Introduction to the special issue on Transportation Cyber-Physical Systems in ACM TCPS
Recent studies have exploited moving target defense (MTD) for thwarting false data injection (FDI) attacks against state estimation (SE) in power grid by actively perturbing branch parameters (i.e., impedance or admittance). In order to hide the activation of this defense mechanism from the attacker, a newest strategy named hidden MTD has been proposed in the latest literature. A hidden MTD can increase the chance to detect FDI attacks and avoid the attacker from inferring the new branch parameters. However, by using an MTD-conrming detector like the bad data detection (BDD) checker in SE, we observe that it is still possible for an attacker to detect this hidden MTD when the power flows change with time. To uncover the essential of the hiddenness of MTD, we study the conditions required for achieving a hidable MTD. We find that the hiddenness of MTD is closely related to the branch perturbations, the system topology and the knowledge of an attacker. From the perspective of the attacker?s knowledge, we prove that an MTD can be detected by an attacker only if he/she knows the former parameters of a set of branches that forms a circle, and the current measurements corresponding to those branches after MTD. But once the attacker has full information of the branch parameters before MTD and the current measurements after MTD, we can never achieve a hidable and effective MTD. Since it is unrealistic to know the knowledge of the attacker, we cannot make sure that an MTD is hidable by purely depending on the MTDdesign. Thus, we propose that we can achieve a hidable MTD with co-design of the measurement protection strategy (MPS) and MTD. With a basic set of measurements being protected, we can always achieve a hidable MTD regardless of the changes of power flows, the attacker?s knowledge and the perturbed branches. Finally, we demonstrate our findings on an IEEE standard test power system, using the load data trace from New York State.
This paper describes the motivation, design, analysis and configuration of the criticality-aware multi-hop wireless communication protocol AirTight. Wireless communication has become a crucial part of the infrastructure of many cyber-physical applications. Many of these applications are real-time and also mixed-criticality, in that they have components/subsystems with different consequences of failure. Wireless communication is inevitably subject to levels of external interference. In this paper we represent this interference using a criticality-aware fault model; for each level of temporal interference in the fault model we guarantee the timing behaviour of the protocol (i.e. we guarantee that packet deadlines are satisfied for certain levels of criticality). Although a new protocol, AirTight is built upon existing standards such as IEEE 802.15.4. A prototype implementation and protocol-accurate simulator have been produced. This paper develops a series of schedulability analysis techniques for single-channel and multichannel wireless CPS systems. Heuristics are specified and evaluated as the starting point of design space exploration. Genetic algorithms are then defined and evaluated to assess their performance in developing schedule tables incorporating multichannel allocations in these systems.
In this paper we are interested in mixed-criticality applications, which have functions with different timing requirements, i.e., hard real-time (HRT), soft real-time (SRT) and functions that are not time-critical (NC). The applications are implemented on distributed cyber-physical systems that use IEEE Time-Sensitive Networking (TSN). TSN is an IEEE effort to bring deterministic real-time capabilities to IEEE 802.3 Ethernet. TSN supports the convergence of multiple traffic types, i.e., critical, real-time and regular ``best-effort' traffic within a single network: Time-Triggered (TT), where messages are transmitted based on static schedule tables; Audio-Video Bridging (AVB), for dynamically scheduled messages with a guaranteed bandwidth and bounded delays; and Best Effort (BE), for which no timing guarantees are provided. HRT messages have deadlines, whereas for SRT messages we capture the quality-of-service using ``utility functions'. Given the network topology, the set of application messages, including their routing, and the set of available AVB classes we are interested to determine the traffic type of each message, such that all HRT messages are schedulable and the total utility for SRT messages is maximized. We propose a Tabu Search-based metaheuristic to solve this optimization problem. The proposed approach has been evaluated using several benchmarks, including two realistic test cases.
