| 11. |
- Alisic, Rijad, 1994-
(författare)
-
Privacy of Sudden Events in Cyber-Physical Systems
- 2021
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Cyberattacks against critical infrastructures has been a growing problem for the past couple of years. These infrastructures are a particularly desirable target for adversaries, due to their vital importance in society. For instance, a stop in the operation of a critical infrastructure could result in a crippling effect on a nation's economy, security or public health. The reason behind this increase is that critical infrastructures have become more complex, often being integrated with a large network of various cyber components. It is through these cyber components that an adversary is able to access the system and conduct their attacks.In this thesis, we consider methods which can be used as a first line of defence against such attacks for Cyber-Physical Systems (CPS). Specifically, we start by studying how information leaks about a system's dynamics helps an adversary to generate attacks that are difficult to detect. In many cases, such attacks can be detrimental to a CPS since they can drive the system to a breaking point without being detected by the operator that is tasked to secure the system. We show that an adversary can use small amounts of data procured from information leaks to generate these undetectable attacks. In particular, we provide the minimal amount of information that is needed in order to keep the attack hidden even if the operator tries to probe the system for attacks. We design defence mechanisms against such information leaks using the Hammersley-Chapman-Robbins lower bound. With it, we study how information leakage could be mitigated through corruption of the data by injection of measurement noise. Specifically, we investigate how information about structured input sequences, which we call events, can be obtained through the output of a dynamical system and how this leakage depends on the system dynamics. For example, it is shown that a system with fast dynamical modes tends to disclose more information about an event compared to a system with slower modes. However, a slower system leaks information over a longer time horizon, which means that an adversary who starts to collect information long after the event has occured might still be able to estimate it. Additionally, we show how sensor placements can affect the information leak. These results are then used to aid the operator to detect privacy vulnerabilities in the design of a CPS.Based on the Hammersley-Chapman-Robbins lower bound, we provide additional defensive mechanisms that can be deployed by an operator online to minimize information leakage. For instance, we propose a method to modify the structured inputs in order to maximize the usage of the existing noise in the system. This mechanism allows us to explicitly deal with the privacy-utility trade-off, which is of interest when optimal control problems are considered. Finally, we show how the adversary's certainty of the event increases as a function of the number of samples they collect. For instance, we provide sufficient conditions for when their estimation variance starts to converge to its final value. This information can be used by an operator to estimate when possible attacks from an adversary could occur, and change the CPS before that, rendering the adversary's collected information useless.
|
|
| 12. |
- Andreasson, Martin, et al.
(författare)
-
Coherence in Synchronizing Power Networks with Distributed Integral Control
- 2017
-
Ingår i: 2017 IEEE 56th Annual Conference on Decision and Control, CDC 2017. - : IEEE. - 9781509028733 ; , s. 6683-6688
-
Konferensbidrag (refereegranskat)abstract
- We consider frequency control of synchronous generator networks and study transient performance under both primary and secondary frequency control. We model random step changes in power loads and evaluate performance in terms of expected deviations from a synchronous frequency over the synchronization transient; what can be thought of as lack of frequency coherence. We compare a standard droop control strategy to two secondary proportional integral (PI) controllers: centralized averaging PI control (CAPI) and distributed averaging PI control (DAPI). We show that the performance of a power system with DAPI control is always superior to that of a CAPI controlled system, which in turn has the same transient performance as standard droop control. Furthermore, for a large class of network graphs, performance scales unfavorably with network size with CAPI and droop control, which is not the case with DAPI control. We discuss optimal tuning of the DAPI controller and describe how internodal alignment of the integral states affects performance. Our results are demonstrated through simulations of the Nordic power grid.
|
|
| 13. |
- Bjork, J., et al.
(författare)
-
Dynamic Virtual Power Plant Design for Fast Frequency Reserves : Coordinating Hydro and Wind
- 2022
-
Ingår i: IEEE Transactions on Control of Network Systems. - : Institute of Electrical and Electronics Engineers (IEEE). - 2325-5870. ; , s. 1-12
-
Tidskriftsartikel (refereegranskat)abstract
- To ensure frequency stability in future low-inertia power grids, fast ancillary services such as fast frequency reserves (FFR) have been proposed. In this work, the coordination of conventional (slow) frequency containment reserves (FCR) with FFR is treated as a decentralized model matching problem. The design results in a dynamic virtual power plant (DVPP) whose aggregated output fulfills the system operator’s (SO’s) requirements in all time scales, while accounting for the capacity and bandwidth limitation of participating devices. This is illustrated in a 5-machine representation of the Nordic synchronous grid. In the Nordic grid, stability issues and bandwidth limitations associated with non-minimum phase zeros of hydropower is a well-known problem. By simulating the disconnection of a 1400 MW importing dc link, it is shown that the proposed DVPP design allows for coordinating fast FFR from wind, with slow FCR from hydro, while respecting dynamic limitations of all participating devices. The SO’s requirements are fulfilled in a realistic low-inertia scenario without the need to install battery storage or to waste wind energy by curtailing the wind turbines.
|
|
| 14. |
- Chen, Jianqi, et al.
