On resilient consensus against replay attacks in ... - Semantic Scholar

2012 American Control Conference Fairmont Queen Elizabeth, Montréal, Canada June 27-June 29, 2012

On resilient consensus against replay attacks in operator-vehicle networks Minghui Zhu and Sonia Mart´ınez

Abstract— We consider an operator-vehicle network where each unmanned vehicle is remotely maneuvered by an operator and its inputs are limited. The objective of the operatorvehicle network is to steer the vehicles to a consensus point within a given constraint set by means of coordination among operators and vehicles. Each operator-vehicle pair is attacked by an adversary who is able to maliciously replay the control commands sent from the operator. To play against adversaries, we come up with a novel replay resilient consensus algorithm based on receding-horizon control, and show that the algorithm can guarantee achieving the constrained consensus objective at a geometric rate. Our proposed algorithm shows an analogous resilience property to denial-of-service attacks.

I. I NTRODUCTION In recent years, unmanned vehicles have been substantially developed and so their markets have undergone a dramatic expansion [23]. Without crew onboard, unmanned vehicles offer competitive advantages over their manned counterparts such as lower deployment costs and longer lifetime. Their applications range from civil to military missions, and examples include border and road patrol, search and rescue, scientific monitoring in severe climates, firefighting, and target identification operations. More recently, the use of unmanned vehicles by (human) operators has been proposed to enhance information sharing and maintain situational awareness. However, this capability comes at the expense of the inherent vulnerability of information technology systems to cyber attacks. In particular, the communication between operators and vehicles can be compromised by adversaries, disrupting the network-wise objective. Since we cannot rule out that adversaries are able to successfully amount attacks, it is of prominent importance to provide resilient solutions that assure mission completion despite the presence of security threats. Literature review. Very recently, the security of the new generation of control systems, namely cyber-physical systems, is drawing mounting attention, and the current paper falls into this field. Denial-of-service attacks, destroying the data availability in control systems, are entailed in the recent papers [2], [3], [10]. False data injection, compromising the data integrity of state estimation, is attracting considerable effort; an incomplete reference list includes [16], [19], [22]. Replay attacks, which maliciously repeat transmitted data, were first studied in [17]. The papers [1], [24], [25] are M. Zhu is with Laboratory for Information and Decision Systems, Massachusetts Institute of Technology, 77 Massachusetts Avenue, Cambridge MA, 02139, ([email protected]). S. Mart´ınez is with Department of Mechanical and Aerospace Engineering, University of California, San Diego, 9500 Gilman Dr, La Jolla CA, 92093, ([email protected]). This work was supported in part by NSF Career Award CMMI-0643679.

978-1-4577-1096-4/12/$26.00 ©2012 AACC

devoted to studying deception attacks, where attackers intentionally modify measurements and control commands. In [4], [5], the authors exploit pursuit-evasion games to compute optimal evasion strategies for mobile agents in the face of jamming attacks. The authors in [11] propose a class of trust-based distributed Kalman filters for power systems to prevent data disseminated by untrusted phase measurement units. The paper [21] considers the problem of computing arbitrary functions of initial states in the presence of faulty or malicious agents, whereas [18] focuses on consensus problems. Their main objective is to determine conditions under which the misbehaving agents can (or cannot) be detected and identified, and then devise algorithms to overcome the malicious behavior. This paper employs a distributed receding-horizon control methodology for multi-vehicle networks. Previously, distributed receding-horizon control has been applied to solve the problem of stabilizing an a priori known common setpoint for decoupled subsystems [8], [12], coupled subsystems [14], and the problem of reaching consensus in [9], [13]. Our paper is also related to formation control of multiple vehicles; e.g., in [7], [8], [20]. Statement of contributions. The current paper studies the problem of achieving consensus against replay attacks in an operator-vehicle network. In particular, each vehicle is remotely controlled by an operator and its actuation is limited. Vehicles aim to reach a consensus point within a given constraint set through real-time coordination with operators. Each operator-vehicle pair is attacked by an adversary, who is able to produce replay attacks by maliciously and consecutively repeating the control commands for a period of time. The information operators know about their opponents is limited and restricts to the maximum number, say τmax , of consecutive attacks each adversary is able to launch. To deal with these, we come up with a novel replay resilient consensus algorithm based on receding-horizon control which leverages the idea of motion towards target points of [9]. More precisely, at each time instant, operators assume that the vehicles of current neighbors do not move over a finite time horizon of length nc , and compute a sequence of control commands to minimize some error function while enforcing the state and input constraints along the horizon. If a package of control commands is replayed at any time instant, vehicles will be able to detect it by contrasting associated time indices of packages. In this case, vehicles implement the control command designed for the current time several steps before. Otherwise, they implement the first element of the received control sequence. We show that constrained consensus can be exponentially achieved provided that nc ≥ τmax and

