[Top Talk/Big Coffee Talk] is a series of lectures organized by Meituan Technical Institute for the company's internal organization. It regularly invites Meituan technical team leaders, industry leaders, university scholars and best-selling authors to share best practices and Internet hotspots. Topics, frontier technological progress in academia, etc. We will regularly publish the content of these internal lectures in the future, so stay tuned.
On September 10, 2020, Top Talk invited Associate Professor Mo Yilin from the Department of Automation of Tsinghua University, and asked him to bring a sharing titled "Security Control Algorithm Design in Cyber Physics System". This article is a transcript of the shared content, I hope it can be helpful or enlightening to everyone.
Mo Yilin: Currently an associate professor in the Department of Automation of Tsinghua University. He received his bachelor's degree in Automation from Tsinghua University in 2007, and his Ph.D. degree in Electronics and Computer Engineering from Carnegie Mellon University in 2012. Before joining Tsinghua University, he did postdoctoral research at Carnegie Mellon University and California Institute of Technology. In 2015, he joined the School of Electronics and Electrical Engineering, Nanyang Technological University, Singapore, as an assistant professor, and returned to the Department of Automation of Tsinghua University in 2018. Currently serving as the Associate Editor of Automatica, the top journal in the control field. His main research directions include control system security and networked control systems, and their applications in smart grids, robots and unmanned driving.
The following text records:
"Safety" in Chinese basically contains two meanings in English, one is Safety and the other is Security. The security issues in cyber-physical systems mainly refer to Security. In other words, if someone wants to attack you, how can the normal operation of the system be guaranteed in this case?
Cyber-Physical System
The term "cyber-physical system" was probably first proposed by the National Science Foundation of the United States in 2006. The cyber-physical system is essentially a fusion of Computation, Communication, and Control. The three Cs are combined with each other and embedded in a physical world, which can make the whole system better. Perceive or control the physical world.
For example, unmanned driving is a cyber-physical system, because unmanned driving itself has a physical entity, and there are many sensors to collect data. These data are uploaded to the computer or the cloud through communication, and there may be still between the car and the car. Communication, then do perception, do navigation, then feedback to the execution unit of the unmanned vehicle, and finally feedback to the physical space. These processes include both calculations and control issues.
In fact, cyber-physical system is a big concept. Before everyone talked about security, in fact, it is more about computer security or network security. Now it is more about the security of smart devices such as mobile phones. But why is cyber-physical system security now on the agenda? The main reason for this is the traditional control system. For example, the communication inside the car is realized through CANBUS. Such communication is essentially an independent and dedicated network and does not generate any connection with other networks. So in this case, it is difficult to attack such a system on a large scale.
Security threats to cyber-physical systems
However, intelligence has gradually become a trend, and one of the core things of intelligence is to use many emerging sensing and network technologies to realize the interconnection of everything. In this context, there will be a lot of problems, because everything is connected to the Internet, then the possibility of the system being attacked is magnified a lot. In this case, how to ensure the stability of the entire system or maintain the normal operation of the system is a big challenge.
The picture above is a schematic diagram of the smart home we mentioned earlier. Smart homes hope that people can control home appliances through mobile apps, for example, but once the home appliances are online, the security of the smart home control system will become very important. If an attacker can manipulate thousands of homes In the case of electrical appliances, this may cause very serious problems.
Our laboratory has been doing research on cyber-physical system security since 2010. At that time, a hacker designed the "Stuxnet virus" whose target was a centrifuge used by Iran to purify uranium 235. The "Stuxnet virus" destroyed thousands of Iranian centrifuges and finally caused great damage to Iran's nuclear program. This can be regarded as an example of the successful use of "information warfare" to bring about damage. It is also because of this matter that let us quickly put the security issue of cyber-physical systems on the agenda.
Stuxnet virus
The example of "Stuxnet virus" is a national behavior, which may be relatively rare. Nowadays, attacks against general cyber-physical systems are increasing. For example, in 2016, a report from a US agency pointed out that there were more than 290 attacks on US industrial control systems throughout the year, covering multiple industries such as manufacturing, communications, and energy.
There are many types of attacks. Let me talk about the more common ones first. If the system is connected to the Internet, you can invade the system through the network; even if the system is not connected to the Internet, there are some ways and methods, such as the "Stuxnet virus" example, which is brought in layer by layer through the U disk. These methods can cause great damage.
I think the second issue is more worthy of attention. Generally, researchers with control or this background are not particularly experienced in computer security, so the developed system may have many vulnerabilities. There are even many software developers who do not know that their systems have loopholes, but hackers can find your loopholes. For example, in the case of "Stuxnet virus", Iran does not know that there is a problem with the system, but the hacker has internal information and finds that there is a problem with the system, and then uses this loophole to invade the Iranian system.
