Physical Watermarking and Authentication

in Cyber Physical Systems

Yilin Mo (Caltech), Sean Weerakkody(CMU), and Bruno Sinopoli (CMU) Department of Electrical and Computer Engineering Carnegie Mellon University TRUST Conference October 10, 2013

Cyber-physical systems refer to the embedding of

information, communication technology, and

control into physical spaces with the goal of

making them safer, more efficient and reliable.

Such systems are becoming pervasive, thanks to

the advances in sensing, computing and

networking.

Credit: www.cps-vo.org

Credit:www.nist.gov

Credit:www.discover.hannovermesse.de

Cyber-Physical

Systems

Credit:www.nist.gov

Smart Vehicles

Smart Grid

Smart Manufacturing

Smart Buildings

Secure Cyber-Physical Systems • Cyber-physical systems (CPS) create new attack opportunities.

o unsheltered systems

o authenticity in information technology (IT) vs. CPS

• Attacks on CPS can have disastrous consequences.

Example: Stuxnet Attack

Stuxnet Attack Strategy

1. Infect centrifuges in enrichment

plant.

2. Record dynamics of normal

operation.

3. “Man in the middle attack,” replay

previous dynamics.

4. Insert destabilizing input.

The System Model

Suppose we have system dynamics as follows:

• 𝑥𝑘+1 = 𝐴𝑥𝑘 + 𝐵𝑢𝑘 + 𝑤𝑘 𝑥𝑘 ∈ 𝑅𝑛, 𝑢𝑘 ∈ 𝑅𝑝, 𝑤𝑘~𝑁(0, 𝑄) • 𝑦𝑘 = 𝐶𝑥𝑘 + 𝑣𝑘 𝑦𝑘 ∈ 𝑅𝑚, 𝑣𝑘~𝑁(0, 𝑅)

A Linear Quadratic Gaussian controller is implemented.

𝑥 𝑘+1|𝑘 = 𝐴𝑥 𝑘 + 𝐵𝑢𝑘 , 𝑥 𝑘 = 𝑥 𝑘|𝑘−1 + 𝐾𝑧𝑘

𝑧𝑘 = 𝑦𝑘 − 𝐶𝑥 𝑘|𝑘−1, 𝐾 = 𝑃𝐶𝑇 𝐶𝑃𝐶𝑇 + 𝑅 −1

𝐽 = lim𝑇→∞

1

2𝑇 + 1𝐸 𝑥𝑘

𝑇𝑊𝑥𝑘 + 𝑢𝑘𝑇𝑈𝑢𝑘

𝑇

𝑘=−𝑇

𝑢𝑘= 𝑢𝑘∗ = 𝐿𝑥 𝑘 , 𝐿 = 𝐵𝑇𝑆𝐵 + 𝑈 −1𝐵𝑇𝑆𝐴

Linear Quadratic

Regulator

Kalman Filter

The Attack Model

Plant Sensors

Estimator

Virtual System

LQG

Controller

Failure Detector

𝑧−1

𝑧𝑘

𝑢𝑘∗ 𝑢𝑘−1

∗

𝑦𝑘𝑣~𝑦𝑘

𝑢𝑘𝑎

𝑥 𝑘

4) Binary Detector: 𝑔 𝑧𝑘 ≥ 𝜂

Proposed Approach: Watermarking

1) 𝑦𝑘 with optimal inputs 𝑢𝑘∗ 2) Inject input 𝑢𝑘 = 𝑢𝑘

∗ + 𝜁𝑘

3) 𝑦𝑘 with sub-optimal input 𝑢𝑘 4) Binary Detector: 𝑔 𝑧𝑘 < 𝜂

The Attack Model: Watermark

Plant Sensors

Estimator

Virtual System

LQG

Controller

Failure Detector

𝑧−1

+

𝑧𝑘

𝜁𝑘

𝑢𝑘∗

𝑢𝑘−1 𝑢𝑘

𝑦𝑘𝑣~𝑦𝑘

𝑢𝑘𝑎

𝑥 𝑘

Watermark Design

Watermark Design Properties, 𝑢𝑘 = 𝑢𝑘∗ + 𝜁𝑘

• Assume 𝜁𝑘 is a zero-mean stationary Gaussian process with

Γ 𝑑 ≜ 𝑐𝑜𝑣 𝜁𝑘𝜁𝑘+𝑑𝑇 = E 𝜁𝑘𝜁𝑘+𝑑

𝑇 .

• Attacker knows Γ 𝑑 !

Tradeoff: Cost versus Detection Ability • Larger Γ 𝑑 increases the probability of detection, while

also increasing the cost of control

• Small Γ(𝑑) reduces the probability of detection while

reducing the cost of control

• 𝐽 = 𝐽∗ + Δ𝐽 , Δ𝐽 is linear in the auto-covariance Γ(𝑑)

Detector Design

Residue Vector Properties Use superscript 𝑐 to denote compromised system.

𝐻0: 𝑧𝑘~𝑁0(0, 𝐶𝑃𝐶𝑇 + 𝑅), normal operation

𝐻1 ∶ 𝑧𝑘𝑐 ~ 𝑁1 𝜇𝑘

𝑐 , 𝐶𝑃𝐶𝑇 + 𝑅 + Σ , under stealthy attack

𝜇𝑘

𝑐 ≜ −𝐶 𝐴 + 𝐵𝐿 𝐼 − 𝐾𝐶 𝑘−𝑖 𝐵𝑘𝑖=−∞ 𝜁𝑖

𝑐 , Σ = 𝜙 Γ 0 , Γ 1 , Γ 2 , …

𝜙 is linear

Use Neyman Pearson Detector Maximize probability of detection 𝛽𝑘

𝐶, for given probability of false

alarm 𝛼.

𝑔 𝑧𝑘 = 𝑧𝑘𝑇𝑃 −1𝑧𝑘 − 𝑧𝑘 − 𝜇𝑘

𝑐 𝑇 𝑃 + Σ −1(𝑧𝑘 − 𝜇𝑘𝑐) 𝜂𝑘

𝑃 = 𝐶𝑃𝐶𝑇 + 𝑅

Watermark Parameter Design Desired Optimization: Maximize Asymptotic Detection

maxΓ(𝑑)

lim𝑘→∞

𝛽𝑘𝑐

subject to Δ𝐽 ≤ 𝛿

Challenge: difficult to obtain expression for 𝛽𝑘𝑐

Possible Metric: Kullback-Liebler Distance:

𝐸 𝐷𝑘𝑙 𝑁1||𝑁0 = tr ΣP −1 −1

2log[det(I+ΣP −1)]

KL distance is convex in Γ(𝑑). Can not perform concave maximization

Objective Relaxation:

tr ΣP −1 ≤ 𝐸 𝐷𝑘𝑙 𝑁1||𝑁0 ≤ tr ΣP −1 −1

2log[tr(ΣP −1)]

Bounds are monotonically increasing in tr ΣP −1

Watermark Parameter Design

Optimization Problem

maxΓ(𝑑)

tr Σ𝑃 −1

subject to Δ𝐽 ≤ 𝛿

Challenge: Infinitely many optimization variables

Bochner’s Theorem

Γ 𝑑 is the auto-covariance function of a stationary Gaussian process {𝜁𝑘}, if and only if there exists a unique positive definite Hermitian measure 𝜈 such that

Γ 𝑑 = 𝑒2𝜋𝑗𝑑𝜔d1/2

−1/2 𝜈(𝜔)

Alternative Expressions:

Partition [0 ½] into disjoint intervals 𝐼1, … , 𝐼𝑞 of maximal length 𝜎.

Γ 𝑑 = lim𝜎→0

2𝑅𝑒 𝑒2𝜋𝑗𝑑𝜔𝑖𝜈 𝐼𝑖

𝑞

𝑖=1

, 𝜔𝑖 ∈ 𝐼𝑖

Watermark Parameter Design

Optimization Problem

maxΓ(𝑑)

tr Σ𝑃 −1

subject to Δ𝐽 ≤ 𝛿

tr Σ𝑃 −1 = lim𝜎→0

tr[𝐹2 𝜔𝑖, 𝜈 𝐼𝑖 𝐶𝑇𝑃 −1𝐶] 𝑞𝑖=1 , Δ𝐽 =lim

𝜎→0 𝐹1 𝜔𝑖 , 𝜈 𝐼𝑖

𝑞𝑖=1

Alternative Formulation

𝜓 = max𝐻,𝜔

tr 𝐹2 𝜔,𝐻 𝐶𝑇𝑃 −1𝐶 , 𝐻∗ , 𝜔∗ maximizers

subject to 𝐹1 𝜔,𝐻 ≤ 𝛿, 0 ≤ 𝜔 ≤ 0.5, 𝐻 ≥ 0

𝑭𝟏, 𝑭𝟐 are linear in 𝑯 → 𝐭𝐫 𝚺𝑷 −𝟏 ≤ 𝝍 for 𝜟𝑱 ≤ 𝜹

Suppose 𝜈 𝐼𝑖 = 𝐻∗I 𝜔∗∈𝐼𝑖 + 𝐻 ∗I −𝜔∗∈𝐼𝑖 yields

ΔJ = 𝛿, tr Σ𝑃 −1 = 𝜓

Input Generation

Result: Γ∗ 𝑑 = 2Re exp 2𝜋𝑗𝑑𝜔∗ 𝐻∗ , Note that: 𝐻∗ = ℎℎ𝐻

Watermark Generation

1) 𝜉0~𝑁(0, 𝐼),

2) 𝜉𝑘+1= A𝜔𝜉𝑘,

3) 𝜁𝑘 = 𝐶ℎ𝜉𝑘,

Γ∗ 𝑑 = 𝐶ℎ𝐴𝜔𝑑 𝐶ℎ

𝑇

𝐶ℎ = 2 ℎ𝑟 ℎ𝑖

A𝜔= cos (2𝜋𝜔∗) − sin(2𝜋𝜔∗)sin(2𝜋𝜔∗) cos(2𝜋𝜔∗)

Problem: Attacker knows one 𝜁𝑘 , he can determine all 𝜁𝑘

Solution: Suboptimal approach, add randomness at each step

2) 𝜉𝑘+1= 𝜌A𝜔𝜉𝑘 + 𝜆𝑘 , 𝜆𝑘~𝑁(0, 1 − 𝜌2 𝐼), 0 ≤ 𝜌 ≤ 1

Simulation: Power versus Size

Probability of False Alarm

Simulation: Improvement over IID

0 0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 0.09 0.1

20%

40%

60%

80%

100%

120%

Impro

vem

ent

of

the a

sym

pto

tic

kc

Optimal

Sub-Optimal = 0.9

Probability of False Alarm

Simulation: Power vs Cost

Summary and Conclusions

• Reviewed some security challenges in cyber-physical

systems.

• Considered strong attack model.

• Proposed watermarking technique to detect attacks.

• Analyzed and discussed design of parameters for

watermarking schemes.

Future Work: Develop and analyze suboptimal approach

Thank You!