3553

the communication graphs between operators satisfy certain standard connectivity assumption. Under the same set of conditions, our proposed algorithm also achieves the constrained consensus in the presence of denial-of-service attacks.

After introducing the network model, we are now in a position to formally describe the problem of interest: [Objective] Devise a distributed algorithm, including the distributed control law ui (k) for vehicle i, such that pi (k) ∈ X and ui (k) ∈ U for all k ≥ 0 and i ∈ V , and there is some p∗ ∈ X such that lim kpi (k) − p∗ k = 0 for all i ∈ V .

II. P ROBLEM FORMULATION In this section, we first present the architecture of the operator-vehicle network, and the constrained consensus problem of interest. After that, we introduce the model of replay attackers, the knowledge operators possess about their rivals and the objective of this paper. A. The operator-vehicle network Consider a group of vehicles in Rd , labeled by i ∈ V := {1, · · · , N }. The dynamics of each vehicle is governed by the following second-order, discrete-time dynamic system: pi (k + 1) = pi (k) + vi (k), vi (k + 1) = vi (k) + ui (k),

k→+∞

We now seek a transformation of (1). To achieve this, we pick any scalar β > 1, and define the change of coordinate T : R3d → R3d in such a way that T (pi , vi , ui ) = (pi , qi , u ¯i ) where qi = pi + βvi and u ¯i = vi + ui = β1 (qi − pi ) + ui . Perform this coordinate transformation on (1), yielding the following dynamics: 1 1 )pi (k) + qi (k), β β 1 1 qi (k + 1) = (1 + )qi (k) − pi (k) + ui (k) β β = qi (k) + u ¯i (k),

pi (k + 1) = (1 −

(1)

where pi (k) ∈ X ⊆ Rd (resp. vi (k) ∈ Rd ) is the position (resp. the velocity) of vehicle i, and ui (k) ∈ U ⊆ Rd then stands for its input. Throughout the paper, we suppose the following on the constraint sets: Assumption 2.1 (Constraint sets): The state constraint set X is convex and compact. The input constraint set U is a box; i.e., U = {u ∈ Rd | kuk∞ ≤ umax } 1 for some umax > 0. Let pmax > 0 such that kxk∞ ≤ pmax for any x ∈ X. It is worthy to mention that since X is not necessarily a box, then the dynamics in (1) along different dimensions can be coupled. Each vehicle i is remotely maneuvered by an operator i, and this assignment is one-to-one and fixed. Each vehicle is able to identify its location and velocity, and send this information to its operator through a communication network. Within the vehicle team, vehicles cannot communicate with each other. Each operator, on the one hand, can exchange information with neighboring operators, and on the other hand, deliver control commands to her associated vehicle via the communication network. We assume that operators and vehicles are synchronized. The interconnection between operators at time k ≥ 0 will be represented by a directed graph G(k) = (V, E(k)) where E(k) ⊂ V × V \ diag(V ) is the set of edges. Here (i, j) ∈ E(k) if and only if operator i is able to receive the message from operator j at time k. Denote by Ni (k) := {j ∈ V | (i, j) ∈ E(k)} the set of neighboring operators of operator i at time k. In order to achieve some network-wise objective, inter-operator topologies should be sufficiently connected such that decisions of any operator can eventually affect any other one. This is formally stated in the following assumption: Assumption 2.2 (Periodical Strong Connectivity): There is a positiveSinteger B such that, for all k0 ≥ 0, the B−1 directed graph (V, k=0 E(k0 + k)) is strongly connected. 1 In this paper, the notation of k · k (resp. k · k ) stands for the 2-norm ∞ (resp. ∞-norm) of vectors.

