Preface to the Special Issue: Towards an Efficient and Effective Internet of Things for Cyber-Physical Systems (Part I)
Preface to the Special Issue: Towards an Efficient and Effective Internet of Things for Cyber-Physical Systems (Part II)
Control Cyber-Physical System (CPS) is a major category of CPS. In control CPS, in addition to the well-studied noises within the physical subsystem, we are interested in evaluating the impacts of cross-domain noise: the noise that comes from the physical subsystem, propagates through the cyber subsystem, and goes back to the physical subsystem. Impact of cross-domain noise is hard to evaluate when the cyber subsystem is a black box, which cannot be explicitly modeled. To address this challenge, this paper focuses on two-level control CPS, a widely adopted control CPS architecture, and proposes an emulation based evaluation methodology framework. The framework uses hybrid model reachability to quantify cross-domain noise impact, and exploits Lyapunov stability theories to reduce the evaluation benchmark size. We validated the effectiveness and efficiency of our proposed framework on a representative control CPS testbed. Particularly, 24.1% of evaluation effort is saved using the proposed benchmark shrinking technology.
Recent years have witnessed the prevalence of wearable devices.Wearable devices are intelligent and multifunctional, but they rely heavily on batteries. This greatly limits their application scope, where replacement of battery or recharging is challenging or inconvenient. We note that wearable devices have the opportunity to harvest energy from human motion, as they are worn by the users as long as being functioning. In this study, we propose a battery-free sensing platform for wearable devices in the form-factor of shoes. It harvests the kinetic energy from walking or running to supply devices with power for sensing, processing and wireless communication, covering all the functionalities of commercial wearable devices. We achieve this goal by enabling the whole system running on the harvested energy from two feet. Each foot performs separate tasks and two feet are coordinated by ambient backscatter communication. We instantiate this idea by building a prototype, containing energy harvesting insoles, power management circuits and ambient backscatter module. Evaluation results demonstrate that the system can wake up shortly after several seconds walk and have sufficient Bluetooth throughput for supporting many applications. We believe that our framework can stir a lot of useful applications that were infeasible previously.
Recent advances and industry standards in Internet of Things (IoT) have accelerated the real-world adoption of connected devices. To manage this hybrid system of digital real-time devices and analog environments, the industry has pushed several popular home automation IoT (HA-IoT) frameworks, e.g., IFTTT (If-This- Then-That), Apple HomeKit, and Google Brillo. And, users author device interactions by specifying the triggering sensor event and the triggered device command. In this seemly simple software system, two dominant factors govern the system confidence properties with respect to the physical world. First, IoT users are largely non-expert users, who lack the comprehensive consideration regarding potential impact and joint effect with existing rules. Second, while the increasing complexity of IoT devices enables fine-grained control (e.g., heater temperature) on the continuous real time environments, even two simply connected devices can have a huge state space to explore. In fact, bugs that wrongfully control devices and home appliances can have ramifications to system cor- rectness and even user physical safety. It is crucial to help users to make sure the system they created meets their expectation. In this paper, we introduce how techniques from hybrid automata can be practi- cally applied to assist non-expert IoT users in the confidence checking of such hybrid HA-IoT systems. We propose an automated framework for end-to-end programming assistance. We build and check the linear hybrid automata (LHA) model of the system automatically. We also present a quantifier elimination based method to analyze the counterexample found and synthesize the fix suggestions. We implemented a plat- form, MenShen, based on this framework and techniques. We conducted sets of real HA-IoT case studies with up to 46 devices and 65 rules. Empirical results show that MenShen can find violations and generate rule fix suggestions in only 10 seconds.
Road intersection management is one of the main challenging issues for safety, because intersections are a leading cause of traffic congestion and accidents. In fact, more than 44 % of all reported crashed in the U.S. occur around intersection areas, which, in turn, lead 8,500 fatalities and approximately 1 million injuries every year. With the expected self-driving vehicles, the question is whether high throughput can be obtained through intersections while keeping them safe. A spatio-temporal intersection protocol named the Ballroom Intersection Protocol (BRIP) was recently proposed in the literature to address this situation. Under this protocol, automated and connected vehicles arrive at and go through an intersection in a cooperative fashion with no vehicle needing to stop, while maximizing the intersection throughput. Though no vehicles run into one another under ideal environments with BRIP, vehicle accidents can occur when the self-driving vehicles have location errors and/or control system failure. In this paper, we present a safe and practical intersection protocol named the Configurable Synchronous Intersection Protocol (CSIP) that is a more general and resilient version of BRIP. CSIP utilizes a certain inter-vehicle distance to meet safety requirements against GPS inaccuracy and control failure. The inter-vehicle distances under CSIP are much more acceptable and comfortable to human passengers due to longer inter-vehicle distances that do not cause fear. With CSIP, the inter-vehicle distances can also be changed at each intersection to account for different traffic volumes, GPS accuracy levels, and geographical layout of intersections. Our simulation results show that CSIP never leads to traffic accidents even when the system has typical location errors, and that CSIP increases the traffic throughput of the intersections compared to common signalized intersections.
