On Situational Aware En-Route Filtering against Injected False Data in Cyber Physical Systems

Introduction

Monitoring and controlling physical systems through geographically distributed sensors and actuators have become an important task in numerous environment and infrastructure applications. These applications have received a renewed attention because of the advances in sensor network technologies and new development in cyber-physical systems (CPS) (CPSweek, 2010). To monitor and control the physical systems, a typical CPS integrates sensor nodes, actuators, controllers, and networks. In a CPS system, sensor nodes obtain the measurement from the physical components, process the measurements, and send measured data to the controller through computer networks. According to these measurements, the controller estimates the states of physical systems and sends feedback commands to the actuators, which control the operation of physical systems. Thus, the real-time monitoring provided by wireless sensor networks (WSN) is essential for CPS, as it provides rich and pertinent information on the condition of physical systems.

WSNs are important components in CPS and are formed by a set of resource-constrained sensor nodes communicated through an ad hoc fashion. In WSNs, sensor nodes usually are deployed in unattended or even harsh environments (e.g., battlefield) and the lack of tamper-resistance hardware increases the possibility of nodes to be compromised by attackers. Once nodes are compromised, the secret information stored in nodes becomes visible to the attackers. Even worse, the attackers could launch false data injection attacks via compromised nodes, consuming significant network resources and posing serious threats to the lifetime of sensor networks (Ye, 2004; Chen, 2009). In particular, the false data injected by compromised nodes can lead to false events and affect the decisions made at the sink of WSNs. Because a large amount of false data injected by compromised nodes are transmitted to the sink via multiple-hop routes, the false data increases the communication overhead of energy-limited nodes and ultimately shortens the lifetime of WSNs.

To mitigate the false data injection (FDI) type of attacks, we shall develop the situation aware filtering schemes to filter out false injected data inside the network before arriving at the sink of WSNs (or the key controller of CPS). Note that situational awareness (SA) is commonly described as knowing what is going on around the system and within that knowledge of surroundings and being able to identify which events in those surroundings are important (Shen 2007, Shen 2009). Hence, we shall continue to monitor system performance and threats and develop techniques for accurate analysis, fast detection and response against threats. Following this design principle, a number of the situations aware en-route filtering schemes to filter false data injected from the compromised nodes have been developed.