(författare)
-
Geometrical Characterization Of Sensor Placement For Cone-Invariant And Multi-Agent Systems Against Undetectable Zero-Dynamics Attacks\Ast
- 2022
-
Ingår i: SIAM Journal of Control and Optimization. - : Society for Industrial & Applied Mathematics (SIAM). - 0363-0129 .- 1095-7138. ; 60:2, s. 890-916
-
Tidskriftsartikel (refereegranskat)abstract
- Undetectable attacks are an important class of malicious attacks threatening the security of cyber-physical systems, which can modify a system's state but leave the system output measurements unaffected and hence cannot be detected from the output. This paper studies undetectable attacks on cone-invariant systems and multi-agent systems. We first provide a general characterization of zero-dynamics attacks, which characterizes fully undetectable attacks targeting the nonminimum phase zeros of a system. This geometrical characterization makes it possible to develop a defense strategy seeking to place a minimal number of sensors to detect and counter the zero-dynamics attacks on the system's actuators. The detect and defense scheme amounts to computing a set containing potentially vulnerable actuator locations and nodes and a defense union for feasible placement of sensors based on the geometrical properties of the cones under consideration.
|
|
| 15. |
- Čičić, Mladen, 1991-
(författare)
-
Modelling and Lagrangian control of mixed traffic: platoon coordination, congestion dissipation and state reconstruction
- 2021
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Traffic congestion is a constantly growing problem, with a wide array of negative effects on the society, from wasted time and productivity to elevated air pollution and reduction of safety. The introduction of connected, autonomous vehicles enables a new, Lagrangian paradigm for sensing andcontrolling the traffic, by directly using connected vehicles inside the traffic flow, as opposed to the classical, Eulerian paradigm, which relies on stationary equipment on the road. By using control methods specifically tailored to the Lagrangian paradigm, we are able to influence the traffic flow even if the penetration rate of connected vehicle is low. This allows us to answer one of the central impending questions of the traffic control using emerging technologies: How can we influence the overall traffic by using only a smallportion of vehicles that we can control directly?Traffic phenomena such as moving bottlenecks and stop-and-go waves are particularly pertinent to Lagrangian traffic control, and therefore need to be captured in traffic models. In this thesis we introduce the influence of these phenomena into the cell transmission model, multi-class cell transmission model, and tandem queueing model. We also propose a transition system model based on front tracking, which captures the relevant phenomena, and show under which conditions it corresponds to the Lighthill-Whitham-Richards model. Moving bottlenecks are introduced as a moving zone in which a reduced flux function describes the traffic flow, and their influence on the surrounding traffic is given by solving the Riemann problems at the flux function boundaries. Stop-and-go waves are introduced by constraining the wave speed of rarefaction, resulting in constant stop-and-go wave propagation speed and discharging flow lower than the road capacity, which is consistent with the empirical observations.We use the proposed traffic models to design control laws that address three problems: platoon merging coordination, congestion reduction, and traffic state reconstruction. We study the case when two trucks are closing the distance and merging into a platoon on a public road, and propose an optimal control algorithm which accounts for the mutual influence between the trucks and the surrounding traffic. The proposed control law minimizes the total fuel consumption of the trucks, and improves the reliability of platooning. Then, we consider two forms of the congestion reduction problem: stationary bottleneck decongestion, and stop-and-go wave dissipation. In both cases, connected vehicles are used as moving bottlenecks to restrict the traffic flow enough to let the congestion dissipate. By applying these control laws, the throughput of the road is increased and the total travel time of all vehiclesis reduced. Finally, we generalize the stop-and-go wave dissipation problem by dropping the assumption that the full traffic state is known, and instead propose traffic state reconstruction algorithms which use local measurements originating from the connected vehicles. We show that the proposed control laws can also be implemented using the reconstructed traffic state. In this case, as the number of available connected vehicles increases, the control performance approaches the full-information control case.
|
|
| 16. |
- Emad, Sawsan, et al.
(författare)
-
Privacy Guarantees for Cloud-based State Estimation using Partially Homomorphic Encryption
- 2022
-
Ingår i: 2022 European Control Conference (ECC). - : IEEE. - 9783907144077 - 9781665497336 ; , s. 98-105
-
Konferensbidrag (refereegranskat)abstract
- The privacy aspect of state estimation algorithms has been drawing high research attention due to the necessity for a trustworthy private environment in cyber-physical systems. These systems usually engage cloud-computing platforms to aggregate essential information from spatially distributed nodes and produce desired estimates. The exchange of sensitive data among semi-honest parties raises privacy concerns, especially when there are coalitions between parties. We propose two privacy-preserving protocols using Kalman filter and partially homomorphic encryption of the measurements and estimates while exposing the covariances and other model parameters. We prove that the proposed protocols achieve satisfying computational privacy guarantees against various coalitions based on formal cryptographic definitions of indistinguishability. We evaluate the proposed protocols to demonstrate their efficiency using data from a real testbed.
|
|
| 17. |
- Fang, Song, et al.
