This paper describes the motivation, design, analysis and configuration of the criticality-aware multi-hop wireless communication protocol AirTight. Wireless communication has become a crucial part of the infrastructure of many cyber-physical applications. Many of these applications are real-time and also mixed-criticality, in that they have components/subsystems with different consequences of failure. Wireless communication is inevitably subject to levels of external interference. In this paper we represent this interference using a criticality-aware fault model; for each level of temporal interference in the fault model we guarantee the timing behaviour of the protocol (i.e. we guarantee that packet deadlines are satisfied for certain levels of criticality). Although a new protocol, AirTight is built upon existing standards such as IEEE 802.15.4. A prototype implementation and protocol-accurate simulator have been produced. This paper develops a series of schedulability analysis techniques for single-channel and multichannel wireless CPS systems. Heuristics are specified and evaluated as the starting point of design space exploration. Genetic algorithms are then defined and evaluated to assess their performance in developing schedule tables incorporating multichannel allocations in these systems.
Cities are deploying millions of sensors and actuators and developing smart services with sophisticated models and decision-making policies supporting by the Cyber Physical Systems and Internet of Things technologies. The increasing number of sensors collects a large amount of city data from multiple domains. The collected data has great value, but has not yet been fully exploited. Focusing on the domains of transportation, environment, emergency and public safety, energy, and social sensing, this paper carefully reviews the data sets being collected across 14 smart cities and the state-of-the-art work in models and decision making for smart cities. The paper also points out the capabilities, limitations, and challenges regarding data, models and decision making. Five overarching challenges faced today, and that will be further exacerbated in the future, including security, privacy, uncertainty, human in the loop, and economic and social challenges are also discussed.
Many real-world attacks on cyber-physical systems involve physical intrusions to cause direct damage or to facilitate cyber attacks. Hence, in this work, we investigate the security risk of organizations with respect to different adversarial models of physical movement behavior. We study the case where an intrusion detection mechanism is in place to alert the system practitioner when users deviate from their normal movement behavior. We then analyze how different user behaviors may present themselves as different levels of threats in terms of their normal movement behavior within a given building topology. To quantify the difference in movement behavior, we define a WeightTopo metric that takes into account the building topology in addition to the movement pattern. We demonstrate our approach on a railway system case study and show how certain user roles are more vulnerable to attackers in terms of the physical intrusion detection probability when these roles are abused by attackers. We also determine quantitatively the amount of knowledge an attacker needs to possess in order to remain undetected. Certain individual users are found to pose a higher threat, implying the need for customized monitoring.
As vehicles become autonomous and connected, intelligent management techniques can be utilized to operate an intersection without a traffic light. When a Connected Autonomous Vehicle (CAV) approaches an intersection, it shares its status and intended direction with the Intersection Manager (IM), and the IM checks the status of other CAVs and assigns a target velocity/reference trajectory for it to maintain. In practice, however, there is an unknown delay between the time a CAV sends a request to the IM and the moment it receives back the response, namely the Round-Trip Delay (RTD). As a result, the CAV will start tracking the target velocity/reference trajectory later than when the IM expects, which may lead to accidents. In this paper, we present a time-aware approach, Crossroads+, that makes CAVs' behaviors deterministic despite the existence of the unknown RTD. In Crossroads+, we use timestamping and synchronization to ensure the both the IM and the CAVs have the same notion of time. The IM will also set a fixed start time to track the target velocity/reference trajectory for each CAV. The effectiveness of the proposed Crossroads+ technique is illustrated by experiments on a 1/10 scale model of an intersection with CAVs. We also built a simulator to demonstrate the scalability of Crossroads+ for multi-lane intersections. Results from our experiments indicate that our approach can reduce the position uncertainty by 15% in comparison with conventional techniques and achieve up to 36% better throughputs.
Closing feedback loops fast and over long distances is key to emerging cyber-physical applications; for example, robot motion control and swarm coordination require update intervals of tens of milliseconds. Low-power wireless communication technology is preferred for its low cost, small form factor, and flexibility, especially if the devices support multi-hop communication. Thus far, however, feedback control over multi-hop low-power wireless networks has only been demonstrated for update intervals on the order of seconds. To fill this gap, this paper presents a wireless embedded system that supports dynamic mode changes and tames imperfections impairing control performance (e.g., jitter and message loss), and a control design that exploits the essential properties of this system to provably guarantee closed-loop stability for physical processes with linear time-invariant dynamics in the presence of mode changes. Using experiments on a cyber-physical testbed with 20 wireless devices and multiple cart-pole systems, we are the first to demonstrate and evaluate feedback control and coordination with mode changes over multi-hop networks for update intervals of 20 to 50 milliseconds.
