PhD Oral Exam - MohamadGhasem Kazemi, Electrical and Computer Engineering

When studying for a doctoral degree (PhD), candidates submit a thesis that provides a critical review of the current state of knowledge of the thesis subject as well as the student’s own contributions to the subject. The distinguishing criterion of doctoral graduate research is a significant and original contribution to knowledge.

Once accepted, the candidate presents the thesis orally. This oral exam is open to the public.

Abstract

This thesis investigates the cybersecurity aspects of switched Cyber-Physical Systems (CPS) under both synchronous and asynchronous switching conditions. In contrast to linear systems, the design of cyber-attacks by adversaries, as well as the detection, isolation, identification, and development of resilient control strategies by defenders, present greater complexity in switched systems due to the presence of multiple operational modes. A switched linear system is characterized by a finite set of system matrices as the modes of the system and a switching law that governs which mode is currently active. Accordingly, a distinct controller is designed for each mode within the switched system framework. However, the activation time of the controller corresponding to a given mode may not align with the activation time of the plant’s mode that makes the switching asynchronous. In the first topic, we will deal with the cybersecurity of synchronous switched systems. To begin with, we design a covert cyber-attack for this class of dynamical system by playing the role of attacker in such a way that the system follows the reference of the attacker while it remains stealthy from the monitoring system. Indeed, the problem is defined as an H_∞ output tracking for switched systems. To detect the covert attack as the defender, we will develop a new detection methodology by using a switched auxiliary system with special structure on the plant side along with some observers on the Command and Control (C&C). The main approach is using a bank of switched Unknown Input Observers (UIO) to detect and isolate different types of cyber-attacks on input channels as well as measurement channel. The proposed methodology can also detect and isolate covert attack and zero-dynamics attack in the synchronous switched systems. Towards this end, an additional signal, generated as the output of the auxiliary system, will be sent through the communication channel along with the main system output. The main benefit of the proposed methodology is this fact that we do not need any secure model or secure channel in the system and even in the case that attacker can find the mathematical model of the auxiliary system and injects another signal on communicated information of this auxiliary system, the injected cyber-attacks can be detected. The only secret information is defined as the delay between mode information of the plant and the auxiliary system. Moreover, in the case of the FDI cyber-attack, the location of the cyber-attack in terms of sensors or actuators can be identified. In the second topic, cybersecurity of asynchronous switched systems is considered. The problem of cyber-attack design for this class of dynamical systems will be investigated by proposing a stealthy cyber-attack. Then, the problem of cyber-attack detection and isolation for switched systems under asynchronous switching condition will be addressed. Regarding the nature and structure of a CPS, asynchronous switching condition is more practical for these systems with switched dynamics. As there exist asynchronicity between the mode information of the plant and the C\&C sides, cyber-attack detection or control design will be more challenging. On the other side, stealthy cyber-attack design considering the mode information and asynchronous switching condition can be more sophisticated for the attackers. However, since we assume that attackers are intelligent enough to devise diverse cyber-attack strategies, this issue requires attention. Correspondingly, as a part of the second topic, stealthy cyber-attack design for switched CPS with asynchronous switching condition will be investigated on the attacker point of view. Then, the detection and isolation of various cyber-attacks such as the designed stealthy one will be presented. To detect the presence of cyber-attacks in switched systems under the asynchronous switching condition, in one approach, we propose a methodology that is based on an auxiliary system on the plant side with nonlinear switched dynamics along with an asynchronous switched nonlinear observer on the C&C side. Although this methodology solved the detection problem in switched systems with the asynchronous switching condition and can be more secured compared to the linear switched cases, achieving isolation objectives is challenging based on this methodology. Correspondingly, we developed a detection and isolation methodology that is based on a bank of asynchronous switched unknown input observer (SUIO) for the auxiliary system with specific structure and dynamics. Since the observers are developed for the auxiliary system rather than the main plant, the auxiliary system can be designed to satisfy all the limitations and conditions of the asynchronous SUIO while incorporating the H_∞ criterion. Furthermore, cyber-attack detection, isolation and recovery control for a network of Multi-Agent Systems (MASs) with switched dynamics will be considered as the third topic. We address formation control for a network of switched MAS, representing a general framework that can be readily extended to consensus problems. In the first step, we solve the formation control of MAS with switching dynamics in a centralized form. There are certain conditions that need to be satisfied to have solution for this problem. In another strategy, the formation control of MAS with switched dynamics has been developed based on a fully distributed approach. In this case, we do not have any limitations like the ones in the centralized manner. Then, the detection of cyber-attack on the communication channels among different agents will be discussed and according to the detected cyber-attacks, isolation of the under-attack channels will be considered. Finally, a resilient control strategy will be developed.