-
Model Updating for Nonlinear Systems with Stability Guarantees
Authors:
Farhad Ghanipoor,
Carlos Murguia,
Peyman Mohajerin Esfahani,
Nathan van de Wouw
Abstract:
To improve the predictive capacity of system models in the input-output sense, this paper presents a framework for model updating via learning of modeling uncertainties in locally (and thus also in globally) Lipschitz nonlinear systems. First, we introduce a method to extend an existing known model with an uncertainty model so that stability of the extended model is guaranteed in the sense of set…
▽ More
To improve the predictive capacity of system models in the input-output sense, this paper presents a framework for model updating via learning of modeling uncertainties in locally (and thus also in globally) Lipschitz nonlinear systems. First, we introduce a method to extend an existing known model with an uncertainty model so that stability of the extended model is guaranteed in the sense of set invariance and input-to-state stability. To achieve this, we provide two tractable semi-definite programs. These programs allow obtaining optimal uncertainty model parameters for both locally and globally Lipschitz nonlinear models, given uncertainty and state trajectories. Subsequently, in order to extract this data from the available input-output trajectories, we introduce a filter that incorporates an approximated internal model of the uncertainty and asymptotically estimates uncertainty and state realizations. This filter is also synthesized using semi-definite programs with guaranteed robustness with respect to uncertainty model mismatches, disturbances, and noise. Numerical simulations for a large data-set of a roll plane model of a vehicle illustrate the effectiveness and practicality of the proposed methodology in improving model accuracy, while guaranteeing stability.
△ Less
Submitted 10 June, 2024;
originally announced June 2024.
-
Optimal Controller Realizations against False Data Injections in Cooperative Driving
Authors:
Mischa Huisman,
Carlos Murguia,
Erjen Lefeber,
Nathan van de Wouw
Abstract:
To enhance the robustness of cooperative driving to cyberattacks, we study a controller-oriented approach to mitigate the effect of a class of False-Data Injection (FDI) attacks. By reformulating a given dynamic Cooperative Adaptive Cruise Control (CACC) scheme (the base controller), we recognize that the base controller can be represented by a class of new but equivalent controllers (base control…
▽ More
To enhance the robustness of cooperative driving to cyberattacks, we study a controller-oriented approach to mitigate the effect of a class of False-Data Injection (FDI) attacks. By reformulating a given dynamic Cooperative Adaptive Cruise Control (CACC) scheme (the base controller), we recognize that the base controller can be represented by a class of new but equivalent controllers (base controller realizations) that exhibits the same platooning behavior with varying robustness in the presence of attacks. We propose a prescriptive synthesis framework where the base controller and the system dynamics are written in new coordinates via an invertible coordinate transformation on the controller state. Because the input-output behavior is invariant under coordinate transformations, the input-output behavior is unaffected (so controller realizations do not change the system's closed-loop performance). However, each base controller realization may require a different combination of sensors. To this end, we obtain the optimal combination of sensors that minimizes the effect of FDI attacks by solving a Linear Matrix Inequality (LMI), while quantifying the FDI's attack impact through reachability analysis. Through simulation studies, we demonstrate that this approach enhances the robustness of cooperative driving, without relying on a detection scheme and maintaining all system properties.
△ Less
Submitted 8 April, 2024;
originally announced April 2024.
-
Privacy in Cloud Computing through Immersion-based Coding
Authors:
Haleh Hayati,
Nathan van de Wouw,
Carlos Murguia
Abstract:
Cloud computing enables users to process and store data remotely on high-performance computers and servers by sharing data over the Internet. However, transferring data to clouds causes unavoidable privacy concerns. Here, we present a synthesis framework to design coding mechanisms that allow sharing and processing data in a privacy-preserving manner without sacrificing data utility and algorithmi…
▽ More
Cloud computing enables users to process and store data remotely on high-performance computers and servers by sharing data over the Internet. However, transferring data to clouds causes unavoidable privacy concerns. Here, we present a synthesis framework to design coding mechanisms that allow sharing and processing data in a privacy-preserving manner without sacrificing data utility and algorithmic performance. We consider the setup where the user aims to run an algorithm in the cloud using private data. The cloud then returns some data utility back to the user (utility refers to the service that the algorithm provides, e.g., classification, prediction, AI models, etc.). To avoid privacy concerns, the proposed scheme provides tools to co-design: 1) coding mechanisms to distort the original data and guarantee a prescribed differential privacy level; 2) an equivalent-but-different algorithm (referred here to as the target algorithm) that runs on distorted data and produces distorted utility; and 3) a decoding function that extracts the true utility from the distorted one with a negligible error. Then, instead of sharing the original data and algorithm with the cloud, only the distorted data and target algorithm are disclosed, thereby avoiding privacy concerns. The proposed scheme is built on the synergy of differential privacy and system immersion tools from control theory. The key underlying idea is to design a higher-dimensional target algorithm that embeds all trajectories of the original algorithm and works on randomly encoded data to produce randomly encoded utility. We show that the proposed scheme can be designed to offer any level of differential privacy without degrading the algorithm's utility. We present two use cases to illustrate the performance of the developed tools: privacy in optimization/learning algorithms and a nonlinear networked control system.
△ Less
Submitted 7 March, 2024;
originally announced March 2024.
-
Privacy-Preserving State Estimation in the Presence of Eavesdroppers: A Survey
Authors:
Xinhao Yan,
Guanzhong Zhou,
Daniel E. Quevedo,
Carlos Murguia,
Bo Chen,
Hailong Huang
Abstract:
Networked systems are increasingly the target of cyberattacks that exploit vulnerabilities within digital communications, embedded hardware, and software. Arguably, the simplest class of attacks -- and often the first type before launching destructive integrity attacks -- are eavesdrop** attacks, which aim to infer information by collecting system data and exploiting it for malicious purposes. A…
▽ More
Networked systems are increasingly the target of cyberattacks that exploit vulnerabilities within digital communications, embedded hardware, and software. Arguably, the simplest class of attacks -- and often the first type before launching destructive integrity attacks -- are eavesdrop** attacks, which aim to infer information by collecting system data and exploiting it for malicious purposes. A key technology of networked systems is state estimation, which leverages sensing and actuation data and first-principles models to enable trajectory planning, real-time monitoring, and control. However, state estimation can also be exploited by eavesdroppers to identify models and reconstruct states with the aim of, e.g., launching integrity (stealthy) attacks and inferring sensitive information. It is therefore crucial to protect disclosed system data to avoid an accurate state estimation by eavesdroppers. This survey presents a comprehensive review of existing literature on privacy-preserving state estimation methods, while also identifying potential limitations and research gaps. Our primary focus revolves around three types of methods: cryptography, data perturbation, and transmission scheduling, with particular emphasis on Kalman-like filters. Within these categories, we delve into the concepts of homomorphic encryption and differential privacy, which have been extensively investigated in recent years in the context of privacy-preserving state estimation. Finally, we shed light on several technical and fundamental challenges surrounding current methods and propose potential directions for future research.
△ Less
Submitted 24 February, 2024;
originally announced February 2024.