Driving while distracted or losing alertness significantly increases the risk of the traffic accident. The emerging Internet of Things (IoT) systems for smart driving hold the promise of significantly reducing road accidents. In particular, Detecting the unsafe hand motions and warning the driver using smart sensors can improve the driver's self-alertness and the driving skill. However, due to the impact from the vehicle's movement and the significant variation across different driving environments, detecting the position of the driver's hand is challenging. This paper presents SafeWatch -- a system based on smartwatches and smartphones, which detects the driver's unsafe behaviors in a real-time manner. SafeWatch infers driver's hand motions based on several important features such as the posture of the driver's forearm and the vibration on the smartwatch. SafeWatch employs a novel adaptive training algorithm which keeps updating the training data set at runtime based on inferred hand positions in certain driving conditions. The evaluation with 75 real driving trips from 6 subjects shows that SafeWatch has a high accuracy over 97.0% for both recall and precision in detection of the unsafe hand positions when the condition lasts for more than 6.0s, as well as over 97.1% recall and over 91.0% precision in detection of the unsafe hand movements when it lasts for more than 2.5s.
The transportation sector is on the threshold of a revolution as advances in real-time communication, real-time computing, and sensing technologies have brought to fruition the capability to build Transportation Cyber-Physical Systems (TCPS). While there are many benefits that TCPSs have to offer, a major challenge that needs to be addressed in order to enable their proliferation is their vulnerability to cyber attacks. Using laboratory demonstrations, we first show how cyber attacks can compromise the safety of a TCPS and cause collisions between vehicles in spite of the presence of collision avoidance algorithms in the system. Then we present a technique called ``Dynamic Watermarking" that can detect any attack on any sensors in such systems. We also establish theoretical guarantees that Dynamic Watermarking provides in the context of transportation cyber-physical systems. We demonstrate the efficacy of Dynamic Watermarking on two TCPS of topical interest - (i) an adaptive cruise control system, and (ii) a system of self-driving vehicles tracking given trajectories. We then apply the approach of Dynamic Watermarking to these systems and show how they restore safety.
Traffic congestion control is pivotal for intelligent transportation systems. Previous works optimize vehicle speed for different objectives such as minimizing fuel consumption and minimizing travel time. However, they overlook the possible congestion generation in the future (e.g., in 5 minutes), which may degrade the performance of achieving the objectives. In this paper, we propose a vehicle Trajectory based driving speed Optimization strategy (TOP) to minimize vehicle travel time and meanwhile avoid generating congestion. Its basic idea is to adjust vehicles' mobility to alleviate road congestion globally. TOP has a framework for collecting vehicles' information to a central server, which calculates the parameters depicting the future road condition (e.g., driving time, vehicle density, and probability of accident). Based on the collected information, the central server also measures the friendship among the vehicles, and considers the delay caused by red traffic signals to help estimating the vehicle density of the road segments. The server then formulates a non-cooperative Stackelberg game considering these parameters, in which when each vehicle aims to minimize its travel time, the road congestion is also proactively avoided. After the Stackelberg equilibrium is reached, the optimal driving speed for each vehicle and the expected vehicle density that maximizes the utilization of the road network are determined. Our real trace analysis confirms some characteristics of vehicle mobility to support the design of TOP. Extensive trace-driven experiments show the effectiveness and superior performance of TOP in comparison with other driving speed optimization methods.
Low-power wireless communication has been widely used in cyber-physical systems which require timecritical data delivery. Achieving this goal is challenging because of link burstiness and interference. Based on significant empirical evidence of 21 days and over 3,600,000 packets transmission per link, we propose both routing and scheduling algorithms that produce latency bounds of the real-time periodic streams and accounts for both link bursts and interference. The solution is achieved through the definition of a new metric Bmax that characterizes links by their maximum burst length, and by choosing a novel least-burst-route that minimizes the sum of worst-case burst lengths over all links in the route. With extensive data-driven analysis, we show that our algorithms outperform existing solutions by achieving accurate latency bound with much less energy consumption. In addition, a testbed evaluation consisting of 48 nodes spread across a floor of a building shows that we obtain 100% reliable packet delivery within derived latency bounds. We also demonstrate how performance deteriorates and discuss its implications for wireless networks with insufficient high-quality links.
