This paper proposes new tools to detect the tampering of video feeds from surveillance cameras. Our proposal illustrates the unique cyber-physical properties that sensor devices can leverage for their cyber-security. While traditional authentication and attestation algorithms exchange digital challenges between devices authenticating each other, our work instead proposes challenges that manifest physically in the field of view of the camera (e.g., a QR code in a display, a change of color in lighting, an infrared light, etc.). This physical (challenge) and cyber (verification) attestation mechanism can help protect systems even when the sensors (cameras) and actuators (Display, IR LEDs, Color Lightbulbs) are compromised.
Travel time in urban centers is a significant contributor to the quality of living of its citizens. Mobility on Demand (MoD) services such as Uber and Lyft have revolutionized the transportation infrastructure, enabling new solutions for passengers. Shared MoD services have shown that a continuum of solutions can be provided between the traditional private transport for an individual and the public mass transit based transport, by making use of the underlying cyber-physical substrate that provides advanced, distributed, and networked computational and communicational support. In this paper, we propose a novel shared mobility service using a dynamic framework. This framework generates a dynamic route for multi-passenger transport, optimized to reduce time costs for both the shuttle and the passengers and is designed using a new concept of a space window. This concept introduces a degree of freedom that helps reduce the cost of the system involved in designing the optimal route. A specific algorithm based on the Alternating Minimization approach is proposed. Its analytical properties are characterized. Detailed computational experiments are carried out to demonstrate the advantages of the proposed approach and are shown to result in an order of magnitude improvement in the computational efficiency with minimal optimality gap when compared to a standard Mixed Integer Quadratically Constrained Programming based algorithm.
This article describes a system to facilitate dynamic en route formation of truck platoons with the goal of reducing fuel consumption. Safe truck platooning is a maturing technology which leverages modern sensor, control, and communication technology to automatically regulate the inter-vehicle distances. Truck platooning has been shown to reduce fuel consumption through slipstreaming by up to ten percent under realistic highway conditions. In order to further benefit from this technology, a platoon coordinator is proposed, which interfaces with fleet management systems and suggests how platoons can be formed in a fuel-efficient manner over a large region. The coordinator frequently updates the plans to react to newly available information. This way, it requires a minimum of information about the logistic operations. We discuss the system architecture in detail and introduce important underlying methodological foundations. Plans are derived in computationally tractable stages optimizing fuel savings from platooning. The effectiveness of this approach is verified in a simulation study. It shows that the coordinated platooning system can improve over spontaneously occurring platooning even under the presence of disturbances. A real demonstrator has also been developed. We present data from an experiment in which three vehicles were coordinated to form a platoon on public highways under normal traffic conditions. It demonstrates the feasibility of coordinated en route platoon formation with current communication and on-board technology. Simulations and experiments support that the proposed system is technically feasible and a potential solution to the problem of using truck platooning in an operational context.
Pipelined control is an image-based control that uses parallel instances of its image-processing algorithm in a pipelined fashion to improve the quality of control. A higher number of pipes improves the controller settling time resulting in a trade-off between resources and control performance. In real-life applications, it is common to have a continuous-time model with additive uncertainties in one or more parameters that may affect the controller performance and therefore, the trade-off analysis. We consider models with uncertainties denoted by matrices with a single non-zero element, potentially caused by multiple uncertain parameters in the model. We analyse the impact of such uncertainties in the before-mentioned trade-off. To do so, we introduce a discretization technique for the uncertain model. Next, we use the discretized model with uncertainties to analyse the robustness of a pipelined controller designed to enhance performance. Such an analysis captures the relationship between resource usage, control performance, and robustness. Our results show that the tolerable uncertainties for a pipelined controller decreases when increasing the number of pipes. We also show the feasibility of our technique by implementing a realistic example in a Hardware-In-the-Loop simulation.
