Two-Way Coding in Control Systems Under Injection Attacks: From Attack Detection to Attack Correction
Song Fang, Karl Henrik Johansson, Mikael Skoglund, Henrik Sandberg, Hideaki Ishii
TL;DR
This paper introduces two-way coding in networked feedback control as a defense against injection attacks, implemented via a 2x2 coding matrix $M$ that links forward and feedback signals. It shows that, while the controller/design can proceed as if coding were absent, the attacker perceives a distorted equivalent plant $\overline{P}(s)$ and controller $\overline{K}(s)$, with a transformed reference $\overline{R}(s)$, thereby enabling attack detection or correction. For zero-dynamics attacks, the authors derive conditions under which attacks designed with respect to the original plant $P(s)$ become detectable (e.g., when $c \neq 0$) and, under static output feedback stabilization, can be corrected in steady state by shaping $\overline{P}(s)$ to be stable and minimum-phase via appropriate $F_1$, $F_2$ gains. Overall, the work demonstrates that two-way coding can enhance security of networked control by perturbing the attacker’s model while preserving desired performance for the legitimate controller, with explicit mechanisms to detect and rectify certain attack classes and a framework for extending to more complex setups.
Abstract
In this paper, we introduce the method of two-way coding, a concept originating in communication theory characterizing coding schemes for two-way channels, into (networked) feedback control systems under injection attacks. We first show that the presence of two-way coding can distort the perspective of the attacker on the control system. In general, the distorted viewpoint on the attacker side as a consequence of two-way coding will facilitate detecting the attacks, or restricting what the attacker can do, or even correcting the attack effect. In the particular case of zero-dynamics attacks, if the attacks are to be designed according to the original plant, then they will be easily detected; while if the attacks are designed with respect to the equivalent plant as viewed by the attacker, then under the additional assumption that the plant is stabilizable by static output feedback, the attack effect may be corrected in steady state.