Cyber-Physical Systems (CPS) play a significant role in our critical infrastructure networks from power-distribution to utility networks. In fact, the emerging smart-grid concept is an effective critical CPS infrastructure that relies on two-way communications between smart devices to increase efficiency, enhance reliability, and reduce costs. However, compromised devices in the smart grid poses several security challenges. Consequences of propagating fake data or stealing sensitive smart grid information via compromised devices are costly. Hence, an early behavioral detection of compromised devices is critical for protecting smart grid's components and data. To address these concerns, in this paper, we introduce a novel and configurable system-level framework to identify compromised smart grid devices. The framework combines system and function call tracing techniques with signal processing and statistical analysis to detect compromised devices based on their behavioral characteristics. We measure the efficacy of our framework with a realistic smart grid substation testbed that includes both resource-limited and resource-rich devices. In total, using our framework we analyze six different types of compromised device scenarios with different resources and attack payloads. To the best of our knowledge, the proposed framework is the first in detecting compromised CPS smart grid devices with system and function-level call tracing techniques. The experimental results reveal an excellent rate on the detection of the compromised devices. Specifically, performance metrics include accuracy values between 0.95 and 0.99 for the different attack scenarios. Finally, the performance analysis demonstrates that the use of the proposed framework has a minimal overhead on the smart grid devices' computing resources.
In platoon-based vehicular cyber-physical system (PVCPS), a lead vehicle that is responsible for managing the platoon's moving directions and velocity periodically disseminates control messages to the vehicles that follow. Securing wireless transmissions of the messages between the vehicles is critical for privacy and confidentiality of platoon's driving pattern. However, due to the broadcast nature of radio channels, the transmissions are vulnerable to eavesdropping. In this paper, we propose a cooperative secret key agreement (CoopKey) scheme for encrypting/decrypting the control messages, where the vehicles in PVCPS generate a unified secret key based on the quantized fading channel randomness. Channel quantization intervals are optimized by dynamic programming to minimize the mismatch of keys. A platooning testbed is built with autonomous robotic vehicles, where a TelosB wireless node is used for onboard data processing and multi-hop dissemination. Extensive real-world experiments demonstrate that CoopKey achieves significantly low secret bit mismatch rate in a variety of settings. Moreover, the standard NIST test suite is employed to verify randomness of the generated keys, where the p-values of our CoopKey pass all the randomness tests. We also evaluate CoopKey with an extended platoon size via simulations to investigate the effect of system scalability on performance.
Vehicular Ad hoc NETworks (VANET) are becoming popular due to the emergence of the Internet of Things and ambient intelligence applications. In such networks, secure resource sharing functionality is accomplished by incorporating trust schemes. Current solutions adopt peer-to-peer technologies that can cover the large operational area. However, these systems fail to capture some inherent properties of VANETs, such as fast and ephemeral interaction, making robust trust evaluation of crowdsourcing challenging. In this article, we propose MobileTrust ? a hybrid trust-based system for secure resource sharing in VANETs. The proposal is a breakthrough in centralized trust computing that utilizes cloud and upcoming 5G technologies in order to provide robust trust establishment with global scalability. The ad hoc communication is energy-efficient and protects the system against threats that are not countered by the current settings. To evaluate its performance and effectiveness, MobileTrust is modelled in the SUMO simulator and tested on the traffic features of the medium-size German city of Eichstatt. Similar schemes are implemented in the same platform in order to provide a fair comparison. Moreover, MobileTrust is deployed on a typical embedded system platform and applied on a real smart car installation on a FORD FOCUS for monitoring traffic and road-state parameters of an urban application. The proposed system is developed under the EU founded THREAT-ARREST project, to provide security, privacy, and trust in an intelligent and energy-aware transportation scenario, bringing closer the vision of sustainable circular economy.
IIn the last months, the market of personal wearable devices is booming significantly, and, in particular, smartwatches are starting to assume a fundamental role in the Bring Your Own Device (BYOD) arena as well as in the more general Internet of Things (IoT) ecosystem, by acting both as sensitive data sources and as user identity proxies. These new roles, complementing the more traditional personal assistance and telemetry/tracking ones, open new perspectives in their integration in complex IoT-based critical infrastructures such as e-payment, healthcare monitoring and emergency systems, as well as in their usage as remote control facilities in smart services. We argue that this new scenario calls for a strengthened and more resilient authentication of users through these devices, despite their limitations in terms of dimensions and hardware constraints that may significant affect the usability of security mechanisms. In this paper we present an innovative authentication scheme targeted at smartwatches, namely CirclePIN, that provides both resilience to most common attacks and a high level of usability in tests with real users.