Embedded systems use increasingly complex software and are evolving into cyber-physical systems (CPS) with sophisticated interaction and coupling between physical and computational processes. Many CPS operate in safety-critical environments and have stringent certification, reliability, and correctness requirements. These systems undergo changes throughout their lifetimes, where either the software or physical hardware is updated in subsequent design iterations. One source of failure in safety-critical CPS is when there are unstated assumptions in either the physical or cyber parts of the system, and new components do not match those assumptions. In this work, we present an automated method towards identifying unstated assumptions in CPS. Dynamic specifications in the form of candidate invariants of both the software and physical components are identified using dynamic analysis (executing and/or simulating the system implementation or model thereof). A prototype tool called Hynger (for HYbrid iNvariant GEneratoR) was developed that instruments Simulink/Stateflow (SLSF) model diagrams to generate traces in the input format compatible with the Daikon invariant inference tool, which has been extensively applied to software systems. Hynger, in conjunction with Daikon, is able to detect candidate invariants of several CPS case studies. We use the running example of a DC-to-DC power converter, and demonstrate that Hynger can detect a specification mismatch where a tolerance assumed by the software is violated due to a plant change. Another case study of a powertrain fuel control system is also introduced to illustrate the power of Hynger and Daikon in automatically identifying cyber-physical specification mismatches.
Cyber-physical systems (CPS) involve tight integration of cyber (computation) and physical domains, and both the effectiveness and correctness of a CPS application may rely on successful enforcement of constraints such as bounded latency and temporal validity subject to physical conditions. For many such systems (e.g., edge computing in the Industrial Internet of Things), it is desirable to enforce such constraints within a common middleware service (e.g., during event processing). In this article, we introduce CPEP, a new real-time middleware for cyber-physical event processing, with (1) extensible support for complex event processing operations, (2) execution prioritization and sharing, (3) enforcement of time consistency with load shedding, and (4) efficient memory management and concurrent data processing. We present the design, implementation, and empirical evaluation of CPEP and show that it can (1) support complex operations needed by many applications, (2) schedule data processing according to consumers' priority levels, (3) enforce temporal validity, and (4) reduce processing delay and improve throughput of time-consistent events.
Heating, ventilation, and air conditioning (HVAC) accounts for over 50% of a typical homes energy usage. A thermostat generally controls HVAC usage in a home to ensure user comfort. In this paper, we focus on making existing dumb programmable thermostats smart by applying energy analytics on smart meter data to infer home occupancy patterns and compute an optimized thermostat schedule. Utilities with smart meter deployments are capable of immediately applying our approach, called iProgram, to homes across their customer base. iProgram addresses new challenges in inferring home occupancy from smart meter data where i) training data is not available and ii) the thermostat schedule may be misaligned with occupancy, frequently resulting in high power usage during unoccupied periods. iProgram translates occupancy patterns inferred from opaque smart meter data into a custom schedule for existing types of programmable thermostats, e.g., 1-day, 7-day, etc. We implement iProgram as a web service and show that it reduces the mismatch time between the occupancy pattern and the thermostat schedule by a median value of 44.28 minutes (out of 100 homes) when compared to a default 8am-6pm weekday schedule, with a median deviation of 30.76 minutes off the optimal schedule. Further, iProgram yields a daily energy savings of 0:42kWh on average across the 100 homes. Moreover, the schedules generated from iProgram converge to optimal schedules within a couple of weeks for most homes. We also show that homeowners having multiple HVAC zones can utilize iProgram and potentially increase unconditioned times of less occupied parts of their homes by 70%. Utilities may use iProgram to recommend thermostat schedules to customers and provide them estimates of potential energy savings in their energy bills.
