Time Synchronization Attack and Countermeasure for Multi-System Scheduling in Remote Estimation
Ziyang Guo, Yuqing Ni, Wing Shing Wong, Ling Shi

TL;DR
This paper investigates time synchronization attacks on multi-system remote estimation, demonstrating how attackers can cause divergence in estimation error and proposing countermeasures to maintain system stability.
Contribution
It introduces a novel attack strategy that exploits time offsets and develops shift-invariant policies as effective countermeasures.
Findings
Attack can cause unbounded estimation error without system knowledge.
Optimal attack minimizes sensor spoofing while maximizing error.
Countermeasures improve system robustness against synchronization attacks.
Abstract
We consider time synchronization attack against multi-system scheduling in a remote state estimation scenario where a number of sensors monitor different linear dynamical processes and schedule their transmissions through a shared collision channel. We show that by randomly injecting relative time offsets on the sensors, the malicious attacker is able to make the expected estimation error covariance of the overall system diverge without any system knowledge. For the case that the attacker has full system information, we propose an efficient algorithm to calculate the optimal attack, which spoofs the least number of sensors and leads to unbounded average estimation error covariance. To mitigate the attack consequence, we further propose a countermeasure by constructing shift invariant transmission policies and characterize the lower and upper bounds for system estimation performance.…
Click any figure to enlarge with its caption.
Figure 1
Figure 2
Figure 3Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSmart Grid Security and Resilience · Network Time Synchronization Technologies · Petri Nets in System Modeling
Time Synchronization Attack and Countermeasure for Multi-System Scheduling in Remote Estimation
Ziyang Guo∗, Yuqing Ni∗, Wing Shing Wong*†*, Ling Shi∗ : Electronic and Computer Engineering, The Hong Kong University of Science and Technology, Clear Water Bay, Kowloon, Hong Kong (e-mail: [email protected], [email protected], [email protected]).: Department of Information Engineering, The Chinese University of Hong Kong, Shatin, Hong Kong (e-mail: [email protected]). The research was funded by Schneider Electric, Lenovo Group (China) Limited and the Hong Kong Innovation and Technology Fund (ITS/066/17FP) under the HKUST-MIT Research Alliance Consortium.
Abstract
We consider time synchronization attack against multi-system scheduling in a remote state estimation scenario where a number of sensors monitor different linear dynamical processes and schedule their transmissions through a shared collision channel. We show that by randomly injecting relative time offsets on the sensors, the malicious attacker is able to make the expected estimation error covariance of the overall system diverge without any system knowledge. For the case that the attacker has full system information, we propose an efficient algorithm to calculate the optimal attack, which spoofs the least number of sensors and leads to unbounded average estimation error covariance. To mitigate the attack consequence, we further propose a countermeasure by constructing shift invariant transmission policies and characterize the lower and upper bounds for system estimation performance. Simulation examples are provided to illustrate the obtained results.
Index Terms:
Remote State Estimation; Time Synchronization Attack; Shift Invariance; Multi-system Scheduling.
I Introduction
Cyber-physical systems (CPS) refer to systems integrating sensing, computation, communication and control techniques with physical processes. With wide applications in different critical infrastructures such as smart grids, intelligent transportation and health monitoring system, CPS have attracted great research interest during the past decade [1]. In such systems, wireless sensors play an indispensable role due to advantages such as low cost, easy installation, self-power and inherent intelligent processing capability [2]. However, new issues arise naturally with the widespread deployment.