(2)

Since the scalar β is non-zero, then the consensus property of lim kpi (k) − qj (k)k = 0 for any pair i, j ∈ V (it could k→+∞

be i = j) in (2) is equivalent to lim kpi (k) − pj (k)k = 0 k→+∞

and lim kvi (k)k = 0 in (1). k→+∞

B. Model of adversaries We now set out to describe the attacker model we consider in the paper. In particular, A group of N adversaries tries to abort the mission of achieving the constrained consensus in X. An adversary is allocated to attack a specific operatorvehicle pair and this assignment is fixed over time. Thus, we identify adversary i with the operator-vehicle pair i. In this paper, we consider the class of replay attacks where the packages transmitted from operators to vehicles are maliciously repeated by adversaries. In particular, each adversary i is associated with a memory storing some past information and its state is denoted by Mia (k). If she launches an replay attack at time k, adversary i executes the following: (i) erases the data sent from operator i; (ii) delivers the past control command stored in her memory, Mia (k), to vehicle i; (iii) keeps the state of the memory; i.e., Mia (k + 1) = Mia (k). In this case, sai (k) = 1 and this indicates the occurrence of a replay attack. If she does not produce any replay attack at time k, adversary i intercepts the data, say ui , sent from operator i and stores it in her memory; Mia (k + 1) = ui . In this case, sai (k) = 0 and ui is successfully received by vehicle i. Without loss of any generality, we assume that sai (k) = 0. We define the variable τia (k) with initial state τia (0) = 0 to indicate the consecutive number of attacks. The evolution of τia (k) is determined in the following way: if sai (k) = 1, then τia (k) = τia (k−1)+1; otherwise, τia (k) = 0. It is noted that τia (k) is reset to zero when adversary i does not replay the data at time k. Hence, τia (k) represents the number of consecutive attacks produced by adversary i up to time k.

3554

We assume that the energy of adversary i is limited, and adversary i is only able to launch at most τmax ≥ 1 consecutive attacks, i.e., Assumption 2.3: (Maximum number of consecutive attacks) There is τmax ≥ 1 such that maxi∈V supk≥0 τia (k) ≤ τmax . Remark 2.1: We would like to justify our model of replay attackers. Replay attacks (and denial-of-service attacks in Section V) do not require any information of the operator-vehicle network and the algorithm exploited. This is in contrast to false data injection in [16], [19], [22] and deception attacks in [1], [24], [25]. From the point of view of adversaries, replay attacks (and denial-of-service attacks) are easier to launch, and thus more preferable when they lack the information of the target control system. On the other hand, replay attacks are less sophisticated than, e.g., deception attacks. However, the discussion in Section III demonstrates that replay attacks are still capable of failing the mission if they are not taken into account in algorithm design. • C. Information about adversaries and our objective In hostile environments, it would be reasonable to expect that operators have limited information about adversaries. In this paper, we assume that the only information operator i possesses is the quantity τmax or any of its upper bounds. At each time, each operator i makes a decision before her opponent, adversary i. Hence, operator i cannot predict whether adversary i would produce an attack at this time. The objective of this paper is to design a distributed control law which allows vehicles to achieve consensus at some point of X against replay attacks given the only information of τmax . Notations. In the sequel, we use the notations of ui (k → ¯i (k → k + nc − k + nc − 1|k) := {ui (k + s|k)}0≤s≤nc −1 , u 1|k) := {¯ ui (k+s|k)}0≤s≤nc −1 and Ki (k → k+nc −1|k) := {Ki (k + s|k)}0≤s≤nc −1 . The quantity |Ni (k)| represents the cardinality of the set Ni (k). III. P RELIMINARIES

