pith. sign in

arxiv: 2604.05706 · v2 · submitted 2026-04-07 · 📡 eess.SY · cs.SY

Quantifying Control Performance Loss for a Least Significant Bits Authentication Scheme

Bart Wolleswinkel , Riccardo Ferrari This is my paper

Pith reviewed 2026-05-10 18:59 UTC · model grok-4.3

classification 📡 eess.SY cs.SY
keywords least significant bitsmessage authenticationindustrial control systemslegacy devicesquantization errorcyberattack detectioncontrol performance loss
0
0 comments X

The pith

A least significant bits scheme adds authentication to legacy control systems without compromising availability.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper introduces a coding method that embeds authentication and integrity checks into the least significant bits of transmitted control signals. This keeps the scheme compatible with existing hardware that was never designed for security. It supplies security proofs, a resynchronization procedure for dropped packets, and measurements of the resulting performance penalty in both fixed-point and floating-point implementations. The approach is evaluated on a hydro-power turbine controller to show that attacks become detectable while the control loop remains stable.

Core claim

By overwriting only the least significant bits of each control value with a short authentication tag, the scheme provides message authentication and integrity that is compatible with legacy devices and never renders the system unavailable. The quantization error introduced remains bounded, so closed-loop stability and performance are preserved to a quantifiable degree; a lightweight resynchronization rule handles packet losses without extra state.

What carries the argument

Least-significant-bits (LSBs) coding scheme that replaces the lowest-order bits of each quantized control signal with an authentication tag while leaving the higher-order bits for the original control value.

If this is right

  • Legacy industrial controllers can receive message authentication without hardware replacement or downtime.
  • Control performance degradation can be calculated in advance for both fixed-point and floating-point quantizers.
  • Packet-dropout synchronization is restored by a simple rule that does not require additional communication.
  • Attack detection becomes possible while the real-time control loop continues uninterrupted.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same bit-level embedding idea could be tested on other quantized feedback loops such as networked vehicle control or building automation.
  • If the authentication tag length is increased, the performance trade-off curve derived in the paper supplies a direct way to predict the new loss.
  • The method may generalize to any system where signals are already quantized to a fixed bit width.

Load-bearing premise

Modifying the least significant bits for authentication produces only a small quantization error that does not push the closed-loop system outside its stability or availability margins.

What would settle it

In the hydro-turbine demonstration, if the measured rise time, overshoot, or steady-state error increases beyond the reported bounds, or if an injected attack remains undetected, the claim that performance loss stays tolerable would be refuted.

Figures

Figures reproduced from arXiv: 2604.05706 by Bart Wolleswinkel, Riccardo Ferrari.

Figure 1
Figure 1. Figure 1: Mapping for fixed-point and floating-point [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Overview of the NCS with LSBs authentication scheme [PITH_FULL_IMAGE:figures/full_fig_p003_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Error propagation with floating-point Noting the the ℓ∞-induced norm of an LTI system is its L1 norm, we can write (30) as ∥x(t)∥ℓ∞ ⩽ γE ·∥e(t)∥ℓ∞ + γW ·∥w(t)∥ℓ∞ (32.1) ⩽ (ϵ + η)·γE ·∥x(t)∥ℓ∞ + γW ·∥w(t)∥ℓ∞ , (32.2) where γE = ∥E(z)∥1 and γW = ∥W(z)∥1 . Here, E(z) = −(z · I − Acl) 91BK and W(z) = (z · I − Acl) 91Bw are the transfer function matrices from e(t) to x(t) and w(t) to x(t), respectively. Substit… view at source ↗
Figure 4
Figure 4. Figure 4: Man-in-the-middle (MITM) attacks and synchronization REFERENCES [1] I. N. Fovino, A. Carcano, M. Masera, and A. Trombetta, “Design and Implementation of a Secure Modbus Protocol,” in Critical Infrastructure Protection III, C. Palmer and S. Shenoi, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2009, vol. 311, pp. 83–96. [2] F. Katulic, D. Sumina, S. Gro ´ s, and I. Erceg, “Protecting ˇ Modbus/TCP-Bas… view at source ↗
read the original abstract