Since most wireless sensors in practical applications are battery-powered, and replacing old batteries which run out of energy is usually costly or even impossible in some extreme environments, one critical issue is how to efficiently allocate the transmission power of the sensors. In [3], the authors studied the scheduling problem of whether to send the sensory data to the remote estimator or not under transmission energy constraint and obtained the optimal off-line sensor schedule. In [4], the authors proposed an on-line sensor schedule based on the acknowledgment signal which contains the real-time data-dropout information. It was shown in [5] that the on-line sensor schedule improves the estimation performance significantly compared with the off-line case with only a 1-bit feedback. Besides the above works focusing on single-sensor systems, multi-sensor and multi-system scheduling problems have received more attention recently [6, 7, 8]. Specifically, a sensor scheduling problem was investigated for a multi-sensor system under communication constraints in [6] and the optimal sensor selection schemes were obtained for reliable and packet-dropping channels. The design of a collision-free transmission scheduling for multiple linear dynamical systems was studied in [7] and an asymptotic periodic schedule was proved to be optimal. Moreover, the multi-system scheduling problem was extended to the scenario with packet drop and packet length constraint in [8].
Due to the wireless communication modes and the complex interconnection between cyber information layer and physical components, communication channels are vulnerable to malicious attacks, which may raise security issues in CPS. Availability attacks, also known as Denial-of-Service attacks, which block the communication channels and prevent legitimate access to system components, were investigated for resource-constrained attacker in [9, 10]. Integrity attacks, another main category of cyber attacks, attempt to cripple the system functionality while remaining undetectable by intercepting and modifying the transmitted data packets. Different implementations of integrity attacks were studied, including replay attack [11], false-data injection attack [12, 13], innovation-based deception attack [14, 15], etc.
Note that most of the multi-system scheduling problems considered in the literature [6, 7, 8] assume that all the subsystems are working in a synchronous manner. Since Global Positioning System (GPS) signal is highly accurate, stable and free for timing, GPS-based measuring devices have been vastly deployed in critical infrastructures to guarantee the time synchronization between subsystems and thus achieve desirable performance [16]. However, malicious agents may disturb the time synchronization among sensors by introducing counterfeit GPS signals. Some existing works [17, 18, 19] and real world GPS spoofing attacks [20] have shown the vulnerability of GPS signals and the possibility of spoofing the GPS receivers. Any successful time synchronization attack, which injects relative offsets on sensor clocks and desynchronizes the target system, may lead to a huge performance degradation. Motivated by these observations, we consider such an attack scenario in this work and analyze performance degradations for different attack information sets. To mitigate the attack effect, we further propose a defense strategy using transmission policies with shift invariance property. The main contributions of this paper are summarized as follows:
We consider time synchronization attack against multi-system scheduling and analyze the attack consequences for different scenarios. For the case that the attacker has no system knowledge, we show that it is possible to drive the expected estimation error covariance of the overall system to infinity (Theorem 1 and Corollary 1). For the case that the attacker has full system knowledge, we propose an efficient algorithm to calculate the optimal attack strategy that spoofs the least number of sensors and leads to unbounded estimation error covariance (Theorem 2 and Algorithm 1). 2. 2.
To mitigate the attack consequence, we propose a countermeasure by constructing shift invariant transmission policies and derive the lower and upper bounds for the remote estimation error covariance when using the proposed countermeasure (Theorem 3). Moreover, we provide a procedure to construct the shift invariant transmission policies.
The reminder of the paper is organized as follows. Section II introduces the system architecture and preliminaries about the multi-system scheduling. Section III considers time synchronization attack with or without system knowledge and analyzes the attack consequences. Section IV proposes a countermeasure by constructing shift invariant transmission policies and derives performance bounds of remote estimation error covariance. Simulation examples are provided in Section V. Some concluding remarks are made in the end.
Notations: All vectors and matrices are named in boldface while scalars are not. and denote the sets of nonnegative integers and real numbers. is the -dimensional Euclidean space. () is the set of positive semi-definite (definite) matrices. When () , we simply write (). means the floor function. For functions , is defined as and is defined as with .
II Preliminaries
II-A System Model
Consider a system consisting of independent discrete linear time-invariant processes and sensors as depicted in Fig. 1. The -th sensor monitors the -th process:
[TABLE]
where , is the time index, is the state of the -th process, is the measurement obtained by the -th sensor. The process noise , measurement noise and the initial state are mutually independent zero-mean Gaussian random variables with covariance , and , respectively. To avoid trivial problem, all the processes are assumed to be unstable. The pair is detectable and is stabilizable.