pi (k) + ui (k) (if sai (k) = 0) or pi (k + 1) = pi (k) + Mia (k) (if sai (k) = 1) to operator i. In the above classic consensus algorithm, it is not difficult to verify that if the event of sai (k) = 1 occurs infinitely often for any i ∈ V , then vehicles fail to reach any consensus. Even worse, the maximum deviation of D(k) := maxi∈V pi (k) − mini∈V pi (k) can be intentionally driven to infinity despite the limitation of τmax . We further look into a simpler case to illustrate this point. Consider two operator-vehicle pairs with p1 (0) 6= p2 (0). Assume that the two operators communicate with each other all the time, and the update rule is 12 (pi (k)+pj (k)). Suppose τmax ≥ 2, and that adversaries adopt a periodic strategy: s1 (k) = s2 (k) = 0 if k is a multiple of τmax + 1; otherwise, s1 (k) = s2 (k) = 1. It is not difficult to verify ℓ D(0) for integer ℓ ≥ 1. Hence D(k) that D(ℓτmax ) = τmax diverges to infinity at a geometric rate of τmax . The above discussion yields the following insights: firstly, replay attacks are easy to implement since adversaries do not need to know the consensus algorithm used by operators; secondly, the classic consensus algorithm can be easily prevented from reaching consensus by persistently launching replay attacks; thirdly, in the worst case adversaries may be able to drive D(k) to infinity if adversaries know the algorithm and are able to intelligently take advantage of this information; further, if their energy restriction is smaller; i.e., τmax is larger, adversaries can speed up the divergence of D(k). These facts motivate the design of new resilient consensus algorithms which take into account replay attacks. The detection of replay attacks is not difficult when operators and vehicles are synchronized. A possible detection scheme is given by: each operator attaches the current time index to the control command sent to the vehicle, and then the vehicle can detect replay attacks by simply comparing the current time instant and the time index of the received command. With this simple detection scheme, we can design a replay resilient consensus algorithm which only requires knowledge of τmax . B. Constrained multi-parametric programming

In this section, we first identify that the classic consensus algorithm may fail to reach consensus in the presence of replay attacks. We then introduce a constrained multiparametric program.

In this part, we introduce a constrained multi-parametric program. Given umax , we choose a pair of positive constants vmax and u ¯max such that the following holds: vmax + u ¯max ≤ umax ,

A. Failure of the classic consensus algorithm For the ease of presentation, we here consider an algorithm for a first-order dynamical system with d = 1 and X = U = R. The classic consensus algorithm is rephrased to fit our setup as follows: at each time instant k, operator i receives pj (k) from neighboring operator P j ∈ Ni (k), and sends the control command ui (k) = j∈V aij (k)pj (k) − pi (k) to vehicle i. If sai (k) = 1, adversary i sends Mia (k) to vehicle i and lets Mia (k + 1) = Mia (k). If sai (k) = 0, adversary i then lets Mia (k + 1) = ui (k). After receiving the data ui (k) (if sai (k) = 0) or Mia (k) (if sai (k) = 1), vehicle i implements it and then sends the new location pi (k + 1) =

u ¯max ≤ vmax .

(3)

max We introduce some notations of ̺ := min{ 12 , 2pmaxu¯+βv }, max d ¯ W := {vi ∈ R | kvi k∞ ≤ vmax } and U := {¯ ui ∈ Rd | k¯ ui k∞ ≤ u ¯max } where pmax is a uniform bound on X and given by Assumption 2.1. Let ̺ˆ ∈ (0, ̺) such that

(1 − ̺ˆ)2 − (1 − ̺ˆ)4 < 1.

(4)

Given ̺ˆ, we then choose a set of positive constants δ1 , δ2 , α and γ such that

3555

1 − (1 − ̺ˆ)4 α + ̺ˆ2 γ ≤ min{α + γ − δ1 , 2α − δ2 }. 1 − (1 − ̺ˆ)2

(5)

Remark 3.1: We now explain how to choose the parameters to satisfy (5). After some algebraic manipulation, the relation (5) can be written as follows: 2

sequence of ui (k → k + nc − 1|k) by simulating the dynamics of vehicle i over [k, k + nc ] as follows:

1 (1 − ̺ˆ) − (1 − ̺ˆ) α+ δ′ 1 − (1 − ̺ˆ)2 1 − ̺ˆ2 1 1 1 ≤γ≤ α − 2 δ2′ . 1 − (1 − ̺ˆ)2 ̺ˆ

1 1 )pi (k + s|k) + qi (k + s|k), β β qi (k + s + 1|k) = qi (k + s|k) + u ¯(k + s|k), 1 ui (k + s|k) = u ¯i (k + s|k) − (qi (k + s|k) β − pi (k + s|k)), 0 ≤ s ≤ nc − 1, (8) pi (k + s + 1|k) = (1 −

