A Hgh-confdence Cyber-Physcal Alarm System: Desgn and Implementaton Longhua Ma 1,2, Tengka Yuan 1, Feng Xa 3, Mng Xu 1, Jun Yao 1, Meng Shao 4 1 Department of Control Scence and Engneerng, Zhejang Unversty, Hangzhou 310027, Chna 2 School of Aeronautcs and Astronautcs, Zhejang Unversty, Hangzhou 310027, Chna e-mal: lhma@pc.zju.edu.cn 3 School of Software, Dalan Unversty of Technology, Dalan 116620, Chna e-mal: f.xa@eee.org 4 Computer Centre, Hangzhou Frst People s Hosptal, Hangzhou 310006, Chna Abstract Most tradtonal alarm systems cannot address securty threats n a satsfactory manner. To allevate ths problem, we developed a hgh-confdence cyber-physcal alarm system (CPAS), a new knd of alarm systems. Ths system establshes the connecton of the Internet (.e. TCP/IP) through GPRS/CDMA/3G. It acheves mutual communcaton control among termnal equpments, human machne nterfaces and users by usng the exstng moble communcaton network. The CPAS wll enable the transformaton n alarm mode from tradtonal one-way alarm to two-way alarm. The system has been successfully appled n practce. The results show that the CPAS could avod false alarms and satsfy resdents securty needs. Keywords-cyber-physcal system; alarm servce; cvl securty; TCP/IP connecton; alarm communcaton system I. INTRODUCTION Wth the development of socety, socal securty has become ncreasngly demandng, and the tradtonal Passve-Alarm (PA) mode has been far from meetng our securty need. As we know, PA mode wll not trgger an alert sgnal untl the alarm condton occurs, whch can not allevate users securty threats. Meanwhle, the Cyber- Physcal System (CPS) s becomng an ncreasngly hot topc, and even beng as a natonal development strategy. For example, the US Natonal Scence Foundaton (NSF) has dentfed CPS a key area of research [1]. There are many felds nvolved n CPS, such as Smart Home, Smart Medcal, Intellgent Transportaton, Intellgent Power Grd, etc [2,3]. In ths paper, a hgh confdence Cyber-Physcal Alarm System (CPAS) s presented, whch wll acheve smart alarm, and brng unprecedented challenges and opportuntes for the securty ndustry smultaneously. CPS s a system featurng a tght combnaton of, and coordnaton between, the system s computatonal and physcal elements [4], and t s recognzed as the thrd wave of the world nformaton ndustry followed by the Computer, Internet and Moble Communcaton Network. Unlke more tradtonal embedded systems, a fll-fledged CPS s typcally desgned as a network of nteractng elements nstead of as standalone devces [5]. Whle CPAS s a system n whch the termnal equpment (TE), ntellgent and ntegrated, s able to connect wreless sensors, transmt alert nformaton and mages va the Internet. What s more, the montorng alarm servce based on network platform s ncluded. There s no doubt that the tradtonal one-way alarm system wll be replaced by CPAS, and the socal securty protecton wll get nto a new stage. The rest of the paper s organzed as follows. Secton II presents the model of CPAS. The requrements and features of the system are specfed. In Secton III, we dscuss the major challenges that need to be addressed when realzng a CPAS. Secton IV llustrates how we desgn and mplement the system. An applcaton case study s presented n Secton V. We fnally conclude the paper n Secton VI. II. CPAS MODELING A. System model In our daly lfe, the telephone communcaton network serves for communcatons among people. Sensor network s the perceptble network, servng for communcatons among objects. And the Internet, a vrtual nformaton space, s the nformaton-sharng network. The three are nformaton-transmsson network, nformaton-percepton network and nformaton-sharng network respectvely, whle CPS s the ntegraton of the three. The CPS brdges the vrtual world and the real word much closer wth the combnaton of sensors, ntellgent termnals and the Internet. Through embeddng a varety of sensors, such as mages, humdty, temperature, nfrared, etc., nto dfferent objects or the envronment, the nformaton of objects or envronment wll be combned wth the Internet by ntellgent network termnal, and then reaches to the ntegraton of human socety and physcal system. Fgure 1. Smplfed CPAS model
