DYNamic Attack detection and mitigation for seCure autONomy

Control systems are at the heart of many indispensable societal functions, from energy distribution to pacemakers. Although we rely on these systems, cyber-physical controllers have been increasingly targeted by cyber attacks, from critical infrastructures such as power grids to commercial devices.
Many types of attacks on cyber-physical systems (CPSs) exist, e.g., where sensor or actuator data can be compromised or the transmission channel can be impaired. A remote adversary can through software vulnerabilities gain the ability to execute arbitrary code on a CPS. The attacker can then utilize different techniques to elevate its privilege and get full control of the device. The urgency of considering attacks on CPSs is also witnessed by the recent publication of the MITRE Attack ICS framework.

Cyber-physical control systems normally belong to one of three broad classes: bare-metal applications, embedded systems executing control functions alongside a real-time operating system, and general purpose computers running full-fledged operating systems. In this NEST proposal, we focus on the second of these classes and target embedded systems that execute a real-time operating system. This is the setting of many control applications, from automotive to avionics. Common to control systems is that they are designed to reject physical disturbances and to be fault tolerant. Cyber attackers are more challenging to face in that they can adapt and learn to achieve strategic objectives, in contrast to disturbances and faults, which are random and hard to predict in advance. Our concern is that such attacks in the cyber layer of the control system may cause severe physical damage and violate strict safety constraints, making mitigation strategies and countermeasures essential for the development of future control systems.

The aim of this NEST proposal is to develop theory and rigorous tools for defense against cyber attacks on dynamical physical systems with time-critical controllers. We specifically target systems with a high degree of autonomy, such as drones. However, the results that we will develop are relevant in general to any multi-agent system with limited computational resources.

Cyber attacks targeting control systems are a relatively recent phenomenon, but several incidents in the past decade have clearly demonstrated their devastating impact. An essential difference compared to cyber attacks on regular IT-systems is that attacks on control systems have an impact on the physical world. This means that they have the potential to harm humans or cause damage to the environment. A second fundamental difference concerns the possibilities to defend against these attacks. Control systems are designed (by means of feedback and feed-forward mechanisms) to make physical systems, such as drones and autonomous vehicles, behave as desired, even in the presence of natural uncertainty and disturbances and varying operator commands. Safety considerations are vital, and minimizing computational time and complexity are the norm. Yet, few control systems are designed to cope with the threat of adversarial attacks, targeting software and communication signals. Furthermore, control platforms and infrastructures rarely adopt state-of-the-art network security protocols that would enforce cryptographic authentication and encryption. Our challenge is to design protection mechanisms for control systems that can gracefully handle adversarial activities, and ensure the desired control performance and safety.

In DYNACON-NEST, four leading research groups in cyber-physical security (control systems, real-time systems, communication, and network security) at KTH, Lund University, and Linköping University join forces to address these challenges in the context of autonomous systems. More specifically, the group will tackle research challenges related to the injection of false data and manipulation of timestamps in time-critical control loops. This is achieved by adaptively enabling the use of trusted embedded devices and (limited) cryptographic authentication when necessary. Furthermore, distributed anomaly detection and state observer schemes are developed to handle adversarial attacks both in the local and in the supervisory control loops. This is achieved by a novel combination of model-based and machine learning techniques. As a use case, we consider swarms of unmanned aerial vehicles (drones). A particularly relevant scenario is that of "identity theft", where malicious identity signals are exploited by attackers to deceive the control system operators.

DYNACON-NEST will also be the foundation for a new WASP hotspot in cyber-physical security. We will foster an active academic environment focusing on cybersecurity in physical, safety-critical systems. We will leverage industry interest (Bitcraze, Combitech, Ericsson, Saab) and engage with international colleagues (Imperial College, New York University) in annual workshops, that will facilitate interactions between WASP researchers, PhD students, leading scientists, and industry experts.