The vehicular cyber-physical systems (VCPS), among several other applications, may help in addressing the ever increasing problem of congestions in large cities. Nevertheless, this may be hindered by the problem of data falsification, which results out of either wrong perception of a traffic event or generation of fake information by the participating vehicles. Such information fabrication may cause re-routing of vehicles and artificial congestions, leading to economic, public safety, environmental, and health hazards. Thus, it is imperative to infer truthful traffic information at real-time for restoration of operation reliability of the VCPS. In this work, we propose a novel reputation scoring and decision support framework, called Spoofed and False Report Eradicator (SAFE), which offers a cost-effective and efficient solution to handle data falsification problem in the VCPS domain. It includes humans in the sensing loop by exploiting the paradigm of participatory sensing and a concept of mobile security agent (MSA) to nullify the effects of deliberate false contribution, and a variant of the distance bounding mechanism to thwart location-spoofing attacks. A regression-based model integrates these effects to generate the expected truthfulness of a participants contribution. To determine if any contribution is true or not, a generalized linear model is used to transform expected truthfulness into a Quality of Contribution (QoC) score. The QoC of different contributions are aggregated to compute the user reputation. Such reputation enables classification of different participation behaviors. Finally, an Expected Utility Theory (EUT)-based decision model is proposed which utilizes the reputation score to determine if an information should be published or dropped. To evaluate SAFE through experimental study, we compare the reputation-based user segregation performance achieved by our framework with that generated by the state-of-the-art reputation mechanisms. Experimental results demonstrate that SAFE is able to better capture subtle differences in user behaviors based on quality, quantity and location accuracy, and significantly improves operational reliability through accurate publishing of only legitimate information.
Smart cities can be viewed as large-scale Cyber-Physical Systems (CPS) that different sensors and devices record the cyber and physical indicators of the urban environment. Those records are being used for improving urban life by offering improved efficiencies with accurate electric load forecasting, efficient traffic management, etc. Accurate forecasting is mostly dependent on the sufficient and reliable data. Traditional data collection methods are necessary but not sufficient due to their limited coverage and expensive cost of implementation and maintenance. For example, continuous traffic data collection is mostly limited to major highways only in many cities whereas secondary and local roadways are usually covered once or twice a year. The advances in sensor networks and recent technological developments such as methods based on vehicle locations and in-vehicle devices through mobile phones or GPS-based systems in transportation networks provide such an opportunity. Although these technologies also have the potential to connect the physical components and processes with the cyber world that leading to a Cyber-Physical Systems (CPS), they also have significant drawbacks. Specifically, they usually suffer from limited resolution due to limitations on time frame, cost, accuracy, and reliability. One way for improving the limited resolution is data fusion. Furthermore, a city should be considered as a collection of the layers of tangled city infrastructure networks which connects people, places, and resources. Therefore, the study of traffic or electricity consumption forecasting should go beyond the transportation and electricity networks, and merge with each other and even with other city networks such as environmental networks. As such, this paper proposes a traffic and electric load forecasting methodology which benefits from the data fusion techniques in order to fill the lack of sufficient information in any of these aforementioned networks. For this purpose, a Bayesian spatiotemporal Gaussian Process model is proposed which employs the most informative spatiotemporal interdependency among its own network, and covariates from other city networks. The proposed load forecasting fusion method is compared with other state-of-the-art methods including Autoregressive Integrated Moving Average with Explanatory Variable (ARIMAX), Multivariate Linear Regression, Support Vector Regression and Neural Networks Regression using real-life data obtained from the City of Tallahassee in Florida. Results show that multi-network data fusion framework improves the accuracy of load forecasting, and the proposed Bayesian spatiotemporal Gaussian Process model outperforms all the above-mentioned methods.
Model-based development is an important paradigm for developing cyber-physical systems (CPS). Early verification and validation of embedded software speeds up the development process and saves costs. This is especially challenging, since CPSs interact with complex environments through sensors and actuators requiring models of the relevant CPS and its context. Therefore, the strong underlying assumption is that models are adequate for the verification task. Conformance testing addresses this problem by checking that two models of the same CPS are conformant, i. e., produce equivalent behavior w. r. t. the verification task. Although conformance is in general undecidable, for the relevant models of CPSs in practice, non-formal conformance checking procedures typically succeed in verifying conformance. In this work, we survey conformance checking for CPS we do not only perform a comparison of approaches for the evaluation of conformance, but also survey the required input generation.
The rapid development of vehicular network and autonomous driving technologies provides opportunities to significantly improve transportation safety and efficiency. One promising application is centralized intelligent intersection management, where an intersection manager accepts requests from approaching vehicles (via vehicle-to-infrastructure communication messages) and schedules the order for those vehicles to safely crossing the intersection. However, communication delays and packet losses may occur due to the unreliable nature of wireless communication or malicious security attacks (such as jamming and flooding), and could cause deadlocks and unsafe situations. In our previous work, we considered these issues and proposed a delay-tolerant intersection management protocol for intersections with a single lane in each direction. In this work, we address key challenges in efficiency and deadlock when there are multiple lanes from each direction, and propose a delay-tolerant protocol for general multi-lane intersection management. We prove that this protocol is deadlock-free, safe and satisfying the liveness property. Furthermore, we extend the traffic simulation suite SUMO with communication modules, implement our protocol in the extended simulator, and quantitatively analyze its performance with the consideration of communication delays. Finally, we also model systems using smart traffic lights with back-pressure scheduling in SUMO, and compare our delay-tolerant intelligent intersection protocol with smart traffic lights in cases of a single intersection and a network of interconnected intersections. Simulation results demonstrate the effectiveness of our approach.
