|dc.description.abstract||Cyber-physical systems (CPSs) are large-scale systems that seamlessly integrate physical and human elements via a cyber layer that enables connectivity, sensing, and data processing. Key examples of CPSs include smart power systems, smart transportation systems, and the Internet of Things (IoT). This wide-scale cyber-physical interconnection introduces various operational benefits and promises to transform cities, infrastructure, and networked systems into more efficient, interactive, and interconnected smart systems. However, this ubiquitous connectivity leaves CPSs vulnerable to menacing security threats as evidenced by the recent discovery of the Stuxnet worm and the Mirai malware, as well as the latest reported security breaches in a number of CPS application domains such as the power grid and the IoT. Addressing these culminating security challenges requires a holistic analysis of CPS security which necessitates: 1) Determining the effects of possible attacks on a CPS and the effectiveness of any implemented defense mechanism, 2) Analyzing the multi-agent interactions -- among humans and automated systems -- that occur within CPSs and which have direct effects on the security state of the system, and 3) Recognizing the role that humans and their decision making processes play in the security of CPSs. Based on these three tenets, the central goal of this dissertation is to enhance the security of CPSs with human actors by developing fool-proof defense strategies founded on novel theoretical frameworks which integrate the engineering principles of CPSs with the mathematical concepts of game theory and human behavioral models.
Towards realizing this overarching goal, this dissertation presents a number of key contributions targeting two prominent CPS application domains: the smart electric grid and drone systems.
In smart grids, first, a novel analytical framework is developed which generalizes the analysis of a wide set of security attacks targeting the state estimator of the power grid, including observability and data injection attacks. This framework provides a unified basis for solving a broad set of known smart grid security problems. Indeed, the developed tools allow a precise characterization of optimal observability and data injection attack strategies which can target the grid as well as the derivation of optimal defense strategies to thwart these attacks. For instance, the results show that the proposed framework provides an effective and tractable approach for the identification of the sparsest stealthy attacks as well as the minimum sets of measurements to defend for protecting the system. Second, a novel game-theoretic framework is developed to derive optimal defense strategies to thwart stealthy data injection attacks on the smart grid, launched by multiple adversaries, while accounting for the limited resources of the adversaries and the system operator. The analytical results show the existence of a diminishing effect of aggregated multiple attacks which can be leveraged to successfully secure the system; a novel result which leads to more efficiently and effectively protecting the system. Third, a novel analytical framework is developed to enhance the resilience of the smart grid against blackout-inducing cyber attacks by leveraging distributed storage capacity to meet the grid's critical load during emergency events. In this respect, the results demonstrate that the potential subjectivity of storage units' owners plays a key role in shaping their energy storage and trading strategies. As such, financial incentives must be carefully designed, while accounting for this subjectivity, in order to provide effective incentives for storage owners to commit the needed portions of their storage capacity for possible emergency events. Next, the security of time-critical drone-based CPSs is studied. In this regard, a stochastic network interdiction game is developed which addresses pertinent security problems in two prominent time-critical drone systems: drone delivery and anti-drone systems. Using the developed network interdiction framework, the optimal path selection policies for evading attacks and minimizing mission completion times, as well as the optimal interdiction strategies for effectively intercepting the paths of the drones, are analytically characterized. Using advanced notions from Nobel-prize winning prospect theory, the developed framework characterizes the direct impacts of humans' bounded rationality on their chosen strategies and the achieved mission completion times. For instance, the results show that this bounded rationality can lead to mission completion times that significantly surpass the desired target times. Such deviations from the desired target times can lead to detrimental consequences primarily in drone delivery systems used for the carriage of emergency medical products. Finally, a generic security model for CPSs with human actors is proposed to study the diffusion of threats across the cyber and physical realms. This proposed framework can capture several application domains and allows a precise characterization of optimal defense strategies to protect the critical physical components of the system from threats emanating from the cyber layer. The developed framework accounts for the presence of attackers that can have varying skill levels. The results show that considering such differing skills leads to defense strategies which can better protect the system.
In a nutshell, this dissertation presents new theoretical foundations for the security of large-scale CPSs, that tightly integrate cyber, physical, and human elements, thus paving the way towards the wide-scale adoption of CPSs in tomorrow's smart cities and critical infrastructure.||en_US