A Zonotopic-Based Watermarking Design to Detect Replay Attacks

Carlos Trapiello; Vicenç Puig

doi:10.1109/JAS.2022.105944

Volume 9 Issue 11

Nov. 2022

IEEE/CAA Journal of Automatica Sinica

JCR Impact Factor: 7.847, Top 10% (SCI Q1)

CiteScore: 13.0, Top 5% (Q1)
Google Scholar h5-index: 64， TOP 7

Turn off MathJax

Article Contents

Article Navigation > IEEE/CAA Journal of Automatica Sinica > 2022 > 9(11): 1924-1938

C. Trapiello and V. Puig, “A zonotopic-based watermarking design to detect replay attacks,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 11, pp. 1924–1938, Nov. 2022. doi: 10.1109/JAS.2022.105944

Citation:

C. Trapiello and V. Puig, “A zonotopic-based watermarking design to detect replay attacks,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 11, pp. 1924–1938, Nov. 2022. doi: 10.1109/JAS.2022.105944

C. Trapiello and V. Puig, “A zonotopic-based watermarking design to detect replay attacks,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 11, pp. 1924–1938, Nov. 2022. doi: 10.1109/JAS.2022.105944

Citation:

C. Trapiello and V. Puig, “A zonotopic-based watermarking design to detect replay attacks,” IEEE/CAA J. Autom. Sinica, vol. 9, no. 11, pp. 1924–1938, Nov. 2022. doi: 10.1109/JAS.2022.105944

PDF( 1353 KB)

A Zonotopic-Based Watermarking Design to Detect Replay Attacks

doi: 10.1109/JAS.2022.105944

Carlos Trapiello^,,
Vicenç Puig

Funds: This work was in part supported by the Margarita Salas grant from the Spanish Ministry of Universities funded by the European Union NexGenerationEU, and in part co-funded by the Spanish State Research Agency (AEI) and the European Regional Development Fund (ERFD) through the project SaCoAV (ref. MINECO PID2020-114244RB-I00)

More Information

Author Bio:
Carlos Trapiello received the B.Sc. degree in aerospace engineering from the Universidad Politécnica de Madrid (UPM), Spain, in 2015; and the M.Sc. degree in automatic control & robotics and the Ph.D. degree in control engineering from the Universitat Politècnica de Catalunya-BarcelonaTech (UPC), Spain, in 2018 and 2021, respectively. He is currently on a postdoctoral stay at the UMR 5218 - IMS Laboratory, France

Vicenç Puig received the M.Sc. degree in telecommunications engineering and the Ph.D. degree in automatic control, vision, and robotics from the Universitat Politècnica de Catalunya-BarcelonaTech (UPC), Spain, in 1993 and 1999, respectively. He is currently a Full Professor with the Automatic Control Department, UPC, and a Researcher with the Institut de Robòtica i Informàtica Industrial (IRI), CSIC-UPC. He is also the Director of the Automatic Control Department and the Head of the Research Group on Advanced Control Systems (SAC), UPC. He has developed important scientific contributions in the areas of fault diagnosis and fault-tolerant control, using interval, and linear-parameter-varying models using set-based approaches. He has participated in more than 20 European and national research projects in the last decade. He has also led many private contracts with several companies and has published more than 220 journal articles as well as over 500 contributions in international conference/workshop proceedings. He has supervised over 25 Ph.D. dissertations and over 50 master theses/final projects. He was the General Chair of the third IEEE Conference on Control and Fault-Tolerant Systems (SysTol 2016) and the IPC Chair of IFAC Safeprocess 2018. He is also the Chair of the IFAC Safeprocess TC Committee 6.4
Corresponding author: C. Trapiello was with the Supervision, Safety and Automatic Control Research Center (CS2AC) of the Universitat Politécnica de Catalunya (UPC), Rambla Sant Nebridi, 22, 08222 Terrassa, Spain. He is now with the UMR 5218 - IMS Laboratory, France (e-mail: carlos.trapiello@upc.edu)
¹ Laptop (Intel i7 1.8 GHz, 16 GB RAM) running Windows 10; optimization using Cplex 12.8 [48].
Received Date: 2021-12-22
Revised Date: 2022-01-28
Accepted Date: 2022-02-16

