Reposted article (originally posted in 2017)
Remote control and sensing over wireless communication has been continuously increasing. This trend will not slow down with so much expectation for the Internet of Things. However, the spread of wireless communication can create vulnerability to various control systems as it can easily be disrupted by Denial-of-Service attacks through jamming of transmissions. In this article, we provide a brief overview on this new critical issue and the current efforts made by researchers in IFAC.
Cyber security has become an important issue for the society. Information and communication technologies are heavily incorporated in many fields and yet they are exposed to cyber-attacks that threaten financial losses, environmental damages, and disruption of services used in daily life.
Recent research indicates that industrial control systems are no exception being under threats by malicious attackers. Communication channels used for transmission of measurement and control data are vulnerable against various types of attacks.
In this article, we focus on the so-called jamming attacks, which are Denial-of-Service attacks on wireless channels. Jamming attacks are perhaps the simplest types of attacks a control system may face, but they can be very dangerous. Generating a jamming attack does not require information about the internals of the control system. By simply emitting an interference signal, a jamming attacker can effectively block the communication on a wireless channel, disrupt the normal operation, cause performance issues, and even damage the control system.
Typically jamming attacks are classified in two categories: active jamming and reactive jamming 1. An active jammer’s goal is to keep the channel busy regardless of whether the channel is being used or not. For example, the attacker can continuously send strong radio signals to increase the signal-to-noise-plus-interference ratio at the receiver side. A reactive jammer on the other hand observes the channel activity and starts jamming only when the channel is being used.
One of the key issues that make jamming attacks a big threat is that they are easy to launch. As a recent survey2 indicates, jamming devices that can target various wireless technologies including GPS, mobile communications, and Wi-Fi are already available for purchasing. It is mentioned that in the case of Wi-Fi, even special devices may not be needed as computers can be turned into jammers.
On top of this, increasing security against jamming may not always be easy. Certain types of stealthy jamming attacks can cause significant amount of failures in packet delivery on a wireless channel without being detected. One of the ways of mitigating jamming attacks is to use frequency hopping methods, where transmissions are made over a random sequence of different frequencies. But a powerful attacker can still overcome such methods3,4.
There are a few cases of jamming incidents that indicate the criticality of the issue. In 2015, cars parked near a retail store could not be unlocked remotely using key fobs, which indicated the presence of a jammer that interrupted the key fob signals 5. Another much more concerning case involves an explosion of an oil pipeline. A recent report6 on the explosion of Baku-Tbilisi-Ceyhan oil pipeline in 2008 hints the possibility of cyber-attacks that involved jamming of satellite communications to prevent transmission of alerts.
It appears that jamming will remain to be a major issue. Researchers point out that the next generation air traffic communication systems7, vehicle platoons8, the satellite navigation2, and the power market9 are all susceptible to jamming attacks. With the expansion of the Internet of Things, the use of wireless communications is rapidly increasing in many fields and jamming is becoming a bigger threat. This prompts an important question: How can we be prepared for jamming attacks?
Within IFAC, researchers are addressing this question from the perspective of control engineering. These efforts include
- evaluation of the performance of existing control systems under jamming attacks, and
- development of new systems that are resilient to jamming attacks.
We briefly introduce these lines of research below. It is interesting that these researches deal with cyber attacks, but the approaches are not based on information technology oriented methods.
In a typical wireless networked control system setup, remotely located components exchange data with each other over wireless medium. Some researchers evaluate the performance of wireless networked control systems by investigating the level of jamming that they can tolerate without having major issues such as disruption of operation. Since emitting jamming signals requires energy, it is costly to the attacker. It would be ideal if a control system can operate even under attacks from an attacker with large resources.
The challenge in evaluating the performance of a control system under jamming attacks is that we cannot know exactly when jamming attacks may start/end. Another issue is that the power of the jamming signal used by the attacker may be changing each time there is an attack. Therefore, it is also not clear how likely a transmission failure might occur when there is jamming. One of the approaches to understand the effects of jamming even in this uncertainty is to consider the worst-case scenarios that may happen.
To identify the worst case, it is of interest to explore the question: What would be the optimal strategy of the attacker? The attacker would want to disrupt the normal operation of a system without using excessive resources. For instance, in several research articles, jamming energy is considered as a constraint in the problem, and it is assumed that the attacker tries to make as much damage as possible within specified energy limits. Another approach is to consider jamming energy as a part of the attacker’s cost function in an optimization problem where the attacker tries to minimize the energy usage. Some researchers also use game-theoretic methods for understanding how optimal strategies of the attacker would relate to the optimal strategy for the transmission of the measurement and the control data.
Designing control systems that are resilient to jamming attacks is also an important research theme within IFAC. For instance, some researchers studied control systems that incorporate mechanisms to detect the presence of an attack. Furthermore, recently researchers also developed so-called event-triggered controllers to pick times of data transmissions so as to reduce the effect of jamming on the operation. If a particular transmission attempt faces a jamming attack, a new transmission time can be scheduled based on the performance requirements.
Literature on the cyber security of control systems indicates that as an attacker becomes more knowledgeable about the system, in addition to jamming, more sophisticated attacks may also become an option. The attacker can alter the data being transmitted, and in certain cases inject false data into the system without being noticed. In addition, control systems may also face replay attacks, where the attacker intercepts the transmissions and sends a valid but old measurement/control data to cause damages while still following the communication protocol.
As the risk of jamming and other types of attacks is increasing rapidly, ensuring cyber security of control systems will be a challenge of growing importance.
Ahmet Cetinkaya, Postdoctoral Research Fellow
Hideaki Ishii, Associate Professor
Tokyo Institute of Technology
TC 1.5 on Networked Systems