Markov Decision Processes (MDPs) provide important capabilities for facilitating the dynamic adaptation and self-optimizination of cyber physical systems at runtime. In recent years, this has primarily taken the form of Reinforcement Learning (RL) techniques that eliminate some MDP components for the purpose of reducing computational requirements. In this work, we show that recent advancements in Compact MDP Models (CMMs) provide sufficient cause to question this trend when designing wireless sensor network nodes. In this work, a novel CMM-based approach to designing self-aware wireless sensor nodes is presented and compared to Q-Learning, a popular RL technique. We show that a certain class of CPS nodes is not well served by RL methods, and contrast RL versus CMM methods in this context. Through both simulation and a prototype implemetation, we demonstrate that CMM methods can provide significantly better runtime adaptation performance relative to Q-Learning, with comparable resource requirements.
Process automation is embracing wireless sensor-actuator networks (WSANs) in the era of Industrial Internet. Despite the success of WSANs for monitoring applications, feedback control poses significant challenges due to data loss and stringent energy constraints in WSANs. Holistic control adopts a cyber-physical system approach to overcome the challenges by orchestrating network reconfiguration and process control at run time. Fundamentally, holistic control leverages self-awareness across control and wireless boundaries to enhance the resiliency of wireless control systems. In this article, we explore efficient holistic control designs to maintain control performance while reducing the communication cost. The contributions of this work are five-fold: (1) We introduce a holistic control architecture that integrates low-power wireless bus (LWB) and two control strategies, rate adaptation and self-triggered control, specifically proposed to reduce communication cost; (2) We present two online rate selection approaches, namely, heuristic and optimal rate selections; (3) We design novel wireless network mechanisms to support rate adaptation and self-triggered control, respectively, in a multi-hop WSAN; (4) We build a real-time network-in-the-loop simulator that integrates MATLAB/Simulink and a three-floor WSAN testbed to evaluate wireless control systems; (5) We empirically explore the tradeoff between communication cost and control performance under alternative holistic control approaches. Our case studies show that rate adaptation and self-triggered control offer advantages in control performance and energy efficiency, respectively, in normal operating conditions. The advantage in energy efficiency of self-triggered control, however, may diminish under harsh physical and wireless conditions due to the cost of recovering from data loss and physical disturbances.
Vehicular Ad hoc NETworks (VANET) are becoming popular due to the emergence of the Internet of Things and ambient intelligence applications. In such networks, secure resource sharing functionality is accomplished by incorporating trust schemes. Current solutions adopt peer-to-peer technologies that can cover the large operational area. However, these systems fail to capture some inherent properties of VANETs, such as fast and ephemeral interaction, making robust trust evaluation of crowdsourcing challenging. In this article, we propose MobileTrust ? a hybrid trust-based system for secure resource sharing in VANETs. The proposal is a breakthrough in centralized trust computing that utilizes cloud and upcoming 5G technologies in order to provide robust trust establishment with global scalability. The ad hoc communication is energy-efficient and protects the system against threats that are not countered by the current settings. To evaluate its performance and effectiveness, MobileTrust is modelled in the SUMO simulator and tested on the traffic features of the medium-size German city of Eichstatt. Similar schemes are implemented in the same platform in order to provide a fair comparison. Moreover, MobileTrust is deployed on a typical embedded system platform and applied on a real smart car installation on a FORD FOCUS for monitoring traffic and road-state parameters of an urban application. The proposed system is developed under the EU founded THREAT-ARREST project, to provide security, privacy, and trust in an intelligent and energy-aware transportation scenario, bringing closer the vision of sustainable circular economy.
IIn the last months, the market of personal wearable devices is booming significantly, and, in particular, smartwatches are starting to assume a fundamental role in the Bring Your Own Device (BYOD) arena as well as in the more general Internet of Things (IoT) ecosystem, by acting both as sensitive data sources and as user identity proxies. These new roles, complementing the more traditional personal assistance and telemetry/tracking ones, open new perspectives in their integration in complex IoT-based critical infrastructures such as e-payment, healthcare monitoring and emergency systems, as well as in their usage as remote control facilities in smart services. We argue that this new scenario calls for a strengthened and more resilient authentication of users through these devices, despite their limitations in terms of dimensions and hardware constraints that may significant affect the usability of security mechanisms. In this paper we present an innovative authentication scheme targeted at smartwatches, namely CirclePIN, that provides both resilience to most common attacks and a high level of usability in tests with real users.
