Security in Cyber Physical Systems

Six years ago at a conference in Baltimore, Maryland, Professor Paulo Tabuada encouraged Yasser Shoukry to apply to the electrical engineering PhD program at UCLA. A few months later on the day that Hussain Mubarak stepped down after thirty years as the President of Egypt, Shoukry was in Cairo protesting against Mubarak and watching the transition of power when Professor Mani Srivastava called to interview him. They discussed science, research and politics. Both Tabuada and Srivastava later became Shoukry’s advisors when he began his PhD program at UCLA.

Shoukry grew up in Egypt where he worked in domain automotive software for four years before he and his wife, Salma Elmalaki, both came to UCLA to pursue a PhDs in electrical engineering.

At UCLA, Shoukry studies security in cyber physical systems. He that security in digital systems differs from security in cyber physical systems because digital systems, like a website or a database, do not control a physical component, while CPSs are systems in which a computer controls a physical structure, like a car with a central computer that manages its functions. Other examples of CPS are power grids, medical devices, nuclear reactors, and unmanned vehicles. Shoukry said that unfortunately the tight connection between cyber and physical components in CPS opens the door to new vulnerabilities. If a CPS is attacked by a malicious hacker there can be harmful financial, criminal or political consequences.

Hacking acted as Shoukry’s first introduction to enhancing security. One of his first projects at UCLA was to design a hacking device that could attack a CPS. Shoukry created a module that altered the reading of a car’s wheel-speed sensor. The amount of force applied on each wheel by a car’s breaking system is determined by the speed of each wheel. Shoukry’s hacking device makes the sensor that monitors one of a car’s wheels to misread the wheel’s speed. This misreading causes the braking system to apply the wrong amount of force and can make a car spin out when it comes to a stop.

The hacking device that Shoukry created to alter the reading of a car’s wheel-speed sensor.


“The rest of my work was on how to prevent such attacks, to create counter measures,” Shoukry said. “Can we build smarter systems and sensors that can differentiate from normal readings and attacks?”

Shoukry worked with several teams of researchers from UCLA, UC Berkeley and UC Santa Barbara to create algorithms that identified when sensors in a CPS are providing altered readings. He said he could combine the measurements from the different sensors in a system and utilize the underlying rules of physics in order to differentiate between clean measurements and altered measurements from sensors under attack.

The types of CPSs that Shoukry worked on protecting were large scale systems like cities. Researchers are working on creating systems in cities that would provide services for residents, like managing traffic networks. In this scenario, a city would operate as a CPS. The city would monitor traffic flow and direct vehicles accordingly to maximize transportation efficiency. The city would monitor the speed and location of vehicles in order to decide how to direct them.

Shoukry studied how the central computer running a city could identify when sensors had been attacked (i.e. when vehicle locations and speeds had been altered).

“Suppose you have thousands of sensors and now we need to search this large number of sensors to see which are under attack,” Shoukry said. “If you have 5,000 sensors and 500 under attack, traditional techniques take three to four hours to analyze all of this info. The technique we proposed in this paper puts it down to a couple of minutes. That is out contribution.”

In order to develop algorithms to quickly identify CPS attacks, Shoukry’s team modified an algorithm from a completely different scientific community. They used satisfiability solvers, which are also known as SAT solvers. An SAT solver is an algorithm designed to analyze large scale digital circuits. Instead, Shoukry’s team redesigned SAT solver algorithms to analyze sensory information.

One of these algorithms that Shoukry and his team developed won the best paper award at the International Conference of Cyber Physical Systems which was held this April in Vienna, Austria. In addition, Shoukry got the Distinguished Dissertation Award from the EE department at UCLA for his work on security.

Shoukry is currently working on how to apply his security algorithms to different mechanical systems, like drones. Now a post-doctoral student, he works with teams at UCLA, UC Berkeley and University of Pennsylvania and splits his time living in Los Angeles, Berkeley and Philadelphia.