This paper introduces RAS, a cyber-physical system that supports individuals with memory limitations to perform daily activities in their own homes. RAS represents a partnership between a smart home, a robot, and software agents. When smart home residents perform activities, RAS senses their movement in the space and identifies the current activity. RAS tracks activity steps to detect omission errors. When an error is detected, the RAS robot searches for an approaches the human with an offer of assistance. Assistance consists of playing a video recording of the entire activity, showing the omitted activity step, or guiding the resident to the object that is required for the current step. We evaluated RAS performance for 54 participants performing three scripted activities in a smart home testbed and for 2 participants using the system over multiple days in their own homes. In the testbed experiment, activity errors were detected with a sensitivity of 0.955 and specificity of 0.992. RAS assistance was performed successfully with a rate of 0.600. In the in-home experiments, activity errors were detected with a combined sensitivity of 0.905 and a combined specificity of specificity of 0.988. RAS assistance was performed successfully for the in-home experiments with a rate of 0.830.
The Internet of Things (IoT) is becoming a backbone of sensing infrastructure to several mission critical applications such as smart health, disaster management, smart cities in distributed networks. Due to resource constrained sensing devices, IoT infrastructures use Edge datacenters (EDCs) for real-time data processing. EDCs can be either static or mobile in nature and this paper considers both these scenarios. Generally, EDCs communicate with IoT devices in emergency scenarios to evaluate the data in real-time. Protecting data communications from malicious activity becomes a key factor, as all the communication flows through insecure channels. In such infrastructures, it is a challenging task for EDC to ensure the trustworthiness of the data for emergency evaluations. The current communication security pattern of ?communication before authentication? leaves a ?black hole? for intruders to become part of communication processes without authentication. To overcome this issue and to develop security infrastructures for IoT and distributed Edge datacenters, this paper proposes a user centric security solution. The proposed security solution shifts from a network centric approach to a user centric security approach by authenticating devices before communication is established. A trusted controller is initialized to authenticate and establishes the secure channel between the devices before they start communication between themselves. The centralized controller draws a perimeter for secure communications within the boundary. Theoretical analysis and experimental evaluation of the proposed security model show that it not only secures the communication infrastructure but also improves the overall network performance.
The rapid increase in the number and type of malicious programs has made malware forensics a daunting task and caused users system to become on danger. Timely identifcation of malware characteristics including its origin and the malware sample family would signifcantly limit the potential damage of the malware. This is a more profound risk in Cyber-Physical Systems (CPS) where a malware attack may cause signifcant physical damage to the infrastructure. Due to limited on-device available memory and processing power in CPS and Internet of Things (IoT) devices, most of the e?orts for protecting CPS networks are focused on the Edge layer, where the majority of security mechanisms are deployed. In this paper, we are proposing a novel fuzzy clustering system for malware attack attribution. Our system is deployed on the edge layer to provide an insight into applicable malware threats to the CPS network. Existing binary malware classifcation techniques are only capable of identifying if a malware belongs to a given family or not. However, the majority of advanced and sophisticated malware programs are combining features from di?erent families. Accordingly, these malicious programs are not similar enough to any existing malware family and easily evade binary classifers detection. This paper proposes a multi-label fuzzy relevance classifer to detect similarities between a given malware sample and other known malware families. We leverage static analysis by utilizing Opcode frequencies as the feature space to classify malware families. We observed that a multi-label classifer does not classify a part of samples. We named this problem as instance coverage problem. To overcome this problem, we developed an ensemble-based multi-label fuzzy classifcation method to suggest the relevance of a malware instance to the stricken families. We tested our technique with three widely used datasets collected from three major malware repositories namely VirusShare, RandsomwareTracker and Microsoft Malware Classifcation Challenge (BIG2015). Our results on BIG2015 indicated an accuracy of 97.56%, a precision of 90.68%, and an f-measure of 89.21%. Also, our results on RandsomwareTracker revealed an accuracy of 94.26%, a precision of 87.21%, and an f-measure of 83.52%. Moreover, our results on samples collected from VirusShare demonstrated an accuracy of 94.66%, a precision of 86.41%, and an f-measure of 84.37%. Our system is most suitable for deployment on the edge layer of CPS or other resource-constraint networks to provide a real-time view of malware threats applicable to the underlying network.