(författare)
-
Two-Way Coding in Control Systems Under Injection Attacks : From Attack Detection to Attack Correction
- 2019
-
Ingår i: ICCPS '19. - New York, NY, USA : Association for Computing Machinery (ACM). ; , s. 141-150
-
Konferensbidrag (refereegranskat)abstract
- In this paper, we introduce the method of two-way coding, a concept originating in communication theory characterizing coding schemes for two-way channels, into (networked) feedback control systems under injection attacks. We first show that the presence of two-way coding can distort the perspective of the attacker on the control system. In general, the distorted viewpoint on the attacker side as a consequence of two-way coding will facilitate detecting the attacks, or restricting what the attacker can do, or even correcting the attack effect. In the particular case of zero-dynamics attacks, if the attacks are to be designed according to the original plant, then they will be easily detected; while if the attacks are designed with respect to the equivalent plant as viewed by the attacker, then under the additional assumption that the plant is stabilizable by static output feedback, the attack effect may be corrected in steady state.
|
|
| 18. |
- Gracy, Sebin, et al.
(författare)
-
Analysis and Distributed Control of Periodic Epidemic Processes
- 2021
-
Ingår i: IEEE Transactions on Control of Network Systems. - : Institute of Electrical and Electronics Engineers (IEEE). - 2325-5870. ; 8:1, s. 123-134
-
Tidskriftsartikel (refereegranskat)abstract
- This article studies epidemic processes over discrete-time periodic time-varying networks. We focus on the susceptible-infected-susceptible (SIS) model that accounts for a (possibly) mutating virus. We say that an agent is in the disease-free state if it is not infected by the virus. Our objective is to devise a control strategy which ensures that all agents in a network exponentially (respectively asymptotically) converge to the disease-free equilibrium (DFE). Toward this end, we first provide 1) sufficient conditions for exponential (respectively, asymptotic) convergence to the DFE and 2) a necessary and sufficient condition for asymptotic convergence to the DFE. The sufficient condition for global exponential stability (GES) [respectively global asymptotic stability (GAS)] of the DFE is in terms of the joint spectral radius of a set of suitably defined matrices, whereas the necessary and sufficient condition for GAS of the DFE involves the spectral radius of an appropriately defined product of matrices. Subsequently, we leverage the stability results in order to design a distributed control strategy for eradicating the epidemic.
|
|
| 19. |
- He, Xingkang, et al.
(författare)
-
How to Secure Distributed Filters Under Sensor Attacks
- 2021
-
Ingår i: IEEE Transactions on Automatic Control. - : Institute of Electrical and Electronics Engineers (IEEE). - 0018-9286 .- 1558-2523. ; , s. 1-1
-
Tidskriftsartikel (refereegranskat)abstract
- We study how to secure distributed filters for linear time-invariant systems with bounded noise under false-data injection attacks. A malicious attacker is able to arbitrarily manipulate the observations for a time-varying and unknown subset of the sensors. We first propose a recursive distributed filter consisting of two steps at each update. The first step employs a saturation-like scheme, which gives a small gain if the innovation is large corresponding to a potential attack. The second step is a consensus operation of state estimates among neighboring sensors. We prove the estimation error is upper bounded if the parameters satisfy a condition. We further analyze the feasibility of the condition and connect it to sparse observability in the centralized case. When the attacked sensor set is known to be time-invariant, the secured filter is modified by adding an online local attack detector. The detector is able to identify the attacked sensors whose observation innovations are larger than the detection thresholds. Also, with more attacked sensors being detected, the thresholds will adaptively adjust to reduce the space of the stealthy attack signals.
|
|
| 20. |
- He, Xingkang, et al.
(författare)
-
Secure Distributed Filtering for Unstable Dynamics Under Compromised Observations
- 2019
-
Ingår i: 2019 IEEE 58th Conference on Decision and Control (CDC). - : Institute of Electrical and Electronics Engineers (IEEE). ; , s. 5344-5349
-
Konferensbidrag (refereegranskat)abstract
- In this paper, we consider a secure distributed filtering problem for linear time-invariant systems with bounded noises and unstable dynamics under compromised observations. A malicious attacker is able to compromise a subset of the agents and manipulate the observations arbitrarily. We first propose a recursive distributed filter consisting of two parts at each time. The first part employs a saturation like scheme, which gives a small gain if the innovation is too large. The second part is a consensus operation of state estimates among neighboring agents. A sufficient condition is then established for the boundedness of estimation error, which is with respect to network topology, system structure, and the maximal compromised agent subset. We further provide an equivalent statement, which connects to 2s-sparse observability in the centralized framework in certain scenarios, such that the sufficient condition is feasible. Numerical simulations are finally provided to illustrate the developed results.
|
|
