(2021). Nuclear Science and Engineering: Vol. 195 No. 9 pp. 977–989.
Earlier work has demonstrated the theoretical development of covert OT defenses and their application to representative control problems in a nuclear reactor. Given their ability to store information in the system nonobservable space using one-time-pad randomization techniques, the new C2 modeling paradigm6 has emerged allowing the system to build memory or self-awareness about its past and current state. The idea is to store information using randomized mathematical operators about one system subcomponent, e.g., the reactor core inlet and exit temperature, into the nonobservable space of another subcomponent, e.g., the water level in a steam generator, creating an incorruptible record of the system state. If the attackers attempt to falsify the sensor data in an attempt to send the system along an undesirable trajectory, they will have to learn all the inserted signatures across the various system subcomponents and the C2 embedding process.
We posit that this is extremely unlikely given the huge size of the nonobservable space for most complex systems, and the use of randomized techniques for signature insertion, rendering a level of security that matches the Vernam-Cipher gold standard. The Vernam Cipher, commonly known as a one-time pad, is a cipher that encrypts a message using a random key (pad) and can only be decrypted using this key. Its strength is derived from Shannon’s notion of perfect secrecy 8 and requires the key to be truly random and nonreusable (one time). To demonstrate this, this paper will validate the implementation of C2 using sophisticated AI tools such as long short-term memory (LSTM) neural networks 9 and the generative adversarial learning [generative adversarial networks (GANs)] framework, 10 both using a supervised learning setting, i.e., by assuming that the AI training phase can distinguish between original data and the data containing the embedded signatures. While this is an unlikely scenario, it is assumed to demonstrate the resilience of the C2 signatures to discovery by AI techniques.
The paper is organized as follows. Section II provides a brief summary of existing passive and active OT defenses against various types of data deception attacks, followed by an overview of the C2 modeling paradigm in Sec. III. Section IV formulates the problem statement of the C2 implementation in a generalized control system and identifies the key criteria of zero impact and zero observability. Section V implements a rendition of the C2 approach in a representative nuclear reactor model and highlights the goal of the paper, i.e., to validate the implementation using sophisticated AI tools. It also provides a rationale behind the chosen AI framework. Last, Sec. VI summarizes the validation results of the C2 implementation and discusses several extensions to the work.