II-B Smart Sensor
With the development of manufacturing techniques, many modern sensors are able to provide extra functions beyond those necessary for generating the measured quantity. The functions embedded might be signal processing, decision-making and anomaly alarm, which may promote the system performance [21]. In this work, each sensor is assumed to be smart in the sense that it is able to measure the state of its corresponding process and run the following Kalman filter to generate a local estimate:
[TABLE]
where and are the a priori and the a posteriori minimum mean squared error (MMSE) estimates of the state at the -th sensor, and are the corresponding estimation error covariances. The recursion starts from and .
To facilitate the subsequent discussion, we define the Lyapunov and Riccati operators and as follows:
[TABLE]
Under the detectability and stabilizability assumptions, the estimation error covariance associated with each local Kalman filter converges exponentially to a steady state from any initial condition [22]. Without loss of generality, we assume that the Kalman filter at sensor side has entered steady state, i.e.,
[TABLE]
where is a unique positive semi-definite solution of discrete algebraic Riccati equation .
II-C Remote Estimator
We consider a time-slotted communication channel which is shared by sensors. It is assumed that the remote estimator only has the ability to successfully receive one data packet at each time . In other words, when two or more sensors transmit simultaneously, collision occurs and all the transmitted data packets will be dropped. To schedule the transmission, a time-synchronized transmission scheduler embedded in each sensor makes a decision to determine whether to transmit or not. Specifically, we denote be the transmission policy of sensor at time . If the local estimate is scheduled to transmit, ; otherwise . Let , , and be the set of all feasible schedules. Moreover, we denote to indicate the transmission result of sensor at time . If the local estimate is successfully received at the remote estimator, ; otherwise .
As a result, the MMSE state estimate and the corresponding estimation error covariance at the remote estimator can be computed by the following recursions:
[TABLE]
Note that the estimation error covariance satisfies
[TABLE]
for any with [23]. Furthermore,
[TABLE]
This well ordering of the estimation error covariance is helpful for the further analysis.
II-D Optimal Sensor Scheduling
For the considered collision channel, an efficient sensor scheduling scheme plays a crucial role to system estimation performance, which motivates us to consider the following optimization problem:
[TABLE]
The above problem was already studied in [7] and we summarize the main results in the following lemma.
Lemma 1**.**
The optimal transmission policy for the optimization problem in (7) has the following properties:
Exclusivity: there must be one and only one sensor which transmits at each time ; 2. 2.
Periodicity: there exists a period such that ; 3. 3.
Uniformity: each sensor must schedule its transmission as uniformly as possible within one period.
Proof:
See Theorem 2 and Theorem 3 in [7].
II-E Problem of Interest
There is no doubt that the minimum average estimation error covariance over an infinite time horizon can be achieved when applying the optimal sensor schedules. However, if there exists a malicious attacker who aims at damaging the estimation quality, i.e., maximizing the objective function by choosing an appropriate attack strategy, the situation will become more involved, which motivates our current work. In this case, the defense strategies that help the system maintain acceptable performance even in the presence of attacks are worth exploring. We will introduce the detailed attack model and propose countermeasures in the following two sections.
III Attack Strategy and Performance Analysis
In this section, we consider the scenario where there exists a malicious attacker who is able to generate random delays on the clocks of the sensors to increase collision, consequently packet dropout, during the transmission. The mathematical formulation and practical implementation of such an attack are discussed. Moreover, the remote estimation performances when the malicious attacker has different system information are investigated and an efficient algorithm is proposed to calculate the optimal attack strategy.
III-A Time Synchronization Attack
To achieve the optimal transmission policy obtained in [7], GPS timing is applied such that each sensor in the system transmits data packet in a synchronous manner without any collision. We consider a malicious attacker who intentionally disturbs the time synchronization among sensors by injecting arbitrary time delays on sensor clocks. Practically, this can be achieved by introducing a forged GPS signal, as shown in Fig. 1. Note that such an attacker does not need to hack into the underlying system or have physical contact to the sensors. It is also difficult to locate the attacker since it can transmit the GPS spoofing signal while moving around the target sensors. These injected time delays may lead to transmission collision, packet dropout and performance degradation. Consequently, it is necessary to analyze attack consequences under different information sets and propose efficient countermeasures, before which some definitions are introduced first.