Android users are increasingly concerned with the privacy of their data and security of their devices. To improve the security awareness of users, recent automatic techniques produce security-centric descriptions by performing program analysis. However, the generated text does not always address users? concerns as they are generally too technical to be understood by ordinary users. Moreover, different users have varied linguistic preferences, which do not match the text. Motivated by this challenge, we develop an innovative scheme to help users avoid malware and privacy-breaching apps by generating security descriptions that explain the privacy and security related aspects of an Android app in clear and understandable terms. We implement a prototype system, PERSCRIPTION, to generate personalised security-centric descriptions that automatically learn users? security concerns and linguistic preferences to produce user-oriented descriptions. We evaluate our scheme through experiments and user studies. The results clearly demonstrate the improvement on readability and users? security awareness of PERSCRIPTION?s descriptions compared to existing description generators.
Energy harvesters are becoming increasingly popular as power sources for IoT edge devices. However, one of the intrinsic problems of energy harvester is that the harvesting power is often weak and frequently interrupted. Therefore, energy harvesting powered edge devices have to work intermittently. To maintain execution progress, execution states need to be checkpointed into the non-volatile memory before each power failure. In this way, previous execution states can be resumed after power comes back again. Nevertheless, frequent checkpointing and low charging efficiency generate significant energy overhead. To alleviate these problems, this paper conducts a thorough energy efficiency analysis and proposes three algorithms to maximize the energy efficiency of program execution. First, a non-volatile processor (NVP) aware task scheduling (NTS) algorithm is proposed to reduce the size of checkpointing data. Second, a tentative checkpointing avoidance (TCA) technique is proposed to avoid checkpointing for further reduction of checkpointing overhead. Finally, a dynamic wake-up strategy (DWS) is proposed to wake up the edge device at proper voltages where the total hardware and software overhead is minimized for further energy efficiency maximization. The experiments on a real testbed demonstrate that, with the proposed algorithms, an edge device is resilient to extremely weak and intermittent power supply and the energy efficiency is as $2\times$ high as the baseline technique.
There is a growing trend for employing cyber-physical systems to help smart homes to improve the comfort of residents. However, a residential cyber-physical system is differed from a common cyber-physical system since it directly involves human interaction, which is full of uncertainty. The existing solutions could be effective for performance enhancement in some cases when no inherent and dominant human factors are involved. Besides, The rapidly rising interest in the deployments of cyber-physical systems at home does not normally integrate with energy management schemes, which is a central issue that smart homes have to face. In this paper, we propose a cyber-physical system based energy management framework to enable a sustainable edge computing paradigm while meeting the needs of home energy management and residents. This framework aims to enable the full use of renewable energy while reducing electricity bills for households. A prototype system was implemented using real world hardware. The experiment results demonstrated that renewable energy is fully capable of supporting the reliable running of home appliances most of the time and electricity bills could be cut by up to 60% when our proposed framework was employed.
Embedded computing devices play an integral role in the mechanical operations of modern-day vehicles. These devices exchange information that contains critical vehicle parameters that reflect the current of state of operations. Such information can be captured for various purposes like diagnostics, fleet management, and even independent research. Although monitoring individual parameters can be useful for some applications, monitoring distinct combinations of parameters can reveal more complex and higher level states that may be worth observing. Existing monitoring systems either lack user configurability and control or present simple user interfaces that make it difficult to monitor and collate different parameters in order to observe high-level vehicle states. In this work, we present TruckSTM, a novel application that realizes user-defined states from messages seen in the embedded networks of medium and heavy duty vehicles and displays state transitions on an interactive user-interface. We begin by symbolically formulating some of the in-vehicle networking concepts and formally defining the concept of operational states and state transitions. We then elaborate on the operations performed by TruckSTM in mapping network obtained vehicle parameters to states that can be defined in standard JSON format. Finally, we evaluate TruckSTM's asymptotic performance and present the results for the worst-case scenario.
Coordinated vehicles for intelligent traffic management are instances of a cyber-physical systems with strict correctness requirements. A key building block for these systems is the ability to establish a group membership view that accurately captures the locations of all vehicles in a particular area of interest. We formally define view correctness in terms of soundness and completeness and establish theoretical bounds for the ability to verify view correctness. Moreover, we present an architecture for an online view detection and verification process that uses the information available locally to a vehicle. This architecture uses an SMT solver to automatically prove view correctness. We evaluate this architecture and demonstrate that the ability to verify view correctness is on par with the ability to detect view violations.
