Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
4.7
2.9
Journals
Electronics
Special Issues
Security of Cyber-Physical Systems
share announcement

Security of Cyber-Physical Systems

A special issue of Electronics (ISSN 2079-9292). This special issue belongs to the section "Computer Science & Engineering".

Deadline for manuscript submissions: closed (31 January 2022) | Viewed by 41266

Printed Edition Available!
A printed edition of this Special Issue is available here.

Special Issue Editor

Dr. Arman Sargolzaei

E-Mail Website
Guest Editor
Department of Mechanical Engineering, University of South Florida, Tampa, FL 33620, USA
Interests: security of networked control systems; safety and security of connected and autonomous vehicles; nonlinear control
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

Cyber-physical system (CPS) innovations, in conjunction with their sibling computational and technological advancements, have positively impacted our society, leading to the establishment of new horizons of service excellence in a variety of applicational fields along with equally important concerns surrounding their security. The extent of potential consequences of CPS insecurity is large enough to ensure that CPS security is one of the core elements of the CPS research agenda.  

With the rapid increase in the application of CPSs in safety-critical infrastructures, their safety and security are the top priorities of next-generation designs. Faults, failures, and cyber-physical attacks lead to variations in the dynamics of CPSs and cause the instability and malfunction of normal operations. Therefore, we need to focus on detection, prevention, and compensation techniques to improve the security of such safety-critical systems.

We encourage researchers to submit to this Special Issue and detail their valuable research findings toward increasing the security of CPSs, in particular, unmanned aerial vehicles, autonomous systems, and distributed power systems. 


Dr. Arman Sargolzaei
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Electronics is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • security of networked control systems
  • security of smart grid systems
  • security of autonomous vehicles
  • secure and fault tolerable control design
  • security of unmanned aerial vehicles
  • secure communication protocols for cyber-physical systems
  • software and hardware security
  • techniques to detect and overcome new type of attacks
  • estimation theory
  • intrusion detection techniques

Published Papers (10 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

Jump to: Review

17 pages, 935 KiB  
Article
Resilient Networked Control of Inverter-Based Microgrids against False Data Injections
by Mohammad Reza Khalghani, Vishal Verma, Sarika Khushalani Solanki and Jignesh M. Solanki
Electronics 2022, 11(5), 780; https://doi.org/10.3390/electronics11050780 - 3 Mar 2022
Cited by 6 | Viewed by 1506
Abstract
Inverter-based energy resource is a fast emerging technology for microgrids. Operation of micorgrids with integration of these resources, especially in an islanded operation mode, is challenging. To effectively capture microgrid dynamics and also control these resources in islanded microgrids, a heavy cyber and [...] Read more.
Inverter-based energy resource is a fast emerging technology for microgrids. Operation of micorgrids with integration of these resources, especially in an islanded operation mode, is challenging. To effectively capture microgrid dynamics and also control these resources in islanded microgrids, a heavy cyber and communication infrastructure is required. This high reliance of microgrids on cyber interfaces makes these systems prone to cyber-disruptions. Hence, the hierarchical control of microgrids, including primary, secondary, and tertiary control, needs to be developed to operate resiliently. This paper shows the vulnerability of microgrid control in the presence of False Data Injection (FDI) attack, which is one type of cyber-disruption. Then, this paper focuses on designing a resilient secondary control based on Unknown Input Observer (UIO) against FDI. The simulation results show the superior performance of the proposed controller over other standard controllers. Full article
(This article belongs to the Special Issue Security of Cyber-Physical Systems)
Show Figures