In our approach, the alarm TE, ntegrated wth nfrared (IR) and vdeo survellance, wll trgger vdeo survellance as soon as the IR probe detects an alert, and transmt the ste mage n real tme. Then, an alarm task s fnshed. Fgure 1 llustrates a smplfed CPAS model. The Alarm Communcaton System (ACS) s a TE, used to detect the physcal world. Through the Human Machne Interface (HMI), we may observe nformaton about the physcal world, whch s transmtted va the ACS. We could also control and manage the physcal world n turn through the network. In ths way, the mutual dalogue among the physcal world, cyber world and human world s acheved, n whch a hgh confdence CPAS wll be formed. B. Requrements To establsh an effectve CPS, the followng two factors need to be consdered. (1) Scale. It s only when the scale of smart TEs reaches to a certan sze that the ntellgent aspect of an object can take effect. For example, f there are one mllon cars, and only 10 thousands of them are embedded wth ntellgent systems, then t wll be very dffcult, f not mpossble, to form an ntellgent transportaton system. (2) Moblty. Objects are usually not statc, but n a state of movement. On the other hand, the communcaton control among objects s supposed to be acheved at any tme, whether n moton or even under hgh speed. As a consequence, a moble CPS s often requred. Nowadays, the wreless moble communcaton network (WMCN) has covered most areas n Chna, from bustlng ctes to remote rural areas, from sland to Mount Everest. Consderng ths fact, our embedded ACS s desgned to access to Internet by the way of GPRS/CDMA. Compared to 3G or 4G, GPRS(2.5G)/CDMA(2.75G) has wder coverage of the WMCN, whch s more accepted by users. Of course, we wll try to use 3G/4G when the coverage of 3G/4G s more wdespread n future. C. Features Unlke tradtonal alarm systems, the CPAS has ts own functons. Intellgent alarm host may connect to a varety of wreless sensors to acheve the percepton of external envronment. For example, n case of fre, the temperature and smoke sensors wll transmt related data mmedately to the alarm host n a wreless way at the begnnng stage of fre. After recevng the data, the alarm host wll make a determnaton whether to send out a warnng alert, so that the user may take tmely actons to reduce loss as much as possble. By usng low-power mcroprocessor MSPF430/ARM7, the CPAS trggers vdeo survellance through IR probe and transmts montorng mages n real tme, whch facltates green montorng alarm. In bref, the new generaton alarm system (.e. CPAS) has these characterstcs: small-sze, lowcost, low power dsspaton, and combnaton of montorng, mage analyss, ntellgent processng, sren, actve-alarm (AA) and other ntellgent functons. III. CHALLENGES One of the challenges to make a CPAS to work s to urge the embedded alarm system to access to the Internet. It s necessary to examne both advantages and dsadvantages of dfferent ways of enterng the Internet. For example, we should take real-tme, cost, relablty, etc., nto consderaton when transmttng alert nformaton. Another challenge s that HMI must support multthreads, more specfcally, thousands and even ten thousands of threads at run tme. Ths s because the HMI usually needs to receve alert nformaton from a large number of alarm TEs placed n varous envronments, where a Dstrbuted Cyber- Physcal System (DCPS) [6] wll be constructed. In addton, the HMI s supposed to be n connecton wth users, n order to ensure that the correspondng user wll be nformed when an alarm occurs. Thus a Dstrbuted Cyber-Physcal Alarm System (DCPAS) may be formed n a certan place. Fgure 2 shows some knd of DCPAS. Fgure 2. DCPAS schematc dagram A thrd challenge s the communcaton protocol among the TE, HMI and user. As n other networked systems, the protocol has a drect mpact on the relablty of the CPAS system. A wdely-accepted, unfed protocol s the premse of mplementng a large-scale CPAS. IV. SYSTEM DESIGN AND IMPLEMENTATION A. TCP/IP Connecton of TEs A wreless communcaton module, embedded wth TCP/IP protocol, s requred for the TE to establsh TCP/IP connecton. Examples of such modules nclude GPRS wreless module MC55 by Semens, 3G-WCDMA wreless module MU103 by Huawe, etc. The transmsson rate of GPRS already satsfes the requrements of cvl embedded securty systems, whose average rate ranges from 20kb/s to 30kb/s, and ts maxmum theoretcal speed may reach to 171.2kb/s. Although the rate of CDMA s much hgher than that of GPRS, the expense of CDMA s much hgher too, and the expense of 3G s far hgher. Therefore, GPRS s much more popular before the expense of CDMA or 3G cuts down. The embedded alarm system selects GPRS to establsh the TCP/IP connecton,