Cyber-Physical-Social Systems (CPSS) integrating the cyber, physical and social worlds, is a key technology to provide proactive and personalized services for humans. In this paper, we studied CPSS, by taking human-interaction-aware big data (HIBD) as the starting point. However, the HIBD collected from all aspects of our daily lives are of high-order and large-scale, which brings ever-increasing challenges for their cleaning, integration, processing and interpretation. Therefore, new strategies of representing and processing of HIBD becomes increasingly important in the provision of CPSS services. As an emerging technique, tensor, is proving to be a suitable and promising representation and processing tool of HIBD. In particular, tensor networks, as a kind of significant tensor decomposition, bring advantages of computing, storage and application of HIBD. Furthermore, Tensor-Train (TT), another kind of tensor networks, is particularly well suited for representing and processing high-order data by decomposing a high-order tensor into a series of low order tensors. However, at present, there is still need for an efficient Tensor-Train decomposition method for massive data. Therefore, for lager-scale HIBD, a highly-efficient computational method of Tensor-Train is required. In this paper, a distributed Tensor-Train (DTT) decomposition method is proposed to process the high-order and large-scale HIBD. The high performance of the proposed DTT such as the execution time is demonstrated with a case study on a typical CPSS data - CT (Computed Tomography) image data. Furthermore, as a typical CPSS application for HIBD - recognition was carried out in TT to illustrate the advantage of DTT.
Modern trains rely on balises (communication beacons) located on the track to provide location information as they traverse a rail network. Balises, such as those conforming to the Eurobalise standard, were not designed with security in mind and are thus vulnerable to cyber attacks targeting data availability, integrity, or authenticity. In this work, we discuss data integrity threats to balise transmission modules and use high-fidelity simulation to study the risks posed by data integrity attacks. To mitigate such risk, we propose a practical two-layer solution: at the device level, we design a lightweight and low-cost cryptographic solution to protect the integrity of the location information; at the system layer, we devise a secure hybrid train speed controller to mitigate the impact under various attacks. Our simulation results demonstrate the effectiveness of our proposed solutions.
It is challenging to design a secure and efficient multi-factor authentication scheme for real-time user data access in wireless sensor networks (WSNs). On the one hand, such real-time applications are generally security-critical, and various security goals need to be met. On the other hand, sensor nodes and users' mobile devices are typically of resource-constrained nature, and expensive cryptographic primitives cannot be used. In this work, we first revisit four foremost multi-factor authentication schemes, i.e., Srinivas et al.'s (IEEE TDSC'18), Amin et al.'s (JNCA'18), Li et al.'s (JNCA'18) and Li et al.'s (IEEE TII'18) schemes, and use them as case studies to reveal the difficulties and challenges in designing a multi-factor authentication scheme for WSNs right. We identify the root causes for their failures in achieving truly multi-factor security and forward secrecy. We further propose a robust multi-factor authentication scheme that makes use of the imbalanced computational nature of the RSA cryptosystem, particularly suitable for scenarios where sensor nodes (but not the user's device) are the main energy bottleneck. Comparison results demonstrate the superiority of our scheme. As far as we know, it is the first one that can satisfy all the twelve criteria of the state-of-the-art evaluation metric under the harshest adversary model so far.
The trend of connected / autonomous features adds significant complexity to the traditional automotive systems to improve driving safety and comfort. Engineers are facing significant challenges in designing test environments that are more complex than ever. We propose a test framework that allows one to automatically generate various virtual road environments from the path specification and the behavior specification. The path specification intends to characterize geometric paths that an environmental object (e.g., roadways or pedestrians) needs to be visualized or move over. We characterize this aspect in the form of linear or nonlinear constraints of 3-Dimensional coordinates. Then, we introduce a test coverage, called an area coverage, to quantify the quality of generated paths in terms of how wide area the generated paths can cover. We propose an algorithm that automatically generate such paths using a SMT (Satisfiability Modulo Theories) solver. On the other hand, the behavioral specification intends to characterize how an environmental object changes its mode changes over time by interacting with other objects (e.g., a pedestrian waits for a signal or start crossing). We characterize this aspect in the form of timed automata. Then, we introduce a test coverage, called an edge/location coverage, to quantify the quality of the generated mode changes in terms of how many modes or transitions are visited. We propose a method that automatically generates many different mode changes using a model-checking method. To demonstrate the test framework, we developed the right turn pedestrian warning system in intersection scenarios and generated many different types of pedestrian paths and behaviors to analyze the effectiveness of the system.