Control-Aware Formal Analytics of Smart Building Attack-Resiliency
Demand control ventilation, heating, and cooling (DCVHC) systems are used in modern building control systems for increased energy efficiency. These cyber-physical systems (CPSs) deploy the Internet of things (IoT) devices/sensors to determine real-time demand, making the building control smarter, reliable, and efficient. As occupants in a building are a source of continuous heat and CO2 generation, estimating the accurate number of people in real-time using building IoT system facilities is essential for optimal energy consumption and occupants’ comfort. Similarly, it is crucial to receive accurate measurements of control parameters, such as temperature, humidity, or CO2/other pollutants in the air. However, the incorporation of less secured IoT sensor nodes and open communication networks in the building control system eventually increases the number of vulnerable points to be compromised. The attackers can exploit these vulnerabilities to manipulate the controller with false sensor measurements and disrupt the system’s consistency. Attackers with the knowledge of overall system topology and control logics can launch attacks without alarming the system. This research aims to design and develop artificial intelligence-driven formal frameworks that can assess the smart building control system’s security using attack modeling and automatic synthesis of feasible attack vectors. These analytics will help to understand the attack-resiliency of the systems by exploring the potential attacks in different attack models and targetted impacts. We will evaluate the implemented analyzers’ effectiveness on various real data sets. We are collaborating with the KTH live-in Lab. We will use their data to conduct experiments. We will also utilize other available datasets like the commercial occupancy dataset (COD).
Threat Analytics for Machine Learning-Based Smart Healthcare Systems
Wireless body sensor networks (WBSNs) and implantable medical devices (IMDs)-based internet of medical things (IoMT) contribute significantly towards ubiquitous smart healthcare systems (SHSs), allowing fast and efficient disease treatment. However, adversaries can launch various attacks on the communication network and the hardware/firmware to introduce false data or cause data unavailability to the automatic medication system endangering the patient’s life. This project aims to develop a novel threat analysis framework that integrates machine learning and formal analysis capabilities to identify potential attacks and corresponding effects on an IoMT-based SHS. Our framework will provide us with all potential attack vectors, each representing a set of sensor measurements to be altered, for an SHS given a specific set of attack attributes, allowing us to realize the system’s resiliency, thus the insight to enhance the robustness of the model. We primarily target to use a synthetic and a real dataset, to evaluate our framework. This project is a novel effort to formally analyze supervised and unsupervised machine learning models for black-box SHS threat analysis.
Incentive-compatible Mechanisms for Permissionless Blockchains
Several popular cryptocurrency applications (e.g., Bitcoin) have already deployed permissionless blockchains. In these protocols, there is no trusted infrastructure to establish verifiable identities for processors (or miners). These protocols are not scalable and cannot provide high throughput transactions in their networks. Hence, many novel approaches such as sharing (i.e., where the network of processors is periodically partitioned into smaller non-overlapping committees) or Algorand (i.e., a new cryptocurrency that confirms transactions with latency on the order of a minute while scaling to many users) have been proposed to speed up the number of transactions. But, a key research gap in these novel protocols is the lack of understanding of the strategic behavior of rational processors. In fact, the users are rational and can selfishly maximize their own profits/payoffs and do not collaborate with other users. It is not clear how these solutions will work if we assume rational or selfish processors who are interested in only maximizing their own profits (payoffs). Our goal in this project is to fill this critical research gap, which is essential for designing appropriate mechanisms to foster cooperation and prevent free-riding in such protocols. This will eventually result in improving the transaction throughput and scalability of current permissionless blockchain architectures, with more incentives for users to collaborate.
Proactive Resiliency Threat Detection and Mitigation for Dependable Internet of Things
Security is a major concern at the rapid emergence of IoT. The most common use of IoT devices is in controlling physical properties, which introduces many attack vectors that can invade the physical world and pose catastrophic consequences. Therefore, it is fundamentally important to ensure resilient operation of IoT by proactively identifying potential threats and designing cost-efficient mitigation plans. The aim of this project is to address this need by developing a formal resiliency analysis framework that provides potential threats with respect to cyberattack and k-resiliency properties, adversary’s capabilities, and attack goals, considering smart home as the case. We also aim to develop a synthesis model for the automatic design of countermeasures mitigating the identified within the deployment constraints.