Figure 1

17 pages, 387 KiB  
Article
P1OVD: Patch-Based 1-Day Out-of-Bounds Vulnerabilities Detection Tool for Downstream Binaries
by Hongyi Li, Daojing He, Xiaogang Zhu and Sammy Chan
Electronics 2022, 11(2), 260; https://doi.org/10.3390/electronics11020260 - 14 Jan 2022
Viewed by 1671
Abstract
In the past decades, due to the popularity of cloning open-source software, 1-day vulnerabilities are prevalent among cyber-physical devices. Detection tools for 1-day vulnerabilities effectively protect users who fail to adopt 1-day vulnerability patches in time. However, manufacturers can non-standardly build the binaries [...] Read more.
In the past decades, due to the popularity of cloning open-source software, 1-day vulnerabilities are prevalent among cyber-physical devices. Detection tools for 1-day vulnerabilities effectively protect users who fail to adopt 1-day vulnerability patches in time. However, manufacturers can non-standardly build the binaries from customized source codes to multiple architectures. The code variants in the downstream binaries decrease the accuracy of 1-day vulnerability detections, especially when signatures of out-of-bounds vulnerabilities contain incomplete information of vulnerabilities and patches. Motivated by the above observations, in this paper, we propose P1OVD, an effective patch-based 1-day out-of-bounds vulnerability detection tool for downstream binaries. P1OVD first generates signatures containing patch information and vulnerability root cause information. Then, P1OVD uses an accurate and robust matching algorithm to scan target binaries. We have evaluated P1OVD on 104 different versions of 30 out-of-bounds vulnerable functions and 620 target binaries in six different compilation environments. The results show that P1OVD achieved an accuracy of 83.06%. Compared to the widely used patch-level vulnerability detection tool ReDeBug, P1OVD ignores 4.07 unnecessary lines on average. The experiments on the x86_64 platform and the O0 optimization show that P1OVD increases the accuracy of the state-of-the-art tool, BinXray, by 8.74%. Besides, it can analyze a single binary in 4 s after a 20-s offline signature extraction on average. Full article
(This article belongs to the Special Issue Security of Cyber-Physical Systems)
Show Figures

Figure 1

29 pages, 1537 KiB  
Article
Detection and Isolation of DoS and Integrity Cyber Attacks in Cyber-Physical Systems with a Neural Network-Based Architecture
by Carlos M. Paredes, Diego Martínez-Castro, Vrani Ibarra-Junquera and Apolinar González-Potes
Electronics 2021, 10(18), 2238; https://doi.org/10.3390/electronics10182238 - 12 Sep 2021
Cited by 14 | Viewed by 3188
Abstract
New applications of industrial automation request great flexibility in the systems, supported by the increase in the interconnection between its components, allowing access to all the information of the system and its reconfiguration based on the changes that occur during its operations, with [...] Read more.
New applications of industrial automation request great flexibility in the systems, supported by the increase in the interconnection between its components, allowing access to all the information of the system and its reconfiguration based on the changes that occur during its operations, with the purpose of reaching optimum points of operation. These aspects promote the Smart Factory paradigm, integrating physical and digital systems to create smarts products and processes capable of transforming conventional value chains, forming the Cyber-Physical Systems (CPSs). This flexibility opens a large gap that affects the security of control systems since the new communication links can be used by people to generate attacks that produce risk in these applications. This is a recent problem in the control systems, which originally were centralized and later were implemented as interconnected systems through isolated networks. To protect these systems, strategies that have presented acceptable results in other environments, such as office environments, have been chosen. However, the characteristics of these applications are not the same, and the results achieved are not as expected. This problem has motivated several efforts in order to contribute from different approaches to increase the security of control systems. Based on the above, this work proposes an architecture based on artificial neural networks for detection and isolation of cyber attacks Denial of Service (DoS) and integrity in CPS. Simulation results of two test benches, the Secure Water Treatment (SWaT) dataset, and a tanks system, show the effectiveness of the proposal. Regarding the SWaT dataset, the scores obtained from the recall and F1 score metrics was 0.95 and was higher than other reported works, while, in terms of precision and accuracy, it obtained a score of 0.95 which is close to other proposed methods. With respect to the interconnected tank system, scores of 0.96,0.83,0.81, and 0.83 were obtained for the accuracy, precision, F1 score, and recall metrics, respectively. The high true negatives rate in both cases is noteworthy. In general terms, the proposal has a high effectiveness in detecting and locating the proposed attacks. Full article
(This article belongs to the Special Issue Security of Cyber-Physical Systems)
Show Figures

Graphical abstract

28 pages, 1274 KiB  
Article
Longitudinal Control for Connected and Automated Vehicles in Contested Environments
by Shirin Noei, Mohammadreza Parvizimosaed and Mohammadreza Noei
Electronics 2021, 10(16), 1994; https://doi.org/10.3390/electronics10161994 - 18 Aug 2021
Cited by 9 | Viewed by 2257
Abstract
The Society of Automotive Engineers (SAE) defines six levels of driving automation, ranging from Level 0 to Level 5. Automated driving systems perform entire dynamic driving tasks for Levels 3–5 automated vehicles. Delegating dynamic driving tasks from driver to automated driving systems can [...] Read more.
The Society of Automotive Engineers (SAE) defines six levels of driving automation, ranging from Level 0 to Level 5. Automated driving systems perform entire dynamic driving tasks for Levels 3–5 automated vehicles. Delegating dynamic driving tasks from driver to automated driving systems can eliminate crashes attributed to driver errors. Sharing status, sharing intent, seeking agreement, or sharing prescriptive information between road users and vehicles dedicated to automated driving systems can further enhance dynamic driving task performance, safety, and traffic operations. Extensive simulation is required to reduce operating costs and achieve an acceptable risk level before testing cooperative automated driving systems in laboratory environments, test tracks, or public roads. Cooperative automated driving systems can be simulated using a vehicle dynamics simulation tool (e.g., CarMaker and CarSim) or a traffic microsimulation tool (e.g., Vissim and Aimsun). Vehicle dynamics simulation tools are mainly used for verification and validation purposes on a small scale, while traffic microsimulation tools are mainly used for verification purposes on a large scale. Vehicle dynamics simulation tools can simulate longitudinal, lateral, and vertical dynamics for only a few vehicles in each scenario (e.g., up to ten vehicles in CarMaker and up to twenty vehicles in CarSim). Conventional traffic microsimulation tools can simulate vehicle-following, lane-changing, and gap-acceptance behaviors for many vehicles in each scenario without simulating vehicle powertrain. Vehicle dynamics simulation tools are more compute-intensive but more accurate than traffic microsimulation tools. Due to software architecture or computing power limitations, simplifying assumptions underlying convectional traffic microsimulation tools may have been a necessary compromise long ago. There is, therefore, a need for a simulation tool to optimize computational complexity and accuracy to simulate many vehicles in each scenario with reasonable accuracy. This research proposes a traffic microsimulation tool that employs a simplified vehicle powertrain model and a model-based fault detection method to simulate many vehicles with reasonable accuracy at each simulation time step under noise and unknown inputs. Our traffic microsimulation tool considers driver characteristics, vehicle model, grade, pavement conditions, operating mode, vehicle-to-vehicle communication vulnerabilities, and traffic conditions to estimate longitudinal control variables with reasonable accuracy at each simulation time step for many conventional vehicles, vehicles dedicated to automated driving systems, and vehicles equipped with cooperative automated driving systems. Proposed vehicle-following model and longitudinal control functions are verified for fourteen vehicle models, operating in manual, automated, and cooperative automated modes over two driving schedules under three malicious fault magnitudes on transmitted accelerations. Full article
(This article belongs to the Special Issue Security of Cyber-Physical Systems)
Show Figures

Figure 1

15 pages, 4369 KiB  
Article
ReFuzz: A Remedy for Saturation in Coverage-Guided Fuzzing
by Qian Lyu, Dalin Zhang, Rihan Da and Hailong Zhang
Electronics 2021, 10(16), 1921; https://doi.org/10.3390/electronics10161921 - 10 Aug 2021
Cited by 1 | Viewed by 2105
Abstract
Coverage-guided greybox fuzzing aims at generating random test inputs to trigger vulnerabilities in target programs while achieving high code coverage. In the process, the scale of testing gradually becomes larger and more complex, and eventually, the fuzzer runs into a saturation state where [...] Read more.
Coverage-guided greybox fuzzing aims at generating random test inputs to trigger vulnerabilities in target programs while achieving high code coverage. In the process, the scale of testing gradually becomes larger and more complex, and eventually, the fuzzer runs into a saturation state where new vulnerabilities are hard to find. In this paper, we propose a fuzzer, ReFuzz, that acts as a complement to existing coverage-guided fuzzers and a remedy for saturation. This approach facilitates the generation of inputs that lead only to covered paths by omitting all other inputs, which is exactly the opposite of what existing fuzzers do. ReFuzz takes the test inputs generated from the regular saturated fuzzing process and continue to explore the target program with the goal of preserving the code coverage. The insight is that coverage-guided fuzzers tend to underplay already covered execution paths during fuzzing when seeking to reach new paths, causing covered paths to be examined insufficiently. In our experiments, ReFuzz discovered tens of new unique crashes that AFL failed to find, of which nine vulnerabilities were submitted and accepted to the CVE database. Full article
(This article belongs to the Special Issue Security of Cyber-Physical Systems)
Show Figures