Dynamic security analysis is an important problem of power systems on ensuring safe operation and stable power supply even when certain fault occurs. However, the nonlinear hybrid nature, that is, nonlinear continuous dynamics integrated with discrete switching, and the high degree of freedom of the dynamics of power systems make it challenging to conduct the analysis. In this paper, we use the hybrid automaton model to describe the dynamics of a power system, and mainly deal with the index-1 differential-algebraic equations models regarding the continuous dynamics in different discrete states. The analysis problem is formulated as a reachability problem of the associated hybrid model. A sampling-based algorithm is then proposed by integrating with modeling and simulation of the hybrid dynamics to search for a feasible execution connecting an initial state of the post-fault system and a target set in the desired operation mode. The proposed method enables the use of existing power system simulators for the synthesis of discrete switching and control strategies through randomized simulation. The effectiveness and performance of the proposed approach are demonstrated with an application to the dynamic security analysis of the New England 39-bus benchmark power system exhibiting hybrid dynamics.
Modern automotive Cyber-Physical Systems (CPS) are increasingly adopting wireless communications for Intra-Vehicular, Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) protocols as a promising solution for challenges such as the wire harnessing problem, collision detection, and collision avoidance, traffic control, and environmental hazards. Regrettably, this new trend results in new security challenges that can put the safety and privacy of the automotive CPS and passengers at great risk. In addition, automotive wireless communication security is constrained by strict energy and performance limitations of electronic controller units and sensors. As a result, the key generation and management for secure automotive CPS wireless communication is an open research challenge. This paper aims to help solve these security challenges by presenting a practical key generation technique based on the reciprocity and high spatial and temporal variation properties of the automotive wireless communication channel. Accompanying this technique is also a key length optimization algorithm to improve performance (in terms of time and energy) for safety-related applications constrained by small communication windows. To validate the practicality and effectiveness of our approach, we have conducted simulations alongside real-world experiments with vehicles and RC cars. Lastly, we demonstrate through simulations that we can generate keys with high security strength (keys with 67% min-entropy) with up to 10X improvement in performance and 20X reduction in code size overhead in comparison to the state-of-the-art security techniques.
A new mobile healthcare solution for neuro-cognitive function monitoring and treatment is presented. The technique is based on spatio-temporal detection and characterization of a specific brain potential, called P300. The diagnosis of cognitive deficit is achieved by analyzing the data collected by the system with a new algorithm called tuned-Residue Iteration Decomposition (t-RIDE). The system has been tested on 12 subjects involved in three different cognitive tasks with increasing difficulty. The system allows fast diagnosis of cognitive deficit, including mild and heavy cognitive impairment: t-RIDE convergence is achieved in 79 iterations (i.e., 1.95s) yielding an 80% accuracy in P300 amplitude evaluation with only 13 trials on a single EEG channel.
This article presents a middleware that provides a communication and data dissemination infrastructure which is suitable for the operation environment of the Internet of Things (IoT). The middleware realizes the channel-based publish/subscribe paradigm that has been identified as a valid means to asynchronously disseminate data in IoT applications. The novelty lies in the routing algorithm PSVR that greatly reduces the path lengths to deliver publications and its suitability for scenarios with a high subscriber fluctuation rate. The middleware is self-stabilizing and eventually provides safety and liveness properties such as the guaranteed delivery of all published messages to all subscribers of the corresponding channel and the cor- rect handling of subscriptions and unsubscriptions, while no error occurs. We consider transient message and memory corruptions and also respect dynamic network changes such as node and link removals and additions. The evaluation of the middleware based on simulations and a real deployment showsthat it has an acceptable memory footprint, scales well with the number of nodes, and has advantages with respect to an existing comparable publish/subscribe system.
Applications that aggregate and query data from distributed client devices are of interest in many settings (smart buildings and cities, the smart power grid, mobile health). However, such devices also pose serious privacy concerns due to the personal nature of the data being collected. In this paper, we present an algorithm for aggregating data in a distributed manner that keeps the data on the devices themselves, releasing only sums and other aggregates to centralized operators. We offer two privacy-preserving configurations of our solution, one limited to crash failures and supporting a basic kind of aggregation; the second supporting a wider range of queries and also tolerating Byzantine behavior by compromised nodes. The former is quite fast and scalable, the latter more robust against attack and capable of offering full differential privacy for an important class of queries, but it costs more and injects noise that makes the query results slightly inaccurate. Other configurations are also possible. At the core of our approach is a new kind of overlay network (a superimposed routing structure operated by the endpoint computers). This overlay is optimally robust and convergent, and our protocols use it both for aggregation and as a general-purpose infrastructure for peer-to-peer communications.
