1. Introduction
Cyber–physical systems (CPSs) are becoming increasingly important in modern science and technology, especially in areas such as ocean monitoring and defense [
1,
2,
3]. CPSs closely integrate computational, cyber, and physical processes, enabling systems to sense and respond to environmental changes in real time [
4,
5,
6]. Wireless sensor networks (WSNs), as integrated systems, usually integrate multiple sensors and information sources, such as Global Navigation Satellite Systems (GNSSs), Doppler Velocimeters (DVLs), Inertial Navigation Systems (INSs), and so on, at their core [
7,
8]. Through the effective combination of CPSs and wireless sensor networks, CPSs show great potential in data acquisition, processing, and transmission. Unmanned surface vessels (USVs), as a key application of this system [
9,
10,
11], rely on WSNs for real-time data collection and transmission for efficient monitoring and decision making in the marine environment [
12,
13].
The reliability of data is directly related to the USV’s ability to perform its mission [
14,
15,
16], especially in the complex maritime environment and under potential cyberattacks, where ensuring the authenticity and integrity of the data is of particular importance. In USV applications, WSNs enable these vessels to efficiently perform data acquisition and real-time monitoring in a vast marine environment. By integrating data from different sensors, USVs are able to quickly adapt to complex marine environments, enhancing their operational efficiency and safety. During data measurement and transmission, the data are susceptible to a variety of external disturbances, including marine environmental disturbances (e.g., the effects of wind, waves, currents, etc., on USVs) and signal disturbances, which can lead to variations in the data, further exacerbating the uncertainty in the system’s decision making and thus affecting the safety and efficiency of USVs. To make data transmission more accurate, the use of WSNs and
fusion filtering techniques is beneficial. Recently, the rapid development of
filtering technology has provided a new solution for data processing in complex systems [
17,
18,
19]. With its superior anti-interference ability, this technology can effectively filter external interference noise and improve the reliability and accuracy of data. By fusing data from different sensors,
fusion filtering can significantly improve the accuracy of the data, thus enhancing the autonomous decision-making level of USVs. This is essential to the autonomous navigation and operation of USVs in dynamic and uncertain marine environments.
Although USVs show great advantages in data acquisition and transmission, their high reliance on wireless communication also exposes them to potential cybersecurity threats, especially in terms of false data injection (FDI) attacks [
20,
21,
22]. FDI attacks are cyberattacks that mislead the system’s decision making by tampering with or falsifying data, and the attacker can influence the behavior of the USVs through these false data, leading to wrong navigation and decision making. FDI attacks are highly stealthy, and malicious attackers are potentially able to inject false information into USVs through wireless networks without being detected [
23,
24,
25]. Such attacks can not only mislead USVs’ mission execution, e.g., wrong course selection or improper action strategies, but also lead to more serious consequences, such as personnel casualties. In addition, FDI attacks may also cause a chain reaction to other USV-dependent data systems, affecting the overall efficiency of maritime surveillance and defense. Therefore, the development of effective protective measures and data processing strategies has become urgent.
To date, multiple researchers have considered FDI attacks. For example, Chen et al. [
26] developed a framework capable of simultaneously estimating system states and FDI attack signals under FDI and denial-of-service attacks and implementing compensatory control. At the same time, a novel co-design methodology was developed. The method is capable of estimating and compensating unknown FDI attacks without relying on any a priori constraints on the frequency, duration, or derivatives of the FDI attack signals and effectively suppressing their negative impacts. The compensation method is effective against jamming attacks; however, the FDI attack is detected only after the injection into the system, i.e., after the system state information has been tampered with.
To address the above FDI detection issues, Xia et al. [
27] proposed a distributed detection method which consists of two steps: a kernel entropy-based discrimination scheme identifies secure nodes and attacked nodes by calculating the kernel entropy of the measured data between nodes, while a state-aware scheme enables each node to monitor its own state and filter reliable neighboring nodes. The method theoretically derives the conditions that guarantee the stability of the algorithm’s mean value and reveals how its performance changes under an FDI attack.
Zhang et al. [
28] introduced an adaptive backstepping technique into nonlinear CPSs and integrated a dynamic surface control technique which successfully overcomes the computational complexity (combinatorial explosion) problem existing in the traditional backstepping method. The method significantly reduces the computational burden by bypassing the direct complex computation of higher-order systems through the stepwise design of virtual control inputs. In addition, they developed a novel defense strategy centered on a nonlinear interference observer. The strategy is capable of accurately estimating the external composite disturbances and substantially improving the system robustness. The nonlinear disturbance observer dynamically estimates the magnitude of the disturbance and its trend by monitoring the system state and output in real time, enabling the controller to compensate accordingly in real time, thus effectively enhancing the system’s stability when it is subjected to attacks and disturbances. Although the above methods have a certain degree of fault tolerance and FDI attack resistance, they do not solve the privacy protection problem in the data transmission process.
Li et al. [
29] designed a low-computational-complexity encryption scheme for data based on random matrices to achieve instant detection and localization of FDI attacks during local estimation transmission. Using the results of the encryption detection scheme, a secure fusion estimation algorithm was proposed. The algorithm is able to discard the attacked local estimation information and use only the unattacked local estimation information for fusion estimation. Although the method proposed in the article has significant advantages in terms of privacy protection of data, the static key it uses lacks forward security, and the entire cryptographic detection scheme will fail once it is intercepted on the transmission link or restored through brute force decryption.
Hence, improving the ability of USVs to protect data privacy against FDI attacks and ensuring the accuracy of data estimation through dynamic key management and data encryption techniques have become very meaningful and urgent research focuses. The primary contributions of this paper can be outlined as follows:
- (1)
A novel dynamic data encryption scheme for privacy protection during data transmission is proposed. The scheme encrypts the data before data transmission and dynamically updates the key by utilizing historical system data, which increases the difficulty for attackers to crack the ciphertext compared with the literature [
29].
- (2)
Establishment of a dynamic relationship between the ciphertext, the key, and the auxiliary encrypted ciphertext. Once the ciphertext or auxiliary encrypted ciphertext is maliciously tampered with, the dynamic relationship is destroyed. Based on this feature, we design an attack detection scheme based on dynamic data encryption. The scheme can detect FDI attacks in real time and immediately discard the damaged data.
- (3)
fusion filters are proposed to suppress external noise and interference during data measurement and transmission. The weighted fusion algorithm fuses the data that have not received the attack to more accurately estimate and restore the real signal, ensuring the information integrity and reliability of USVs during data transmission.
The organization of this paper is as follows:
Section 2 develops the system model for the problem under consideration;
Section 3 details the proposed dynamic data encryption scheme and the FDI attack detection method;
Section 4 introduces the design of the
fusion filter and explores its applications;
Section 5 employs simulation experiments to validate the performance of the proposed scheme.
Notations: denotes the n-dimensional Euclidean space, and I and 0 represent the identity matrix and the zero matrix of appropriate dimensions, respectively. The transpose of a matrix is indicated by the superscript T. For any matrix , the condition defines X as a real symmetric positive definite matrix (or a real symmetric negative definite matrix). ⊕ represents the XOR operator.
2. System Description
Since USVs are susceptible to interference by unpredictable environmental factors such as wind and wave currents during navigation, they not only directly change their motion attitude but also introduce uncertainty noise in their motion control system and sensor measurement data. As shown in
Figure 1, when USVs transmit data to the sensors via a wireless network, the communication link may be subjected to an FDI attack, which tampers with the transmitted data, resulting in the distortion of the sensor reception, which in turn leads to wrong decision making by the control center.
Based on [
14], the mathematical model of the motion of USVs can be described as
,
. In which
represents the position vector of the vessel and consisting of north-east position
and yaw angle
, and
denotes the USV velocity vector in the vessel coordinate system, which consists of longitudinal
u, transverse
, and yaw angular velocities
r. The rotation matrix
is expressed as
Based on [
30], a class of discrete-time multi-sensor network systems are modeled as follows:
where
denotes the position state information,
,
denotes the position coordinates,
denotes the yaw.
and
are the system state and measured output of the
ith sensor at moment
k, respectively.
is the state to be estimated.
is an unknown external disturbance, and
is measurement noise belonging to
. Matrices A, B,
, and L have the appropriate dimensions.
At time instant k, each sensor receives a packet from the USV containing the ciphertext and its auxiliary encrypted ciphertext. The detector applies an attack detection scheme to the packet and discards any packet that has been maliciously altered by an attacker; subsequently, it performs a decryption operation on the ciphertext in any legitimate packet. However, marine environmental disturbances (e.g., the effects of wind, waves, and currents on USVs) are inevitable during data transmission. These disturbances introduce system state noise, which in turn leads to biased data. Therefore, fusion filtering is used to filter the interference noise and estimate or restore the real information by the weighted fusion algorithm.
As shown in
Figure 1, during the transmission of data packets, a malicious attacker may launch an FDI attack on unknown data in the communication links to tamper with these data., whereas in a multi-sensor system, due to the limited resources of the attackers, it is unlikely that they can attack all communication links at the same time [
31]. Therefore, it is reasonable to assume that there is at least one unattacked communication link in a multi-sensor system. This assumption ensures that the sensors receive at least one true system state. If all of them were attacked, then the sensors would not be able to obtain reliable data.