This paper introduces RAS, a cyber-physical system that supports individuals with memory limitations to perform daily activities in their own homes. RAS represents a partnership between a smart home, a robot, and software agents. When smart home residents perform activities, RAS senses their movement in the space and identifies the current activity. RAS tracks activity steps to detect omission errors. When an error is detected, the RAS robot searches for an approaches the human with an offer of assistance. Assistance consists of playing a video recording of the entire activity, showing the omitted activity step, or guiding the resident to the object that is required for the current step. We evaluated RAS performance for 54 participants performing three scripted activities in a smart home testbed and for 2 participants using the system over multiple days in their own homes. In the testbed experiment, activity errors were detected with a sensitivity of 0.955 and specificity of 0.992. RAS assistance was performed successfully with a rate of 0.600. In the in-home experiments, activity errors were detected with a combined sensitivity of 0.905 and a combined specificity of specificity of 0.988. RAS assistance was performed successfully for the in-home experiments with a rate of 0.830.
The Internet of Things (IoT) is becoming a backbone of sensing infrastructure to several mission critical applications such as smart health, disaster management, smart cities in distributed networks. Due to resource constrained sensing devices, IoT infrastructures use Edge datacenters (EDCs) for real-time data processing. EDCs can be either static or mobile in nature and this paper considers both these scenarios. Generally, EDCs communicate with IoT devices in emergency scenarios to evaluate the data in real-time. Protecting data communications from malicious activity becomes a key factor, as all the communication flows through insecure channels. In such infrastructures, it is a challenging task for EDC to ensure the trustworthiness of the data for emergency evaluations. The current communication security pattern of ?communication before authentication? leaves a ?black hole? for intruders to become part of communication processes without authentication. To overcome this issue and to develop security infrastructures for IoT and distributed Edge datacenters, this paper proposes a user centric security solution. The proposed security solution shifts from a network centric approach to a user centric security approach by authenticating devices before communication is established. A trusted controller is initialized to authenticate and establishes the secure channel between the devices before they start communication between themselves. The centralized controller draws a perimeter for secure communications within the boundary. Theoretical analysis and experimental evaluation of the proposed security model show that it not only secures the communication infrastructure but also improves the overall network performance.
The rapid increase in the number and type of malicious programs has made malware forensics a daunting task and caused users system to become on danger. Timely identifcation of malware characteristics including its origin and the malware sample family would signifcantly limit the potential damage of the malware. This is a more profound risk in Cyber-Physical Systems (CPS) where a malware attack may cause signifcant physical damage to the infrastructure. Due to limited on-device available memory and processing power in CPS and Internet of Things (IoT) devices, most of the e?orts for protecting CPS networks are focused on the Edge layer, where the majority of security mechanisms are deployed. In this paper, we are proposing a novel fuzzy clustering system for malware attack attribution. Our system is deployed on the edge layer to provide an insight into applicable malware threats to the CPS network. Existing binary malware classifcation techniques are only capable of identifying if a malware belongs to a given family or not. However, the majority of advanced and sophisticated malware programs are combining features from di?erent families. Accordingly, these malicious programs are not similar enough to any existing malware family and easily evade binary classifers detection. This paper proposes a multi-label fuzzy relevance classifer to detect similarities between a given malware sample and other known malware families. We leverage static analysis by utilizing Opcode frequencies as the feature space to classify malware families. We observed that a multi-label classifer does not classify a part of samples. We named this problem as instance coverage problem. To overcome this problem, we developed an ensemble-based multi-label fuzzy classifcation method to suggest the relevance of a malware instance to the stricken families. We tested our technique with three widely used datasets collected from three major malware repositories namely VirusShare, RandsomwareTracker and Microsoft Malware Classifcation Challenge (BIG2015). Our results on BIG2015 indicated an accuracy of 97.56%, a precision of 90.68%, and an f-measure of 89.21%. Also, our results on RandsomwareTracker revealed an accuracy of 94.26%, a precision of 87.21%, and an f-measure of 83.52%. Moreover, our results on samples collected from VirusShare demonstrated an accuracy of 94.66%, a precision of 86.41%, and an f-measure of 84.37%. Our system is most suitable for deployment on the edge layer of CPS or other resource-constraint networks to provide a real-time view of malware threats applicable to the underlying network.