| 1. |
- Alisic, Rijad, 1994-
(författare)
-
Privacy of Sudden Events in Cyber-Physical Systems
- 2021
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Cyberattacks against critical infrastructures has been a growing problem for the past couple of years. These infrastructures are a particularly desirable target for adversaries, due to their vital importance in society. For instance, a stop in the operation of a critical infrastructure could result in a crippling effect on a nation's economy, security or public health. The reason behind this increase is that critical infrastructures have become more complex, often being integrated with a large network of various cyber components. It is through these cyber components that an adversary is able to access the system and conduct their attacks.In this thesis, we consider methods which can be used as a first line of defence against such attacks for Cyber-Physical Systems (CPS). Specifically, we start by studying how information leaks about a system's dynamics helps an adversary to generate attacks that are difficult to detect. In many cases, such attacks can be detrimental to a CPS since they can drive the system to a breaking point without being detected by the operator that is tasked to secure the system. We show that an adversary can use small amounts of data procured from information leaks to generate these undetectable attacks. In particular, we provide the minimal amount of information that is needed in order to keep the attack hidden even if the operator tries to probe the system for attacks. We design defence mechanisms against such information leaks using the Hammersley-Chapman-Robbins lower bound. With it, we study how information leakage could be mitigated through corruption of the data by injection of measurement noise. Specifically, we investigate how information about structured input sequences, which we call events, can be obtained through the output of a dynamical system and how this leakage depends on the system dynamics. For example, it is shown that a system with fast dynamical modes tends to disclose more information about an event compared to a system with slower modes. However, a slower system leaks information over a longer time horizon, which means that an adversary who starts to collect information long after the event has occured might still be able to estimate it. Additionally, we show how sensor placements can affect the information leak. These results are then used to aid the operator to detect privacy vulnerabilities in the design of a CPS.Based on the Hammersley-Chapman-Robbins lower bound, we provide additional defensive mechanisms that can be deployed by an operator online to minimize information leakage. For instance, we propose a method to modify the structured inputs in order to maximize the usage of the existing noise in the system. This mechanism allows us to explicitly deal with the privacy-utility trade-off, which is of interest when optimal control problems are considered. Finally, we show how the adversary's certainty of the event increases as a function of the number of samples they collect. For instance, we provide sufficient conditions for when their estimation variance starts to converge to its final value. This information can be used by an operator to estimate when possible attacks from an adversary could occur, and change the CPS before that, rendering the adversary's collected information useless.
|
|
| 2. |
- Čičić, Mladen, 1991-
(författare)
-
Modelling and Lagrangian control of mixed traffic: platoon coordination, congestion dissipation and state reconstruction
- 2021
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Traffic congestion is a constantly growing problem, with a wide array of negative effects on the society, from wasted time and productivity to elevated air pollution and reduction of safety. The introduction of connected, autonomous vehicles enables a new, Lagrangian paradigm for sensing andcontrolling the traffic, by directly using connected vehicles inside the traffic flow, as opposed to the classical, Eulerian paradigm, which relies on stationary equipment on the road. By using control methods specifically tailored to the Lagrangian paradigm, we are able to influence the traffic flow even if the penetration rate of connected vehicle is low. This allows us to answer one of the central impending questions of the traffic control using emerging technologies: How can we influence the overall traffic by using only a smallportion of vehicles that we can control directly?Traffic phenomena such as moving bottlenecks and stop-and-go waves are particularly pertinent to Lagrangian traffic control, and therefore need to be captured in traffic models. In this thesis we introduce the influence of these phenomena into the cell transmission model, multi-class cell transmission model, and tandem queueing model. We also propose a transition system model based on front tracking, which captures the relevant phenomena, and show under which conditions it corresponds to the Lighthill-Whitham-Richards model. Moving bottlenecks are introduced as a moving zone in which a reduced flux function describes the traffic flow, and their influence on the surrounding traffic is given by solving the Riemann problems at the flux function boundaries. Stop-and-go waves are introduced by constraining the wave speed of rarefaction, resulting in constant stop-and-go wave propagation speed and discharging flow lower than the road capacity, which is consistent with the empirical observations.We use the proposed traffic models to design control laws that address three problems: platoon merging coordination, congestion reduction, and traffic state reconstruction. We study the case when two trucks are closing the distance and merging into a platoon on a public road, and propose an optimal control algorithm which accounts for the mutual influence between the trucks and the surrounding traffic. The proposed control law minimizes the total fuel consumption of the trucks, and improves the reliability of platooning. Then, we consider two forms of the congestion reduction problem: stationary bottleneck decongestion, and stop-and-go wave dissipation. In both cases, connected vehicles are used as moving bottlenecks to restrict the traffic flow enough to let the congestion dissipate. By applying these control laws, the throughput of the road is increased and the total travel time of all vehiclesis reduced. Finally, we generalize the stop-and-go wave dissipation problem by dropping the assumption that the full traffic state is known, and instead propose traffic state reconstruction algorithms which use local measurements originating from the connected vehicles. We show that the proposed control laws can also be implemented using the reconstructed traffic state. In this case, as the number of available connected vehicles increases, the control performance approaches the full-information control case.
|
|
| 3. |
- Gracy, Sebin, et al.