Available Online: 2022-04-24

Abstract

Abstract

This paper suggests the use of zonotopes for the design of watermark signals. The proposed approach exploits the recent analogy found between stochastic and zonotopic-based estimators to propose a deterministic counterpart to current approaches that study the replay attack in the context of stationary Gaussian processes. In this regard, the zonotopic analogous case where the control loop is closed based on the estimates of a zonotopic Kalman filter (ZKF) is analyzed. This formulation allows to propose a new performance metric that is related to the Frobenius norm of the prediction zonotope. Hence, the steady-state operation of the system can be related with the size of the minimal Robust Positive Invariant set of the estimation error. Furthermore, analogous expressions concerning the impact that a zonotopic/Gaussian watermark signal has on the system operation are derived. Finally, a novel zonotopically bounded watermark signal that ensures the attack detection by causing the residual vector to exit the healthy residual set during the replay phase of the attack is introduced. The proposed approach is illustrated in simulation using a quadruple-tank process.
- Optimal control,
- physical watermarking,
- replay attack,
- zonotopes

FullText(HTML)

¹ Laptop (Intel i7 1.8 GHz, 16 GB RAM) running Windows 10; optimization using Cplex 12.8 [48].

References(52)

References

[1]	X.-M. Zhang, Q.-L. Han, X. Ge, D. Ding, L. Ding, D. Yue, and C. Peng, “Networked control systems: A survey of trends and techniques,” IEEE/CAA J. Autom. Sinica, vol. 7, no. 1, pp. 1–17, 2019.
[2]	R. Langner, “Stuxnet: Dissecting a cyberwarfare weapon,” IEEE Security &Privacy, vol. 9, no. 3, pp. 49–51, 2011.
[3]	A. A. Cardenas, S. Amin, and S. Sastry, “Secure control: Towards survivable cyber-physical systems,” in Proc. 28th IEEE Int. Conf. Distributed Computing Systems Workshops, 2008, pp. 495–500.
[4]	A. A. Cárdenas, S. Amin, and S. Sastry, “Research challenges for the security of control systems.” in HotSec, 2008.
[5]	A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson, “A secure control framework for resource-limited adversaries,” Automatica, vol. 51, pp. 135–148, 2015. doi: 10.1016/j.automatica.2014.10.067
[6]	F. Pasqualetti, F. Dörfler, and F. Bullo, “Attack detection and identification in cyber-physical systems,” IEEE Trans. Automatic Control, vol. 58, no. 11, pp. 2715–2729, 2013. doi: 10.1109/TAC.2013.2266831
[7]	H. S. Sánchez, D. Rotondo, T. Escobet, V. Puig, and J. Quevedo, “Bibliographical review on cyber attacks from a control oriented perspective,” Annual Reviews in Control, 2019.
[8]	D. Ding, Q.-L. Han, X. Ge, and J. Wang, “Secure state estimation and control of cyber-physical systems: A survey,” IEEE Trans. Systems,Man,and Cybernetics: Systems, vol. 51, no. 1, pp. 176–190, 2020.
[9]	M. Zhu and S. Martinez, “On the performance analysis of resilient networked control systems under replay attacks,” IEEE Trans. Automatic Control, vol. 59, no. 3, pp. 804–808, 2013.
[10]	G. Franzè, F. Tedesco, and D. Famularo, “Resilience against replay attacks: A distributed model predictive control scheme for networked multi-agent systems,” IEEE/CAA J. Autom. Sinica, vol. 8, no. 3, pp. 628–640, 2020.
[11]	Y. Mo and B. Sinopoli, “Secure control against replay attacks,” in Proc. IEEE 47th Annual Allerton Conf. Communication, Control, and Computing, 2009, pp. 911–918.
[12]	Y. Mo, S. Weerakkody, and B. Sinopoli, “Physical authentication of control systems: Designing watermarked control inputs to detect counterfeit sensor outputs,” IEEE Control Systems Magazine, vol. 35, no. 1, pp. 93–109, 2015. doi: 10.1109/MCS.2014.2364724
[13]	H. Liu, Y. Mo, and K. H. Johansson, “Active detection against replay attack: A survey on watermark design for cyber-physical systems,” in Safety, Security and Privacy for Cyber-Physical Systems. Springer, 2021, pp. 145–171.
[14]	R. M. Ferrari and A. M. Teixeira, “Detection and isolation of replay attacks through sensor watermarking,” IFAC-PapersOnLine, vol. 50, no. 1, pp. 7363–7368, 2017. doi: 10.1016/j.ifacol.2017.08.1502