According to Lemma 1, the optimal transmission policy for each sensor is a periodic [math]- sequence. Thus, it suffices to investigate the attack effect on sensor’s transmission within one period instead of an infinite horizon. To simplify the subsequent discussion, we denote the optimal transmission policy for sensor within period as a column vector:
[TABLE]
where for all and . Let be the optimal transmission policy of all sensors. The Hamming weight of sensor is the number of ones in within a period. The duty factor of sensor is the fraction of time in which sensor is transmitting, which equals the Hamming weight divided by the period, i.e.,
[TABLE]
When a random time delay is injected on the clock of the -th sensor by the GPS spoofer, the transmission policy of sensor becomes
[TABLE]
where represents addition modulo .
III-B Attack without System Knowledge
In this subsection, we focus on the scenario where the malicious attacker does not have any system knowledge and randomly launches attacks on an arbitrary subset of the sensors. In this regard, we can show that the expected average estimation error covariance of the overall system over an infinite time horizon goes to infinity. This result can be obtained directly from the following theorem.
Theorem 1**.**
*For any optimal transmission policy with period , there exists an attack strategy under which all the transmitted data packets of sensor will be dropped if . *
Proof:
The proof is divided into two parts. The two-sensor scenario is considered first, and as an extension, the proof of the scenario with sensors is completed.
First, without loss of generality, we assume that in the two-sensor scenario, which means that the sensor transmits times and the sensor transmits times in one period . For each transmission policy , the resulting average cost in the Problem can be computed:
[TABLE]
where and are nonnegative integers satisfying
[TABLE]
represents the total number of time slots in a period when sensor is scheduled to transmit, and stands for the total number of time slots that sensor has continuously idled for slots after a transmission. Sensor needs to transmit for exactly times in a period , and thus the longest waiting time duration during which it cannot transmit is . The counting number summation for sensor , denoted as , must be . Sensor has similar situations represented by . The case that the sensor has not been scheduled to transmit for time slots can happen only if it has not been scheduled for time slots. Therefore, the inequality (12) holds. To illustrate the meanings of and , we provide a simple example in Fig. 2. A transmission policy in the two-sensor scenario with and is considered. The corresponding and .
Due to the nondecreasing property of in and Lemma 1, the average estimation error covariance under the optimal transmission policy can be obtained as:
[TABLE]
In consistency with the Uniformity in Lemma 1, the sensor with the larger duty factor is only allowed to wait for at most one time slot under the optimal scheduling policy. In other words, all the “[math]” elements in are isolated by other “” elements. According to the Exclusivity in Lemma 1, all the “” elements in are isolated by other “[math]” elements. Consequently, the attacker can always set and construct such that all the “” elements in collide with those “” elements in .
For the general scenario with sensors, any sensor with satisfies that “” elements in isolated by other “[math]” elements according to the Uniformity, which can be viewed as sensor 1 in the two-sensor scenario. Then, all the other sensors can be viewed together as sensor 2 in the two-sensor scenario. Similar to the previous case, there always exist a delayed version of sequences with such that all the transmitted data packets of sensor are dropped in collisions.
Corollary 1**.**
Consider system (1)–(2) under optimal transmission policy with period . When a randomly generated time synchronization attack is launched on the system, the expected average estimation error covariance of the overall system over an infinite time horizon goes to infinity, i.e.,
[TABLE]
Proof:
Theorem 1 shows that for any system under the optimal transmission policy , there always exists an attack strategy such that at least one sensor, e.g., sensor , will never have a chance to successfully transmit its data packet. Correspondingly, the trace of estimation error covariance diverges to infinity for this unstable process. Note that the attack strategy is randomly chosen from all the finite types of time synchronization attacks. Hence, the equation (14) holds, taking expectation with respect to random attack strategies.