(författare)
-
Analysis and Distributed Control of Periodic Epidemic Processes
- 2021
-
Ingår i: IEEE Transactions on Control of Network Systems. - : Institute of Electrical and Electronics Engineers (IEEE). - 2325-5870. ; 8:1, s. 123-134
-
Tidskriftsartikel (refereegranskat)abstract
- This article studies epidemic processes over discrete-time periodic time-varying networks. We focus on the susceptible-infected-susceptible (SIS) model that accounts for a (possibly) mutating virus. We say that an agent is in the disease-free state if it is not infected by the virus. Our objective is to devise a control strategy which ensures that all agents in a network exponentially (respectively asymptotically) converge to the disease-free equilibrium (DFE). Toward this end, we first provide 1) sufficient conditions for exponential (respectively, asymptotic) convergence to the DFE and 2) a necessary and sufficient condition for asymptotic convergence to the DFE. The sufficient condition for global exponential stability (GES) [respectively global asymptotic stability (GAS)] of the DFE is in terms of the joint spectral radius of a set of suitably defined matrices, whereas the necessary and sufficient condition for GAS of the DFE involves the spectral radius of an appropriately defined product of matrices. Subsequently, we leverage the stability results in order to design a distributed control strategy for eradicating the epidemic.
|
|
| 4. |
- He, Xingkang, et al.
(författare)
-
How to Secure Distributed Filters Under Sensor Attacks
- 2021
-
Ingår i: IEEE Transactions on Automatic Control. - : Institute of Electrical and Electronics Engineers (IEEE). - 0018-9286 .- 1558-2523. ; , s. 1-1
-
Tidskriftsartikel (refereegranskat)abstract
- We study how to secure distributed filters for linear time-invariant systems with bounded noise under false-data injection attacks. A malicious attacker is able to arbitrarily manipulate the observations for a time-varying and unknown subset of the sensors. We first propose a recursive distributed filter consisting of two steps at each update. The first step employs a saturation-like scheme, which gives a small gain if the innovation is large corresponding to a potential attack. The second step is a consensus operation of state estimates among neighboring sensors. We prove the estimation error is upper bounded if the parameters satisfy a condition. We further analyze the feasibility of the condition and connect it to sparse observability in the centralized case. When the attacked sensor set is known to be time-invariant, the secured filter is modified by adding an online local attack detector. The detector is able to identify the attacked sensors whose observation innovations are larger than the detection thresholds. Also, with more attacked sensors being detected, the thresholds will adaptively adjust to reduce the space of the stealthy attack signals.
|
|
| 5. |
- Iwaki, Takuya, 1986-, et al.
(författare)
-
Multi-hop sensor network scheduling for optimal remote estimation?
- 2021
-
Ingår i: Automatica. - : Elsevier BV. - 0005-1098 .- 1873-2836. ; 127
-
Tidskriftsartikel (refereegranskat)abstract
- This paper studies a design problem of how a group of wireless sensors are selected and scheduled to transmit data efficiently over a multi-hop network subject to energy considerations, when the sensors are observing multiple independent discrete-time linear systems. Each time instant, a subset of sensors is selected to transmit their measurements to a remote estimator. We formulate an optimization problem, in which a network schedule is searched to minimize a linear combination of the averaged estimation error and the averaged transmission energy consumption. It is shown that the optimal network schedule forms a tree with root at the gateway node. From this observation, we manage to separate the optimization problem into two subproblems: tree planning and sensor selection. We solve the sensor selection subproblem by a Markov decision process, showing that the optimal solution admits a periodic structure when the transmission cost is sufficiently low. Efficient algorithms are proposed and they are shown to reduce the computational complexity of the original optimization problem. Numerical studies illustrate the effectiveness of the proposed algorithms, and show that they are scalable to large networks.
|
|
| 6. |
- Kim, Junsoo, et al.
(författare)
-
Method for Running Dynamic Systems over Encrypted Data for Infinite Time Horizon without Bootstrapping and Re-encryption
- 2021
-
Ingår i: 2021 60TH IEEE CONFERENCE ON DECISION AND CONTROL (CDC). - : Institute of Electrical and Electronics Engineers (IEEE). ; , s. 5614-5619
-
Konferensbidrag (refereegranskat)abstract
- In this paper, we propose a method for dynamic systems to operate over homomorphically encrypted data for an infinite time horizon, where we do not make use of reset, re-encryption, or bootstrapping for the encrypted messages. The given system is first decomposed into the stable part and the anti-stable part. Then, the stable part is approximated to have finite impulse response, and by a novel conversion scheme, the eigenvalues of the state matrix of the anti-stable part are approximated to algebraic integers. This allows that the given system can be implemented to operate for an infinite time horizon using only addition and multiplication over encrypted data, without re-encrypting any portion of data. The performance error caused by the approximation and quantization can be made arbitrarily small, with appropriate choice of parameters.
|
|
| 7. |
- Lindström, Martin, et al.