-
Uncertainty Learning for LTI Systems with Stability Guarantees
Authors:
Farhad Ghanipoor,
Carlos Murguia,
Peyman Mohajerin Esfahani,
Nathan van de Wouw
Abstract:
We present a framework for learning of modeling uncertainties in Linear Time Invariant (LTI) systems. We propose a methodology to extend the dynamics of an LTI (without uncertainty) with an uncertainty model, based on measured data, to improve the predictive capacity of the model in the input-output sense. The proposed framework guarantees stability of the extended model. To achieve this, two semi…
▽ More
We present a framework for learning of modeling uncertainties in Linear Time Invariant (LTI) systems. We propose a methodology to extend the dynamics of an LTI (without uncertainty) with an uncertainty model, based on measured data, to improve the predictive capacity of the model in the input-output sense. The proposed framework guarantees stability of the extended model. To achieve this, two semi-definite programs are provided that allow obtaining optimal uncertainty model parameters, given state and uncertainty data. To obtain this data from available input-output trajectory data, we introduce a filter in which an internal model of uncertainty is proposed. This filter is also designed via a semi-definite program with guaranteed robustness with respect to uncertainty model mismatches, disturbances, and noise. Numerical simulations are presented to illustrate the effectiveness and practicality of the proposed methodology in improving model accuracy, while warranting model stability.
△ Less
Submitted 31 October, 2023;
originally announced October 2023.
-
Resilient Controller Synthesis Against DoS Attacks for Vehicular Platooning in Spatial Domain
Authors:
Jian Gong,
Carlos Murguia,
Anggera Bayuwindra,
**de Cao
Abstract:
This paper proposes a vehicular platoon control approach under Denial-of-Service (DoS) attacks and external disturbances. DoS attacks increase the service time on the communication network and cause additional transmission delays, which consequently increase the risk of rear-end collisions of vehicles in the platoon. To counter DoS attacks, we propose a resilient control scheme that exploits polyt…
▽ More
This paper proposes a vehicular platoon control approach under Denial-of-Service (DoS) attacks and external disturbances. DoS attacks increase the service time on the communication network and cause additional transmission delays, which consequently increase the risk of rear-end collisions of vehicles in the platoon. To counter DoS attacks, we propose a resilient control scheme that exploits polytopic overapproximations of the closed-loop dynamics under DoS attacks. This scheme allows synthesizing robust controllers that guarantee tracking of both the desired spacing policy and spatially varying reference velocity for all space-varying DoS attacks satisfying a hard upper bound on the attack duration. In addition, L2 string stability conditions are derived to ensure that external perturbations do not grow as they propagate through the platoon, thus ensuring the string stability. Numerical simulations illustrate the effectiveness of the proposed control method.
△ Less
Submitted 28 July, 2023;
originally announced July 2023.
-
Attack-Resilient Design for Connected and Automated Vehicles
Authors:
Tianci Yang,
Carlos Murguia,
Dragan Nesic,
Chau Yuen
Abstract:
By sharing local sensor information via Vehicle-to-Vehicle (V2V) wireless communication networks, Cooperative Adaptive Cruise Control (CACC) is a technology that enables Connected and Automated Vehicles (CAVs) to drive autonomously on the highway in closely-coupled platoons. The use of CACC technologies increases safety and the traffic throughput, and decreases fuel consumption and CO2 emissions.…
▽ More
By sharing local sensor information via Vehicle-to-Vehicle (V2V) wireless communication networks, Cooperative Adaptive Cruise Control (CACC) is a technology that enables Connected and Automated Vehicles (CAVs) to drive autonomously on the highway in closely-coupled platoons. The use of CACC technologies increases safety and the traffic throughput, and decreases fuel consumption and CO2 emissions. However, CAVs heavily rely on embedded software, hardware, and communication networks that make them vulnerable to a range of cyberattacks. Cyberattacks to a particular CAV compromise the entire platoon as CACC schemes propagate corrupted data to neighboring vehicles potentially leading to traffic delays and collisions. Physics-based monitors can be used to detect the presence of False Data Injection (FDI) attacks to CAV sensors; however, unavoidable system disturbances and modelling uncertainty often translates to conservative detection results. Given enough system knowledge, adversaries are still able to launch a range of attacks that can surpass the detection scheme by hiding within the system disturbances and uncertainty -- we refer to this class of attacks as \textit{stealthy FDI attacks}. Stealthy attacks are hard to deal with as they affect the platoon dynamics without being noticed. In this manuscript, we propose a co-design methodology (built around a series convex programs) to synthesize distributed attack monitors and $H_{\infty}$ CACC controllers that minimize the joint effect of stealthy FDI attacks and system disturbances on the platoon dynamics while guaranteeing a prescribed platooning performance (in terms of tracking and string stability). Computer simulations are provided to illustrate the performance of out tools.
△ Less
Submitted 19 June, 2023;
originally announced June 2023.
-
Robust Fault Estimators for Nonlinear Systems: An Ultra-Local Model Design
Authors:
Farhad Ghanipoor,
Carlos Murguia,
Peyman Mohajerin Esfahani,
Nathan van de Wouw
Abstract:
This paper proposes a nonlinear estimator for the robust reconstruction of process and sensor faults for a class of uncertain nonlinear systems. The proposed fault estimation method augments the system dynamics with an ultra-local (in time) internal state-space representation (a finite chain of integrators) of the fault vector. Next, a nonlinear state observer is designed based on the known parts…
▽ More
This paper proposes a nonlinear estimator for the robust reconstruction of process and sensor faults for a class of uncertain nonlinear systems. The proposed fault estimation method augments the system dynamics with an ultra-local (in time) internal state-space representation (a finite chain of integrators) of the fault vector. Next, a nonlinear state observer is designed based on the known parts of the augmented dynamics. This nonlinear filter (observer) reconstructs the fault signal as well as the states of the augmented system. We provide sufficient conditions that guarantee stability of the estimation error dynamics: firstly, asymptotic stability (i.e., exact fault estimation) in the absence of perturbations induced by the fault model mismatch (mismatch between internal ultra-local model for the fault and the actual fault dynamics), uncertainty, external disturbances, and measurement noise and, secondly, Input-to-State Stability (ISS) of the estimation error dynamics is guaranteed in the presence of these perturbations. In addition, to support performance-based estimator design, we provide Linear Matrix Inequality (LMI) conditions for $\mathcal{L}_2$-gain and $\mathcal{L}_2-\mathcal{L}_\infty$ induced norm and cast the synthesis of the estimator gains as a semi-definite program where the effect of model mismatch and external disturbances on the fault estimation error is minimized in the sense of $\mathcal{L}_2$-gain, for an acceptable $\mathcal{L}_2-\mathcal{L}_\infty$ induced norm with respect to measurement noise. The latter result facilitates a design that explicitly addresses the performance trade-off between noise sensitivity and robustness against model mismatch and external disturbances. Finally, numerical results for a benchmark system illustrate the performance of the proposed methodologies.
△ Less
Submitted 10 June, 2024; v1 submitted 23 May, 2023;
originally announced May 2023.
-
Secondary Controller Design for the Safety of Nonlinear Systems via Sum-of-Squares Programming
Authors:
Yankai Lin,
Michelle S. Chong,
Carlos Murguia
Abstract:
We consider the problem of ensuring the safety of nonlinear control systems under adversarial signals. Using Lyapunov based reachability analysis, we first give sufficient conditions to assess safety, i.e., to guarantee that the states of the control system, when starting from a given initial set, always remain in a prescribed safe set. We consider polynomial systems with semi-algebraic safe sets.…
▽ More
We consider the problem of ensuring the safety of nonlinear control systems under adversarial signals. Using Lyapunov based reachability analysis, we first give sufficient conditions to assess safety, i.e., to guarantee that the states of the control system, when starting from a given initial set, always remain in a prescribed safe set. We consider polynomial systems with semi-algebraic safe sets. Using the S-procedure for polynomial functions, safety conditions can be formulated as a Sum-Of-Squares (SOS) programme, which can be solved efficiently. When safety cannot be guaranteed, we provide tools via SOS to synthesize polynomial controllers that enforce safety of the closed loop system. The theoretical results are illustrated through numerical simulations.
△ Less
Submitted 20 April, 2023;
originally announced April 2023.
