State-Feedback Control for Cyber-Physical Discrete-Time Systems under Replay Attacks: An LMI Approach

Moreira, Jose F. V. D.; Lacerda, Marcio J.

doi:https://doi.org/10.1155/2022/7946710

Mathematical Problems in Engineering

On this page

Abstract Introduction Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2022 | Article ID 7946710 | https://doi.org/10.1155/2022/7946710

State-Feedback Control for Cyber-Physical Discrete-Time Systems under Replay Attacks: An LMI Approach

Jose F. V. D. Moreira¹and Marcio J. Lacerda¹

Academic Editor: Hao Shen

Received09 Mar 2022

Revised04 Jul 2022

Accepted03 Aug 2022

Published01 Sept 2022

Abstract

This paper addresses the state-feedback control problem for cyber-physical discrete-time linear systems. The main goal is to design state-feedback controllers that can mitigate the interference of replay attacks in the stability of the closed-loop system. The system under replay attack is modeled as a switched linear system, and a packet-based approach is employed for control design. New conditions in the form of Linear Matrix Inequalities are presented to provide stabilizing controllers. Numerical experiments illustrate the effectiveness of the proposed method.

1. Introduction

The fourth Industrial Revolution (Industry 4.0) provided the use of complex technologies nowadays since there was a need for people to develop, grow and make life easier in general. Cyber-Physical Systems (CPSs) are among the technologies currently used. They are composed of computational resources, communication networks, and physical processes in integrated action [1, 2].

The use of CPS has several advantages, such as simplicity of maintenance and installation, high efficiency, and fair cost. In addition, the applications include industrial control systems, electrical power networks, and transport systems in general (vehicle and aviation, for example), among many others [3, 4]. However, there are some issues to consider in a CPS. Communication delays and packet losses during network transmission are examples of these disadvantages since they affect system performance and stability. Some studies in the literature on packet losses show that losses are classified as arbitrary and Markovian. In addition, packet loss modeling is possible in both communication directions (sensor to controller and controller to the actuator) [1, 3].

Cybersecurity is relevant due to another negative aspect of using communication networks, the existence of cyber-physical attacks [1]. As examples of occurrences, one can cite the Stuxnet virus and the attack on the sewer system in Queensland/Australia in the year 2000. Stuxnet, found in Siemens programmable logic controllers in 2010, was responsible for disturbing the Iranian nuclear installation in Natanz. The complexity of the attack showed that the attacker had prior knowledge of the cyber-physical components of the control system [5]. The damage caused by the attacks is significant, as happened in Australia in 2000, where sewage spills reached parks, hotels, and rivers [6]. Due to the damage that these attacks may cause, it is necessary to analyze and propose new solutions for systems under the presence of malicious attacks.

Among the cyber-attacks, one may cite the denial of service (DoS) attacks and deception attacks. DoS attacks consist of blocking communication between cybernetic physical elements. On the other hand, deception attacks correspond to one or more components receiving false information that they believe to be true. In this work, we investigate a subtype of deception attack, called a replay attack [3, 5]. This type of attack is difficult to detect compared to DoS attacks since replay’s attack operation consists of the attacker recording the sensor measurements first and the invader replacing the correct data at the current instant with the data recorded previously at the instant . Therefore, exchanging the actual values for previous measurements can result in incorrect decision-making, capable of destabilizing the system. Movies present a classic example of replay attacks, where criminals or people with bad intentions exchange images from security cameras with previously recorded video, with the aim of crimes or sabotage.

A CPS is composed of several security layers, with attack detection and control design being some of them. Many recent works have focused on finding new ways to detect replay attacks [7–10]. However, the research on control design for systems under replay attacks still is scarce. Thus, the goal of this article is to present a new formulation to design state-feedback controllers that can stabilize the system under replay attacks, once the attacks have been detected. If the states of the system are not available, output-feedback control strategies should be employed. Among others, output-feedback control strategies are dealing with switching systems, and CPS under DoS attacks [11–13].

The attack was modeled as a mode switched system, where is the maximum delay of the replay attack. The first mode represents the absence of the attack, while the second mode represents a 1 delay instant; subsequent modes will be defined similarly. The last mode will be set with a delay of instants of time. For each system mode, a controller is available to act and stabilize the closed-loop system. Moreover, a single controller can be designed to guarantee the stability of all modes of the switched system. By using the Lyapunov theory, a new Linear Matrix Inequality (LMI) condition was developed to guarantee the stability of the closed-loop system. The Lyapunov theory allows to write the conditions in the form of LMIs and solving them by available computational packages [14, 15]. A switched Lyapunov function allows the use of slack variables which are introduced in the problem to lessen the conservativeness [16]. The control gain is recovered from the slack matrices instead of using the Lyapunov matrix. The proposed approach can stabilize the closed-loop system even when the replay attack is performed in a random sequence.

