Vulnerabilities of cyber-physical systems to stale data - Determining the optimal time to launch attacks

This paper presents a new vulnerability assessment model based on timing attacks. In particular, it examines the problem where an adversary has access to a certain sensor reading or a controller output signal in real time, but can only cause denial of service (DoS). Jamming the communications to a device can cause the system to work with stale data that, in turn, could interfere with the control algorithm to the extent of driving the system to an undesirable state. If the DoS attack is not timed properly, the use of stale data by the controller or actuator would have a limited impact on the process. However, if the attacker is able to launch the DoS attack at the correct time, the use of stale data can drive the system to an unsafe state. This paper uses the Tennessee Eastman challenge process to investigate the problem of an attacker who has to identify (in real time) the optimal moment to launch a DoS attack. The results suggest that, by attacking sensor and controller signals, the attacker can manipulate the process at will, but the success of the attack depends considerably on the specific stale values due to the dynamic nature of the process. The choice of time to begin an attack is forward-looking, requiring the attacker to consider each current opportunity against the possibility of a better opportunity in the future; this lends itself to the theory of optimal stopping problems. In particular, this paper studies the applicability of the Best Choice Problem (also known as the Secretary Problem), quickest change detection and statistical process outliers. The analysis can be used to identify specific sensor measurements that need to be protected and the time-to-response necessary to enable process operators and asset owners to define appropriate attack response strategies. & 2014 Published by Elsevier B.V.