-
Impact Sensitivity Analysis of Cooperative Adaptive Cruise Control Against Resource-Limited Adversaries
Authors:
Mischa Huisman,
Carlos Murguia,
Erjen Lefeber,
Nathan van de Wouw
Abstract:
Cooperative Adaptive Cruise Control (CACC) is a technology that allows groups of vehicles to form in automated, tightly-coupled platoons. CACC schemes exploit Vehicle-to-Vehicle (V2V) wireless communications to exchange information between vehicles. However, the use of communication networks brings security concerns as it exposes network access points that the adversary can exploit to disrupt the…
▽ More
Cooperative Adaptive Cruise Control (CACC) is a technology that allows groups of vehicles to form in automated, tightly-coupled platoons. CACC schemes exploit Vehicle-to-Vehicle (V2V) wireless communications to exchange information between vehicles. However, the use of communication networks brings security concerns as it exposes network access points that the adversary can exploit to disrupt the vehicles' operation and even cause crashes. In this manuscript, we present a sensitivity analysis of CACC schemes against a class of resource-limited attacks. We present a modelling framework that allows us to systematically compute outer ellipsoidal approximations of reachable sets induced by attacks. We use the size of these sets as a security metric to quantify the potential damage of attacks affecting different signals in a CACC-controlled vehicle and study how two key system parameters change this metric. We carry out a sensitivity analysis for two different controller implementations (as given the available sensors there is an infinite number of realizations of the same controller) and show how different controller realizations can significantly affect the impact of attacks. We present extensive simulation experiments to illustrate the results.
△ Less
Submitted 7 September, 2023; v1 submitted 5 April, 2023;
originally announced April 2023.
-
Infinite Horizon Privacy in Networked Control Systems: Utility/Privacy Tradeoffs and Design Tools
Authors:
Haleh Hayati,
Nathan van de Wouw,
Carlos Murguia
Abstract:
We address the problem of synthesizing distorting mechanisms that maximize infinite horizon privacy for Networked Control Systems (NCSs). We consider stochastic LTI systems where information about the system state is obtained through noisy sensor measurements and transmitted to a (possibly adversarial) remote station via unsecured/public communication networks to compute control actions (a remote…
▽ More
We address the problem of synthesizing distorting mechanisms that maximize infinite horizon privacy for Networked Control Systems (NCSs). We consider stochastic LTI systems where information about the system state is obtained through noisy sensor measurements and transmitted to a (possibly adversarial) remote station via unsecured/public communication networks to compute control actions (a remote LQR controller). Because the network/station is untrustworthy, adversaries might access sensor and control data and estimate the system state. To mitigate this risk, we pass sensor and control data through distorting (privacy-preserving) mechanisms before transmission and send the distorted data through the communication network. These mechanisms consist of a linear coordinate transformation and additive-dependent Gaussian vectors. We formulate the synthesis of the distorting mechanisms as a convex program. In this convex program, we minimize the infinite horizon mutual information (our privacy metric) between the system state and its optimal estimate at the remote station for a desired upper bound on the control performance degradation (LQR cost) induced by the distortion mechanism.
△ Less
Submitted 27 July, 2023; v1 submitted 30 March, 2023;
originally announced March 2023.
-
Plug-and-Play Secondary Control for Safety of LTI Systems under Attacks
Authors:
Yankai Lin,
Michelle S. Chong,
Carlos Murguia
Abstract:
We consider the problem of controller design for linear time-invariant cyber-physical systems (CPSs) controlled via networks. Specifically, we adopt the set-up that a controller has already been designed to stabilize the plant. However, the closed loop system may be subject to actuator and sensor attacks. We first perform a reachability analysis to see the effect of potential attacks. To further e…
▽ More
We consider the problem of controller design for linear time-invariant cyber-physical systems (CPSs) controlled via networks. Specifically, we adopt the set-up that a controller has already been designed to stabilize the plant. However, the closed loop system may be subject to actuator and sensor attacks. We first perform a reachability analysis to see the effect of potential attacks. To further ensure the safety of the states of the system, we choose a subset of sensors that can be locally secured and made free of attacks. Using these limited resources, an extra controller is designed to enhance the safety of the new closed loop. The safety of the system will be characterized by the notion of safe sets. Lyapunov based analysis will be used to derive sufficient conditions that ensure the states always stay in the safe set. The conditions will then be stated as convex optimization problems which can be solved efficiently. Lastly, our theoretical results are illustrated through numerical simulations.
△ Less
Submitted 1 December, 2022;
originally announced December 2022.
-
Immersion and Invariance-based Coding for Privacy in Remote Anomaly Detection
Authors:
Haleh Hayati,
Nathan van de Wouw,
Carlos Murguia
Abstract:
We present a framework for the design of coding mechanisms that allow remotely operating anomaly detectors in a privacy-preserving manner. We consider the following problem setup. A remote station seeks to identify anomalies based on system input-output signals transmitted over communication networks. However, it is not desired to disclose true data of the system operation as it can be used to inf…
▽ More
We present a framework for the design of coding mechanisms that allow remotely operating anomaly detectors in a privacy-preserving manner. We consider the following problem setup. A remote station seeks to identify anomalies based on system input-output signals transmitted over communication networks. However, it is not desired to disclose true data of the system operation as it can be used to infer private information. To prevent adversaries from eavesdrop** on the network or at the remote station itself to access private data, we propose a privacy-preserving coding scheme to distort signals before transmission. As a next step, we design a new anomaly detector that runs on distorted signals and produces distorted diagnostics signals, and a decoding scheme that allows extracting true diagnostics data from distorted signals without error. The proposed scheme is built on the synergy of matrix encryption and system Immersion and Invariance (I&I) tools from control theory. The idea is to immerse the anomaly detector into a higher-dimensional system (the so-called target system). The dynamics of the target system is designed such that: the trajectories of the original anomaly detector are immersed/embedded in its trajectories, it works on randomly encoded input-output signals, and produces an encoded version of the original anomaly detector alarm signals, which are decoded to extract the original alarm at the user side. We show that the proposed privacy-preserving scheme provides the same anomaly detection performance as standard Kalman filter-based chi-squared anomaly detectors while revealing no information about system data.
△ Less
Submitted 21 November, 2022;
originally announced November 2022.
-
Linear Fault Estimators for Nonlinear Systems: An Ultra-Local Model Design
Authors:
Farhad Ghanipoor,
Carlos Murguia,
Peyman Mohajerin Esfahani,
Nathan van de Wouw
Abstract:
This paper addresses the problem of robust process and sensor fault reconstruction for nonlinear systems. The proposed method augments the system dynamics with an approximated internal linear model of the combined contribution of known nonlinearities and unknown faults -- leading to an approximated linear model in the augmented state. We exploit the broad modeling power of ultra-local models to ch…
▽ More
This paper addresses the problem of robust process and sensor fault reconstruction for nonlinear systems. The proposed method augments the system dynamics with an approximated internal linear model of the combined contribution of known nonlinearities and unknown faults -- leading to an approximated linear model in the augmented state. We exploit the broad modeling power of ultra-local models to characterize this internal dynamics. We use a linear filter to reconstruct the augmented state (simultaneously estimating the state of the original system and the sum of nonlinearities and faults). Having this combined estimate, we can simply subtract the analytic expression of nonlinearities from that of the corresponding estimate to reconstruct the fault vector. Because the nonlinearity does not play a role in the filter dynamics (it is only used as a static nonlinear output to estimate the fault), we can avoid standard restrictive assumptions like globally (one-sided) Lipschitz nonlinearities and/or the need for Lipschitz constants to carry out the filter design. The filter synthesis is posed as a mixed H2/Hinf optimization problem where the effect of disturbances and model mismatches is minimized in the Hinf sense, for an acceptable H2 performance with respect to measurement noise.