III-C Attack with full System Knowledge
When the malicious attacker has knowledge of all system parameters , , and , , it is able to calculate the optimal sensor schedules and launch an attack such that the average estimation error covariance of the overall system goes to infinity, i.e., . Note that the attacks leading to unbounded estimation error covariance are not unique. Hence, the optimal attack strategy that spoofs the least number of sensors to achieve this goal is worth investigating. In this subsection, we first show that the optimal attack strategy can be solved by the optimization problem summarized in the following theorem and then provide an efficient algorithm to solve this problem. For notation brevity, we denote
[TABLE]
as all possible attacked version of ,
[TABLE]
as an indicator vector corresponds to , and being dimensional vector with partitions and all the elements in the -th partition are ones. Moreover, we define , , and .
Theorem 2**.**
Consider system (1)–(2) under optimal transmission policy with period . The optimal attack strategy can be obtained by solving the following optimization problem for all :
[TABLE]
*where , , stands for norm of , is element-wise inequality, means that each element of belongs to . *
Proof:
According to the definition, an attack strategy is optimal with respect to sensor if it spoofs the least number of sensors except sensor such that all the transmitted data packets of sensor are dropped. Consequently, to obtain the optimal attack strategy with respect to sensor , we need to solve the following optimization problem:
[TABLE]
Since injecting a time delay on sensor , can be represented as the multiplication of , the matrix of all possible attacked version of , and its corresponding indicator , any attack strategy satisfying the first two constraints guarantees that at least one sensor is also transmitting its data packet at the time slot when sensor is transmitting. Note that only one time delay can be injected on each sensor , which leads to the third constraint. It can be observed that all the transmitted data packets of sensor will be dropped under any attack strategy satisfying above three constraints. To obtain the optimal attack, one has to minimize the number of sensors needed to be spoofed, which corresponds to the norm in the objective function.
Combining the first and the third constraints of problem , one can obtain problem , which completes the proof.
Due to the binary constraint on , problem is a mixed integer programming problem, which cannot be solved by standard convex optimization techniques. Noticing that has possible values, a brute-force enumeration for the optimal attack strategy is computationally intractable when the network scale or the communication period is large.
Among various algorithms in the literature [24], Branch-and-Bound (B&B) algorithm is the most popular one to solve large scale NP-hard combinatorial optimization problems [25]. Although the algorithm may need to search the entire solution space in the worst case, the use of bounds for the function to be optimized combined with the value of the current best solution enables the algorithm to search a smaller solution space in general. To be specific, we denote as two sub-index sets of for sensor , and as the corresponding collections of elements from , respectively. We summarize the B&B algorithm for optimal attack strategy in Algorithm 1.
Remark 1**.**
*Note that the optimal attack strategy that spoofs the least number of sensors and leads to unbounded estimation error covariance may not be unique. The method summarized in Algorithm 1 only returns one of the optimal attack strategies. If all the optimal attack strategies are needed, one can easily achieve this goal by modifying “” in lines 11 and 19 to “” and storing all the returned solutions. *
IV Countermeasure against Time Synchronization Attack
According to the previous discussion, the optimal transmission policy for each sensor is periodic and synchronized. When a malicious attacker intentionally destroys time synchronization between sensors, nonzero relative offsets are injected and the collided data packets are dropped, which results in degradation of remote estimation performance. To ensure the estimation quality in the presence of time synchronization attacks, we propose a countermeasure based on shift invariant property of the transmission policy in this section. Moreover, we derive the lower and upper bounds of remote estimation error covariance when the proposed defense method is used.
IV-A Shift Invariance
Before proceeding the analysis, we first introduce the definition of shift invariant transmission policy in this subsection.
