Data-Driven Modeling of Cyber-Physical Systems using Side-Channel Analysis

Cyber-physical systems consist of a tight integration between computational, communication, and physical components. Due to this, most of the information in the cyber-domain manifests in terms of physical actions (such as motion, temperature change, etc.). However, this interaction may make the system vulnerable to physical-to-cyber domain attacks. These attacks affect the confidentiality of the system by utilizing the physical actions, which are governed by energy flows. Some of these observable energy flows unintentionally leak information about the cyber-domain. These information leaking observable energy flows are known as the side-channels. Side-channels such as acoustic, thermal, and power allow attackers to acquire the information without actually leveraging the vulnerability of the algorithms implemented in the system. In this chapter, we will demonstrate how a data-driven approach can be utilized to model an attack using acoustic side-channel. As a case study, we take cyber-physical additive manufacturing systems (fused deposition modeling based 3D printer) to demonstrate how the acoustic side-channel can be used to breach the confidentiality of the system.

In previous chapter, we presented a data-driven acoustic attack model. However, in the previous attack model, an attacker may be far from being able to completely reconstruct the G/M-code due to lack of enough information leakage through the side-channels. In this chapter, we present a novel way to amplify the information leakage and thus boost the chances of recovery of G/M-code by surreptitiously altering the compiler. By using this compiler, an adversary may easily control various parameters to magnify the leakage of information from a 3D printer while still producing the desired object, thus remaining hidden from the authentic users. This type of attack may be implemented by strong attackers having access to the tool chain and seeking high level of stealth. We present an implementation of such a compiler here and demonstrate how it can increase the success rate of recovering G/M-codes from the four side-channels (acoustic, power, vibration, and electromagnetic) by up to 39% compared to previously proposed data-driven attack model.

In Part I of this book, we presented data-driven attack models capable of breaching the confidentiality of the system. In this form of attacks, attackers utilize the side-channels (such as acoustics, power, electromagnetic emissions, and so on) in the physical domain to estimate and steal cyber-domain data (such as G/M-codes). Since these emissions depend on the physical structure of the system, one way to minimize the information leakage is to modify the physical domain. However, this process can be costly due to added hardware modification. Instead, in this chapter we present a novel methodology that allows the cyber-domain tools [such as computer-aided manufacturing (CAM)] to be aware of the existing information leakage. We will demonstrate how by changing either machine process or product design parameters in the cyber-domain, we can minimize the information leakage. The methodology presented in this chapter aids the existing cyber-domain and physical domain security solution by utilizing the cross-domain relationship.

In this chapter, we will present a data-driven defense mechanism in cyber-physical systems against kinetic cyber-attacks. Kinetic cyber-attacks cause physical damage to the system from the cyber-domain. In cyber-physical manufacturing, kinetic cyber-attacks are realized by introducing flaws in the design of the 3D objects. These flaws may eventually compromise the structural integrity of the printed objects. In CPS, researchers have designed various attack detection method to detect the attacks on the integrity of the system. However, in cyber-physical additive manufacturing, attack detection method is still in its infancy. Moreover, analog emissions (such as acoustics, electromagnetic emissions, etc.) from the side-channels have not been fully considered as a parameter for attack detection. This chapter presents a novel attack detection method that is able to detect zero-day kinetic cyber-attacks by identifying anomalous analog emissions which arise as an outcome of the attack. This is achieved by statistically estimating functions that map the relation between the analog emissions and the corresponding cyber-domain data (such as G-code) to model the behavior of the system. We will then present the analysis of the proposed method to detect potential zero-day kinetic cyber-attacks in fused deposition modeling based cyber-physical additive manufacturing systems.

In this chapter, we will present a data-driven security framework for modeling the cross-domain security of cyber-physical production systems. Specifically, we will present a novel conditional generative adversarial network-based modeling approach to abstract and estimate the relations between the cyber and physical domains. Using this framework, we will demonstrate how we can determine if various security requirements such as confidentiality, availability, and integrity are met. We will analyze the proposed framework for performing a security analysis of a cyber-physical additive manufacturing system.

The digitization of manufacturing systems is at the crux of the next industrial revolutions. The digital representation of the “physical twin,” also known as the “digital twin,” will help in maintaining the process quality effectively by allowing easy visualization and incorporation of cognitive capability in the system. In this chapter, we will tackle two issues regarding the digital twin: (1) modeling the digital twin by extracting information from the side-channel emissions, and (2) making sure that the digital twin is up-to-date (or “alive”). We will first analyze various analog emissions to figure out if they behave as side-channels, informing about the various states of both cyber and physical domains. Then, we will present a dynamic data-driven application system enabled digital twin, which is able to check if it is the most up-to-date version of the physical twin.

A digital twin is the virtual replica of a physical system. Digital twins are useful because they provide models and data for design, production, operation, diagnostics, and prognostics of machines and products. Traditionally, building a digital twin requires many built-in sensors to monitor various physical phenomena associated with cyber-physical systems such as vibration, energy consumption, etc. However, many legacy manufacturing systems do not have multi-physics sensors built-in by default. Moreover, it might not be feasible to intrusively place sensors in these systems after they are manufactured. To bring the advantages of digitalization to legacy manufacturing systems, in this chapter, we present an Internet-of-Things (IoT) based methodology to build digital twins using an indirect medium such as side-channels, which can localize anomalous faults and infer the quality of the products being manufactured while keeping itself up-to-date. We achieve this by exploring and utilizing the side-channels (emissions such as acoustics, power, magnetic, etc.) of the system that unintentionally reveal the cyber and physical state of the system.

So far in the previous chapters, we have utilized euclidean data for performing data-driven modeling. In Part IV of this book, we focus our attention on data-driven modeling algorithms for non-euclidean data. We specifically focus on developing algorithms for handling non-euclidean data present in cyber-physical systems. To this end, in this chapter we present a novel non-euclidean data-driven modeling approach using graph convolutional neural network.

In Chap. 9, we presented a structural graph convolutional neural network which is capable of performing supervising learning to estimate a function between non-euclidean data and categorical data. In this chapter, we focus on non-euclidean data which are evolving over time. In the cyber-physical system, most of the non-euclidean data (such as engineering data, energy, and signal flow graph, call graph of the firmware, etc.) are always evolving. Hence, it is necessary to utilize algorithms that are capable of handling such temporally evolving non-euclidean data. In this chapter, we present a novel dynamic graph embedding algorithm to handle this issue. In the rest of the chapter, we consider temporally evolving graphs as the non-euclidean data and present an algorithm capable of capturing the pattern of time-varying links.