Wireless sensor-actuator networks (WSAN) is gaining momentum in industrial process automation as a communication infrastructure for lowering deployment and maintenance costs. In traditional wireless control systems the plant controller and the network manager operates in isolation, which ignores the significant influence of network reliability on plant control performance. To enhance the dependability of industrial wireless control, we propose a holistic cyber-physical management framework that employs run-time coordination between the plant control and network management. Our design includes a holistic controller that generates actuation signals to physical plants and reconfigures the WSAN to maintain desired control performance while saving wireless resources. As a concrete example of holistic control, we design a holistic manager that dynamically reconfigures the number of transmissions in the WSAN based on online observations of physical and cyber variables. We have implemented the holistic management framework in the Wireless Cyber-Physical Simulator (WCPS). A systematic case study has been presented based on two 5-state plants sharing a 16-node WSAN. Simulation results show that the holistic management design has significantly enhanced the resilience of the system against both wireless interferences and physical disturbances, while effectively reducing the number of wireless transmissions.
A cyberphysical avatar is a semi-autonomous robot that adjusts to an unstructured environment and performs physical tasks subject to critical timing constraints while under human supervision. The paper first realizes a cyberphysical avatar that integrates three key technologies: body-compliant control, neuroevolution, and real-time constraints. Body-compliant control is essential for operator safety because avatars perform cooperative tasks in close proximity to humans; neuroevolution (NEAT) enables programming avatars such that they can be used by non-experts for a large array of tasks, some unforeseen, in an unstructured environment; and real-time constraints are indispensable to provide predictable, bounded-time response in humanavatar interaction. Then, we present a study on the tradeoffs between three design parameters for robotic task systems which must incorporate at least three dimensions: (1) the amount of training effort for robot to perform the task, (2) the time available to complete the task when the command is given, and (3) the quality of the result of the performed task. A tradeoff study in this design space by using the imprecise computation as a framework is to perform a common robotic task, specifically, grasping of unknown objects. The results were validated with a real robot and contribute to the development of a systematic approach for designing robotic task systems that must function in environments like flexible manufacturing systems of the future.
With the emergence of cyber-physical systems (CPS), we are now at the brink of next computing revolution. As one of the foundations for this CPS revolution, IoT (Internet of Things) based Smart Grid (SG) is defined as a power grid integrated with a large network of smart objects. The volume of time series of SG equipments is tremendous and the raw time series are very likely to contain missing values because of undependable network transferring. The problem of storing tremendous volume of raw time series thereby providing a solid support for precise time series analytics is now become tricky. In this paper we propose a dependable time series analytics (DTSA) framework for IoT based SG. Our proposed DTSA framework is capable of proving a dependable data transforming from CPS to target database with an extraction engine to preliminary refining raw data and further cleansing the data with a correction engine built on top of a sensor-network-regularization based matrix factorization (SnrMF) method. The experimental results reveal that our proposed DTSA framework is capable of effectively increasing the dependability of raw time series transforming between CPS and the target database system through the online light-weight extraction engine and the offline correction engine. Our proposed DTSA framework would be useful for other industrial big data practices.
Cyber-Physical Systems (CPS) contain intertwined and distributed software, hardware and physical components to control complex physical processes. They are now finding wider application in smart grids, such as in addressing the increasingly complex communication and computation needs of substation protection functions. Due to the scale and complexity of the interactions that occur within CPS, tracing requirements through to the system components and software code that implement them is often hard. Existing requirements management systems do not scale well and traceability is difficult to implement and maintain in highly heterogeneous systems. However, the information traces provide is crucial for supporting testing and certification activities in safety-critical environments such as smart grids. The well-formed models of power systems provided by the IEC 61850 standard, and software design structure provided by the IEC 61499 Function Blocks standard, can be leveraged to automate many traceability operations. We present TORUS (Traceability Of Requirements Using Splices), a novel traceability framework for the development of large-scale safety-critical CPS. TORUS introduces splices, autonomous graph-based data structures that automatically create and manage traces between requirements and components through the inevitable changes that occur during system development. The formal, graph-based structure of TORUS lends itself well to the development of sophisticated algorithms to automate the extraction of useful traceability information such as historical records and metrics for requirements coverage and component coupling. By capturing not only the current state of the system but also historical information, TORUS allows project teams to see a much richer view of the system and its artifacts. We apply TORUS to the development of a protection system for smart grid substations. In addition, through a number of experiments in splice creation, modification and applying automated algorithms, we show that TORUS scales easily to large systems containing hundreds of thousands of requirements and system components, and millions of possible traceability links.