Let be the collection of all ordered tuples of length , whose components are distinct elements in sensor set and sorted in ascending order. It consists of -tuples in the form for some between and , and . An element in corresponds to an ordered tuple of sensors. For with , the Hamming cross correlation associated with is defined as
[TABLE]
In other words, it counts the number of time slots in a period where all sensors in transmit simultaneously. When consists of only one sensor, Hamming cross correlation reduces to Hamming weight.
A function is said to be shift invariant if equals identically to a constant for any choice of . We say a transmission policy set is shift invariant if the Hamming cross correlation in (15) is shift invariant as a function of for all .
When the sensors in the ordered tuple are active and the time delay injected by the attacker of sensor is for , the throughput of sensor is defined as
[TABLE]
where the product is over all except . This is the fraction of time slots in which sensor transmits and sensors keep silent. When consists of only one sensor, the throughput is equivalent to the duty factor . A transmission policy set is throughput invariant if the throughput in (16) is shift invariant as a function for all and . According to Theorem 8 and Theorem 12 in [26], the shift invariance and throughput invariance are equivalent for the transmission channel considered in our work.
Example 1**.**
The following is a set of three shift invariant transmission policies with duty factors , , and period :
[TABLE]
*Then, we have , , and for all . *
IV-B Performance Bounds
Note that the shift invariance property introduced in the previous subsection can be used to design countermeasures against time synchronization attack. When shift invariant transmission policies are adopted, each sensor will receive at least one data packet within a period no matter what time delays are injected on the system, which leads to bounded estimation error covariance and improves system robustness. In this subsection, we provide the lower and upper bounds for the remote estimation error covariance when using shift invariant transmission policies, before which we first revisit some useful results obtained in [27].
Lemma 2**.**
Let be shift invariant transmission policies for sensors with duty factors , respectively, and . Then, the following statements hold:
The throughput of sensor is equal to ; 2. 2.
The period is divisible by and no less than .
Proof:
See Theorem 3 and Theorem 6 in [27].
Theorem 3**.**
Consider system (1)–(2) under shift invariant transmission policies with duty factors , , and period . When an arbitrary time synchronization attack is launched on the system, the average estimation error covariance of the overall system over an infinite time horizon is lower bounded by
[TABLE]
and upper bounded by
[TABLE]
*where for all . *
Proof:
According to Lemma 2, when sensor adopts shift invariant transmission policy with duty factor and period , it will receive data packets within one period under arbitrary time synchronization attack.
Consequently, the lower bound of the average estimation error covariance over an infinite time horizon of the overall system is achieved when all the data packets are uniformly received, which corresponds to (3). The upper bound is achieved when all the data packets are consecutively received, which is consistent with (3).
IV-C Construction Method
In this subsection, we describe how to construct the shift invariant transmission policies with duty factor and .
In our construction, the -th transmission policy has period and is the common period for the whole transmission policy set. For convenience, is defined to be . Then, the shift invariant transmission policy for sensor , , is constructed as follows. Select vectors of length , say , such that the Hamming weights of them are all equal to , and interleave these vectors in the following manner:
[TABLE]
Example 2**.**
For with duty factors and , we pick , , and . The two constructed shift invariant transmission policies are
[TABLE]
with period . The first policy is obtained by repeating periodically. The second policy is obtained by reading out the rows from top to bottom of matrix
[TABLE]
Observed from Example 2, different shift invariant transmission policies can be obtained by choosing different duty factors and , where . Two heuristic construction methods are considered in this work: one is to construct shift invariant transmission policies that preserve the same duty factors of the optimal transmission policies without attacks; the other is to construct shift invariant transmission policies that achieve the shortest period. Note that the shortest period is achieved when the duty factor is for all . Particularly, in this case, each sensor receives exactly one packet within a period, and thus the lower bound coincides with the upper bound . These two construction methods will be compared through simulation examples in the next section.
V Simulation Example
In this section, we provide some numerical examples to illustrate the main theoretical results. We consider a scenario where three sensors monitor three different dynamic processes. The system parameters are given as follows:
[TABLE]
By solving the optimization problem in (7), the optimal transmission policy for each sensor is obtained as
[TABLE]
with duty factor , , , respectively, and period . Then, by solving problem using the proposed B&B algorithm, the optimal attack strategy is obtained as .