Motivated by the above discussion, the main contributions of this paper are summarized as follows:(i)The use of a switched model to describe the system under replay attack. Each mode of the system is related to a different delay used by the attacker.(ii)New sufficient conditions, in the form of parameter-dependent Linear Matrix Inequalities (LMIs), to design state-feedback controllers for CPS under replay attacks.(iii)The use of a switched Lyapunov function that provides less conservative results when compared with a common quadratic Lyapunov function.

The rest of this paper is laid out as follows: Preliminary Concepts are introduced in Section 2 and give the necessary background material to understand the main idea of the work. Then, the proposed method is presented in Section 3. Section 4 presents numerical experiments that illustrate the efficiency of the proposed method to mitigate the existence of constant and randomly replay attacks in the CPS under replay attack. Finally, the Conclusions are given in Section 5.

Notation: in this paper, denotes the field of real numbers. When a matrix is positive definite (including symmetry), we write . Similarly, we write for negative definiteness. By 0 and , we denote the null and identity matrices of appropriate dimensions. For vectors and matrices, the superscript means transpose. denotes the vector . We write for Kronecker product.

2. Preliminary Concepts

Consider a CPS plant, described by the following discrete-time system model:where is the state vector, and is the control input. The matrices and are precisely known matrices.

The performance of the CPS under replay attack is affected since the attacker changes the measurements through the network for illegal purposes. Therefore, it is relevant to develop skillful control techniques to minimize the attacker’s influence on the system. In this way, the closed-loop system will remain stable.

Figure 1 illustrates the schematic of the CPS under replay attack. The attacker’s presence on the network allows him to prerecord values at earlier instants to posteriorly change them to , where is the delay of the replay attack. In this sense, the communication channel between the sensor and the buffer transmits the information of the state, called . Note that, in the absence of attack , otherwise .

Assumption 1. The maximum delay of replay attack is limited by , as the attacker has a preattack information storage limitation according to the desired lagging. Thus, the attacker requires a more robust system for storing information as the delay increases.
It is worth mentioning that the replay attack can be applied randomly, respecting the delay limit . Figure 2 depicts an example of a possible replay attack sequence, where delay represents the replay attack. In this case, is the maximum delay of the replay attack.
The modeling of the problem considering a packet-based approach follows the same lines presented in [17, 18] for CPS under DoS attacks. The state-feedback control law that stabilizes the CPS in (1) is given by the following equation:where is the time instant of the actual replay attack and is the switching point that takes a value in a finite set . Note that, if , there are no replay attacks at the time .
The closed-loop system dynamics, obtained by applying the control law (2) in the CPS (1), between switching points can be described by the following case:(i)Case 0: replay-free case(ii)Case 1: replay attack with delay of 1 instant of time(iii)Case : replay attack with delay of instant of time.Notice that, by employing the modes (3)–(5), the following switched system describes the system dynamics between two switching points:where , , andNote that, there is a package of controllers for , that acts according to the attack delay. It is clear since there is a for each mode . Only one mode of the switched system (6) is active at a time. The indicator function will be used to describe such behavior. Consider .In this way, system (6) can be written as follows:with .

Assumption 2. The system is able to detect which delay the attacker applied on instant . After it, the CPS uses the appropriate controller designed by the proposed method.
Here is an example to illustrate the switched system. Figure 2 indicates a random replay attack. The sequence of the attack is , where is the maximum delay of the replay attack. Therefore, the controller sends a package every instant in the following format:This way, the control selection happens according to the delay of the attack in the instant . In this example, it is at instant 1, at instant 2, , at instant 5, and so on.
Based on the use of a switched Lyapunov function, the following Lemma obtains a stability certificate for system (7).

Lemma 1. If there exist symmetric positive definite matrices such thatwith , then the switched Lyapunov system (7) under arbitrary switching with given as in (6) is asymptotically stable.