Industrial control systems (ICSs) often consist of many legacy devices, which were designed without security requirements in mind. With the increase in cyberattacks targeting critical infrastructure, there is a growing urgency to develop legacy-compatible security solutions tailored to the specific needs and constraints of real-time control systems. We propose a least significant bits (LSBs) coding scheme providing message authentication and integrity, which is compatible with legacy devices and never compromises availability. The scheme comes with provable security guarantees, and we provide a simple yet effective method to deal with synchronization issues due to packet dropouts. Furthermore, we quantify the control performance loss for both a fixed-point and floating-point quantization architecture when using the proposed coding scheme. We demonstrate its effectiveness in detecting cyberattacks, as well as the impact on control performance, on a hydro power turbine control system.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 3 minor

Summary. The paper proposes a least significant bits (LSBs) coding scheme for message authentication and integrity in industrial control systems, emphasizing compatibility with legacy devices without compromising availability. It includes provable security guarantees, a resynchronization method for packet dropouts, and quantifies control performance loss under fixed-point and floating-point quantization. The approach is evaluated on a hydro power turbine control system for cyberattack detection and performance impact.

Significance. If the central claims hold, this work offers practical value for securing legacy ICS infrastructure under real-time constraints. The explicit quantification of performance loss for both quantization types provides actionable data for engineers, and the legacy-compatible design addresses a common deployment barrier. The hydro-turbine case study supplies concrete validation of the scheme's effectiveness in a realistic control setting.

major comments (2)
  1. [Abstract] Abstract: The claim that the scheme 'never compromises availability' is central but appears in tension with the reported quantification of control performance loss; the manuscript should explicitly define 'availability' (e.g., as binary uptime versus bounded performance degradation) and show that the observed loss remains within stability margins for the plant.
  2. [Performance quantification] Performance quantification section: The comparison of fixed-point versus floating-point architectures lacks an explicit baseline (no-authentication) run with identical quantization; without it, the isolated contribution of LSB modification to the reported loss cannot be verified.
minor comments (3)
  1. [Synchronization method] The resynchronization procedure for packet dropouts is described at a high level; adding pseudocode or a state diagram would improve reproducibility.
  2. [Scheme description] Notation for the LSB embedding and extraction operations should be introduced once in a dedicated preliminaries subsection rather than inline.
  3. [Case study] Figure captions for the hydro-turbine results should include the exact numerical values of performance loss (e.g., rise time increase, steady-state error) rather than qualitative descriptions only.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive comments and positive recommendation. We address each major comment point by point below, with revisions to strengthen the manuscript.

read point-by-point responses

  1. Referee: [Abstract] Abstract: The claim that the scheme 'never compromises availability' is central but appears in tension with the reported quantification of control performance loss; the manuscript should explicitly define 'availability' (e.g., as binary uptime versus bounded performance degradation) and show that the observed loss remains within stability margins for the plant.

    Authors: We agree that an explicit definition of availability will remove any potential ambiguity. In this work, availability is defined as the continuous, uninterrupted operation of the control system (i.e., no security-induced packet drops, halts, or downtime that would render the plant unavailable). The quantified performance loss is a separate, bounded degradation that does not violate stability margins, as confirmed by the hydro-turbine closed-loop simulations in which the system remains stable and operational. We will revise the abstract and add a clarifying paragraph in the introduction and performance section to state this definition and reference the stability results from the case study. revision: yes

  2. Referee: [Performance quantification] Performance quantification section: The comparison of fixed-point versus floating-point architectures lacks an explicit baseline (no-authentication) run with identical quantization; without it, the isolated contribution of LSB modification to the reported loss cannot be verified.