The infinite-horizon average estimation error covariance of the overall system under different scenarios are shown in Fig. 3. The blue solid line represents the estimation error covariance under the optimal transmission policy without attack. The red circle line and the yellow plus line correspond to the estimation performances under the optimal and randomly generated time synchronization attacks, respectively. The blue dash-dot line stands for the expected estimation error covariance when using shift invariant transmission policy that preserves the same duty factors of optimal one under random attack, i.e., , , , . Here the expectation is taken with respect to the different choices of and the randomly generated attacks. The purple dotted line and the green dotted line are the corresponding performance bounds derived in Theorem 3. The red dashed line stands for the estimation error covariance when using shift invariant transmission policy that achieves the shortest period, i.e., , , , . It can be observed that the remote estimation error covariance diverges exponentially fast when the system is under the optimal or the randomly generated time synchronization attack, which is consistent with the results obtained in Section III. On the other hand, the remote estimation error covariance is bounded when shift invariant transmission policies are adopted, which demonstrates the effectiveness of the proposed countermeasure. Moreover, the shift invariant transmission policy with the shortest period achieves a better performance compared to that with the same duty factor.
VI Conclusion
In this paper, we studied time synchronization attack against multi-system scheduling in a remote state estimation scenario. For the case that the attacker does not have any system knowledge, we showed that it is able to make the expected average estimation error covariance of the overall system go to infinity. For the case that the attacker has full system knowledge, we proposed an efficient algorithm to solve the optimal attack that spoofs the least number of sensors and leads to unbounded average estimation error covariance of the overall system. To mitigate the attack consequence, we further proposed countermeasures and characterized the lower and upper bounds for system estimation performance when using shift invariant transmission policies. Simulation and comparison were provided to demonstrate the analytical results.
For the future work, one possible direction is to investigate optimal sensor schedule, optimal time synchronization attack and countermeasures when multiple packet reception is allowed. Additionally, it would be interesting to analyze the explicit estimation performance when different shift invariant transmission policies are adopted.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] K.-D. Kim and P. R. Kumar, “Cyber–physical systems: A perspective at the centennial,” Proceedings of the IEEE , vol. 100, no. Special Centennial Issue, pp. 1287–1308, 2012.
- 2[2] V. C. Gungor and G. P. Hancke, “Industrial wireless sensor networks: Challenges, design principles, and technical approaches,” IEEE Transactions on industrial electronics , vol. 56, no. 10, pp. 4258–4265, 2009.
- 3[3] L. Shi, P. Cheng, and J. Chen, “Sensor data scheduling for optimal state estimation with communication energy constraint,” Automatica , vol. 47, no. 8, pp. 1693–1698, 2011.
- 4[4] Z. Ren, P. Cheng, J. Chen, L. Shi, and H. Zhang, “Dynamic sensor transmission power scheduling for remote state estimation,” Automatica , vol. 50, no. 4, pp. 1235–1242, 2014.
- 5[5] D. Han, P. Cheng, J. Chen, and L. Shi, “An online sensor power schedule for remote state estimation with communication energy constraint,” IEEE Transactions on Automatic Control , vol. 59, no. 7, pp. 1942–1947, 2014.
- 6[6] C. Yang, J. Wu, X. Ren, W. Yang, H. Shi, and L. Shi, “Deterministic sensor selection for centralized state estimation under limited communication resource,” IEEE transactions on signal processing , vol. 63, no. 9, pp. 2336–2348, 2015.
- 7[7] D. Han, J. Wu, H. Zhang, and L. Shi, “Optimal sensor scheduling for multiple linear dynamical systems,” Automatica , vol. 75, pp. 260–270, 2017.
- 8[8] S. Wu, X. Ren, S. Dey, and L. Shi, “Optimal scheduling of multiple sensors with packet length constraint,” IFAC-Papers On Line , vol. 50, no. 1, pp. 14 430–14 435, 2017.