4

(6)

Because of (4), the relation (6) can be satisfied by means of the following steps: firstly, choose any α > 0; secondly, choose sufficiently small δ1′ and δ2′ such that the following holds:

where qi (k|k) = qi (k) and pi (k|k) = pi (k). Operator i then sends the package including ui (k → k+nc −1|k) to vehicle i where each element ui (k + s|k) in the package is labeled by the time index k + s for 0 ≤ s ≤ nc − 1. δ1′ 1 δ2′ (1 − ̺ˆ)2 − (1 − ̺ˆ)4 α+ < α − 2; If sai (k) = 1, adversary i launches a replay attack, sending 1 − (1 − ̺ˆ)2 1 − ̺ˆ2 1 − (1 − ̺ˆ)2 ̺ˆ the stored command M a (k) to vehicle i, and letting Mia (k + lastly, choose γ such that (6) holds. • 1) = M a (k). If sa (k) =i 0, adversary i then does not produce i i Let pi (k + s|k), qi (k + s|k), vi (k + s|k) and u ¯i (k + s|k) any attack, instead intercepts the package containing u (k → i to be the quantities of time k + s predicted at time k. With k + n − 1|k), and updates her memory as M a (k + 1) = c i the above notations in place, we then define the following u (k → k + n − 1|k). i c nc -horizon program with the state, velocity, input constraints After receiving the package, vehicle i checks the time ¯ (nc -P, for short) parameterized by the vector X, W and U index which is k − τia (k). If the package is new (i.e., (pi (k), qi (k), zi (k), vi (k)) ∈ X 3 × W : a τi (k) = 0), then vehicle i replaces it in her memory by the new arrival (i.e., Miv (k + 1) = ui (k → k + nc − 1|k)), nX −1 c implements ui (k) = ui (k|k), and sends pi (k + 1) and αkzi (k) − qi (k + s|k)k2 min ¯ ui (k→k+nc −1|k) vi (k + 1) to operator i. If the package is repeated (i.e., s=0
2 2 τia (k) ≥ 1), then vehicle i implements ui (k|k − τia (k)) in + γk¯ ui (k + s|k)k + αkzi (k) − qi (k + nc |k)k , its memory, sets Miv (k + 1) = Miv (k), and sends pi (k + 1) 1 1 s.t. pi (k + s + 1|k) = (1 − )pi (k + s|k) + qi (k + s|k), and vi (k + 1) to operator i. At the next time k + 1, every β β decision maker will repeat the above process. qi (k + s + 1|k) = qi (k + s|k) + u ¯i (k + s|k), Remark 4.1: In the nc -P parameterized by u ¯i (k + s|k) = Ki (k + s|k)(zi (k) − qi (k + s|k)), ¯i (k → k+nc −1|k), (pi (k), qi (k), zi (k), vi (k)), the solution u 1 on the one hand, steers the state qi (k) towards to the target vi (k + s|k) = (qi (k + s|k) − pi (k + s|k)), β point zi (k) in a suboptimal manner, on the other hand, qi (k + s + 1|k) ∈ X, vi (k + s|k) ∈ W, saves the control effort u ¯i (k). The target point zi (k) is an average of the current locations of vehicles in the set ¯ u ¯i (k + s|k) ∈ U , 0 ≤ s ≤ nc − 1, (7) {i} ∪ Ni (k). The idea of moving towards target points for where pi (k|k) = pi (k), qi (k|k) = qi (k), vi (k|k) = vi (k) distributed receding-horizon control is first proposed and and, Assumption 2.1 and the condition (5) hold. In (7), the analyzed in [9]. Another important capability of the nc -P is state zi (k) ∈ X is some target point defined later. that explicitly handles state and input constraints, which is a unique advantage of receding-horizon control. IV. R EPLAY RESILIENT CONSENSUS ALGORITHM For our setup of adversarial networks, the most important feature of the nc -P is its ability to produce a sequence of In this section, we propose the replay resilient consensus feasible control commands for the next few steps. These algorithm to play against the relay attackers. Overall, the commands serve as backup and are used by vehicles in replay resilient consensus algorithm can be roughly described response to replay attacks. As mentioned before, operators as follows. cannot predict the occurrence of replay attacks and have to [Informal description] Each vehicle has a memory and its account for the worst case. That is, each operator assumes state is denoted by Miv (k). that her opponent would launch attacks at every time instant, At each time k, operator i receives pj (k) from operator j ∈ and choose nc ≥ τmax . Ni (k) and then computes the target point zi (k) as follows: Like other receding-horizon control laws, e.g., in [6], X
1 [15], our proposed algorithm requires that each operator qi (k) + pj (k) . zi (k) = online solves an optimization problem, the nc -P, at each 2 + |Ni (k)| j∈Ni (k)∪{i} time instant. We will discuss the issue of solving these • Operator i solves the nc -P parameterized by optimization problems in Section V. (pi (k), qi (k), zi (k), vi (k)), and obtains the control sequence We formally state the interactions of the ith group con¯i (k → k + nc − 1|k). Operator i generates the control sisting of operator, vehicle and adversary i in Algorithm 1. u 3556

Algorithm 1 Replay resilient consensus algorithm Require: Initially, operators agree on β > 1 and a pair of positive constants vmax and u ¯max such that (3) holds. In addition, operators agree on a set of positive constants δ1 , δ2 , α and γ such that (5) holds. Vehicle i initially starts from (pi (0), vi (0)) with (pi (0), pi (0) + βvi (0)) ∈ X 2 and vi (0) ∈ W . Ensure: At each k ≥ 0, adversary, operator, and vehicle i execute the following steps: 1: Operator i receives the location pj (k) from her neighboring operator j ∈ Ni (k), and computes the target point zi (k). Operator i solves the nc -P parameterized by (pi (k), qi (k), zi (k), vi (k)), and obtains the solution ¯i (k → k + nc − 1|k). After that, operator i computes of u ui (k → k + nc − 1|k) in (8) and sends it to vehicle i. a 2: If sa i (k) = 1, adversary i sends Mi (k) to vehicle i, and a a a lets Mi (k + 1) = Mi (k). If si (k) = 0, adversary i sets Mia (k + 1) = ui (k → k + nc − 1|k). 3: If τia (k) = 0, then vehicle i sets Miv (k + 1) = ui (k → k + nc − 1|k), implements ui (k|k), and sends pi (k + 1) and vi (k + 1) to operator i. If τia (k) ≥ 1, then vehicle i implements ui (k|k−τia (k)) in Miv (k), sets Miv (k+1) = Miv (k), and sends pi (k + 1) and vi (k + 1) to operator i. 4: Repeat for k = k + 1.

Before introducing the convergence properties of our proposed algorithm, we first present a characterization of the optimal solutions to (7). Proposition 4.1: (Characterization of the optimal solutions to the nc -P) Consider the nc -P parameterized by the vector (pi (k), qi (k), zi (k), vi (k)) ∈ X 3 × W and its optimal ¯i (k → k + nc − 1|k) with u solution u ¯i (k + s|k) = Ki (k + s|k)(zi (k)−qi (k+s|k)). There is a pair of constants ϑmin and ϑmax independent of (pi (k), qi (k), zi (k), vi (k)) ∈ X 3 × W where 0 < ϑmin ≤ ϑmax < 1 such that Ki (k + s|k) ∈ [ϑmin , ϑmax ]. Denote η := min{ β1 , 1− β1 , 1−ϑmax , Nϑmin −1 } ∈ (0, 1) where ϑmin and ϑmax are given in Proposition 4.1. The theorem to follow provides the convergence properties of the replay resilient consensus algorithm. Theorem 4.1: (Convergence properties of the replay resilient consensus algorithm) Suppose that Assumptions 2.1, 2.2 and 2.3 hold. Let vehicle i start from (pi (0), vi (0)) with (pi (0), pi (0) + βvi (0)) ∈ X 2 and vi (0) ∈ W for i ∈ V . The replay resilient consensus algorithm with nc ≥ τmax ensures the following properties: 1) the location pi (k) ∈ X, the velocity vi (k) ∈ W and the input ui (k) ∈ U for k ≥ 0 and i ∈ V ; 2) there is p∗ ∈ X such that pi (k) converges to p∗ at a 1 geometric rate of (1 − η) 2N B−1 for each i ∈ V ; 3) the velocity vi (k) geometrically diminishes at a rate of 1 (1 − η) 2N B−1 for each i ∈ V . To conclude this section, we provide some remarks on the replay resilient consensus algorithm and Theorem 4.1. Firstly, the proposed algorithm and results can be extended