whch yelds lower cost and makes t more affordable for users. The approach for the alarm TE to establsh a TCP/IP connecton to access the Internet s through AT commands control. Takng MC55 for example, Fgure 3 llustrates ts process of TCP/IP connecton. Fgure 3. Process of TCP/IP connecton To ensure the relablty of connected TCP/IP, much experence and technology are requred. There are two factors closely related to relablty: (1) hardware: the tmng condton of the module tself; and (2) software: the mcrocontroller s supposed to actvate the wreless module contnungly through AT commands so that the module wll not dsconnect TCP/IP abnormally. Takng agan MC55 for nstance, Fgure 4 llustrates the tmng of power-on process of the GPRS wreless module [7]. Fgure 4. Tmng of power-on process of MC55 The gnton lne should not be swtched low untl 10ms delay after the wreless module s powered up. The gnton lne should be mantaned n the state of low-pulled more than 100ms, so that the module wll start to work effectvely. In addton, we also need to swtch the gnton lne low and hgh,.e. equal to HZ (hgh mpedance), now and then durng run tme. By dong ths, the module wll contnue to work spontaneously as soon as the module fals. From the software perspectve, the wreless module would dsconnect TCP/IP abnormally f we do not transmt data through GPRS for a long tme. Thus the mcrocontroller needs to control wreless module to enable GPRS at perodc ntervals to ensure that the connecton of TCP/IP s normal. For nstance, we may send a packet through GPRS every mnute. B. Mult-threadng Soluton Thread s the basc atomc unt of executon of a procedure, and a process can be composed of multple threads. The mplementaton strategy s to dvde a process nto multple threads, and then let them execute concurrently and asynchronously n order to mprove operatonal effcency. Concurrent executon does not mean that all threads run at the same tme (occupyng CPU smultaneously), but only one thread s admtted to occupy CPU at any tme. Snce some threads compete for CPU more frequently, they seem to run smultaneously. In dstrbuted programmng, the proper use of threads can be very good to enhance the performance and effcency of applcaton procedure. However, multthreadng gves rse to new problems. For example, f many threads must occupy a certan resource or several resources, ths may possbly cause threads to be mxed, or even collapsed. To avod these problems, the Resource Allocaton Algorthm (RAA) or Tme-Slce Rotaton Schedulng Algorthm (TSRSA) [8] s needed. In ths work, we adopt TSRSA. The basc dea behnd ths algorthm s: frstly, dvde the processng tme of CPU nto a slce of tme; then, each thread n ready queue takes turns to use CPU resources accordng to assgned tme slce. When the allotted tme slce runs out, the thread wll be forced to gve up CPU, and re-enter the end lne of the ready queue to wat for the next schedulng. Meanwhle, the process of schedulng goes to select the frst thread n the ready queue, and allocates tme slce to t. The followng s a smplfed mathematcal model of TSRSA, takng n threads for nstance: n P = xt (1) = 1 x = 1 st.. (2) x x + 1 where P stands for process, T s the -th thread. The P s dynamcally changng, snce the frst thread wll go out of n the schedule of xt as soon as t s fnshed. For ths = 1 reason, the condtons gven n (2) can ensure that P wll always deal wth the frst thread of the current ready queue. C. Communcaton Control The most sgnfcant dfference between CPAS and tradtonal alarm systems s reflected n the communcaton control. We acheve the communcaton control between TE and HMI based on GPRS, communcaton between TE and user based on SMS. What s more, users can control the TE and check the current status of TE n turn accordng to the agreed protocol through SMS, and securty guards could also use HMI to control the TE and query the current state of TE n accordance wth agreed protocol through GPRS. It can be seen that the CPAS has obvous advantages, and ts two-way communcaton control can releve the users securty threats completely. Consderng the protecton of the CPS, much effort has been done n relablty (the protecton aganst unpredctable falures) [9,10,11]. Our communcaton control among the TE, HMI and user may face nformaton transmsson