One thing that everyone is more worried about is that the current system is becoming more and more complex. For example, a car may have hundreds of ECUs (Electronic Control Units), and a Boeing 787 may have millions of parts, which are millions of parts. 70% of them are outsourced, and first-level outsourcers may then outsource to second-level and third-level, and finally the entire supply chain becomes very complicated, which is equivalent to global production, and finally assembled in Seattle. So in this process, how to ensure that every part installed on the system is safe is also a question worth considering.
Hacking car systems
In fact, there are still many loopholes in traditional automotive cyber-physical systems. For example, in 2015, there was a relatively famous incident in which two hackers (the two men should be just researchers, not really wanting to sabotage) by attacking a Chrysler Jeep car, invaded the display information of this car. The so-called implementation also includes some entertainment systems, and then through this system, enter the network inside the car to control the car, such as direction, control brakes, and even airbags.
Some people might say that if you encounter these problems, they are also found in computers and have been studied for a long time. Why do you need to mention such a concept separately? Is there anything new in the security of this cyber-physical system? ? I think this core value lies in: traditional research is mainly in the so-called Cyber Physical System. As for cyber-physical systems, its core is to say that those systems with "physics", then this physical system brings a lot of challenges.
First of all, traditionally speaking, if a computer is attacked, the worst-case scenario is to shut down the computer and it is over. But if it is a high-speed car, it cannot be turned off directly, and it can only be stopped slowly. However, because the physical system is involved, the matter of stopping is not a simple matter. For a drone, it cannot even be stopped. It must be allowed to fly at a certain speed, because if it is a fixed-wing drone, stopping may mean a crash, so in this process, the physical The system brings a lot of challenges.
Another problem is that we may not be able to stop the physical system. For example, if a power grid is attacked, then we hope to isolate the attacked place as much as possible, instead of causing power outages in the entire region such as Beijing. This means that when the system is under attack, it is necessary to allow the system to run with "injuries" instead of restarting once there is a little trouble. This is also a big problem. Finally, these physical systems actually require very high reliability. For example, for airplanes, we have done some projects with Boeing before. They require that anything put on the airplane needs to be authenticated, and the airplane must be highly reliable. The performance is much higher than the reliability of antivirus software that can detect 99% of viruses.
Many traditional information security methods are a so-called Best of Effort Approach, that is, to provide the best service that can be provided as much as possible, but they cannot give particularly many guarantees, because some require very high reliability. The system, even if there is a small possibility, may hide a big threat.
Build a "moat" for cyber-physical systems
In cyber-physical systems, in order to ensure the security of this system, we need to ensure that this system has very high reliability. In fact, it is difficult to accomplish this goal with any single method. We need a multi-layer defense mechanism. It is like a castle. There is a moat outside, a wall in the middle, and a wall inside. We must fortify layer by layer, and only in this way can we solve this problem.
I think there are several key points, such as Prevention, Detection, Resiliency and Recovery. Among them, Prevention is how to prevent others from entering, then this place may need a better firewall, such as anti-virus software and so on.
Of course, it is impossible for us to keep others out of the system 100%. If someone comes in, we need to check whether the system has been compromised, including how to locate which parts of a large system are compromised. Now, this is the so-called Detection. In addition, when we design a system, we need to take into account a certain degree of resiliency. For example, if a part of a car is broken, the system is finished, then the system is not very resilient, so can the system run with "injuries" , Is also a factor to be considered. Finally, when we find that there is a problem with this system, we may need a so-called recovery process, such as restarting and so on. On the whole, I think it is necessary to ensure the security of cyber-physical systems through many aspects, through multi-layer defense.
Security control algorithm in cyber-physical system
Today, I want to tell you about some of the relatively preliminary work we have done in cyber-physical systems, mainly in two aspects: one is testing and the other is resilience. First of all, from the perspective of control, how to think about the security of cyber-physical systems? Of course, it does not mean that control can completely solve this problem, but a multi-layer defense is needed.
control
What can control bring us? Take the offline design system as an example. First, we can find the key components of the system through control, and then make additional redundant designs for these components. Before the system is online, we can do some controllable and considerable analysis of the system to improve the resilience of the system itself; after it is online, we can use traditional methods such as fault diagnosis, of course, this becomes intrusion diagnosis and intrusion Positioning problem. In addition, we can also do some robust control to ensure that the controller of the system is still fault-tolerant in the event of an attack. Finally, there is another question. If a large system wants to make it more secure, where should we reinforce it first? These are all things that control can provide us.