(författare)
-
Power Injection Attacks in Smart Distribution Grids with Photovoltaics
- 2021
-
Ingår i: Proceedings European Control Conference, ECC 2021. - : Institute of Electrical and Electronics Engineers (IEEE). ; , s. 529-534
-
Konferensbidrag (refereegranskat)abstract
- In order to protect smart distribution grids from intrusions, it is important to understand possible risks and impacts of attacks. We study the worst-case attack strategy of a power injection attack against the physical layer of a smart distribution grid with a high penetration of photovoltaic resources. We derive both the worst attack signal and worst attack location: The worst attack signal is a step function which switches its sign at the final stage, and the worst attack location is the node with the largest impedance to the grid substation. Numerical examples on a European benchmark model verify the developed results. Finally, both theoretical and numerical results are used to discuss feasible defense strategies against power injection attacks.
|
|
| 8. |
- Mamduhi, Mohammad H., et al.
(författare)
-
A Cross-Layer Optimal Co-Design of Control and Networking in Time-Sensitive Cyber-Physical Systems
- 2021
-
Ingår i: IEEE Control Systems Letters. - : Institute of Electrical and Electronics Engineers (IEEE). - 2475-1456. ; 5:3, s. 917-922
-
Tidskriftsartikel (refereegranskat)abstract
- In the design of cyber-physical systems (CPS) where multiple physical systems are coupled via a communication network, a key aspect is to study how network services are distributed. In this letter, we first describe a cross-layer model for CPS to explicitly capture the coupling between control and networking and the time-sensitive requirements of each physical system. Physical systems processes are coupled via a shared network that provides a diverse range of cost-prone and capacity-limited services with distinct latency characteristics. Service prices are given such that low latency services incur higher communication cost, and prices remain fixed over a constant period of time but will be adjusted by the network for the future time periods. Physical systems decide to use specific services over each time interval depending on the service prices and their own time sensitivity requirements. Considering the service availability, the network coordinates resource allocation such that physical systems are serviced the closest to their preferences. Performance of individual systems are measured by an expected quadratic cost and we formulate a social optimization problem subject to time-sensitive requirements of the physical systems and the network constraints. From the formulated social optimization problem, we derive the joint optimal time-sensitive control and service allocation policies.
|
|
| 9. |
- Narri, Vandana, et al.
(författare)
-
Set-Membership Estimation in Shared Situational Awareness for Automated Vehicles in Occluded Scenarios
- 2021
-
Ingår i: 2021 32nd IEEE Intelligent Vehicles Symposium (IV). - : Institute of Electrical and Electronics Engineers (IEEE). ; , s. 385-392
-
Konferensbidrag (refereegranskat)abstract
- One of the main challenges in developing autonomous transport systems based on connected and automated vehicles is the comprehension and understanding of the environment around each vehicle. In many situations, the understanding is limited to the information gathered by the sensors mounted on the ego-vehicle, and it might be severely affected by occlusion caused by other vehicles or fixed obstacles along the road. Situational awareness is the ability to perceive and comprehend a traffic situation and to predict the intent of vehicles and road users in the surrounding of the ego-vehicle. The main objective of this paper is to propose a framework for how to automatically increase the situational awareness for an automatic bus in a realistic scenario when a pedestrian behind a parked truck might decide to walk across the road. Depending on the ego-vehicle's ability to fuse information from sensors in other vehicles or in the infrastructure, shared situational awareness is developed using a set-based estimation technique that provides robust guarantees for the location of the pedestrian. A two-level information fusion architecture is adopted, where sensor measurements are fused locally, and then the corresponding estimates are shared between vehicles and units in the infrastructure. Thanks to the provided safety guarantees, it is possible to adjust the ego-vehicle speed appropriately to maintain a proper safety margin. Three scenarios of growing information complexity are considered throughout the study. Simulations show how the increased situational awareness allows the ego-vehicle to maintain a reasonable speed without sacrificing safety.
|
|
| 10. |
- Nekouei, E., et al.
(författare)
-
Optimal Privacy-aware Estimation
- 2021
-
Ingår i: IEEE Transactions on Automatic Control. - : Institute of Electrical and Electronics Engineers (IEEE). - 0018-9286 .- 1558-2523. ; , s. 1-1
-
Tidskriftsartikel (refereegranskat)abstract
- This paper studies the design of an optimal privacy-aware estimator of a public random variable based on noisy measurements which contain private information. The public variable carries also non-private information, but, its estimate will be correlated with the private information due to the estimation process. The objective is to design an optimal estimator of the public random variable such that the leakage of private information, via the estimation process, is kept below a certain level. The privacy metric is defined as the discrete conditional entropy of the private variable given the output of the estimator. We show that the optimal privacy-aware estimator is the solution of a (possibly infinite-dimensional) convex optimization problem when the estimator has access to either the measurement or the measurement together with the private information. We study the optimal perfect-privacy estimation problem that ensures the estimate of the public variable is independent of the private information. A necessary and sufficient condition is derived guaranteeing that an estimator satisfies the perfect-privacy requirement.
|
|