[15]	R. M. Ferrari and A. M. Teixeira, “A switching multiplicative watermarking scheme for detection of stealthy cyber-attacks,” IEEE Trans. Automatic Control, 2020.
[16]	B. Satchidanandan and P. R. Kumar, “Dynamic watermarking: Active defense of networked cyber-physical systems,” Proc. the IEEE, vol. 105, no. 2, pp. 219–240, 2016.
[17]	H. Liu, Y. Mo, J. Yan, L. Xie, and K. H. Johansson, “An online approach to physical watermark design,” IEEE Trans. Automatic Control, vol. 65, no. 9, pp. 3895–3902, 2020. doi: 10.1109/TAC.2020.2971994
[18]	C. Fang, Y. Qi, P. Cheng, and W. X. Zheng, “Optimal periodic watermarking schedule for replay attack detection in cyber–physical systems,” Automatica, vol. 112, p. 108698, 2020.
[19]	F. Miao, M. Pajic, and G. J. Pappas, “Stochastic game approach for replay attack detection,” in Proc. 52nd IEEE Conf. Decision and Control, 2013, pp. 1854–1859.
[20]	A. Khazraei, H. Kebriaei, and F. R. Salmasi, “A new watermarking approach for replay attack detection in lqg systems,” in Proc. IEEE 56th Annu. Conf. Decision and Control, 2017, pp. 5143–5148.
[21]	C. Combastel, “An extended zonotopic and Gaussian Kalman filter (EZGKF) merging set-membership and stochastic paradigms: Toward nonlinear filtering and fault detection,” Annual Reviews in Control, vol. 42, pp. 232–243, 2016. doi: 10.1016/j.arcontrol.2016.07.002
[22]	F. Schweppe, “Recursive state estimation: Unknown but bounded errors and system inputs,” IEEE Trans. Automatic Control, vol. 13, no. 1, pp. 22–28, 1968. doi: 10.1109/TAC.1968.1098790
[23]	V. Puig, “Fault diagnosis and fault tolerant control using set-membership approaches: Application to real case studies,” Int. Journal of Applied Mathematics and Computer Science, vol. 20, no. 4, pp. 619–635, 2010.
[24]	H. Song, P. Shi, C.-C. Lim, W.-A. Zhang, and L. Yu, “Set-membership estimation for complex networks subject to linear and nonlinear bounded attacks,” IEEE Trans. Neural Networks and Learning Systems, vol. 31, no. 1, pp. 163–173, 2019.
[25]	Y. Zhang, Y. Zhu, and Q. Fan, “A novel set-membership estimation approach for preserving security in networked control systems under deception attacks,” Neurocomputing, vol. 400, pp. 440–449, 2020. doi: 10.1016/j.neucom.2019.04.082
[26]	C. Trapiello, V. Puig, and D. Rotondo, “A zonotopic set-invariance analysis of replay attacks affecting the supervisory layer,” Systems & Control Letters, vol. 157, p. 105056, 2021.
[27]	C. Combastel, “Zonotopes and Kalman observers: Gain optimality under distinct uncertainty paradigms and robust convergence,” Automatica, vol. 55, pp. 265–273, 2015. doi: 10.1016/j.automatica.2015.03.008
[28]	D. Bertsekas, Dynamic programming and optimal control: Volume I. Athena scientific, 2012, vol. 1.
[29]	W. H. Fleming and R. W. Rishel, Deterministic and Stochastic Optimal Control. Springer Science & Business Media, 2012, vol. 1.
[30]	B. Z. Temoçin and G.-W. Weber, “Optimal control of stochastic hybrid system with jumps: A numerical approximation,” Journal of Computational and Applied Mathematics, vol. 259, pp. 443–451, 2014. doi: 10.1016/j.cam.2013.10.021
[31]	E. Savku and G.-W. Weber, “A stochastic maximum principle for a Markov regime-switching jump-diffusion model with delay and an application to finance,” Journal of Optimization Theory and Applications, vol. 179, no. 2, pp. 696–721, 2018. doi: 10.1007/s10957-017-1159-3
[32]	T. Başar and P. Bernhard, H-Infinity Optimal Control and Related Minimax Design Problems: A Dynamic Game Approach. Springer Science & Business Media, 2008.
[33]	R. B. Vinter, “Minimax optimal control,” SIAM Journal on Control and Optimization, vol. 44, no. 3, pp. 939–968, 2005. doi: 10.1137/S0363012902415244
[34]	J. Löfberg, Minimax Approaches to Robust Model Predictive Control. Linköping University Electronic Press, 2003, vol. 812.
[35]	C. Trapiello and V. Puig, “Replay attack detection using a zonotopic KF and LQ approach,” in Proc. IEEE Int. Conf. Systems, Man, and Cybernetics, 2020, pp. 3117–3122.
