Visible to the public Foundations of a CPS Resilience - July 2020Conflict Detection Enabled

Submitted by Xenofon Koutsoukos on Fri, 07/10/2020 - 12:42pm

PI: Xenofon Koutsoukos

HARD PROBLEM(S) ADDRESSED

The goals of this project are to develop the principles and methods for designing and analyzing resilient CPS architectures that deliver required service in the face of compromised components. A fundamental challenge is to understand the basic tenets of CPS resilience and how they can be used in developing resilient architectures. The primary hard problem addressed is resilient architectures. In addition, the work addresses scalability and composability as well as metrics and evaluation. 

PUBLICATIONS

[1]    Jiani Li, Waseem Abbas, and Xenofon Koutsoukos. Resilient Distributed Diffusion in Networks with Adversaries. IEEE Transactions on Signal and Information Processing over Networks. vol. 6, pp. 1-17, 2020.[2]    
[2]    Himanshu Neema, Peter Volgyesi, Xenofon Koutsoukos, Thomas Roth, and Cuong Nguyen. “Online Testbed for Evaluating Vulnerability of Deep Learning Based Power Grid Load Forecasters”, 8th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES 2020), Sydney, Australia, April 21, 2020.
[3]    Feiyang Cai and Xenofon Koutsoukos. “Real-time Out-of-distribution Detection in Learning-Enabled Cyber-Physical Systems”. 11th IEEE/ACM Conference on Cyber-Physical Systems (ICCPS'20), Sydney, Australia, April 22-24, 2020. (Best Paper Award Finalist)
[4]    Carlos Barreto, Himanshu Neema, and Xenofon Koutsoukos. "Attacking Electricity Markets Through IoT", IEEE Computer, Special Issue on Cybersecurity for the Smart Grid, vol. 53, no. 5, pp. 55-62, May 2020.
[5]    Zhenkai Zhang Zihao Zhan, Daniel Balasubramanian, Bo Li, Peter Volgyesi, Xenofon Koutsoukos. “Leveraging EM Side-Channel Information to Detect Rowhammer Attacks”, IEEE Symposium on Security and Privacy (S&P 2020), pp. 862-879. May 18-20, 2020.
[6]    Feiyang Cai, Jiani Li, and Xenofon Koutsoukos. “Detecting Adversarial Examples in Learning-Enabled Cyber-Physical Systems using Variational Autoencoder for Regression”, Workshop on Assured Autonomous Systems (WAAS 2020). Held in conjunction with IEEE S&P. May 21, 2020.
[7]    Dimitrios Boursinos and Xenofon Koutsoukos. “Trusted Confidence Bounds for Learning Enabled Cyber-Physical Systems”, Workshop on Assured Autonomous Systems (WAAS 2020). Held in conjunction with IEEE S&P. May 21, 2020. (Best Paper Award)
[8]    Bradley Potteiger, Feiyang Cai, Abhishek Dubey, Zhenkai Zhang, and Xenofon Koutsoukos. “Security in Mixed Time and Event Triggered Cyber-Physical Systems using Moving Target Defense”, IEEE International Symposium On Real-Time Distributed Computing 2020 (ISORC'2020), May 19-21, 2020. (Best Paper Award Nomination)
[9]    Carlos Barreto, Taha Eghtesad, Scott Eisele, Aron Laszka, Abhishek Dubey, and Xenofon Koutsoukos, Cyber-Attacks and Mitigation in Blockchain Based Transactive Energy Systems, 3rd IEEE International Conference on Industrial Cyber-Physical Systems (ICPS 2020), Tampere, Finland, June 10-12, 2020.
 

KEY HIGHLIGHTS

This quarterly report presents two key highlights that demonstrate (1) resilient distributed diffusion in networks with adversaries and (2) detection of rowhammer attacks leveraging electromagnetic side-channel information.

Highlight 1: Resilient Distributed Diffusion in Networks with Adversaries

We study resilient distributed diffusion for multi-task estimation in the presence of adversaries where networked agents must estimate distinct but correlated states of interest by processing streaming data. We show that in general diffusion strategies are not resilient to malicious agents that do not adhere to the diffusion-based information processing rules. In particular, by exploiting the adaptive weights used for diffusing information, we develop time-dependent attack models that drive normal agents to converge to states selected by the attacker. We show that an attacker that has complete knowledge of the system can always drive its targeted agents to its desired estimates. Moreover, an attacker that does not have complete knowledge of the system including streaming data of targeted agents or the parameters they use in diffusion algorithms, can still be successful in deploying an attack by approximating the needed information. The attack models can be used for both stationary and non-stationary state estimation. In addition, we present and analyze a resilient distributed diffusion algorithm that is resilient to any data falsification attack in which the number of compromised agents in the local neighborhood of a normal agent is bounded. The proposed algorithm guarantees that all normal agents converge to their true target states if appropriate parameters are selected. We also analyze trade-off between the resilience of distributed diffusion and its performance in terms of steady-state mean-square-deviation (MSD) from the correct estimates. Finally, we evaluate the proposed attack models and resilient distributed diffusion algorithm using stationary and non-stationary multi-target localization. Our results are reported in [1].

[1]    Jiani Li, Waseem Abbas, and Xenofon Koutsoukos. Resilient Distributed Diffusion in Networks with Adversaries. IEEE Transactions on Signal and Information Processing over Networks. vol. 6, pp. 1-17, 2020.
 

Highlight 2: Leveraging EM Side-Channel Information to Detect Rowhammer Attacks    
The rowhammer bug belongs to software-induced hardware faults, and has been exploited to form a wide range of powerful rowhammer attacks. Yet, how to effectively detect such attacks remains a challenging problem. We propose a novel approach named RADAR (Rowhammer Attack Detection via A Radio) that leverages certain electromagnetic (EM) signals to detect rowhammer attacks. In particular, we have found that there are recognizable hammering-correlated sideband patterns in the spectrum of the DRAM clock signal. As such patterns are inevitable physical side effects of hammering the DRAM, they can “expose” any potential rowhammer attacks including the extremely elusive ones hidden inside encrypted and isolated environments like Intel SGX enclaves. However, the patterns of interest may become unapparent due to the common use of spread-spectrum clocking (SSC) in computer systems. We propose a de-spreading method that can reassemble the hammering-correlated sideband patterns scattered by SSC. Using a common classification technique, we can achieve both effective and robust detection-based defense against rowhammer attacks, as evaluated on a RADAR prototype under various scenarios. In addition, our RADAR does not impose any performance overhead on the protected system. There has been little prior work that uses physical side-channel information to perform rowhammer defenses, and to the best of our knowledge, this is the first investigation on leveraging EM side-channel information for this purpose. Our results are reported in [2].

[2]    Zhenkai Zhang Zihao Zhan, Daniel Balasubramanian, Bo Li, Peter Volgyesi, Xenofon Koutsoukos. “Leveraging EM Side-Channel Information to Detect Rowhammer Attacks”, IEEE Symposium on Security and Privacy (S&P 2020), pp. 862-879. May 18-20, 2020.
 

COMMUNITY ENGAGEMENTS

  • Our research was presented in the following conferences: ACM/IEEE 11th International Conference on Cyber-Physical Systems (ICCPS 2020), 8th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (held in conjunction with CPS IoT Week 2020), IEEE International Symposium On Real-Time Distributed Computing 2020 (ISORC 2020), IEEE Symposium on Security and Privacy (S&P’20), Workshop on Assured Autonomous Systems (Held in conjunction with IEEE S&P 2020), and 3rd IEEE International Conference on Industrial Cyber-Physical Systems (ICPS 2020).
Groups: