Security for cyber-physical systems: Secure control against known-plaintext attack

There has been a surge of interests in the security of cyber-physical systems (CPSs), yet it is commonly assumed that the adversary has a full knowledge of physical system models. This paper argues that such an unrealistic assumption can be relaxed: the adversary might still be able to identify the system model by passively observing the control input and sensory data. In such a setup, the attack with knowledge of input-output data can be categorized as a Known-Plaintext Attack. A necessary and sufficient condition has been provided, under which the adversary can uniquely obtain the knowledge of the underlying physical system. From the defender's perspective, a secure controller design-which exhibits a low rank structure-is proposed which renders the system unidentifiable to the adversary, while trading off the control system's performance. Finally, a numerical example has been provided to demonstrate the effectiveness of the proposed secure controller design.