4. Fusion Estimation Under FDI Attack
In data transmission, the effects of complex and variable marine environmental disturbances (e.g., wind-induced offsets and wave-induced impacts) on USVs are unavoidable. These powerful environmental factors can cause unpredictable attitude changes and position drifts in USVs, resulting in increased system state noise and biased data. For this reason, the fusion filtering technique is used to filter out the noise, and the real state information is estimated by a weighted fusion algorithm.
4.1. The Effectiveness of the Encryption-Based Attack Detection Scheme in Detecting FDI Attacks
In Algorithm 1, and are packaged and sent to the decryptor via the communication network. It is assumed that the attacker can recognize and to implement tampering. The attack strategy consists of the following three scenarios:
Scenario 1: The attacker modifies only
as follows:
Scenario 2: The attacker modifies only
as follows:
Scenario 3: The attacker modifies both
and
as follows:
where and are arbitrary non-zero attack signals of the appropriate dimensions.
Theorem 2. For Algorithm 1, with the FDI attacks in Equations (8)–(10) in Scenarios 1–3 at time k, the encryption-based attack detection algorithm will trigger an alert immediately from time k onwards. Proof. If the FDI attack in Equation (
8) in Scenario 1 starts at time
k, the decryption process is as follows:
□
Then, the improved format can be obtained as
If the FDI attack in (
9) in Scenario 2 begins at time
k, the decryption process is defined as follows:
Thus, it can be derived that
From the mathematical description of Equations (
11)–(
14), it can be seen that Scenario 1 and Scenario 2 always satisfy the Case 2 decision condition in Algorithm 1, which ensures that the encryption-based attack detection algorithm achieves a zero-delay alarm at attack initiation moment
k. For the FDI attack corresponding to Scenario 3 (Equation (
10)), the consistency conclusion can be obtained by the same methodological derivation, and its proof process is omitted here.
4.2. Fusion Estimation Based on Fast Attack Detection
Although attack detection algorithms can effectively filter out data tampered with by malicious attackers, the external noise interference inherent in the measurement and transmission process can still lead to biased system state information obtained by the sensors, which in turn affects the accuracy of control decisions. Therefore, the aim of this study is to design an filter that mitigates the effect of noise on the estimated system state. The filter is able to effectively cope with the noise and ensure that the system can still provide accurate state estimation and control in the event of noise interference. Then, a secure fusion estimation algorithm is proposed to perform optimal weighted fusion of unattacked data, thereby significantly improving the accuracy of state estimation while ensuring security and enabling more precise estimation and reconstruction of the true signal.
Consider the following local filter structure on sensor
i:
where
and
are the estimated values of
and
, respectively.
,
, and
are filter parameter matrices to be probe-based.
By introducing the local error
and combining Equations (
2) and (
15), the local filtering error system for sensor
i is established as follows:
In order to facilitate the derivation of the formula for the filter performance, the symbols in Equation (
16) are denoted as follows:
represents the state vector of local filtering error, is the unknown external interference, is the measurement noise belonging to , and is the gain matrix of the localized filter.
In the case of non-zero noise interference, the stability of the system can be determined by the
filter performance criterion. Specifically, when the upper bound of the filter output energy is smaller than a given performance criterion, the filter system is proved to be asymptotically stable. Based on the actual noise characteristics and filter structure analysis, the
performance criterion adopted in this chapter is expressed as follows:
where
and
are the two given positive definite real symmetric auxiliary matrices, and these two parameter matrices achieve boundedness control of the system paradigm through a weight adjustment mechanism.
Theorem 3. For a scalar and real positive definite matrices and , system (16) is asymptotically stable if there exists a real symmetric matrix Q satisfying Equation (18). Proof. According to the auxiliary matrices
P and
given below, an inequality satisfying the filter performance criterion is obtained:
where
□
Proof. We set up the Lyapunov function:
□
There are two scenarios that need to be discussed here.
- (1)
When
and
,
Considering
and combining it with Equation (
18) show the inequality
.
Therefore, guarantees the asymptotic stability of the filter under noiseless conditions.
- (2)
When
and
,
Here,
Continuing the derivation yields
where
Combined with Equation (
18), the inequality can be written as
It can be concluded that satisfies the fusion filtering performance criteria of this paper.
We define
and
as the set of attacked local estimation indexes and the set of unattacked local estimation indexes,
, respectively, at time
k. For the multi-sensor configuration of system (
2), the proposed distributed
fusion filter design is presented below:
where
denotes the fused global estimate,
denotes the fused weights and satisfies the normalization condition
,
n denotes the total number of sensors, and
represents the filter error.