Figure 1

22 pages, 2350 KiB  
Article
FedResilience: A Federated Learning Application to Improve Resilience of Resource-Constrained Critical Infrastructures
by Ahmed Imteaj, Irfan Khan, Javad Khazaei and Mohammad Hadi Amini
Electronics 2021, 10(16), 1917; https://doi.org/10.3390/electronics10161917 - 10 Aug 2021
Cited by 10 | Viewed by 3189
Abstract
Critical infrastructures (e.g., energy and transportation systems) are essential lifelines for most modern sectors and have utmost significance in our daily lives. However, these important domains can fail to operate due to system failures or natural disasters. Though the major disturbances in such [...] Read more.
Critical infrastructures (e.g., energy and transportation systems) are essential lifelines for most modern sectors and have utmost significance in our daily lives. However, these important domains can fail to operate due to system failures or natural disasters. Though the major disturbances in such critical infrastructures are rare, the severity of such events calls for the development of effective resilience assessment strategies to mitigate relative losses. Traditional critical infrastructure resilience approaches consider that the available critical infrastructure agents are resource-sufficient and agree to exchange local data with the server and other agents. Such assumptions create two issues: (1) uncertainty in reaching convergence while applying learning strategies on resource-constrained critical infrastructure agents, and (2) a huge risk of privacy leakage. By understanding the pressing need to construct an effective resilience model for resource-constrained critical infrastructure, this paper aims at leveraging a distributed machine learning technique called Federated Learning (FL) to tackle an agent’s resource limitations effectively and at the same time keep the agent’s information private. Particularly, this paper is focused on predicting the probable outage and resource status of critical infrastructure agents without sharing any local data and carrying out the learning process even when most of the agents are incapable of accomplishing a given computational task. To that end, an FL algorithm is designed specifically for a resource-constrained critical infrastructure environment that could facilitate the training of each agent in a distributed fashion, restrict them from sharing their raw data with any other external entities (e.g., server, neighbor agents), choose proficient clients by analyzing their resources, and allow a partial amount of computation tasks to be performed by the resource-constrained agents. We considered a different number of agents with various stragglers and checked the performance of FedAvg and our proposed FedResilience algorithm with prediction tasks for a probable outage, as well as checking the agents’ resource-sharing scope. Our simulation results show that if the majority of the FL agents are stragglers and we drop them from the training process, then the agents learn very slowly and the overall model performance is negatively affected. We also demonstrate that the selection of proficient agents and allowing them to complete only parts of their tasks can significantly improve the knowledge of each agent by eliminating the straggler effects, and the global model convergence is accelerated. Full article
(This article belongs to the Special Issue Security of Cyber-Physical Systems)
Show Figures

Figure 1

13 pages, 800 KiB  
Article
A Machine Learning Approach for Anomaly Detection in Industrial Control Systems Based on Measurement Data
by Sohrab Mokhtari, Alireza Abbaspour, Kang K. Yen and Arman Sargolzaei
Electronics 2021, 10(4), 407; https://doi.org/10.3390/electronics10040407 - 8 Feb 2021
Cited by 97 | Viewed by 11770
Abstract
Attack detection problems in industrial control systems (ICSs) are commonly known as a network traffic monitoring scheme for detecting abnormal activities. However, a network-based intrusion detection system can be deceived by attackers that imitate the system’s normal activity. In this work, we proposed [...] Read more.
Attack detection problems in industrial control systems (ICSs) are commonly known as a network traffic monitoring scheme for detecting abnormal activities. However, a network-based intrusion detection system can be deceived by attackers that imitate the system’s normal activity. In this work, we proposed a novel solution to this problem based on measurement data in the supervisory control and data acquisition (SCADA) system. The proposed approach is called measurement intrusion detection system (MIDS), which enables the system to detect any abnormal activity in the system even if the attacker tries to conceal it in the system’s control layer. A supervised machine learning model is generated to classify normal and abnormal activities in an ICS to evaluate the MIDS performance. A hardware-in-the-loop (HIL) testbed is developed to simulate the power generation units and exploit the attack dataset. In the proposed approach, we applied several machine learning models on the dataset, which show remarkable performances in detecting the dataset’s anomalies, especially stealthy attacks. The results show that the random forest is performing better than other classifier algorithms in detecting anomalies based on measured data in the testbed. Full article
(This article belongs to the Special Issue Security of Cyber-Physical Systems)
Show Figures

Figure 1

16 pages, 1165 KiB  
Article
A Secure Control Design for Networked Control Systems with Linear Dynamics under a Time-Delay Switch Attack
by Mauro Victorio, Arman Sargolzaei and Mohammad Reza Khalghani
Electronics 2021, 10(3), 322; https://doi.org/10.3390/electronics10030322 - 30 Jan 2021
Cited by 15 | Viewed by 2212
Abstract
Networked control systems (NCSs) are designed to control and monitor large-scale and complex systems remotely. The communication connectivity in an NCS allows agents to quickly communicate with each other to respond to abrupt changes in the system quickly, thus reducing complexity and increasing [...] Read more.
Networked control systems (NCSs) are designed to control and monitor large-scale and complex systems remotely. The communication connectivity in an NCS allows agents to quickly communicate with each other to respond to abrupt changes in the system quickly, thus reducing complexity and increasing efficiency. Despite all these advantages, NCSs are vulnerable to cyberattacks. Injecting cyberattacks, such as a time-delay switch (TDS) attack, into communication channels has the potential to make NCSs inefficient or even unstable. This paper presents a Lyapunov-based approach to detecting and estimating TDS attacks in real time. A secure control strategy is designed to mitigate the effects of TDS attacks in real time. The stability of the secure control system is investigated using the Lyapunov theory. The proposed TDS attack estimator’s performance and secure control strategy are evaluated in simulations and a hardware-in-the-loop environment. Full article
(This article belongs to the Special Issue Security of Cyber-Physical Systems)
Show Figures

Figure 1

18 pages, 1571 KiB  
Article
A Situation-Aware Scheme for Efficient Device Authentication in Smart Grid-Enabled Home Area Networks
by Anhao Xiang and Jun Zheng
Electronics 2020, 9(6), 989; https://doi.org/10.3390/electronics9060989 - 13 Jun 2020
Cited by 19 | Viewed by 3269
Abstract
Home area networks (HANs) are the most vulnerable part of smart grids since they are not directly controlled by utilities. Device authentication is one of most important mechanisms to protect the security of smart grid-enabled HANs (SG-HANs). In this paper, we propose a [...] Read more.
Home area networks (HANs) are the most vulnerable part of smart grids since they are not directly controlled by utilities. Device authentication is one of most important mechanisms to protect the security of smart grid-enabled HANs (SG-HANs). In this paper, we propose a situation-aware scheme for efficient device authentication in SG-HANs. The proposed scheme utilizes the security risk information assessed by the smart home system with a situational awareness feature. A suitable authentication protocol with adequate security protection and computational and communication complexity is then selected based on the assessed security risk level. A protocol design of the proposed scheme considering two security risk levels is presented in the paper. The security of the design is verified by using both formal verification and informal security analysis. Our performance analysis demonstrates that the proposed scheme is efficient in terms of computational and communication costs. Full article
(This article belongs to the Special Issue Security of Cyber-Physical Systems)
Show Figures

Figure 1

Review

Jump to: Research

44 pages, 2471 KiB  
Review
Blockchain Applications to Improve Operation and Security of Transportation Systems: A Survey
by Navid Khoshavi, Gabrielle Tristani and Arman Sargolzaei
Electronics 2021, 10(5), 629; https://doi.org/10.3390/electronics10050629 - 9 Mar 2021
Cited by 21 | Viewed by 7771
Abstract
Blockchain technology continues to grow and extend into more areas with great success, which highlights the importance of studying the fields that have been, and have yet to be, fundamentally changed by its entrance. In particular, blockchain technology has been shown to be [...] Read more.
Blockchain technology continues to grow and extend into more areas with great success, which highlights the importance of studying the fields that have been, and have yet to be, fundamentally changed by its entrance. In particular, blockchain technology has been shown to be increasingly relevant in the field of transportation systems. More studies continue to be conducted relating to both fields of study and their integration. It is anticipated that their existing relationships will be greatly improved in the near future, as more research is conducted and applications are better understood. Because blockchain technology is still relatively new as compared to older, more well-used methods, many of its future capabilities are still very much unknown. However, before they can be discovered, we need to fully understand past and current developments, as well as expert observations, in applying blockchain technology to the autonomous vehicle field. From an understanding and discussion of the current and potential future capabilities of blockchain technology, as provided through this survey, advancements can be made to create solutions to problems that are inherent in autonomous vehicle systems today. The focus of this paper is mainly on the potential applications of blockchain in the future of transportation systems to be integrated with connected and autonomous vehicles (CAVs) to provide a broad overview on the current related literature and research studies in this field. Full article
(This article belongs to the Special Issue Security of Cyber-Physical Systems)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-10
Back to TopTop