[36]	I. Kolmanovsky and E. G. Gilbert, “Theory and computation of disturbance invariant sets for discrete-time linear systems,” Mathematical Problems in Engineering, vol. 4, no. 4, pp. 317–367, 1998. doi: 10.1155/S1024123X98000866
[37]	F. Blanchini and S. Miani, Set-Theoretic Methods in Control. Springer, 2008.
[38]	C. Combastel, “A state bounding observer for uncertain non-linear continuous-time systems based on zonotopes,” in Proc. 44th IEEE Conf. Decision and Control, 2005, pp. 7228–7234.
[39]	T. Alamo, J. M. Bravo, and E. F. Camacho, “Guaranteed state estimation by zonotopes,” Automatica, vol. 41, no. 6, pp. 1035–1043, 2005. doi: 10.1016/j.automatica.2004.12.008
[40]	M. Pourasghar, V. Puig, and C. Ocampo-Martinez, “Interval observer versus set-membership approaches for fault detection in uncertain systems using zonotopes,” Int. Journal of Robust and Nonlinear Control, vol. 29, no. 10, pp. 2819–2843, 2019. doi: 10.1002/rnc.4523
[41]	Y. Wang, V. Puig, and G. Cembrano, “Set-membership approach and Kalman observer based on zonotopes for discrete-time descriptor systems,” Automatica, vol. 93, pp. 435–443, 2018. doi: 10.1016/j.automatica.2018.03.082
[42]	J. Wang, Y. Shi, M. Zhou, Y. Wang, and V. Puig, “Active fault detection based on set-membership approach for uncertain discrete-time systems,” Int. Journal of Robust and Nonlinear Control, vol. 30, no. 14, pp. 5322–5340, 2020. doi: 10.1002/rnc.5036
[43]	R. R. Bitmead and M. Gevers, “Riccati difference and differential equations: Convergence, monotonicity and stability,” in The Riccati Equation. Springer, 1991, pp. 263–291.
[44]	D. Q. Mayne and W. Schroeder, “Robust time-optimal control of constrained linear systems,” Automatica, vol. 33, no. 12, pp. 2103–2118, 1997. doi: 10.1016/S0005-1098(97)00157-X
[45]	S. Olaru, J. A. De Doná, M. M. Seron, and F. Stoican, “Positive invariant sets for fault tolerant multisensor control schemes,” Int. Journal of Control, vol. 83, no. 12, pp. 2622–2640, 2010. doi: 10.1080/00207179.2010.535215
[46]	S. V. Rakovic, E. C. Kerrigan, K. I. Kouramas, and D. Q. Mayne, “Invariant approximations of the minimal robust positively invariant set,” IEEE Trans. Automatic Control, vol. 50, no. 3, pp. 406–410, 2005. doi: 10.1109/TAC.2005.843854
[47]	K. H. Johansson, “The quadruple-tank process : A multivariable laboratory process with an adjustable zero,” IEEE Trans. Control Syst. Technol., vol. 8, no. 3, pp. 456–465, 2000. doi: 10.1109/87.845876
[48]	I. ILOG, “Cplex optimizer 12.8,” 2018.
[49]	J. D. Hamilton, Time Series Analysis. Princeton university press, 2020.
[50]	M. M. Seron and J. A. De Doná, “Robust fault estimation and compensation for LPV systems under actuator and sensor faults,” Automatica, vol. 52, pp. 294–301, 2015. doi: 10.1016/j.automatica.2014.12.003
[51]	G. H. Golub and C. F. Van Loan, Matrix Computations. JHU press, 2013, vol. 3.
[52]	M. Althoff, O. Stursberg, and M. Buss, “Computing reachable sets of hybrid systems using a combination of zonotopes and polytopes,” Nonlinear Analysis: Hybrid Systems, vol. 4, no. 2, pp. 233–249, 2010. doi: 10.1016/j.nahs.2009.03.009

Supplements(0)

Cited By

Proportional views

Proportional views

通讯作者: 陈斌, bchen63@163.com

1.
沈阳化工大学材料科学与工程学院沈阳 110142

Figures(4) / Tables(2)

Get Citation

PDF

XML

Article Metrics

Article views (315) PDF downloads(83)

Highlights

Proposal of a novel zonotope-based framework for analyzing replay attacks affecting remotely controlled systems
Derivation of optimal expressions regarding the attack detection under zonotope-bounded uncertainties that are analogous to the ones obtained under Gaussian uncertainties
Design of a novel guaranteed replay attack detection method that self-triggers the detection every time the sensor measurements are being replayed

A Zonotopic-Based Watermarking Design to Detect Replay Attacks

doi: 10.1109/JAS.2022.105944

Abstract

References

Proportional views

Catalog

通讯作者: 陈斌, bchen63@163.com

Article Metrics

Highlights

Export File

Citation

Format

Content