Building an efficient, smart, and multifunctional power grid while maintaining high reliability and security is an extremely challenging task, particularly in the ever-evolving cyber threat landscape. The challenge is also compounded by the increasing complexity of power grids in both cyber and physical domains. In this article, we develop a stochastic Petri net based analytical model to assess and analyze the system reliability of smart grids, specifically against topology attacks, and system countermeasures (i.e., intrusion detection systems and malfunction recovery techniques). Topology attacks, evolving from false data injection attacks, are growing security threats to smart grids. In our analytical model, we define and consider both conservative and aggressive topology attacks, and two types of unreliable consequences (i.e., system disturbances and failures). The IEEE 14-bus power system is employed as a case study to clearly explain the model construction and parameterization process. The benefit of having this analytical model is the capability to measure the system reliability from both transient- and steady-state analysis. Finally, intensive simulation experiments are conducted to demonstrate the feasibility and efficiency of our proposed model.
Mobile crowdsensing serves as a critical building block for the emerging Internet of Things (IoT) applications. However, the sensing devices continuously generate a large amount of data, which consumes much resources (e.g., bandwidth, energy and storage), and may sacrifice the quality-of-service (QoS) of applications. Prior work has demonstrated that there is significant redundancy in the content of the sensed data. By judiciously reducing the redundant data, the data size and the load can be significantly reduced, thereby reducing resource cost, facilitating the timely delivery of unique, probably critical information and enhancing QoS. This paper presents a survey of existing works for the mobile crowdsensing strategies with emphasis on reducing the resource cost and achieving high QoS. We start by introducing the motivation for this survey, and present the necessary background of crowdsensing and IoT. We then present various mobile crowdsensing strategies and discuss their strengths and limitations. Finally, we discuss the future research directions of mobile crowdsensing for IoT. The survey addresses a broad range of techniques, methods, models, systems and applications related to mobile crowdsensing and IoT. Our goal is not only to analyze and compare the strategies proposed in the prior works but also to discuss their applicability towards the IoT, and provide the guidance on the future research direction of mobile crowdsensing.
In this paper, we consider the problem of attack-resilient state estimation, that is to reliably estimate the true system states despite two classes of attacks: (i) attacks on the switching mechanisms and (ii) false data injection attacks on actuator and sensor signals, in the presence of unbounded stochastic process and measurement noise signals. We model the systems under attack as hidden mode stochastic switched linear systems with unknown inputs and propose the use of a multiple-model inference algorithm to tackle these security issues. Moreover, we characterize fundamental limitations to resilient estimation (e.g., upper bound on the number of tolerable signal attacks) and discuss the topics of attack detection, identification and mitigation under this framework. Simulation examples of switching attacks on benchmark and power systems show the efficacy of our approach to recover resilient (i.e., asymptotically unbiased) state estimates.
Modern urban railways extensively use computerized sensing and control technologies to achieve safe, reliable, and well-timed operations. However, the use of these technologies may provide a convenient leverage to cyber-attackers who have bypassed the air gaps and aim at causing safety incidents and service disruptions. In this paper, we study false data injection (FDI) attacks against railways traction power systems (TPSes). Specifically, we analyze two types of FDI attacks on the train-borne voltage, current, and position sensor measurements which we call efficiency attack and safety attack that (i) maximize the systems total power consumption and (ii) mislead trains local voltages to exceed given safety-critical thresholds, respectively. To counteract, we develop a global attack detection (GAD) system that serializes a bad data detector and a novel secondary attack detector designed based on unique TPS characteristics. With intact position data of trains, our detection system can effectively detect the FDI attacks on trains voltage and current measurements even if the attacker has full and accurate knowledge of the TPS, attack detection, and real-time system state. In particular, the GAD system features an adaptive mechanism that ensures low false positive and negative rates in detecting the attacks under noisy system measurements. Extensive simulations driven by realistic running profiles of trains verify that a TPS setup is vulnerable to the FDI attacks, but these attacks can be detected effectively by the proposed GAD while ensuring a low false positive rate.
Internet of Things (IoT) is a new paradigm which offers real-time situation awareness and intelligent in-formation reasoning to connect physical and cyber world. Event processing is one of the important corner-stones for IoT to evolve into Cyber-Physical System (CPS) by providing intelligent information discovery and decision-making ability. In various scenarios, event patterns usually take a relatively long time to assemble. Processing long-term event with traditional approaches usually leads to increase runtime states and therefore impacts the processing performance. Hence, it requires an efficient long-term event pro-cessing approach and intermediate results storage/query policy to solve this problem. In this paper, we propose a long-term complex event processing model, named LTCEP, to remedial the noted problem. We leverage the semantic constraints calculus to split long-term event into sub-models. A long-term query and intermediate result buffering mechanism was established to optimize the real-time response ability and throughput performance. Experiments prove that, for long-term event processing, LTCEP model can effec-tively reduce the redundant runtime states, which provides a higher response performance and system throughput comparing to other selected benchmarks.