to include different parameters per operator β > 1, and vmax and u ¯max to satisfy (3), and δ1 , δ2 , α, γ to satisfy (5). Secondly, if vi (0) = 0, then vehicle i satisfies the initial condition requirement. Thirdly, τmax can be replaced by any of its upper bounds. Fourthly, it is noticed that if we scale N , then η = O( N 1−1 ) and the convergence rate is approximated 1 N −2 2N B−1 in terms of the network size. Fourthly, the by ( N −1 ) presence of the control constraint U introduces the additional constraint W imposed on the velocities. For the special case of U = Rd , the boundedness of X in Assumption 2.1 and the constraint set W can be relaxed in Theorem 4.1. Finally, we omit the proofs for Proposition 4.1 and Theorem 4.1 because of the space limitation. V. D ISCUSSION AND SIMULATION In this section, we present a discussion about the replay resilient consensus algorithm and its possible variations. A numerical example of Algorithm 1 is provided to illustrate the algorithm performance. A. Resilience to denial-of-service attacks and other algorithm variations Consider the class of denial-of-service (DoS) attacks (e.g., in [2], [3], [10]) where adversary i is able to erase the control commands sent from operator i. It is not difficult to see that Theorem 4.1 still holds provided that the computing horizon is as least as large as the maximum number of consecutive denial-of-service attacks; i.e., nc ≥ τmax . Our algorithms can be slightly modified to address the scenario where adversaries launch replay or denial-or-service attacks on the data sent from vehicles to operators. If adversary i produces an attack at time k, then operator i does nothing at this time. In this way, the results of Theorem 4.1 apply as well. B. Pros and cons of the replay resilient consensus algorithm By exploiting a receding-horizon control methodology, our proposed algorithm demonstrates resilience to replay attacks and denial-of-service attacks. Resilience is achieved under limited information about adversaries; that is, operators is only aware of τmax , but do not need to know the attacking policy. However, this resilience comes at the expense of higher computation, communication and memory costs in comparison with the classic consensus algorithm. In particular, each operator needs to solve a multi-parametric program at each time; a sequence of control commands has to be sent to each vehicle; and each vehicle is required to store a sequence of control commands as backup. C. A numerical example Consider a group of 10 vehicles in R3 where the input limit of each vehicle is umax = 2 and all the vehicles are constrained in a compact environment with pmax = 10. Figure 1 shows that vehicles converge to a single point when τmax = 10. Figure 2 aims to numerically characterize the impact of τmax on the algorithm convergence. Two facts are evident from Figure 2: firstly, the algorithm converges

3557

faster when τmax is smaller; secondly, the error evolution is smoother when τmax is smaller.

10 5 0 −5 −10 10 5

10 5

0 0

−5

−5 −10

Fig. 1.

−10

The vehicle trajectories with τmax = 10.

25 0 10 20

20

15

10

5

0

−5 0

Fig. 2.

100

200

300

400

500

600

The comparison of errors for τmax = 0, 10, 20.

VI. C ONCLUSIONS We have formulated a consensus problem in the presence of replay attacks and denial-of-service attacks. We have proposed a distributed algorithm, and shown that the algorithm allows vehicles to exponentially achieve the constrained consensus despite these two classes of malicious attacks. In the future we will study other cooperative control problems in the presence of these two types of attacks. R EFERENCES [1] S. Amin, X. Litrico, S. Sastry, and A. M. Bayen. Stealthy deception attacks on water SCADA systems. In Proceedings of the 13th ACM International Conference on Hybrid systems: Computation and Control, pages 161–170, Stockholm, Sweden, 2010. [2] S. Amin, G. A. Schwartz, and S. S. Sastry. Security of interdependent and identical networked control systems. Automatica, July 2010. submitted. [3] G.K. Befekadu, V. Gupta, and P.J. Antsaklis. Risk-sensitive control under a class of denial-of-service attack models. In American Control Conference, pages 643–648, San Francisco, USA, June 2011.