Proof. Multiplying (8) by , , and summing up givesSimilarly, multiplying (9) by , , and summing up, results inThe application of a Schur complement in (13) yields , that can be written as follows:Pre-and postmultiplying it by and , respectively, is equivalent to write with . From (11), it can be seen that , then the Lyapunov function is positive definite concluding the proof.

3. Main Results

For the sake of clarity, before presenting the formulation for a generic time delay of replay attacks, a particular case is addressed, where the time delay of replay attacks is bounded by , i.e., . The following result uses a switched Lyapunov function to design state-feedback gains.

Lemma 2. If there exist symmetric positive definite matrices , matrices , , , and such thathold withwhere the matrices are given by the following equation:thenare the state-feedback control gains that assure the closed-loop system (7) is asymptotically stable.

Proof. First, perform the change of variables and , in Lemma 2, resulting inwithNote that, the set of constraints (19) and (20) can be written as follows:for , and . Multiplying (21) by , and summing up one has the following equation:Following the same procedure, and multiplying (22) by , and summing up yieldsMultiplying (23) by on the left, and by on the right, with giveswith .
Multiplying (24) by on the left and by on the right, with gives the following equation:Pre- and post-multiplying it by and , respectively, is equivalent to write with . Moreover, from (21) it can be seen that , then the Lyapunov function is positive definite concluding the proof.

Remark 1. It is important to highlight that the conditions presented make use of a switched Lyapunov function which provides less conservative results when compared with the common quadratic Lyapunov functions [19].
A generic approach considering replay attack delays is presented in the sequel.

Theorem 1. If there exist symmetric positive definite matrices , matrices , , , and , such thathold withwhere denotes the vector , , and , thenare the state-feedback control gains that assure the asymptotical stability of the closed-loop system (7).

Proof. First, perform the change of variables , in (26), resulting inThus, the proof may be completed following the steps performed in Lemma 2.
Consider the case when the duration of the replay attack is constant; that is, in (5). Then the switched system in (6) can be simplified to a precisely known system given by the following equation:where and . Then, Theorem 1 can be simplified to design a robust state-feedback controller which can stabilize system (30). The following corollary presents the condition for such a case.

Corollary 1. If there exist symmetric positive definite matrices , matrices , , and , such thathold withwhere , thenis the state-feedback control gain that assures the asymptotical stability of the closed-loop system (30) under a constant replay attack of delay .

Remark 2. The condition presented in Corollary 1 presents more conservative results than Theorem 1 since it considers that the replay attack has a constant delay. However, there is only one switching state in this case which leads to a much lower computational cost.

Remark 3. Consider the condition presented in Theorem 1 and . The number of LMI rows is , while this number reduces to if Corollary 1 is considered.

Remark 4. Similarly, the number of scalar decision variables required by Theorem 1 can be formulated as follows:It is possible to see that the computational complexity of this approach will grow along with the increase of the maximum delay of the replay attack . Finally, note that if Corollary 1 is employed then, .

4. Numerical Experiments

In this section, two examples illustrate the usefulness of the proposed methods. The package YALMIP [14] was applied to implement the routines in Matlab, and SEDUMI [15] was the solver employed. It is important to stress that the results were obtained by using a switched Lyapunov function. Moreover, for the proposed examples, the use of a common quadratic Lyapunov function could not find feasible results for .

4.1. Example 1

4.1.1. Reference Results

Consider the discrete-time system borrowed from [20] with matrices given by the following equation:

At first, the state-feedback gain of the system described in (35) with was obtained using Theorem 3 described in [21]. The gain matrix obtained is given by the following equation:

This result will be used as a comparative reference in the following cases.

4.1.2. Case 1: Replay Attack by Theorem 1 with

There is no presence of attack in this case. The gain obtained by Theorem 1 with yields

In the absence of attacks, the controllers given in (36) and (37) stabilize the system. However, there is no guarantee that they can stabilize the system in the presence of attacks.

4.1.3. Case 2: Replay Attack by Theorem 1 with

Theorem 1 was employed on the system described in (20), considering as the bound to the replay attack. Therefore, the controller obtained will switch according to the delay used by the malicious agent. Table 1 shows the state-feedback controllers obtained.

The results in Table 1 are employed in the temporal response depicted in Figure 3. The controller can stabilize the system even under the presence of random delays, emphasizing that the proposed method can stabilize the system under replay attacks. The initial conditions for each state, which must have at least state values, are

Figure 4 presents the sequence of time delays applied in the proposed replay attack according to the values. This sequence is periodic for every sampled time interval. That is, it is used from 0 to 40, 40 to 80, 80 to 120, and so forth.