Towards Agile CPS for Attack Resilient Operations
The advances in cyber-physical systems (CPS) through the connectedness of physical and cyber components are expected to improve the efficiency, resilience, and performance of various CPS applications (e.g., energy, transportation, health) that are critical to our lives. However, such advances also increased the potential for attack surfaces in various CPS domains, making them more vulnerable to new attacks. While many security solutions and standards have been put forward over the last few years, security is still a major challenge for CPS due to ever-changing attack types, standards, and hardware. In addition, the attacks can come from the physical side that might not be considered in cyber systems. The solution of frequently updating the existing security standards and infrastructure is not attractive due to large-scale size, labor cost, and inconvenience. Therefore, it is essential to design security technologies that not only can make it harder to launch attacks but also survive evolving attacks without redesigning the underlying infrastructure. This suggests that the CPS infrastructure needs to be agile so that it can dynamically change itself to make it difficult to exploit the vulnerabilities of current configurations. Therefore, the goal of this project is to bring the concept of agility to CPS by considering a comprehensive framework that spans both cyber components and physical components. By specifically targeting Smart Grid CPS, this project will perform formal modeling and verification to enable agility for each Smart Grid component without affecting the operations of interdependent components. To this end, software-defined networking (SDN) and network function virtualization (NFV) technologies will be utilized to control and execute agile mechanisms.
Strategic Moving Target Defense against Stealthy Link Flooding Attacks
With the increasing diversity of Distributed Denial-of-Service (DDoS) attacks, it is extremely challenging to design a fully protected network. For instance, Crossfire is a variant of DDoS attack that strives to block access to a target area by flooding the links and it is shown that it can bypass traditional DDoS defense mechanisms. One potential solution to tackle such Crossfire attacks is to apply Moving Target Defense (MTD) concept which is a mechanism to dynamically change the network settings to confuse/deceive the attacker and harden his/her tasks. However, we suffer a major challenge, as MTD comes with lots of overhead to the network. It is highly influenced by the behavior of the attacker which is often difficult to guess. A signaling game is an incomplete information game that one player’s belief is dependent on the other’s actions. In a signaling game, there is a belief function that is established throughout history and it helps to choose the best response for the player. In this project, we consider utilizing a signaling game in order to solve the important question of when to apply MTD. We design and present a game model considering one player as a network defender and the other one as an attacker. We analyze this game model and implement the network environment where an attacker is performing a link flooding attack (LFA) and a defender applies MTD based on the equilibria of the game. This will help us to design more intelligent defense mechanism against stealthy attacks, where we do not have complete information about the attacker type.
Security Analytics for Power Grid Contingency Analysis against Stealthy Attacks
Contingency analysis (CA) is a core component of the Energy Management System (EMS) in the power grid. The goal of CA is to operate the power system securely by analyzing the system subject to a contingency (e.g., the outage of a transmission line or a power generator) to determine the setpoints that will allow system operation without violation of constraints. The analysis in CA is conducted based on the output from State Estimation (SE), another core EMS module. However, it is also shown that an adversary can alter certain power measurements to corrupt the system states estimated by SE without being detected. Such a corrupted estimation can severely skew the results of the contingency analysis as it will provide a fake model to deal with. In this research, we formally model necessary interdependency relationships and systematically analyze the impact of cyberattacks on the contingency analysis. In particular, this research focuses on Security Constrained Optimal Power Flow (SCOPF) that finds out the optimal economic dispatches considering a single line failure (based on the n – 1 contingency analysis) and transmission line capacities. The proposed model will be implemented and solved to find out potential attack vectors (i.e., a set of measurements to be altered) that can evade CA so that the system will face an overloading situation on one or more transmission lines when some specific contingencies happen.
False-Relay Operation Attack Analysis and Hardening for Microgrids
Load-generation balance and system inertia are essential for maintaining frequency in power systems. Power grids are equipped with Rate-of-Change-of-Frequency (ROCOF) and Load Shedding (LS) relays in order to keep load-generation balance. With the increasing penetration of renewables, the inertia of the power grids is declining, which results in a faster drop in system frequency in case of load-generation imbalance. In this context, this project will analyze the feasibility of launching False Data Injection (FDI) in order to create False Relay Operations (FRO), which we refer to as FRO attack, in the power systems with high renewables. We will model the frequency dynamics of the power systems and corresponding FDI attacks, including the impact of parameters, such as synchronous generators’ inertia, and governors’ time constant and droop, on the success of FRO attacks. We will formalize the FRO attack as a Constraint Satisfaction Problem (CSP) and solve using Satisfiability Modulo Theories (SMT).
Formal Analytics of Attacks on Power System Small-Signal Stability
Small-Signal Stability (SSS) is crucial for the control of power grids. However, False Data Injection (FDI) attacks against SSS can impact the grid’s stability, hence, the security of SSS needs to be studied. This project proposes a formal method of synthesizing FDI attack vectors (i.e., a set of measurements to be altered) that can destabilize power systems. We will formulate an FDI attack as an optimization problem using AC power flow, SSS model, and stability constraints. The attacker’s capability is modeled as the accessibility to a limited set of measurements. The solution of the proposed FDI attack model will provide a destabilizing attack vector if exists. We implement the proposed mechanism and evaluate its performance by conducting several case studies using the WSCC 3-machine 9-bus system.