Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Delay-Induced Watermarking for Detection of Replay Attacks in Linear Systems

Christoforos Somarakis, Raman Goyal, Erfaun Noorani, Shantanu Rane

TL;DR

The paper tackles replay attacks in discrete-time linear systems by embedding a random time-delayed state-feedback watermark into the LQG control loop and using a chi-squared detector on Kalman residuals for attack detection. It develops a drive-response and uplifted-state formalism to handle variable delays, derives stability conditions, and characterizes the asymptotic auto-covariance of the uplifted dynamics. The approach demonstrates comparable or improved attack-detection performance relative to conventional Gaussian watermarking while incurring a quantified control-cost penalty, validated on a temperature-control simulation. The work offers a principled secure-control strategy for CPS that leverages closed-loop state-feedback to enhance detectability of replay attacks under realistic timing uncertainties.

Abstract

A state-feedback watermarking signal design for the detection of replay attacks in linear systems is proposed. The control input is augmented with a random time-delayed term of the system state estimate, in order to secure the system against attacks of replay type. We outline the basic analysis of the closed-loop response of the state-feedback watermarking in a LQG controlled system. Our theoretical results are applied on a temperature process control example. While the proposed secure control scheme requires very involved analysis, it, nevertheless, holds promise of being superior to conventional, feed-forward, watermarking schemes, in both its ability to detect attacks as well as the secured system performance.

Delay-Induced Watermarking for Detection of Replay Attacks in Linear Systems

TL;DR

The paper tackles replay attacks in discrete-time linear systems by embedding a random time-delayed state-feedback watermark into the LQG control loop and using a chi-squared detector on Kalman residuals for attack detection. It develops a drive-response and uplifted-state formalism to handle variable delays, derives stability conditions, and characterizes the asymptotic auto-covariance of the uplifted dynamics. The approach demonstrates comparable or improved attack-detection performance relative to conventional Gaussian watermarking while incurring a quantified control-cost penalty, validated on a temperature-control simulation. The work offers a principled secure-control strategy for CPS that leverages closed-loop state-feedback to enhance detectability of replay attacks under realistic timing uncertainties.

Abstract

A state-feedback watermarking signal design for the detection of replay attacks in linear systems is proposed. The control input is augmented with a random time-delayed term of the system state estimate, in order to secure the system against attacks of replay type. We outline the basic analysis of the closed-loop response of the state-feedback watermarking in a LQG controlled system. Our theoretical results are applied on a temperature process control example. While the proposed secure control scheme requires very involved analysis, it, nevertheless, holds promise of being superior to conventional, feed-forward, watermarking schemes, in both its ability to detect attacks as well as the secured system performance.
Paper Structure (25 sections, 3 theorems, 29 equations, 3 figures)

This paper contains 25 sections, 3 theorems, 29 equations, 3 figures.

Table of Contents

  1. INTRODUCTION
  2. Nomenclature
  3. Problem Formulation
  4. Real System Dynamics
  5. Plant Equations
  6. Controller Equations
  7. Kalman Filter
  8. LQG Controller
  9. Watermarking
  10. System-Controller Dynamics
  11. Attack System Dynamics
  12. Drive-Response System Under Replay Attack
  13. Uplifted Drive-Response Level Dynamics
  14. Preliminaries
  15. Stability on the System-Controller Level Dynamics
  16. ...and 10 more sections

Key Result

Theorem IV.1

Let eq: clsystem_mean with $\tau_t:[0,\infty)\rightarrow \mathcal{T}$ for $\mathcal{T}\subset \mathbb N$, and $\overline{\tau}=\max_{\tau \in \mathcal{T}} \{ \tau \} < \infty$, and its solution $\mathbf{x}$. Assume that $\alpha+\beta < 1$ for $\alpha,\beta$ as in eq: alpha and eq: beta. Then $\mathb

Figures (3)

  • Figure 1: The replay attack cast as a drive-response system. The attack signal, $y'$, intervenes and compromises the real-time measurements of the real system. Signal attack, $y'$, a recorded part of $y$, is considered as an output of a copy system running in parallel with the real system.
  • Figure 2: The chemical process with four actuators (hot, cold pumps, valve, and heater) that control the level and temperature of tank 2 and level of tank 3.
  • Figure 3: Comparison of the detection rate of a replay attack between additive Gaussian and delay-induced feedback watermarking. Attack event starts at time $t'=6500$.

Theorems & Definitions (3)

  • Theorem IV.1
  • Proposition IV.1
  • Theorem V.1