Detect
Next, I will mainly talk about detection. We also started to do related research after being inspired by the "Stuxnet virus" example. The "Stuxnet virus" was discovered in 2010. From a computer perspective, it is a very complicated virus that is difficult to defend against. But from a control point of view, its strategy is actually quite simple. The centrifuge itself is a thing similar to fast spinning. If you want to destroy the centrifuge, you need to make it spin much faster than the originally set speed, but if you just make it spin particularly fast, because the entire system has sensors , The sensor will find that the centrifuge speed is too fast, which will trigger an alarm. After the alarm, a technician will come to check. The whole process cannot cause great damage to the system.
However, a strategy adopted by the "Stuxnet virus" is not to attack the system first, but to record the output of its sensors (such as the speed of the centrifuge) when the system is operating normally. To illustrate the problem well, let's assume that the centrifuge has 1,000 revolutions per second, and the "Stuxnet virus" records a lot of such data. Then, when it really starts to attack the system, Stuxnet will replay the recorded data, that is, when the speed of the entire system is adjusted to 2000 rpm, it will use the previous normal data to replace the abnormality. Data, then the system operator will see that the speed is still normal and will not notice that the system has a problem. For example, in some police and gangster movies, the gangsters will replay the surveillance video of the place they want to rob, such as using the previous day’s normal image to overwrite the looting image, which is very similar to the "Stuxnet virus" strategy. Similarly, "replay" attacks are also relatively common in the field of information security.
You can simply take a look at the block diagram of this system. For example, if we make a centrifuge or another physical system, we need to control it. Then we use sensors to monitor this system, and the output of the sensors will be given to an estimator. For driverless driving, this may be called perception, rather than simply estimation, because its function may be more complicated. But no matter what kind of system, we need to process the collected information through such a thing, and then get the state of the system, and then design the control of the system based on the state, and finally feedback to the physical system. The estimator may also output some information and pass it to the fault detector, and then the fault detector will detect whether the received information y(k) is a problem. It is probably such a system.
For the attack, it is also divided into two stages. In the first stage, the attacker does not modify the system control part, but passively records some sensor signals. After recording enough sensor signals, enter the second stage and start to modify the control signal of the system. While modifying this signal, another thing the attacker has to do is to disconnect the sensor side of the system. Open, so as to replace the real data of the sensor with the normal data recorded before.
Since the system itself has a fault detector, the most primitive system was designed without security at all, and did not consider whether it can detect the so-called "replay" attack. In fact, "replay" attacks are not always effective. We found that some systems can detect "replay" attacks, but some systems cannot. As shown in the figure above, the Y axis represents the probability of a detector alarm, and the maximum value of the alarm probability is 1. The replay of the entire system starts at time zero, so as the first system, that is, the system marked by the blue line, we can see that when the replay starts, it has a relatively short damage process, that is, this time The probability of alarming is some, but not particularly high, and then the probability of alarming is quickly reduced to a value close to 0; and for the second system, the system marked by the red line, we find that its alarm probability increases with "Put" becomes higher and higher, and eventually tends to 1.
However, many systems, like those marked by the blue line, have no way to detect "replay" attacks. Then you may fall into a problem, the attacker will do some tricks in the system behind the operator of the system. In response to this problem, we designed an active detection method. The detection just mentioned is a passive detection, by collecting a lot of sensor information, and then to see if the sensor information is consistent with the model of the system itself. But this method has a big problem. For example, when controlling the centrifuge, its rotation speed is always 1000 rpm. Then when the sensor tells us that the rotation speed is 1000 rpm, in fact the sensor does not give us anything from a certain angle. Information, because the system is well controlled.
Our idea is whether we can not control the system so well. We take the initiative to add a disturbance signal to the control signal, which can also be called a watermark signal. This means that the watermark signal is a relatively small noise hidden in the real control signal. If our system is not attacked, then this noise will be detected by the sensor, and then enter the estimator, the estimator can identify this noise in the signal output by the sensor. When the system encounters a "replay" attack, because the noise of the system is completely random, then the random signal in the sensor does not correspond to the random signal received now, because the random signal received now is the previous signal" "Replay" here. Therefore, we can stimulate the system by adding such a small disturbance, and then let the system respond to this small disturbance, so that we can detect whether there is a problem with the system. We call this method an active detection method, which actively stimulates the system instead of passively collecting information. In fact, this method is also similar to the Challenge-Response mentioned in the field of computer science. By giving the system a Challenge, then the system will return to the Response, so that you can perceive whether the entire system and the entire control loop are intact. of.
The picture above is the result of some experiments we did. It is aimed at a very simple system. Everyone can think of this as the ability of noise. We found that the higher the energy added, the higher the probability of detection. Our general processing idea is this. There will be some technical problems later. For example, after adding a disturbance signal, the control of the system will not be so good. What is the cost of this? What is the relationship between cost and detection performance? How should Trade Off be weighed? We can think of it as a problem similar to optimization, and then we can do a solution.
In fact, the designs we are doing now are based on the known model, because most of the system control is usually based on the assumption that the system model is known. At present, data-based methods are becoming more and more popular, and we also try to do some data-driven experiments. Among them, we need to make some simple assumptions, such as the system itself is stable, we know how many dimensions x has, and other specific parameter assumptions are unknown. Then we can do some data-driven approach.
The idea is also very simple, that is, we need to add a random signal to this place. After adding this random signal, the system will generate some stimuli. After these stimuli are generated, we can adjust the specific parameters of the system through the relationship between input and output. Make some inferences. How to add the best signal? What should the detection device do? These are specific details, so I won't go into details here. The following is a simulation we made for the TEP system commonly used in the chemical industry. The dotted line is the output of the detector obtained by learning the optimal design of the watermark signal and the detector through the data without model knowledge.
As you can see, it fits very well with the solid line with the model. In addition, this system received a "replay" attack at 100 hours, and we can see that our watermarking method can effectively detect the attack.
algorithm design
What I want to talk about below is how to design a resilient algorithm. Here is also a very simple problem, similar to a simple state estimation problem. For example, there are many sensors in a self-driving car that can locate the car, such as radar, GPS, IMU, and vision sensors. Then how should we integrate this thing? This is a very traditional state estimation problem.
This is a very simplified model. There are many sensors. Each sensor is measuring something called a state. This state is recorded as x and the measurement value of the sensor is recorded as z. Of course, this refers to a simplified linear Gaussian model, that is, the measured value is a linear function of the real state plus a certain amount of noise. For example, the simplest example: there are three sensors, all three sensors are measuring positions, this position here assumes that it is a one-dimensional signal, the three sensors are all measuring positions, all with some noise. In this case, the law of fusion is very simple, that is, finding the average of these three measured values can also prove that it is an estimate of the maximum likelihood or the minimum mean square error in many senses. These are not very difficult.
But the problem is, if for such an estimator, if there is a big problem with a sensor, for example, there is a sensor that may be very large or very small, it will bias the overall estimate, then this will cause A very serious consequence.
Of course, this problem can also be said to be very simple, because these three sensors are measuring the same content, you know that the measured values of these three sensors should be close, if one of them is very different from the other two, then We can think that this sensor is defective, and we can eliminate it. This is actually an idea called bad data detection, which is to remove data that does not match other data. This approach feels relatively simple, but it is actually not that simple. Because this model is a very simple model, that is, the three sensors are measuring the same thing and the same state, so if one is much different from the other two, it means that the sensor has a problem. But suppose we are measuring different states, for example, some sensors are measuring the temperature of this room, some are measuring the temperature of the corridor, and some are measuring the temperature of another room, then how is the data between them called matching? Called a mismatch, this problem becomes very complicated.
For another example, the GPS and radar of the driverless car are both measuring the position, but the two positions may be measured at different times. If this sensor tells me that I am now, and the other sensor tells me that I will be there next time. In this case, it is a very complicated problem to judge whether the two data match or not.
Therefore, our idea here is whether this method of bad data detection can be eliminated, because to use bad data detection, we must first define what data matching is. In fact, the general method defined is to first make a state estimate, then calculate the residual through the state estimate, and then use the residual to determine whether the data matches, and we want to directly calculate a good state estimate. So here we consider such a problem, z is the estimated value of a real sensor. We think that this estimated value is equal to a linear function of the state plus a noise. Some sensors may be attacked, so we need to add in this real sensor. Add an attack item to the estimate. There are both noise and attacks in z. Noise is generally considered to be a relatively small number. For example, Gaussian may have a fixed variance, which is not particularly large, but noise will affect all sensors. As an attack, we believe that an attack is not the same as noise. The attack may be an arbitrary value, which means it may be very large or small, but this attack can only affect a limited number of sensors, for example, there are 10 in the entire system. Only one sensor may be attacked. If all 10 are attacked, of course, the system is basically dead, so generally only a small part of the sensors are attacked. Then in this case, how should we solve this problem? .