securty problems. Therefore, the protecton aganst malcous cyber attacks should be concerned. Secure control had been descrbed n e.g. [12], whch s sutable for our CPAS to protect the communcaton control. V. AN APPLICATION CASE The CPAS we developed have been appled n Dongyang Cty, Chna. The HMI succeeds to hold more than 2000 ntellgent TEs from dfferent users. Fgure 6 gves the networked alarm nterface, whch comes from a testng experment, wth 45 TEs. Fgure 6. An nterface of CPAS Fgure 5. Process of communcaton control Fgure 5 shows the process of communcaton control among the TE, HMI and user, where n stands for the number of GPRS sendng falures. To allevate the problem of communcaton falures caused by network congeston, the ntellgent TE wll dsconnect GPRS ndependently when n>3, and then reconnect GPRS mmedately to ensure that the TE remans onlne almost all the tme. Fgure 7. Intellgent alarm TE As we can see from Fgure 6, a state of on-lne (ndcated by black) means that the alarm TE s montorng, whle a state of off-lne (n red) mples that the alarm TE s not workng. If an alert occurs, the alarm wll be fnshed n about 2 seconds. The HMI wll prompt to the alarm nterface, producng a sound to draw the securty-guard s attenton to take tmely actons. At the same tme, the
ntellgent TE wll send an alert message to the user, thus achevng double protecton. Fgure 7 shows the ntellgent alarm TE. At present, the alarm TE can satsfy the users needs wthout vdeo survellance. It s ntutve that more cost would be nvolved when startng vdeo survellance. The TEs have been on runnng for more than half a year, relably and stably, n Dongyang Cty, where a small CPAS can succeed to operate and solve the problem of securty threats for local resdents. VI. CONCLUSIONS The work presented n ths paper represents a promsng step towards the next generaton of CPAS. We frst modeled a smplfed CPAS, and analyzed ts requrements and key characterstcs that are dfferent from tradtonal alarm systems. We then dscussed three man mplementaton challenges, and succeeded to solve them fnally. A small CPAS was deployed n Dongyang Cty, Chna, demonstratng qute satsfactory performance. Emprcal results show that the system we developed s well suted for satsfyng cvl securty needs. ACKNOWLEDGMENT Ths work s supported n part by Natural Scence Foundaton of Chna under Grant No. 60903153, Zhejang Provncal Natural Scence Foundaton of Chna under Grant No. R1090052 and Grant No. Y108685, and the Fundamental Research Funds for the Central Unverstes. REFERENCES [1] Wayne Wolf. The Good News and the Bad News (Embedded Computng Column). IEEE Computer. 2008. [2] Lu Sha, Sathsh Gopalakrshnan, Xue Lu, Qxn Wang. Cyber- Physcal System: A New Fronter. The 2008 IEEE Internatonal Conference on Sensor Networks, Ubqutous, and Trustworthy Computng. 2008, pp.1-9. [3] Ayman Z. Faza, Sahra Sedgh, Bruce M.McMlln. Relablty Analyss for the Advance Electrc Power Grd. B.Buth, G.Rabe, T.Seyfarth (Eds.): SAFECOMP 2009, LNCS, pp.257-269. [4] Cyber-physcal system, http://en.wkpeda.org/wk/cyberphyscal_system. May 2010. [5] Edward Lee. Cyber Physcal System: Desgn Challenges. Unversty of Calforna, Berkeley Techncal Report NO.UCB/EECS. 2008-8. [6] Yuanfang Zhang, Chrstopher Gll, and Chenyang Lu. Reconfgurable Real-Tme Mddleware for Dstrbuted Cyber- Physcal Systems wth Aperodc Events. The 28 th Internatonal Conference on Dstrbuted Computng System, ICDCS, 2008:581-588. [7] Semens. MC55/56 Hardware Interface Descrpton. 2006. [8] SLB ER SCHATZ A. Appled Operaton System Concepts. John Wley & Sons, Inc, 2001. [9] J. Esenhauer, P. Donnelly, M. Ells, and M. O Bren. Roadmap to Secure Control Systems n the Energy Sector. Energetcs Incorporated. Sponsored by the U.S. Department of Energy and the U.S. Department of Homeland Securty, January 2006. [10] U.S.G.A. Offce. Crtcal nfrastructure protecton. Multple efforts to secure control systems are under way, but challenge reman. Techncal Report GAO-07-1036, Report to Congressonal Requesters, 2007. [11] R.J. Turk. Cyber ncdents nvolvng control systems. Techncal Report INL/EXT-05-00671, Idao Natonal Laboratory, October, 2005. [12] Alvaro A. Cardenas, Saurabh Amn, and Shankar Sastry. Secure Control: Towards Survvable Cyber-Physcal System. The 28 th Internatonal Conference on Dstrbute Computng Systems Workshops. IEEE, 2008. pp.495-500.