Towards Cyber-Physical Vetting of Critical Infrastructures
Key Objectives
Modeling and analyzing complex, dynamical architecture of the UAS
Identifying cyber, physical, and control vulnerabilities in the UAS
Demonstrating concrete cyber attacks to confirm discovered vulnerabilities and quantify their risks and impacts
Monitoring and mitigating the impact of cyber attacks
Main Focus: Physics-driven Analysis of UAS Autopilot Vulnerabilities
Construct and demonstrate realistic attacks to assess their impact and risk using software/hardware-in-the-Loop testbeds
UAS Security Architecture
Component-wise View of UAS Autopilot Security
Sensor Data Security
Control System Security
Communication Security
Physics-driven UAS Vulnerability Investigation
The current autopilot and ground control software are designed with little thought for security
Despite this, the autopilot software (e.g., PX4, ArduPilot, etc.) itself has no apparent vulnerabilities that can be exploited on the fly, and the ground station is likewise difficult to exploit during operation
The wireless communication protocol (MAVlink) was originally completely unsecured, but has since added security features
=> All these factors mean that it is quite challenging to compromise the system in the air without some preparation before takeoff
Feasible Cyber Threats toward UAS
Potential Threat of Trojan Attack
Humans are generally very bad at following security practices, and the aircraft setup process requires downloading software from the internet → possibility for trojan
General Trojan Attack Scenario
Attackers modify some of the software used in UAS operation (autopilot, GCS, communication) to include malicious attack payload in the autopilot firmware
The autopilot behaves normally until some attacker-defined condition is met
Then the attack payload performs the attack, causing unwanted behavior from the perspective of the operator
Case Study: Trojan Attack on the State Estimator in Autopilot
Assuming trojan insertion into the autopilot state estimator, the compromised UAS estimate will be easily recognized by the ground operator if the attack does too much
An intelligent attacker can inject attacks making his presence hard to detect from the ground observation without having perfect access / knowledge of the UAS
=> Stealthy Cyber Attack Problem!
Human Observer-based Attack Monitoring
Previously implemented and demonstrated human observer-based monitoring system model uses only visual information available through the ground station
Can detect attacks that cause visually apparent deviations
Cross-track error in following the planned trajectory (left figure)
Apparent sideslip: mismatch between the direction the aircraft is pointing and the direction of its velocity (left figure)
Difference between apparent speed and normal cruise speed (right figure)
Because only a small amount of the available information is displayed visually, it is possible for an attacker to circumvent human detection
In the figure below, trajectory looks normal to an observer, concealing the attack
Attack Monitoring System
Calculates scalar detection statistic using difference between expected measurements and actual measurements
Detection occurs when the statistic exceeds the detection threshold
Relies on information from the estimator
Detects attacks that the human observer cannot (e.g., the example above)
Detection statistic plotted over several different trajectories with no attacks, compared to the detection threshold
Attack-Resilient Controller Design Problem
Cyber Attack Mitigation Problem
Design a feedback gain history (K) which minimizes the effect of cyber attacks over all the possible energy-bounded attack sequences:
Previous Research
Attack is assumed to be known a prior => the control performances could degrade if the actual attack deviates from the one assumed by a controller
Our Approach: Hybrid Switching Control Framework
Design of the switching logic to switch the hybrid controllers to the most secure/safe sub-controller against unpredictable arbitrary cyber attacks
Cost Comparison
Switching Sequence