stealthy attacks
• Ensure safety of automated response
Case Study: Tennessee Eastman Chemical Reactor
A+B+C
A D
Pressure
A in purge
Product Flow
Detection algorithm: nonparametric CUSUM
Measure the difference between expected and observed behavior:
b is chosen such that
Non-parametric CUSUM:
We work with nonparametri
c change detection statistics
because of plant
nonlinearities
Tuning CUSUM parameters to ensure low false alarm rate and fast detection time
How can an attacker remain undetected?
• Attacker – Wants to be undetected for n time steps
– Wants to maximize the pressure in the tank
• Surge attack
• Bias attack
• Geometric attack
Even Geometric Attacks Cannot Drive the System to An Unsafe State
Conclusion: If an attacker
wants to remain
undetected, she cannot damage
the system
DoS Attack Signatures for Secure Control Problem
Key Ideas from Robust Control
High Confidence CPS Systems:Research Taxonomy
• Robust Inferencing for Control
• Closing the Loop with fault tolerant networked control systems
• Effects of Mobility on Loop Closure
• Graceful Degradation Under Attack: Trustworthy systems
• Key Applications– Process Control and SCADA systems
– Action Webs for Energy Efficient Buildings