Cyber Physical Systems Adam Dettenwanger, Charlie Carlton, Scott Williams CS 455: Introduction to Distributed Systems Computer Science Department, Colorado State University

Why are Cyber Physical Systems Important? Most of us interact with a CPS every day Example: the modern vehicle Creation of complex systems with new capabilities Systems that wouldn’t be feasible without CPS CPS has major economic implications Advanced manufacturing techniques - economic advantage Efficiently managed civil infrastructure (power grid, traffic control)

Problem Characterization The CPS feedback loop Network of sensors transmit current state of the system to controller Controller uses system modeling algorithms to decide next state Controller sends control signals to the appropriate actuators Actuators modify state of the physical system The cycle repeats Implementation Controllers are often embedded systems Can communicate over private or public networks

Trade-off Space for Solutions Inherently multidisciplinary Specialized systems on top of specialized embedded hardware require professional knowledge from a variety of fields Diversity vs. Homogeneity Balancing ease of use and system impenetrability Security vs. Performance Encryption & Gaussian Noise Hard real-time obligations

Dominant Approaches: Part 1 Analyzing continuous, analog reality with discrete computation Sampling at set intervals Event-driven, self-triggering Resiliency Redundancy System diversity Partitioning Least privilege Intrusion detection System monitoring Strategic information sharing, gossip

Dominant Approaches: Part 2 Contracts Simplified standards for node behavior Assumption and Guarantee Specified time quantum or message content Breach of contract leads to defensive behavior from node holding assumption Standards, protocols, and best practices Necessary for the growth and success for any new technology Law enforcement and physical protection of highly critical nodes

Insights Gleaned CPSs face network problems Balance performance and security No easy solution for synchronization issue Suggested solutions Traditional redundancy encryption (may not be feasible in all cases) network security best practices CPS face the same core issues that networks and other distributed systems face today: 1. Protecting the system against attack 2. Ensuring the confidentiality, integrity, and authenticity of data 3. The need for efficient communication protocols 4. Require resiliency in the system Need to be able to handle the loss/malfunction of a single/group of sensors Need to be able to cope with the loss of the computing layer As with any network, there is an inherent balance that must be struck between the robustness of your security apparatus and the efficient performance of the system. We saw that the issue of time/synchronization can be huge is CPS. The solutions of interval sampling, and “event” driven sampling sacrifice data and autonomy, for some level of synchronization. The suggested solutions to the problems we investigated were ones that we’re all already familiar with: 1. Resiliency - redundancy of sensors, and computational systems 2. Security encryption of data, may not be feasible for sensors with no computational component i. New idea - gaussian noise solution b. use network security best practices i. isolation, least privilege, authentication

The Future Problem Space of CPS Cyber Physical Highway System Pressures Population, roadway congestion, safety Layers Intra-vehicle, inter-vehicle, highway control layer Challenges Security Resiliency We modeled our future problem space around a hypothetical Cyber Physical Highway System. We thought this system may be viable because of the recent interest and research into autonomous or assisted driving vehicles as well as these societal factors: population growth roadway congestion - cost of continuous lane expansions roadway safety The Cyber Physical Highway system is a CPS within a CPS within a CPS. Intra-vehicle: your car itself inter-vehicle: car to car highway control layer: traffic pattern analysis and decision making After considering this system we decided on two major problems that would need to be addressed: security: at every layer resiliency: how to make each layer robust, as well as how the system reacts to failures

Trade-off Space and Future Solutions Similar to Present Day Resiliency Redundancy Security Isolation Encryption Gaussian numerical noise The problem space that we defined overlaps the problem space that present day CPSs face. Resiliency Redundancy at layer of the system: intracar: -redundant sensors monitor all of the vehicles critical components -like the namenode/secondary namenodes we used in our hadoop clusters have a similar system setup for the onboard controller - establish an emergency protocol when systems/sensors fail intercar: -alway have a backup communication module -emergency failure protocols highway controller: -redundant onsite system, as well as geographically separated system -emergency protocols Security intracar: -isolate the sensors from any external network intercar: -wireless communication by necessity -encryption/gaussian noise -wired networks where possible -again use encryption/gaussian noise where possible