[4] S. Bhattacharya and T. Basar. Game-theoretic analysis of an aerial jamming attack on a UAV communication network. In American Control Conference, pages 818–823, Baltimore, USA, June 2010. [5] S. Bhattacharya and T. Basar. Graph-theoretic approach for connectivity maintenance in mobile networks in the presence of a jammer. In IEEE Conf. on Decision and Control, pages 3560–3565, Atlanta, USA, December 2010. [6] E. Camacho and C. Bordons. Model predictive control. London: Springer-Verlag, 2004. [7] J. Cort´es. Global and robust formation-shape stabilization of relative sensing networks. Automatica, 45(12):2754–2762, 2009. [8] W. B. Dunbar and R. M. Murray. Distributed receding horizon control for multi-vehicle formation stabilization. Automatica, 42(4):549–558, 2006. [9] G. Ferrari-Trecate, L. Galbusera, M. P. E. Marciandi, and R. Scattolini. Model predictive control schemes for consensus in multi-agent systems with single- and double- integrator dynamics. IEEE Transactions on Automatic Control, 54(11):2560–2572, 2009. [10] A. Gupta, C. Langbort, and T. Basar. Optimal control in the presence of an intelligient jammer with limited actions. In IEEE Conf. on Decision and Control, pages 1096–1101, Atlanta, USA, December 2010. [11] T. Jiang, I. Matei, and J. S. Baras. A trust based distributed Kalman filtering approach for mode estimation in power systems. In Proceedings of The First Workshop on Secure Control Systems, Stockholm, Sweden, April 2010. [12] T. Keviczky, F. Borrelli, and G. J. Balas. Decentralized receding horizon control for large scale dynamically decoupled systems. Automatica, 42(12):2105–2115, 2006. [13] T. Keviczky and K. H. Johansson. A study on distributed model predictive consensus. In the 17th IFAC World Congress, pages 1516– 1521, Seoul, Korea, July 2008. [14] L. Magni and R. Scattolini. Stabilizing decentralized model predictive control of nonlinear systems. Automatica, 42(7):1231–1236, 2006. [15] D. Q. Mayne, J. B. Rawlings, C. V. Rao, and P. O. M. Scokaert. Constrained model predictive control: stability and optimality. Automatica, 36:789–814, 2000. [16] Y. Mo, E. Garone, A. Casavola, and B. Sinopoli. False data injection attacks against state estimation in wireless sensor networks. In IEEE Conf. on Decision and Control, pages 5967–5972, Atlanta, USA, December 2010. [17] Y. Mo and B. Sinopoli. Secure control against replay attacks. In FortySeventh Annual Allerton Conference, UIUC, Illinois, USA, September 2009. [18] F. Pasqualetti, A. Bicchi, and F. Bullo. Consensus computation in unreliable networks: A system theoretic approach. IEEE Transactions on Automatic Control, February 2010. To appear. [19] F. Pasqualetti, R. Carli, and F. Bullo. Distributed estimation and false data detection with application to power networks. Automatica. submitted. [20] W. Ren and R. W. Beard. Distributed Consensus in Multi-vehicle Cooperative Control. Communications and Control Engineering. Springer, 2008. [21] S. Sundaram and C. N. Hadjicostis. Distributed function calculation via linear iterative strategies in the presence of malicious agents. IEEE Transactions on Automatic Control. To appear. [22] A. Teixeira, S. Amin, H. Sandberg, K. H. Johansson, and S. S. Sastry. Cyber security analysis of state estimators in electric power systems. In IEEE Conf. on Decision and Control, pages 5991–5998, Atlanta, USA, December 2010. [23] J.S. Zaloga, D. Rockwell, and P. Finnegan. World Unmanned Aerial Vehicle system: market profile and forecast 2008. Teal Group Corporation, 2008. [24] M. Zhu and S. Mart´ınez. Attack-resilient distributed formation control via online adaptation. In IEEE Conf. on Decision and Control, pages 6624–6629, Orlando, USA, December 2011. [25] M. Zhu and S. Mart´ınez. Stackelberg game analysis of correlated attacks in cyber-physical system. In 2011 American Control Conference, pages 4063–4068, June 2011.

3558