Secure cyber-physical systems

Cyber-physical systems regulating critical infrastructures, such as electrical grids and water networks, are increasingly geographically distributed, necessitating communication between remote sensors, actuators and controllers. The combination of networked computational and physical subsystems leads to new security vulnerabilities that adversaries can exploit with devastating consequences. A synchronized attack on the interdependent network components and physical plants can create complex and new security vulnerabilities that cannot be addressed by securing the constituent systems individually.

This project takes a holistic view by utilizing the properties of physical systems to design new secure protocols and architectures for cyber-physical systems (CPS) through a unified conceptual framework, which uses models for the physical system and the communication/computation network to define precise attack models and vulnerabilities. These mathematical models are used to design algorithms and protocols with provable operational security guarantees, thus enabling the design of more trustworthy architectures and components. The algorithms, protocols, and architectures are validated on CPS testbeds targeting building, automobile, and smart-grid applications. Additionally, the research is being integrated into the curriculum via the creation of novel coursework combining the underlying control, information theory, cryptography, and embedded system concepts.

By improving the protection of critical cyber-physical infrastructure against emerging threats, this research is expected to provide direct socio-economic benefits, ranging from individual organizations to a national scale. The inter-disciplinary team of this project will integrate teaching and curriculum development with the research, contributing to the training of a new generation of engineers well versed in the design of trustworthy cyber-physical systems.


  1. Download: mishra_secure.pdf 
  2. Download: mehrdad_cdc16.pdf www 
  3. Download: sse_mskdt.pdf 
  4. Download: pycra.pdf 
  5. Download: shaunak_cdc.pdf 
  6. Download: on Arxiv 
    The vast majority of today's critical infrastructure is supported by numerous feedback control loops and an attack on these control loops can have disastrous consequences. This is a major concern since modern control systems are becoming large and decentralized and thus more vulnerable to attacks. This paper is concerned with the estimation and control of linear systems when some of the sensors or actuators are corrupted by an attacker. We give a new simple characterization of the maximum number of attacks that can be detected and corrected as a function of the pair (A,C) of the system and we show in particular that it is impossible to accurately reconstruct the state of a system if more than half the sensors are attacked. In addition, we show how the design of a secure local control loop can improve the resilience of the system. When the number of attacks is smaller than a threshold, we propose an efficient algorithm inspired from techniques in compressed sensing to estimate the state of the plant despite attacks. We give a theoretical characterization of the performance of this algorithm and we show on numerical simulations that the method is promising and allows to reconstruct the state accurately despite attacks. Finally, we consider the problem of designing output-feedback controllers that stabilize the system despite sensor attacks. We show that a principle of separation between estimation and control holds and that the design of resilient output feedback controllers can be reduced to the design of resilient state estimators.
  7. Download: security_cdc.pdf 
    We consider the problem of estimation and control of a linear system when some of the sensors or actuators are attacked by a malicious agent. In our previous work [1] we studied systems with no control inputs and we formulated the estimation problem as a dynamic error correction problem with sparse attack vectors. In this paper we extend our study and look at the role of inputs and control. We first show that it is possible to increase the resilience of the system to attacks by changing the dynamics of the system using state-feedback while having (almost) total freedom in placing the new poles of the system. We then look at the problem of stabilizing a plant using output-feedback despite attacks on sensors, and we show that a principle of separation of estimation and control holds. Finally we look at the effect of attacks on actuators in addition to attacks on sensors: we characterize the resilience of the system with respect to actuator and sensor attacks and we formulate an efficient optimization-based decoder to estimate the state of the system despite attacks on actuators and sensors.
  8. Abstract:
    We consider the problem of state-estimation of a linear dynamical system when some of the sensor measurements are corrupted by an adversarial attacker. The errors injected by the attacker in the sensor measurements can be arbitrary and are not assumed to follow a specific model (in particular they can be of arbitrary magnitude). We first characterize the number of attacked sensors that can be tolerated so that the state of the system can still be correctly recovered by any decoding algorithm. We then propose a specific computationally feasible decoding algorithm and we give a characterization of the number of errors this decoder can correct. For this we use ideas from compressed sensing and error correction over the reals and we exploit the dynamical nature of the problem. We show using numerical simulations that this decoder performs very well in practice and allows to correct a large number of errors.