Physical Authentication of Control Systems: Designing Watermarked Control Inputs to Detect Counterfeit Sensor Outputs

摘要

Cyberphysical systems (CPSs) refer to the embedding of widespread sensing, networking, computation, and control into physical spaces with the goal of making them safer, more efficient, and reliable. Driven by the miniaturization and integration of sensing, communication, and computation in cost-efficient devices, CPSs are bound to transform industries such as aerospace, transportation, built environments, energy, health care, and manufacturing, to name a few. This great opportunity, unfortunately, is matched by even greater challenges. Taming the complexity of design and analysis of these systems poses a fundamental problem as a new paradigm is needed to bridge various scientific domains, which, through the years, have developed significantly different formalisms and methodologies. In addition, while the use of dedicated communication networks has so far sheltered systems from the outside world, use of off-the-shelf networking and computing, combined with the unattended operation of a plethora of devices, provides several opportunities for malicious entities to inject attacks on CPSs. A wide variety of motivations exists for launching an attack on CPSs, ranging from economic reasons, such as obtaining a financial gain, all the way to terrorism, for instance, threatening an entire population by manipulating life-critical resources. Any attack on safety-critical CPSs may significantly hamper the economy and lead to the loss of human lives. While the threat of attacks on CPSs tends to be underplayed at times, the Stuxnet worm provided a clear example of the possible future to come. This malware, targeting a uranium enriching facility in Iran, managed to reach the supervisory control and data acquisition (SCADA) system controlling the centrifuges used in the enrichment process. Stuxnet modified the control system, increasing pressure in the centrifuges in a first version of the worm and spinning centrifuges in an erratic fashion in a second version. As a result, Stuxne- caused significant damage to the plant [1]. For details, see "The Stuxnet Attack."