We propose to use the convex optimization method to solve this problem. The general idea is: the measured value of each sensor, of course, this measured value may be the value after being attacked. Assuming that the system has neither attack nor noise, then it should be equal to . However, because there may be attacks and noises, this thing is definitely not equal, and it is considered to be the residual of the first sensor, which is definitely not equal to 0. So in this case, we hope to find a good x to make the residual as small as possible, and we want to minimize such a residual function. We assume here that it is convex, while it is symmetric and non-negative. In fact, it can be proved that there are many kinds of estimators, which can be written in this form, such as the least squares estimator we just mentioned.
We can look at some more examples. For example, if there is such a problem, it is exactly the same as before. Three sensors are monitoring the state, and then there is some noise at the same time, and then assume that one sensor may be attacked. In this case, if you go to optimize the square, it must be problematic, because the square is that your state estimate should be an average value, and the average value itself is not stable. But instead of optimizing the sum of squares, you optimize the sum of absolute values. In this case, your estimate will be a median. The median means to remove the largest, the smallest, and the middle number. In this case, you should It is a relatively good result.
Through this thing, we can get a sufficient condition similar to a security estimate, that is, you need to guarantee two things. Of course, this is a relatively simple idea from a mathematical point of view. That is to say, first of all, the force that each person can generate must be finite. This force is essentially a slope, which means that its maximum slope must be finite. Then, in other words, the force generated by any of your P individuals must be less than the force generated by the remaining people, because here I assume that there is a problem with P individual. In this case, if P individual has a problem, no It will take the entire system away, probably like this. Of course, you can prove that these two conditions are also necessary.
Of course, we will do a lot about the dynamic system later, because the time may not be too much, so I won't start here. From 2015 to 2018, I was in Singapore. At that time, we accepted a project about autonomous driving from the Ministry of National Defense of Singapore. They were also more concerned about the safety of autonomous driving. Here is what we did on a simulation system. something.
The problem is this. There are currently three sensors for positioning in the system: IMU, radar, and GPS. Among them, the yellow line is the position told by GPS. You can see that GPS is gradually shifting from the real position. The reason is that we have added a GPS deception tool in this system. This kind of tool is also relatively common. There have been previous attacks by Iran using GPS spoofing to capture a U.S. UAV because that UAV thought it had flown to a safe place and landed, but that place is actually Iran. Occupied area, and then it was captured. Because the GPS signal is a single direction, the correspondent actually has no way to confirm whether the GPS signal is true. So if we have a transmitter that transmits a stronger signal to overwhelm the real GPS signal, then in this case You are wrong to get GPS.
In this picture, we use the traditional information fusion method EKF to integrate IMU, radar, and GPS. The pink one is the information we have made. At this time, you can also see that the pink line has gone too far, and the last one is about two meters away, which is probably out of a lane because the GPS signal was hijacked. This picture is the result of some security design added later. You will find that when you are relatively small, you have no way to detect whether it is caused by noise or attack. However, if when the GPS is very large, we can find that there is a problem with the GPS signal in this place, and then we will merge the three sensors into only two sensors, radar and IMU. Such an effect is equivalent to saying that a GPS problem has been detected.
to sum up
Today I talked about a lot of technical things, mainly I want to talk to you about the security of cyber-physical systems, because security itself is a very important issue. Secondly, from the point of view of control, we have some thoughts on this aspect of things. Compared with the traditional computer direction, the way we think is not particularly the same. But I still feel that the final solution should be many disciplines to cooperate and cooperate, and then produce a defense mechanism of multiple layers, multiple angles, and multiple methods.
What I will mainly talk about today is intrusion detection, and the other is state estimation. In fact, this concept faces a lot of challenges from the perspective of control alone. It will take about 10 years to achieve some results in this field, but I think we still need to learn more. Some things I hope to do can provide some additional security guarantees for real cyber-physical systems. Thank you everyone.
---------- END ----------
Job Offers
The Information Security Department of Meituan is hiring risk control strategy engineers, senior product managers (risk control strategies), mobile security engineers/experts, system security engineers, cloud native security engineers/experts, blue army experts/senior blue army experts, business blue forces Expert/senior business blue army expert, account security expert, front-end architect/expert, Java development engineer, senior Java engineer, senior security management engineer, security integrated solution expert, data security expert, product manager-anti-climbing direction, audit strategy Management, intrusion countermeasure expert, data security product expert, data mining senior expert, big data research and development engineer, big data senior architect, deep learning algorithm engineer, senior data mining/expert (anti-cheating algorithm direction) and other positions.
For details, please refer to: Meituan Security Recruitment丨 etc., the first person in the fall
Welcome to send your resume to [email protected]. Please indicate the subject of the email (intentional post-city-Meituan technical team official account).
Maybe you still want to watch
| Cloud Native Container Security Practice
| Internet companies: How to build a data security system?
| Exclusive Breaking News! What kind of experience is it to engage in security at Meituan?