This example shows a situation that has a higher computational cost. However, the attacker will likely try to affect the system in the most complex way possible. Therefore, it is relevant to have a robust prevention system against this type of attack.

4.1.4. Case 3: Constant Replay Attack by Corollary 1 with

There is a constant delay of 9 instants of in this case. The gain obtained by Corollary 1 with is given by the following equation:

Figure 5 exhibits the temporal response using the gain obtained with Corollary 1. The initial conditions are

The temporal response in Figure 5 displays the effectiveness of the proposed method, which manages to stabilize the system under the presence of a constant replay attack.

4.2. Example 2

To illustrate the potential of application of the proposed method, consider an angular positioning system borrowed from [22]. In this example, we use , which is proportional to the coefficient of viscous friction in the rotation parts of the antenna. Therefore, the system matrices are given by the following equation:

Similarly to example 1, Theorem 1 was employed to solve this problem. We have considered as the maximum delay of the replay attack. In this way, the controller obtained will vary according to the attack delay. Table 2 presents the state-feedback controllers obtained. Note that, there are modes, i.e., seven modes in this case.

Figure 6 presents the temporal response which illustrates that the controller can stabilize the system using the control gains in Table 2. The initial conditions employed are

Figure 7 presents the sequence of time delays applied in the proposed replay attack. This sequence of attacks is possible according to the proposed random modeling from (3) to (7).

5. Conclusion

This paper introduced new conditions for the design of state-feedback controllers for cyber-physical discrete-time linear systems under replay attacks, through the use of the Lyapunov theory and LMIs. The system was modeled as a switched linear system to cope with the problem. Two examples have been presented to show the effectiveness of the method. Three situations were considered; (i) there is no replay attack, (ii) randomly replay attack, and (iii) constant replay attack. It has been shown that the proposed method can provide controllers to mitigate the effects of replay attacks. In future research, the authors are investigating the presence of time-varying parameters and DoS attacks in cyber-physical systems under replay attacks. Moreover, the design of output-feedback controllers is a promising direction for future work.

Data Availability

The data used to support the study are included in the paper.

Conflicts of Interest

The authors declare that there are no conflicts of interest regarding the publication of this paper.

Acknowledgments

This work was supported by UFSJ, and the Brazilian agencies CAPES, and CNPq (Grant no. 315538/2021-0)