△ Less
Submitted 11 April, 2023; v1 submitted 11 November, 2022;
originally announced November 2022.
-
Privacy-Preserving Anomaly Detection in Stochastic Dynamical Systems: Synthesis of Optimal Gaussian Mechanisms
Authors:
Haleh Hayati,
Carlos Murguia,
Nathan van de Wouw
Abstract:
We present a framework for designing distorting mechanisms that allow remotely operating anomaly detectors while preserving privacy. We consider the problem setting in which a remote station seeks to identify anomalies using system input-output signals transmitted over communication networks. However, disclosing true data of the system operation is not desired as it can be used to infer private in…
▽ More
We present a framework for designing distorting mechanisms that allow remotely operating anomaly detectors while preserving privacy. We consider the problem setting in which a remote station seeks to identify anomalies using system input-output signals transmitted over communication networks. However, disclosing true data of the system operation is not desired as it can be used to infer private information -- modeled here as a system private output. To prevent accurate estimation of private outputs by adversaries, we pass original signals through distorting (privacy-preserving) mechanisms and send the distorted data to the remote station (which inevitably leads to degraded monitoring performance). We formulate the design of these mechanisms as a privacy-utility trade-off problem. We cast the synthesis of dependent Gaussian mechanisms as the solution of a convex program where we seek to maximize privacy quantified using information-theoretic metrics (mutual information and differential entropy) over a finite window of realizations while guaranteeing a bound on monitoring performance degradation.
△ Less
Submitted 7 September, 2023; v1 submitted 7 November, 2022;
originally announced November 2022.
-
Privacy-Preserving Federated Learning via System Immersion and Random Matrix Encryption
Authors:
Haleh Hayati,
Carlos Murguia,
Nathan van de Wouw
Abstract:
Federated learning (FL) has emerged as a privacy solution for collaborative distributed learning where clients train AI models directly on their devices instead of sharing their data with a centralized (potentially adversarial) server. Although FL preserves local data privacy to some extent, it has been shown that information about clients' data can still be inferred from model updates. In recent…
▽ More
Federated learning (FL) has emerged as a privacy solution for collaborative distributed learning where clients train AI models directly on their devices instead of sharing their data with a centralized (potentially adversarial) server. Although FL preserves local data privacy to some extent, it has been shown that information about clients' data can still be inferred from model updates. In recent years, various privacy-preserving schemes have been developed to address this privacy leakage. However, they often provide privacy at the expense of model performance or system efficiency, and balancing these tradeoffs is a crucial challenge when implementing FL schemes. In this manuscript, we propose a Privacy-Preserving Federated Learning (PPFL) framework built on the synergy of matrix encryption and system immersion tools from control theory. The idea is to immerse the learning algorithm, a Stochastic Gradient Decent (SGD), into a higher-dimensional system (the so-called target system) and design the dynamics of the target system so that: the trajectories of the original SGD are immersed/embedded in its trajectories, and it learns on encrypted data (here we use random matrix encryption). Matrix encryption is reformulated at the server as a random change of coordinates that maps original parameters to a higher-dimensional parameter space and enforces that the target SGD converges to an encrypted version of the original SGD optimal solution. The server decrypts the aggregated model using the left inverse of the immersion map. We show that our algorithm provides the same level of accuracy and convergence rate as the standard FL with a negligible computation cost while revealing no information about the clients' data.
△ Less
Submitted 7 September, 2022; v1 submitted 5 April, 2022;
originally announced April 2022.
-
Ultra Local Nonlinear Unknown Input Observers for Robust Fault Reconstruction
Authors:
Farhad Ghanipoor,
Carlos Murguia,
Peyman Mohajerin Esfahani,
Nathan van de Wouw
Abstract:
In this paper, we present a methodology for actuator and sensor fault estimation in nonlinear systems. The method consists in augmenting the system dynamics with an approximated ultra-local model (a finite chain of integrators) for the fault vector and constructing a Nonlinear Unknown Input Observer (NUIO) for the augmented dynamics. Then, fault reconstruction is reformulated as a robust state est…
▽ More
In this paper, we present a methodology for actuator and sensor fault estimation in nonlinear systems. The method consists in augmenting the system dynamics with an approximated ultra-local model (a finite chain of integrators) for the fault vector and constructing a Nonlinear Unknown Input Observer (NUIO) for the augmented dynamics. Then, fault reconstruction is reformulated as a robust state estimation problem in the augmented state (true state plus fault-related state). We provide sufficient conditions that guarantee the existence of the observer and stability of the estimation error dynamics (asymptotic stability of the origin in the absence of faults and ISS guarantees in the faulty case). Then, we cast the synthesis of observer gains as a semidefinite program where we minimize the L2-gain from the model mismatch induced by the approximated fault model to the fault estimation error. Finally, simulations are given to illustrate the performance of the proposed methodology.
△ Less
Submitted 4 April, 2022;
originally announced April 2022.
-
Gaussian Mechanisms Against Statistical Inference: Synthesis Tools
Authors:
Haleh Hayati,
Carlos Murguia,
Nathan van de Wouw
Abstract:
In this manuscript, we provide a set of tools (in terms of semidefinite programs) to synthesize Gaussian mechanisms to maximize privacy of databases. Information about the database is disclosed through queries requested by (potentially) adversarial users. We aim to keep part of the database private (private sensitive information); however, disclosed data could be used to estimate private informati…
▽ More
In this manuscript, we provide a set of tools (in terms of semidefinite programs) to synthesize Gaussian mechanisms to maximize privacy of databases. Information about the database is disclosed through queries requested by (potentially) adversarial users. We aim to keep part of the database private (private sensitive information); however, disclosed data could be used to estimate private information. To avoid an accurate estimation by the adversaries, we pass the requested data through distorting (privacy-preserving) mechanisms before transmission and send the distorted data to the user. These mechanisms consist of a coordinate transformation and an additive dependent Gaussian vector. We formulate the synthesis of distorting mechanisms in terms of semidefinite programs in which we seek to minimize the mutual information (our privacy metric) between private data and the disclosed distorted data given a desired distortion level -- how different actual and distorted data are allowed to be.
△ Less
Submitted 28 March, 2022; v1 submitted 30 November, 2021;
originally announced November 2021.
-
Enforcing Safety under Actuator Attacks through Input Filtering
Authors:
Cédric Escudero,
Carlos Murguia,
Paolo Massioni,
Eric Zamaï
Abstract:
Actuator injection attacks pose real threats to all industrial plants controlled through communication networks. In this manuscript, we study the possibility of constraining the controller output (i.e. the input to the actuators) by means of a dynamic filter designed to prevent reachability of dangerous plant states - preventing thus attacks from inducing dangerous states by tampering with the con…
▽ More
Actuator injection attacks pose real threats to all industrial plants controlled through communication networks. In this manuscript, we study the possibility of constraining the controller output (i.e. the input to the actuators) by means of a dynamic filter designed to prevent reachability of dangerous plant states - preventing thus attacks from inducing dangerous states by tampering with the control signals. The filter synthesis is posed as the solution of a convex program (convex cost with Linear Matrix Inequalities constraints) where we aim at shifting the reachable set of control signals to avoid dangerous states while changing the controller dynamics as little as possible. We model the difference between original control signals and filtered ones in terms of the H-infinity norm of their difference, and add this norm as a constraint to the synthesis problem via the bounded-real lemma. Results are illustrated through simulation experiments.
△ Less
Submitted 17 November, 2021;
originally announced November 2021.
-
Risk Assessment for Connected Vehicles under Stealthy Attacks on Vehicle-to-Vehicle Networks
Authors:
Tianci Yang,
Carlos Murguia,
Chen Lv
Abstract:
Cooperative Adaptive Cruise Control (CACC) is an autonomous vehicle-following technology that allows groups of vehicles on the highway to form in tightly-coupled platoons. This is accomplished by exchanging inter-vehicle data through Vehicle-to-Vehicle (V2V) wireless communication networks. CACC increases traffic throughput and safety, and decreases fuel consumption. However, the surge of vehicle…
▽ More
Cooperative Adaptive Cruise Control (CACC) is an autonomous vehicle-following technology that allows groups of vehicles on the highway to form in tightly-coupled platoons. This is accomplished by exchanging inter-vehicle data through Vehicle-to-Vehicle (V2V) wireless communication networks. CACC increases traffic throughput and safety, and decreases fuel consumption. However, the surge of vehicle connectivity has brought new security challenges as vehicular networks increasingly serve as new access points for adversaries trying to deteriorate the platooning performance or even cause collisions. In this manuscript, we propose a novel attack detection scheme that leverage real-time sensor/network data and physics-based mathematical models of vehicles in the platoon. Nevertheless, even the best detection scheme could lead to conservative detection results because of unavoidable modelling uncertainties, network effects (delays, quantization, communication dropouts), and noise. It is hard (often impossible) for any detector to distinguish between these different perturbation sources and actual attack signals. This enables adversaries to launch a range of attack strategies that can surpass the detection scheme by hiding within the system uncertainty. Here, we provide risk assessment tools (in terms of semidefinite programs) for Connected and Automated Vehicles (CAVs) to quantify the potential effect of attacks that remain hidden from the detector (referred here as \emph{stealthy attacks}). A numerical case-study is presented to illustrate the effectiveness of our methods.
△ Less
Submitted 3 September, 2021;
originally announced September 2021.
-
Finite Horizon Privacy of Stochastic Dynamical Systems: A Synthesis Framework for Dependent Gaussian Mechanisms
Authors:
Haleh Hayati,
Carlos Murguia,
Nathan van de Wouw
Abstract:
We address the problem of synthesizing distorting mechanisms that maximize privacy of stochastic dynamical systems. Information about the system state is obtained through sensor measurements. This data is transmitted to a remote station through an unsecured/public communication network. We aim to keep part of the system state private (a private output); however, because the network is unsecured, a…
▽ More
We address the problem of synthesizing distorting mechanisms that maximize privacy of stochastic dynamical systems. Information about the system state is obtained through sensor measurements. This data is transmitted to a remote station through an unsecured/public communication network. We aim to keep part of the system state private (a private output); however, because the network is unsecured, adversaries might access sensor data and input signals, which can be used to estimate private outputs. To prevent an accurate estimation, we pass sensor data and input signals through a distorting (privacy-preserving) mechanism before transmission, and send the distorted data to the trusted user. These mechanisms consist of a coordinate transformation and additive dependent Gaussian vectors. We formulate the synthesis of the distorting mechanisms as a convex program, where we minimize the mutual information (our privacy metric) between an arbitrarily large sequence of private outputs and the disclosed distorted data for desired distortion levels -- how different actual and distorted data are allowed to be.
△ Less
Submitted 3 August, 2021;
originally announced August 2021.
-
A Robust CACC Scheme Against Cyberattacks Via Multiple Vehicle-to-Vehicle Networks
Authors:
Tianci Yang,
Carlos Murguia,
Dragan Nešić,
Chen Lv
Abstract:
Cooperative Adaptive Cruise Control (CACC) is a vehicular technology that allows groups of vehicles on the highway to form in closely-coupled automated platoons to increase highway capacity and safety, and decrease fuel consumption and CO2 emissions. The underlying mechanism behind CACC is the use of Vehicle-to-Vehicle (V2V) wireless communication networks to transmit acceleration commands to adja…
▽ More
Cooperative Adaptive Cruise Control (CACC) is a vehicular technology that allows groups of vehicles on the highway to form in closely-coupled automated platoons to increase highway capacity and safety, and decrease fuel consumption and CO2 emissions. The underlying mechanism behind CACC is the use of Vehicle-to-Vehicle (V2V) wireless communication networks to transmit acceleration commands to adjacent vehicles in the platoon. However, the use of V2V networks leads to increased vulnerabilities against faults and cyberattacks at the communication channels. Communication networks serve as new access points for malicious agents trying to deteriorate the platooning performance or even cause crashes. Here, we address the problem of increasing robustness of CACC schemes against cyberattacks by the use of multiple V2V networks and a data fusion algorithm. The idea is to transmit acceleration commands multiple times through different communication networks (channels) to create redundancy at the receiver side. We exploit this redundancy to obtain attack-free estimates of acceleration commands. To accomplish this, we propose a data-fusion algorithm that takes data from all channels, returns an estimate of the true acceleration command, and isolates compromised channels. Note, however, that using estimated data for control introduces uncertainty into the loop and thus decreases performance. To minimize performance degradation, we propose a robust $H_{\infty}$ controller that reduces the joint effect of estimation errors and sensor/channel noise in the platooning performance (tracking performance and string stability). We present simulation results to illustrate the performance of our approach.
△ Less
Submitted 19 June, 2021;
originally announced June 2021.
-
On Joint Reconstruction of State and Input-Output Injection Attacks for Nonlinear Systems
Authors:
Tianci Yang,
Carlos Murguia,
Chen Lv,
Dragan Nesic,
Chao Huang
Abstract:
We address the problem of robust state reconstruction for discrete-time nonlinear systems when the actuators and sensors are injected with (potentially unbounded) attack signals. Exploiting redundancy in sensors and actuators and using a bank of unknown input observers (UIOs), we propose an observer-based estimator capable of providing asymptotic estimates of the system state and attack signals un…
▽ More
We address the problem of robust state reconstruction for discrete-time nonlinear systems when the actuators and sensors are injected with (potentially unbounded) attack signals. Exploiting redundancy in sensors and actuators and using a bank of unknown input observers (UIOs), we propose an observer-based estimator capable of providing asymptotic estimates of the system state and attack signals under the condition that the numbers of sensors and actuators under attack are sufficiently small. Using the proposed estimator, we provide methods for isolating the compromised actuators and sensors. Numerical examples are provided to demonstrate the effectiveness of our methods.
△ Less
Submitted 8 March, 2021;
originally announced March 2021.
-
Privacy Against Adversarial Classification in Cyber-Physical Systems
Authors:
Carlos Murguia,
Paulo Tabuada
Abstract:
For a class of Cyber-Physical Systems (CPSs), we address the problem of performing computations over the cloud without revealing private information about the structure and operation of the system. We model CPSs as a collection of input-output dynamical systems (the system operation modes). Depending on the mode the system is operating on, the output trajectory is generated by one of these systems…
▽ More
For a class of Cyber-Physical Systems (CPSs), we address the problem of performing computations over the cloud without revealing private information about the structure and operation of the system. We model CPSs as a collection of input-output dynamical systems (the system operation modes). Depending on the mode the system is operating on, the output trajectory is generated by one of these systems in response to driving inputs. Output measurements and driving inputs are sent to the cloud for processing purposes. We capture this "processing" through some function (of the input-output trajectory) that we require the cloud to compute accurately - referred here as the trajectory utility. However, for privacy reasons, we would like to keep the mode private, i.e., we do not want the cloud to correctly identify what mode of the CPS produced a given trajectory. To this end, we distort trajectories before transmission and send the corrupted data to the cloud. We provide mathematical tools (based on output-regulation techniques) to properly design distorting mechanisms so that: 1) the original and distorted trajectories lead to the same utility; and the distorted data leads the cloud to misclassify the mode.
△ Less
Submitted 12 June, 2020;
originally announced June 2020.
-
On Privacy of Dynamical Systems: An Optimal Probabilistic Map** Approach (Extended Preprint)
Authors:
Carlos Murguia,
Iman Shames,
Farhad Farokhi. Dragan Nesic,
Vincent Poor
Abstract:
We address the problem of maximizing privacy of stochastic dynamical systems whose state information is released through quantized sensor data. In particular, we consider the setting where information about the system state is obtained using noisy sensor measurements. This data is quantized and transmitted to a remote station through a public/unsecured communication network. We aim at kee** the…
▽ More
We address the problem of maximizing privacy of stochastic dynamical systems whose state information is released through quantized sensor data. In particular, we consider the setting where information about the system state is obtained using noisy sensor measurements. This data is quantized and transmitted to a remote station through a public/unsecured communication network. We aim at kee** the state of the system private; however, because the network is not secure, adversaries might have access to sensor data, which can be used to estimate the system state. To prevent such adversaries from obtaining an accurate state estimate, before transmission, we randomize quantized sensor data using additive random vectors, and send the corrupted data to the remote station instead. We design the joint probability distribution of these additive vectors (over a time window) to minimize the mutual information (our privacy metric) between some linear function of the system state (a desired private output) and the randomized sensor data for a desired level of distortion--how different quantized sensor measurements and distorted data are allowed to be. We pose the problem of synthesizing the joint probability distribution of the additive vectors as a convex program subject to linear constraints. Simulation experiments are presented to illustrate our privacy scheme.
△ Less
Submitted 21 January, 2021; v1 submitted 29 October, 2019;
originally announced October 2019.
-
Information-Theoretic Privacy through Chaos Synchronization and Optimal Additive Noise
Authors:
Carlos Murguia,
Iman Shames,
Farhad Farokhi,
Dragan Nesic
Abstract:
We study the problem of maximizing privacy of data sets by adding random vectors generated via synchronized chaotic oscillators. In particular, we consider the setup where information about data sets, queries, is sent through public (unsecured) communication channels to a remote station. To hide private features (specific entries) within the data set, we corrupt the response to queries by adding r…
▽ More
We study the problem of maximizing privacy of data sets by adding random vectors generated via synchronized chaotic oscillators. In particular, we consider the setup where information about data sets, queries, is sent through public (unsecured) communication channels to a remote station. To hide private features (specific entries) within the data set, we corrupt the response to queries by adding random vectors. We send the distorted query (the sum of the requested query and the random vector) through the public channel. The distribution of the additive random vector is designed to minimize the mutual information (our privacy metric) between private entries of the data set and the distorted query. We cast the synthesis of this distribution as a convex program in the probabilities of the additive random vector. Once we have the optimal distribution, we propose an algorithm to generate pseudo-random realizations from this distribution using trajectories of a chaotic oscillator. At the other end of the channel, we have a second chaotic oscillator, which we use to generate realizations from the same distribution. Note that if we obtain the same realizations on both sides of the channel, we can simply subtract the realization from the distorted query to recover the requested query. To generate equal realizations, we need the two chaotic oscillators to be synchronized, i.e., we need them to generate exactly the same trajectories on both sides of the channel synchronously in time. We force the two chaotic oscillators into exponential synchronization using a driving signal. Simulations are presented to illustrate our results.
△ Less
Submitted 16 July, 2019; v1 submitted 3 June, 2019;
originally announced June 2019.
-
An Unknown Input Multi-Observer Approach for Estimation and Control under Adversarial Attacks
Authors:
Tianci Yang,
Carlos Murguia,
Margreta Kuijper,
Dragan Nesic
Abstract:
We address the problem of state estimation, attack isolation, and control of discrete-time linear time-invariant systems under (potentially unbounded) actuator and sensor false data injection attacks. Using a bank of unknown input observers, each observer leading to an exponentially stable estimation error (in the attack-free case), we propose an observer-based estimator that provides exponential…
▽ More
We address the problem of state estimation, attack isolation, and control of discrete-time linear time-invariant systems under (potentially unbounded) actuator and sensor false data injection attacks. Using a bank of unknown input observers, each observer leading to an exponentially stable estimation error (in the attack-free case), we propose an observer-based estimator that provides exponential estimates of the system state in spite of actuator and sensor attacks. Exploiting sensor and actuator redundancy, the estimation scheme is guaranteed to work if a sufficiently small subset of sensors and actuators are under attack. Using the proposed estimator, we provide tools for reconstructing and isolating actuator and sensor attacks; and a control scheme capable of stabilizing the closed-loop dynamics by switching off isolated actuators. Simulation results are presented to illustrate the performance of our tools.
△ Less
Submitted 6 April, 2019;
originally announced April 2019.
-
A Multi-Observer Based Estimation Framework for Nonlinear Systems under Sensor Attacks
Authors:
Tianci Yang,
Carlos Murguia,
Margreta Kuijper,
Dragan Nesic
Abstract:
We address the problem of state estimation and attack isolation for general discrete-time nonlinear systems when sensors are corrupted by (potentially unbounded) attack signals. For a large class of nonlinear plants and observers, we provide a general estimation scheme, built around the idea of sensor redundancy and multi-observer, capable of reconstructing the system state in spite of sensor atta…
▽ More
We address the problem of state estimation and attack isolation for general discrete-time nonlinear systems when sensors are corrupted by (potentially unbounded) attack signals. For a large class of nonlinear plants and observers, we provide a general estimation scheme, built around the idea of sensor redundancy and multi-observer, capable of reconstructing the system state in spite of sensor attacks and noise. This scheme has been proposed by others for linear systems/observers and here we propose a unifying framework for a much larger class of nonlinear systems/observers. Using the proposed estimator, we provide an isolation algorithm to pinpoint attacks on sensors during sliding time windows. Simulation results are presented to illustrate the performance of our tools.
△ Less
Submitted 6 April, 2019;
originally announced April 2019.
-
Secure and Private Implementation of Dynamic Controllers Using Semi-Homomorphic Encryption
Authors:
Carlos Murguia,
Farhad Farokhi,
Iman Shames
Abstract:
This paper presents a secure and private implementation of linear time-invariant dynamic controllers using Paillier's encryption, a semi-homomorphic encryption method. To avoid overflow or underflow within the encryption domain, the state of the controller is reset periodically. A control design approach is presented to ensure stability and optimize performance of the closed-loop system with encry…
▽ More
This paper presents a secure and private implementation of linear time-invariant dynamic controllers using Paillier's encryption, a semi-homomorphic encryption method. To avoid overflow or underflow within the encryption domain, the state of the controller is reset periodically. A control design approach is presented to ensure stability and optimize performance of the closed-loop system with encrypted controller.
△ Less
Submitted 20 June, 2019; v1 submitted 10 December, 2018;
originally announced December 2018.
-
An Unknown Input Multi-Observer Approach for Estimation, Attack Isolation, and Control of LTI Systems under Actuator Attacks
Authors:
Tianci Yang,
Carlos Murguia,
Margreta Kuijper,
Dragan Nesic
Abstract:
We address the problem of state estimation, attack isolation, and control for discrete-time Linear Time Invariant (LTI) systems under (potentially unbounded) actuator false data injection attacks. Using a bank of Unknown Input Observers (UIOs), each observer leading to an exponentially stable estimation error in the attack-free case, we propose an estimator that provides exponential estimates of t…
▽ More
We address the problem of state estimation, attack isolation, and control for discrete-time Linear Time Invariant (LTI) systems under (potentially unbounded) actuator false data injection attacks. Using a bank of Unknown Input Observers (UIOs), each observer leading to an exponentially stable estimation error in the attack-free case, we propose an estimator that provides exponential estimates of the system state and the attack signals when a sufficiently small number of actuators are attacked. We use these estimates to control the system and isolate actuator attacks. Simulations results are presented to illustrate the performance of the results.
△ Less
Submitted 25 November, 2018;
originally announced November 2018.
-
On Privacy of Quantized Sensor Measurements through Additive Noise
Authors:
Carlos Murguia,
Iman Shames,
Farhad Farokhi,
Dragan Nesic
Abstract:
We study the problem of maximizing privacy of quantized sensor measurements by adding random variables. In particular, we consider the setting where information about the state of a process is obtained using noisy sensor measurements. This information is quantized and sent to a remote station through an unsecured communication network. It is desired to keep the state of the process private; howeve…
▽ More
We study the problem of maximizing privacy of quantized sensor measurements by adding random variables. In particular, we consider the setting where information about the state of a process is obtained using noisy sensor measurements. This information is quantized and sent to a remote station through an unsecured communication network. It is desired to keep the state of the process private; however, because the network is not secure, adversaries might have access to sensor information, which could be used to estimate the process state. To avoid an accurate state estimation, we add random numbers to the quantized sensor measurements and send the sum to the remote station instead. The distribution of these random variables is designed to minimize the mutual information between the sum and the quantized sensor measurements for a desired level of distortion -- how different the sum and the quantized sensor measurements are allowed to be. Simulations are presented to illustrate our results.
△ Less
Submitted 10 September, 2018;
originally announced September 2018.
-
Security Metrics of Networked Control Systems under Sensor Attacks (extended preprint)
Authors:
Carlos Murguia,
Iman Shames,
Justin Ruths,
Dragan Nesic
Abstract:
As more attention is paid to security in the context of control systems and as attacks occur to real control systems throughout the world, it has become clear that some of the most nefarious attacks are those that evade detection. The term stealthy has come to encompass a variety of techniques that attackers can employ to avoid being detected. In this manuscript, for a class of perturbed linear ti…
▽ More
As more attention is paid to security in the context of control systems and as attacks occur to real control systems throughout the world, it has become clear that some of the most nefarious attacks are those that evade detection. The term stealthy has come to encompass a variety of techniques that attackers can employ to avoid being detected. In this manuscript, for a class of perturbed linear time-invariant systems, we propose two security metrics to quantify the potential impact that stealthy attacks could have on the system dynamics by tampering with sensor measurements. We provide analysis mathematical tools (in terms of linear matrix inequalities) to quantify these metrics for given system dynamics, control structure, system monitor, and set of sensors being attacked. Then, we provide synthesis tools (in terms of semidefinite programs) to redesign controllers and monitors such that the impact of stealthy attacks is minimized and the required attack-free system performance is guaranteed.
△ Less
Submitted 3 June, 2019; v1 submitted 5 September, 2018;
originally announced September 2018.
-
A Multi-Observer Approach for Attack Detection and Isolation of Discrete-Time Nonlinear Systems
Authors:
Tianci Yang,
Carlos Murguia,
Margreta Kuijper,
Dragan Nešić
Abstract:
We address the problem of attack detection and isolation for a class of discrete-time nonlinear systems under (potentially unbounded) sensor attacks and measurement noise. We consider the case when a subset of sensors is subject to additive false data injection attacks. Using a bank of observers, each observer leading to an Input-to-State Stable (ISS) estimation error, we propose two algorithms fo…
▽ More
We address the problem of attack detection and isolation for a class of discrete-time nonlinear systems under (potentially unbounded) sensor attacks and measurement noise. We consider the case when a subset of sensors is subject to additive false data injection attacks. Using a bank of observers, each observer leading to an Input-to-State Stable (ISS) estimation error, we propose two algorithms for detecting and isolating sensor attacks. These algorithms make use of the ISS property of the observers to check whether the trajectories of observers are `consistent' with the attack-free trajectories of the system. Simulations results are presented to illustrate the performance of the proposed algorithms.
△ Less
Submitted 2 January, 2019; v1 submitted 17 June, 2018;
originally announced June 2018.
-
A Robust Circle-criterion Observer-based Estimator for Discrete-time Nonlinear Systems in the Presence of Sensor Attacks and Measurement Noise
Authors:
Tianci Yang,
Carlos Murguia,
Margreta Kuijper,
Dragan Nešić
Abstract:
We address the problem of robust state estimation of a class of discrete-time nonlinear systems with positive-slope nonlinearities when the sensors are corrupted by (potentially unbounded) attack signals and bounded measurement noise. We propose an observer-based estimator, using a bank of circle-criterion observers, which provides a robust estimate of the system state in spite of sensor attacks a…
▽ More
We address the problem of robust state estimation of a class of discrete-time nonlinear systems with positive-slope nonlinearities when the sensors are corrupted by (potentially unbounded) attack signals and bounded measurement noise. We propose an observer-based estimator, using a bank of circle-criterion observers, which provides a robust estimate of the system state in spite of sensor attacks and measurement noise. We first consider the attack-free case where there is measurement noise and we provide a design method for a robust circle-criterion observer. Then, we consider the case when a sufficiently small subset of sensors are subject to attacks and all sensors are affected by measurement noise. We use our robust circle-criterion observer as the main ingredient in building an estimator that provides robust state estimation in this case. Finally, we propose an algorithm for isolating attacked sensors in the case of bounded measurement noise. We test this algorithm through simulations.
△ Less
Submitted 19 September, 2018; v1 submitted 11 May, 2018;
originally announced May 2018.
-
Synchronization in Networks of Diffusively Coupled Nonlinear Systems: Robustness Against Time-Delays
Authors:
Carlos Murguia,
Henk Nijmeijer,
Justin Ruths
Abstract:
In this manuscript, we study the problem of robust synchronization in networks of diffusively time-delayed coupled nonlinear systems. In particular, we prove that, under some mild conditions on the input-output dynamics of the systems and the network topology, there always exists a unimodal region in the parameter space (coupling strength versus time-delay), such that if they belong to this region…
▽ More
In this manuscript, we study the problem of robust synchronization in networks of diffusively time-delayed coupled nonlinear systems. In particular, we prove that, under some mild conditions on the input-output dynamics of the systems and the network topology, there always exists a unimodal region in the parameter space (coupling strength versus time-delay), such that if they belong to this region, the systems synchronize. Moreover, we show how this unimodal region scales with the network topology, which, in turn, provides useful insights on how to design the network topology to maximize robustness against time-delays. The results are illustrated by extensive simulation experiments of time-delayed coupled Hindmarsh-Rose neural chaotic oscillators.
△ Less
Submitted 30 October, 2017;
originally announced October 2017.
-
On Reachable Sets of Hidden CPS Sensor Attacks
Authors:
Carlos Murguia,
Justin Ruths
Abstract:
For given system dynamics, observer structure, and observer-based fault/attack detection procedure, we provide mathematical tools -- in terms of Linear Matrix Inequalities (LMIs) -- for computing outer ellipsoidal bounds on the set of estimation errors that attacks can induce while maintaining the alarm rate of the detector equal to its attack-free false alarm rate. We refer to these sets to as hi…
▽ More
For given system dynamics, observer structure, and observer-based fault/attack detection procedure, we provide mathematical tools -- in terms of Linear Matrix Inequalities (LMIs) -- for computing outer ellipsoidal bounds on the set of estimation errors that attacks can induce while maintaining the alarm rate of the detector equal to its attack-free false alarm rate. We refer to these sets to as hidden reachable sets. The obtained ellipsoidal bounds on hidden reachable sets quantify the attacker's potential impact when it is constrained to stay hidden from the detector. We provide tools for minimizing the volume of these ellipsoidal bounds (minimizing thus the reachable sets) by redesigning the observer gains. Simulation results are presented to illustrate the performance of our tools.
△ Less
Submitted 18 October, 2017;
originally announced October 2017.
-
Characterization of Model-Based Detectors for CPS Sensor Faults/Attacks
Authors:
Carlos Murguia,
Justin Ruths
Abstract:
A vector-valued model-based cumulative sum (CUSUM) procedure is proposed for identifying faulty/falsified sensor measurements. First, given the system dynamics, we derive tools for tuning the CUSUM procedure in the fault/attack free case to fulfill a desired detection performance (in terms of false alarm rate). We use the widely-used chi-squared fault/attack detection procedure as a benchmark to c…
▽ More
A vector-valued model-based cumulative sum (CUSUM) procedure is proposed for identifying faulty/falsified sensor measurements. First, given the system dynamics, we derive tools for tuning the CUSUM procedure in the fault/attack free case to fulfill a desired detection performance (in terms of false alarm rate). We use the widely-used chi-squared fault/attack detection procedure as a benchmark to compare the performance of the CUSUM. In particular, we characterize the state degradation that a class of attacks can induce to the system while enforcing that the detectors (CUSUM and chi-squared) do not raise alarms. In doing so, we find the upper bound of state degradation that is possible by an undetected attacker. We quantify the advantage of using a dynamic detector (CUSUM), which leverages the history of the state, over a static detector (chi-squared) which uses a single measurement at a time. Simulations of a chemical reactor with heat exchanger are presented to illustrate the performance of our tools.
△ Less
Submitted 12 October, 2017;
originally announced October 2017.
-
A Comparison of Stealthy Sensor Attacks on Control Systems
Authors:
Navid Hashemi,
Carlos Murguia,
Justin Ruths
Abstract:
As more attention is paid to security in the context of control systems and as attacks occur to real control systems throughout the world, it has become clear that some of the most nefarious attacks are those that evade detection. The term stealthy has come to encompass a variety of techniques that attackers can employ to avoid detection. Here we show how the states of the system (in particular, t…
▽ More
As more attention is paid to security in the context of control systems and as attacks occur to real control systems throughout the world, it has become clear that some of the most nefarious attacks are those that evade detection. The term stealthy has come to encompass a variety of techniques that attackers can employ to avoid detection. Here we show how the states of the system (in particular, the reachable set corresponding to the attack) can be manipulated under two important types of stealthy attacks. We employ the chi-squared fault detection method and demonstrate how this imposes a constraint on the attack sequence either to generate no alarms (zero-alarm attack) or to generate alarms at a rate indistinguishable from normal operation (hidden attack).
△ Less
Submitted 6 October, 2017;
originally announced October 2017.
-
Constraining Attacker Capabilities Through Actuator Saturation
Authors:
Sahand Hadizadeh Kafash,
Jairo Giraldo,
Carlos Murguia,
Alvaro A. Cardenas,
Justin Ruths
Abstract:
For LTI control systems, we provide mathematical tools - in terms of Linear Matrix Inequalities - for computing outer ellipsoidal bounds on the reachable sets that attacks can induce in the system when they are subject to the physical limits of the actuators. Next, for a given set of dangerous states, states that (if reached) compromise the integrity or safe operation of the system, we provide too…
▽ More
For LTI control systems, we provide mathematical tools - in terms of Linear Matrix Inequalities - for computing outer ellipsoidal bounds on the reachable sets that attacks can induce in the system when they are subject to the physical limits of the actuators. Next, for a given set of dangerous states, states that (if reached) compromise the integrity or safe operation of the system, we provide tools for designing new artificial limits on the actuators (smaller than their physical bounds) such that the new ellipsoidal bounds (and thus the new reachable sets) are as large as possible (in terms of volume) while guaranteeing that the dangerous states are not reachable. This guarantees that the new bounds cut as little as possible from the original reachable set to minimize the loss of system performance. Computer simulations using a platoon of vehicles are presented to illustrate the performance of our tools.
△ Less
Submitted 6 October, 2017;
originally announced October 2017.
-
Tuning Windowed Chi-Squared Detectors for Sensor Attacks
Authors:
Tunga R,
Carlos Murguia,
Justin Ruths
Abstract:
A model-based windowed chi-squared procedure is proposed for identifying falsified sensor measurements. We employ the widely-used static chi-squared and the dynamic cumulative sum (CUSUM) fault/attack detection procedures as benchmarks to compare the performance of the windowed chi-squared detector. In particular, we characterize the state degradation that a class of attacks can induce to the syst…
▽ More
A model-based windowed chi-squared procedure is proposed for identifying falsified sensor measurements. We employ the widely-used static chi-squared and the dynamic cumulative sum (CUSUM) fault/attack detection procedures as benchmarks to compare the performance of the windowed chi-squared detector. In particular, we characterize the state degradation that a class of attacks can induce to the system while enforcing that the detectors do not raise alarms (zero-alarm attacks). We quantify the advantage of using dynamic detectors (windowed chi-squared and CUSUM detectors), which leverages the history of the state, over a static detector (chi-squared) which uses a single measurement at a time. Simulations using a chemical reactor are presented to illustrate the performance of our tools.
△ Less
Submitted 6 October, 2017;
originally announced October 2017.
-
Design-Time Quantification of Integrity in Cyber-Physical-Systems
Authors:
Eric Rothstein Morris,
Carlos G. Murguia,
Martín Ochoa
Abstract:
In a software system it is possible to quantify the amount of information that is leaked or corrupted by analysing the flows of information present in the source code. In a cyber-physical system, information flows are not only present at the digital level, but also at a physical level, and to and fro the two levels. In this work, we provide a methodology to formally analyse a Cyber-Physical System…
▽ More
In a software system it is possible to quantify the amount of information that is leaked or corrupted by analysing the flows of information present in the source code. In a cyber-physical system, information flows are not only present at the digital level, but also at a physical level, and to and fro the two levels. In this work, we provide a methodology to formally analyse a Cyber-Physical System composite model (combining physics and control) using an information flow-theoretic approach. We use this approach to quantify the level of vulnerability of a system with respect to attackers with different capabilities. We illustrate our approach by means of a water distribution case study.
△ Less
Submitted 16 August, 2017;
originally announced August 2017.
-
Learning Agents in Black-Scholes Financial Markets: Consensus Dynamics and Volatility Smiles
Authors:
Tushar Vaidya,
Carlos Murguia,
Georgios Piliouras
Abstract:
Black-Scholes (BS) is the standard mathematical model for option pricing in financial markets. Option prices are calculated using an analytical formula whose main inputs are strike (at which price to exercise) and volatility. The BS framework assumes that volatility remains constant across all strikes, however, in practice it varies. How do traders come to learn these parameters? We introduce natu…
▽ More
Black-Scholes (BS) is the standard mathematical model for option pricing in financial markets. Option prices are calculated using an analytical formula whose main inputs are strike (at which price to exercise) and volatility. The BS framework assumes that volatility remains constant across all strikes, however, in practice it varies. How do traders come to learn these parameters? We introduce natural models of learning agents, in which they update their beliefs about the true implied volatility based on the opinions of other traders. We prove convergence of these opinion dynamics using techniques from control theory and leader-follower models, thus providing a resolution between theory and market practices. We allow for two different models, one with feedback and one with an unknown leader.
△ Less
Submitted 10 July, 2020; v1 submitted 25 April, 2017;
originally announced April 2017.