Research On Key Techniques Of Security And Privacy Preserving For Cyber-Physical Systems

Cyber-Physical Systems (CPS) is one of the most cutting-edge areas with the requirement of interdisciplinary research, and it is broadly considered as the next revoluation of information processing technique. CPS promises that it will transform how we interact with the physical world just like Internet transformed how we interact with one another before. CPS is a large-scale, distributed, heterogeneous, complex, and deeply embedded real-time system, and involved with computer science, networking, control theory and etc. Based on the in-depth study on basic theory and characristics of CPS, this thesis presents some innovative ideas, results and improvements about the research on architecture, security and privacy preserving issues.First, a system structure is proposed for CPS to connect one another. And the specific interconnect technique for this system structure is also presented with a particular emphasis on using Internet of Things (IoT) as the core network of Cyber-Physical Internet. And the correctness and feasibility of the presented system structure and interconnect technique is verified through the deployment of a CPS prototype in real physical environment.Second, a survey of security and privacy preserving issues in CPS is presented. The security challenges in wireless communications of CPS are studied and a set of challenges that need to be addressed when building secure CPS are outlined. Then, a novel secure architecture is proposed to cope with these security challenges. Also, the corresponding countermeasures to resolve these security issues are studied from four aspects:access control, intrusion detection, authentication and privacy preserving, respectively. As an effective secure key management for things authentication is the prerequisite of all security operations, a lightweight security key management scheme for wireless communication is also presented for CPS, which is usually composed of heterogeneous sensors/actuators. The proposed scheme is evaluated using four metrics: storage overhead, communication overhead, computation overhead and resilience against nodes compromise attack, respectively.Third, an adaptive Access Control model for Emergences (AC4E) for mission-critical CPS is proposed. Besides critical events of cyber processes, critical events of physical environment and integrations between cyber processes and physical environment can also make CPS unstable. The defininations of Emergency and Emergency Dependence of CPS are presented. And the evaluation metric-Emergency Degree is also proposed for AC4E. A Kalman filter is employed to compute the state estimation and estimation deviation in order to derive the system state function. AC4E generates the corresponding Emergency State Transition Graph based on emergency event time series. And the events are grouped according to their emergency dependency. Finally, optimal response routes may be selected, and the corresponding response, recovery and evaluating options are all executed. AC4E not only provides the ability to control access to data and services in normal situations, but also grants the correct set of access privileges, at the correct time, to the correct set of subjects in emergency situations. It can facilitate adaptively responsive actions altering the privileges to specific subjects in a proactive manner without the need for any explicit access requests. A semiformal validation of the model is presented, with respect to responsiveness, correctness, safety, non-repudiation and concurrency, respectively. Then a case study is given to demonstrate how the AC4E model detects, responds, and controls the emergency events for a typical CPS adaptively in a proactive manner.Fourth, based on in-depth understanding of trust establishment process and quantitative comparison among trust establishment methods, the definitions of trust and reputation are presented for CPS, and a whole evaluation system is also proposed, including trust model, metrics, reputation evaluation, direct trust, indirect trust, local trust and global trust. Eventually, a novel trust and reputation model-TRM-IoT based on the evaluation of node behaviors and fuzzy set theroy is presented to improve the system ability to detect malicious nodes, and enhance the cooperation relationship between nodes. This improves the accuracy of routing decisions, and ultimately QoS of CPS is improved. The accuracy, robustness and lightness of the proposed model is validated through a wide set of NS-3 simulations using End-to-End Packet Forwarding Ratio, Average Energy Consumption, Package Delivery RatioConvergence Speed, Detection Probability as evaluation metrics.Fifth, based on the in-depth study of a real dataset generated by monitoring two houses in Massachusetts for 18 months, a novel Non-Intrusive Occupancy Monitoring (NIOM) by using electricity data from smart meters to infer occupancy is presented. Unlike other existing methods, NIOM does not require deployment of any sensors or additional devices. Instead, NIOM uses threshold evaluation mechanism to detect the occupancy status of the target buildings continousley. The correctness and effectivity of NIOM is validated by comparing experiment results with ground-truth dataset and the result of NILM algorithm. The results show that NIOM approach is more effective at separating occupied from unoccupied periods than the NILM-based approach. For Home A in summer, NIOM could yield overall accuracy of 90.39% with F1-measure of 0.94, while for Home B, NIOM could get overall accuracy of 90.63% with F1-measure of 0.93. To the best of our knowlege, NIOM is the first occupancy-detecting algorithm without any requirement of installing devices or changing user power pattern in smart grid.Last but not the least, a preventing occupancy dection algorithm-CHPr is proposed. Eelectric utilities are rapidly deploying smart meters that record and transmit electricity usage in real-time. However, smart meter data indirectly leaks sensitive, and potentially valuable, information about a home’s activities, such as occupancy-whether or not someone is home and when. Unfortunately, prior research that uses chemical energy storage, e.g., batteries, to prevent appliance power signature detection is prohibitively expensive when applied to occupancy detection. To address this problem, preventing occupancy detection algorithm-CHPr using the thermal energy storage of large elastic heating loads already present in many homes, such as electric water and space heaters is presented. A CHPr-enabled water heater that regulates its energy usage to mask occupancy without violating its objective, e.g., to provide hot water on demand, and evaluate it in simulation and using a prototype is also proposed. The results show that a 50-gallon (189.3 Liter) CHPr-enabled water heater decreases the Matthews Correlation Coefficient (a standard measure of a binary classifier’s performance) of a threshold-based occupancy detection attack in a representative home by 10x (from 0.44 to 0.045), effectively preventing occupancy attack/detection at no extra cost.