5. Simulations
To verify the effectiveness of the dynamic data encryption fusion estimation strategy for USV-oriented FDI attacks proposed, a simulation experiment platform is constructed in this study. Based on the dynamics model of a USV and the established system model, it is assumed that the sensor network contains six nodes. In order to enhance security, the first three sensors receive the first state component of the system, and the last three sensors receive the second state component of the system. During the measurement process, the communication data are affected by measurement noise:
The external interference noise is
It is used to simulate the effect of wind, waves, and other factors on data acquisition and transmission in the marine environment. The simulation duration is set to [0, 100] seconds, and the initial state value of the system is
The system parameter matrix is defined as
It is assumed that there exists at least one sensor that is not subject to the FDI attack in the first three sensor groups and the last three sensor groups at any time, and the location of the FDI attack occurs randomly. In addition, we set the value of the attack signal to a random value in the interval [40, 80]. In the dynamic data encryption scheme, the initial key matrix
is randomly generated, and the key
is updated according to the historical system data during the subsequent encryption process, with the update step set to 1. The encryption function
. The following
fusion filter parameters are given according to the Monte Carlo method:
To address the issue of privacy protection during data transmission, we use dynamic encryption methods for protection.
Figure 3 demonstrates the effect of the decryptor on the recovery of key state quantities of the system.
Figure 3a depicts the horizontal position of the system (
) dynamic: the black dashed line represents the true horizontal position, and the red line represents the decrypted position (
) obtained by the decryptor.
Figure 3b depicts the velocity of the system (
) dynamic: the black dashed line represents the true velocity, and the blue solid line represents the decryption velocity (
) obtained by the decryptor. The comparison shows that the positions and velocities output by the decryptor can effectively track and approximate their corresponding true values, indicating that the decryptor has a excellent performance in recovering the position and velocity states of the system.
Figure 4 and
Figure 6 together show the state observation effect of the multi-sensor system under FDI attack.
Figure 4a marks the true horizontal position of the system (
) by the black dashed line, while presenting the observed values of sensor 1/2/3 pairs of
by the red, blue, and orange solid lines, respectively. And the red block in
Figure 4b marks the FDI attack occurring at the corresponding moment.
Figure 6a similarly presents the true speed (
; black dashed line) with the three sensors’ observations of
(red/blue/orange solid lines).
Figure 6b synchronizes the distribution of FDI attacks in the
channel. The comparison between the two sets of images clearly shows that during the normal operation period without being attacked, there is very little error between the data obtained by the sensor and the real data, while there is a significant deviation during the 40 to 80 FDI attack period (red block), which verifies the destructive impact of the attack on the data.
Figure 5 and
Figure 7 show the FDI attack detection results of sensors 1−3 and 4−6, respectively. The green dots in the figures indicate the alerts issued when an attack is detected, and the results show that the proposed scheme in this paper has a 99% FDI detection rate and a 1% false alarm rate.
Figure 4.
Comparison of USV location observation and FDI attack distribution.
Figure 4.
Comparison of USV location observation and FDI attack distribution.
Figure 5.
FDI detection results of sensors 1−3.
Figure 5.
FDI detection results of sensors 1−3.
Figure 6.
Comparison of USV velocity observation and FDI attack distribution.
Figure 6.
Comparison of USV velocity observation and FDI attack distribution.
Figure 7.
FDI detection results of sensors 4−6.
Figure 7.
FDI detection results of sensors 4−6.
Figure 8 and
Figure 9 show the true values and estimated values of the horizontal position and velocity of the USV, respectively. As shown in
Figure 8, the tracking error of this method (red solid line) for the true position (black dashed line) is significantly lower than the CI fusion result (blue dotted line) in reference [
29]. Especially at moments [50, 80], the protection advantage of the dynamic key mechanism is particularly significant: the position offset of this method is strictly controlled within
m, whereas the reference [
29] method results in a maximum offset of
m due to static key vulnerability. The speed estimation results in
Figure 9 further indicate that this method (solid red line) effectively suppresses the influence of disturbances through
filtering, and the speed estimation error is strictly controlled within the range of
m/s; in contrast, the method in reference [
29] has a maximum error of
m/s due to static key vulnerability.
Table 1 summarizes the processing latency and resource allocation of different modules in the experimental scenario.
Table 2 summarizes the performance comparison results of different methods for USV position estimation in experimental scenarios with FDI attacks. Among them, the standard deviation of position estimation reflects the degree of dispersion of position estimation values around their mean. The smaller the SD, the better the stability and consistency of the estimation results. The mean square error of position estimation measures the average square of the difference between the estimated position and the true position. The smaller the MSEs, the higher the accuracy of the estimation and the more accurate the tracking of the true value.
Table 3 summarizes the single run times for the different methods. The comparison shows that the mean square error value obtained from this paper’s method is smaller, the single run time is shorter, and the robustness is better, indicating that the method has a stronger ability to resist FDI attacks.