References

R. E. Abbadi and H. Jamouli, “Stabilization of Cyber Physical System exposed to a random replay attack modeled by Markov chains,” in Proceedings of the 6th International Conference on Control, Decision and Information Technologies, pp. 528–533, IEEE, Paris, France, April 2019.
View at: Google Scholar
S. Shamim, S. Cang, H. Yu, Y. Li, L. Y. Chen, and X. Yao, “How firms in emerging economies can learn industry 4.0 by extracting knowledge from their foreign partners? A view point from strategic management perspective,” in Proceedings of the 2019 International Conference on Advanced Mechatronic Systems (ICAMechS), pp. 390–395, IEEE, Kusatsu, Japan, August 2019.
View at: Google Scholar
R. E. Abbadi and H. Jamouli, “Stabilization of cyber physical system with data packet dropout and replay attack via switching system Approach,” in Proceedings of the 4th Conference on Control and Fault Tolerant Systems, pp. 325–329, Casablanca, Morocco, September 2019.
View at: Google Scholar
L. Cao, X. Jiang, Y. Zhao, S. Wang, D. You, and X. Xu, “A survey of network attacks on cyber-physical systems,” IEEE Access, vol. 8, Article ID 44219, 2020.
View at: Publisher Site | Google Scholar
H. S. Sánchez, D. Rotondo, T. Escobet, V. Puig, J. Saludes, and J. Quevedo, “Detection of replay attacks in cyber-physical systems using a frequency-based signature,” Journal of the Franklin Institute, vol. 356, no. 5, pp. 2798–2824, 2019.
View at: Publisher Site | Google Scholar
A. Hoehn and P. Zhang, “Detection of replay attacks in cyber-physical systems,” in Proceedings of the 2016 American Control Conference (ACC), pp. 290–295, IEEE, Boston, MA, USA, June 2016.
View at: Google Scholar
H. Guo, Z.-H. Pang, J. Sun, and J. Li, “An output-coding-based detection scheme Against replay attacks in cyber-physical systems,” IEEE Transactions on Circuits and Systems II: Express Briefs, vol. 68, no. 10, pp. 3306–3310, 2021.
View at: Publisher Site | Google Scholar
T. Irita and T. Namerikawa, “Detection of replay attack on smart grid with code signal and bargaining game,” in Proceedings of the 2017 American Control Conference (ACC), pp. 2112–2117, Seattle, WA, USA, July 2017.
View at: Google Scholar
K. Murakami, H. Suemitsu, and T. Matsuo, “Classification of repeated replay-attacks and its detection monitor,” in Proceedings of the 2017 IEEE 6th Global Conference on Consumer Electronics (GCCE), pp. 1-2, Nagoya, Japan, October 2017.
View at: Google Scholar
H. Sánchez, D. Rotondo, T. Escobet, V. Puig, and J. Quevedo, “Frequency-based detection of replay attacks: application to a multiple tank system,” IFAC-PapersOnLine, vol. 51, no. 24, pp. 969–974, 2018.
View at: Publisher Site | Google Scholar
P. S. Pessim, M. L. Peixoto, R. M. Palhares, and M. J. Lacerda, “Static output-feedback control for Cyber-physical LPV systems under DoS attacks,” Information Sciences, vol. 563, pp. 241–255, 2021.
View at: Publisher Site | Google Scholar
J. Wang, Z. Huang, Z. Wu, J. Cao, and H. Shen, “Extended dissipative control for singularly perturbed PDT switched systems and its application,” IEEE Transactions on Circuits and Systems I: Regular Papers, vol. 67, no. 12, pp. 5281–5289, 2020.
View at: Publisher Site | Google Scholar
J. Wang, C. Yang, J. Xia, Z.-G. Wu, and H. Shen, “Observer-based sliding mode control for networked fuzzy singularly perturbed systems under weighted try-once-discard protocol,” IEEE Transactions on Fuzzy Systems, vol. 30, no. 6, pp. 1889–1899, 2022.
View at: Publisher Site | Google Scholar
J. Löfberg, “YALMIP: a toolbox for modeling and optimization in MATLAB,” in Proceedings of the 2004 IEEE International Symposium on Computer Aided Control Systems Design, pp. 284–289, IEEE, Taipei, Taiwan, September 2004.
View at: Google Scholar
J. F. Sturm, “Using SeDuMi 1.02, a MATLAB toolbox for optimization over symmetric cones,” Optimization Methods and Software, vol. 11, no. 1–4, pp. 625–653, 1999.
View at: Publisher Site | Google Scholar
H. T. M. Kussaba, J. Y. Ishihara, and R. A. Borges, “Uniform versions of Finsler’s lemma,” in Proceedings of the 2015 54th IEEE Conference on Decision and Control (CDC), pp. 7292–7297, Osaka, Japan, December 2015.
View at: Google Scholar
P. M. Oliveira, J. M. Palma, and M. J. Lacerda, “H2 state-feedback control for discrete-time cyber-physical uncertain systems under DoS attacks,” Applied Mathematics and Computation, vol. 425, pp. 1–13, 2022.
View at: Google Scholar
P. S. Pessim and M. J. Lacerda, “On the robustness of cyber-physical LPV systems under DoS attacks,” Journal of the Franklin Institute, vol. 359, no. 2, pp. 677–696, 2022.
View at: Publisher Site | Google Scholar
J. Daafouz and J. Bernussou, “Parameter dependent Lyapunov functions for discrete time systems with time varying parametric uncertainties,” Systems & Control Letters, vol. 43, no. 5, pp. 355–359, 2001.
View at: Publisher Site | Google Scholar
Z. Hu, F. Deng, P. Shi, and C.-C. Lim, “A new approach to characterize successive packet losses in stochastic networked systems,” IEEE Transactions on Systems, Man, and Cybernetics: Systems, vol. 51, no. 1, pp. 552–560, 2021.
View at: Publisher Site | Google Scholar
M. C. De Oliveira, J. Bernussou, and J. C. Geromel, “A new discrete-time robust stability condition,” Systems & Control Letters, vol. 37, no. 4, pp. 261–265, 1999.
View at: Publisher Site | Google Scholar
P. S. P. Pessim and M. J. Lacerda, “State-feedback control for cyber-physical LPV systems under DoS attacks,” IEEE Control Systems Letters, vol. 5, no. 3, pp. 1043–1048, 2021.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2022 Jose F. V. D. Moreira and Marcio J. Lacerda. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies