Abstract
This article focuses on the design of safe and attack-resilient Cyber-Physical Systems (CPS) equipped with multiple sensors measuring the same physical variable. A malicious attacker may be able to disrupt system performance through compromising a subset of these sensors. Consequently, we develop a precise and resilient sensor fusion algorithm that combines the data received from all sensors by taking into account their specified precisions. In particular, we note that in the presence of a shared bus, in which messages are broadcast to all nodes in the network, the attacker’s impact depends on what sensors he has seen before sending the corrupted measurements. Therefore, we explore the effects of communication schedules on the performance of sensor fusion and provide theoretical and experimental results advocating for the use of the Ascending schedule, which orders sensor transmissions according to their precision starting from the most precise. In addition, to improve the accuracy of the sensor fusion algorithm, we consider the dynamics of the system in order to incorporate past measurements at the current time. Possible ways of mapping sensor measurement history are investigated in the article and are compared in terms of the confidence in the final output of the sensor fusion. We show that the precision of the algorithm using history is never worse than the no-history one, while the benefits may be significant. Furthermore, we utilize the complementary properties of the two methods and show that their combination results in a more precise and resilient algorithm. Finally, we validate our approach in simulation and experiments on a real unmanned ground robot.
- Black-i Robotics. 2009. The LandShark. Retrieved from http://blackirobotics.com/LandShark_UGV_UC0M.html.Google Scholar
- S. Blank, T. Fohst, and K. Berns. 2010. A fuzzy approach to low level sensor fusion with limited system knowledge. In Proceedings of the 2010 13th Conference on Information Fusion (FUSION’10). 1--7.Google Scholar
- R. R. Brooks and S. S. Iyengar. 1996. Robust distributed computing and sensing algorithm. Computer 29, 6 (June 1996), 53--60. Google Scholar
Digital Library
- Z. Chair and P. K. Varshney. 1986. Optimal data fusion in multiple sensor detection systems. IEEE Transactions on Aerospace and Electronic Systems AES-22, 1 (Jan 1986), 98--101.Google Scholar
Cross Ref
- S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno. 2011. Comprehensive experimental analyses of automotive attack surfaces. In Proceedings of the 20th USENIX Conference on Security (SEC’11). 6. Google Scholar
Digital Library
- P. Chew and K. Marzullo. 1991. Masking failures of multidimensional sensors. In Proceedings of the 10th Symposium on Reliable Distributed Systems (SRDS’91). 32--41.Google Scholar
- V. Delouille, R. N. Neelamani, and R. Baraniuk. 2004. Robust distributed estimation in sensor networks using the embedded polygons algorithm. In Proceedings of the 3rd International Symposium on Information Processing in Sensor Networks (IPSN’04). 405--413. Google Scholar
Digital Library
- R. Ivanov, M. Pajic, and I. Lee. 2014a. Attack-resilient sensor fusion. In DATE’14: Design, Automation and Test in Europe. Google Scholar
Digital Library
- R. Ivanov, M. Pajic, and I. Lee. 2014b. Resilient multidimensional sensor fusion using measurement history. In High Confidence Networked Systems (HiCoNS’14). Google Scholar
Digital Library
- D. N. Jayasimha. 1994. Fault tolerance in a multisensor environment. In Proceedings of the 13th Symposium on Reliable Distributed Systems (SRDS’94). 2--11.Google Scholar
Cross Ref
- S. Joshi and S. Boyd. 2009. Sensor selection via convex optimization. Transactions on Signal Processing 57, 2 (2009), 451--462. Google Scholar
Digital Library
- R. E. Kalman. 1960. A new approach to linear filtering and prediction problems. Transactions of the ASME--Journal of Basic Engineering 82, Series D (1960), 35--45.Google Scholar
- N. Katenka, E. Levina, and G. Michailidis. 2008. Local vote decision fusion for target detection in wireless sensor networks. IEEE Transactions on Signal Processing 56, 1 (Jan 2008), 329--338. Google Scholar
Digital Library
- K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage. 2010. Experimental security analysis of a modern automobile. In Proceedings of the IEEE Symposium on Security and Privacy (SP’10). 447--462. Google Scholar
Digital Library
- K. Marzullo. 1990. Tolerating failures of continuous-valued sensors. ACM Transactions on Computing Systems 8, 4 (Nov. 1990), 284--304. DOI:http://dx.doi.org/10.1145/128733.128735 Google Scholar
Digital Library
- M. Milanese and C. Novara. 2004. Set membership identification of nonlinear systems. Automatica 40, 6 (2004), 957--975. Google Scholar
Digital Library
- M. Milanese and C. Novara. 2011. Unified set membership theory for identification, prediction and filtering of nonlinear systems. Automatica 47, 10 (2011), 2141--2151. Google Scholar
Digital Library
- M. Pajic, J. Weimer, N. Bezzo, P. Tabuada, O. Sokolsky, I. Lee, and G. J. Pappas. 2014. Robustness of attack-resilient state estimators. In Proceedings of the 2014 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS’14). 163--174. Google Scholar
Digital Library
- S. Peterson and P. Faramarzi. 2011. Iran hijacked US drone, says Iranian engineer. Christian Science Monitor, December 15 (2011).Google Scholar
- A. H. Rutkin. 2013. “Spoofers” Use Fake GPS Signals to Knock a Yacht Off Course. MIT Technology Review. (August 2014).Google Scholar
- D. N. Serpanos and A. G. Voyiatzis. 2013. Security challenges in embedded systems. ACM Transactions on Embedded Computing Systems 12, 1s (March 2013), Article 66, 10 pages. Google Scholar
Digital Library
- D. Shepard, J. Bhatti, and T. Humphreys. 2012. Drone hack. GPS World 23, 8 (2012), 30--33.Google Scholar
- Michael Short and Michael J. Pont. 2007. Fault-tolerant time-triggered communication using CAN. IEEE Transactions on Industrial Informatics 3, 2 (2007), 131--142.Google Scholar
Cross Ref
- Y. Shoukry, P. Martin, P. Tabuada, and M. Srivastava. 2013a. Non-invasive spoofing attacks for anti-lock braking systems. In Cryptographic Hardware and Embedded Systems (CHES’13). Lecture Notes in Computer Science, Vol. 8086. 55--72. Google Scholar
Digital Library
- Yasser Shoukry, Paul Martin, Paulo Tabuada, and Mani Srivastava. 2013b. Non-invasive spoofing attacks for anti-lock braking systems. In Cryptographic Hardware and Embedded Systems (CHES’13). Springer, 55--72. Google Scholar
Digital Library
- R. Tan, G. Xing, X. Liu, J. Yao, and Z. Yuan. 2013. Adaptive calibration for fusion-based cyber-physical systems. ACM Transactions on Embedded Computing Systems 11, 4 (Jan. 2013), Article 80, 25 pages. Google Scholar
Digital Library
- Christopher Temple. 1998. Avoiding the babbling-idiot failure in a time-triggered communication system. In Proceedings of the 28th Annual International Symposium on Fault-Tolerant Computing. IEEE, 218--227. Google Scholar
Digital Library
- M. P. Vitus, W. Zhang, A. Abate, J. Hu, and C. J. Tomlin. 2012. On efficient sensor scheduling for linear dynamical systems. Automatica 48, 10 (2012), 2482--2493. Google Scholar
Digital Library
- J. Warner and R. Johnston. 2003. A simple demonstration that the global positioning system (GPS) is vulnerable to spoofing. Journal of Security Administration 25 (2003), 19--28.Google Scholar
- J. Williams. 2007. Information Theoretic Sensor Management. Ph.D. Dissertation. MIT. Google Scholar
Digital Library
- L. Xiao, S. Boyd, and S. Lall. 2005. A scheme for robust distributed sensor fusion based on average consensus. In IPSN’05. Article 9, 63--70. Google Scholar
Digital Library
- Y. Zhu and B. Li. 2006. Optimal interval estimation fusion based on sensor interval estimates with confidence degrees. Automatica 42, 1 (2006), 101--108. Google Scholar
Digital Library
Index Terms
Attack-Resilient Sensor Fusion for Safety-Critical Cyber-Physical Systems
Recommendations
Sensor CON-Fusion: Defeating Kalman Filter in Signal Injection Attack
ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications SecurityIn recent years, information systems have become increasingly able to interact with the real world by using relatively cheap connected embedded devices. In such systems, sensors are crucial components because systems can observe the real world only ...
Security of Cyber-Physical Systems in the Presence of Transient Sensor Faults
This article is concerned with the security of modern Cyber-Physical Systems in the presence of transient sensor faults. We consider a system with multiple sensors measuring the same physical variable, where each sensor provides an interval with all ...
Resilient multidimensional sensor fusion using measurement history
HiCoNS '14: Proceedings of the 3rd international conference on High confidence networked systemsThis work considers the problem of performing resilient sensor fusion using past sensor measurements. In particular, we consider a system with n sensors measuring the same physical variable where some sensors might be attacked or faulty. We consider a ...






Comments