    Authors: We acknowledge that an explicit no-authentication baseline under identical quantization would better isolate the incremental effect of the LSB modifications. The current results compare the authenticated case against the ideal (unquantized) performance; we will add the requested no-authentication runs with the same fixed-point and floating-point quantizers in the performance quantification section. This addition will allow direct verification of the LSB scheme's contribution to the observed loss. revision: yes

Circularity Check

0 steps flagged

No significant circularity in the derivation chain

full rationale

The paper proposes an LSB-based authentication scheme for legacy ICS devices, states provable security guarantees (standard cryptographic properties of bit manipulation), supplies a resynchronization procedure for dropouts, and quantifies performance loss by direct evaluation of quantization error on fixed- and floating-point architectures using a hydro-turbine control example. No equations, predictions, or central claims reduce to self-defined parameters, fitted inputs renamed as outputs, or self-citation chains. The performance impact is computed from the plant dynamics and quantization model rather than tautologically assumed; the 'never compromises availability' claim is supported by the reported tolerable-error results on the evaluated system. The derivation is self-contained against external benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The central claim rests on domain assumptions about quantization architectures in legacy devices and the tolerance of control loops to LSB modification; no free parameters or invented entities are explicitly introduced in the abstract.

axioms (2)
  • domain assumption Legacy industrial control devices employ either fixed-point or floating-point quantization that can absorb small LSB modifications without loss of availability.
    Invoked to support the claim that the scheme never compromises availability and to enable performance-loss quantification.
  • domain assumption Packet dropouts can be handled by a simple resynchronization procedure that preserves the authentication property.
    Stated as part of the scheme's practical guarantees.

pith-pipeline@v0.9.0 · 5433 in / 1321 out tokens · 44222 ms · 2026-05-10T18:59:07.466284+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

17 extracted references · 17 canonical work pages

  1. [1]

    Design and Implementation of a Secure Modbus Protocol,

    I. N. Fovino, A. Carcano, M. Masera, and A. Trombetta, “Design and Implementation of a Secure Modbus Protocol,” inCritical Infrastructure Protection III, C. Palmer and S. Shenoi, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2009, vol. 311, pp. 83–96

    work page 2009

  2. [2]

    Protecting Modbus/TCP-Based Industrial Automation and Control Systems Using Message Authentication Codes,

    F. Katuli ´c, D. Sumina, S. Gro ˇs, and I. Erceg, “Protecting Modbus/TCP-Based Industrial Automation and Control Systems Using Message Authentication Codes,”IEEE Access, vol. 11, pp. 47 007–47 023, 2023

    work page 2023

  3. [3]

    Physical Authentication of Control Systems: Designing Watermarked Control Inputs to Detect Counterfeit Sensor Outputs,

    Y . Mo, S. Weerakkody, and B. Sinopoli, “Physical Authentication of Control Systems: Designing Watermarked Control Inputs to Detect Counterfeit Sensor Outputs,”IEEE Control Systems Magazine, vol. 35, no. 1, pp. 93–109, Feb. 2015

    work page 2015

  4. [4]

    A secure control framework for resource-limited adversaries,

    A. Teixeira, I. Shames, H. Sandberg, and K. H. Johansson, “A secure control framework for resource-limited adversaries,”Automatica, vol. 51, pp. 135–148, Jan. 2015

    work page 2015

  5. [5]

    A Switching Multiplicative Watermarking Scheme for Detection of Stealthy Cyber-Attacks,

    R. M. G. Ferrari and A. M. H. Teixeira, “A Switching Multiplicative Watermarking Scheme for Detection of Stealthy Cyber-Attacks,” IEEE Transactions on Automatic Control, vol. 66, no. 6, pp. 2558–2573, Jun. 2021

    work page 2021

  6. [6]

    TAMBUS: A novel authentication method through covert channels for securing industrial networks,

    G. Bernieri, S. Cecconello, M. Conti, and G. Lain, “TAMBUS: A novel authentication method through covert channels for securing industrial networks,”Computer Networks, vol. 183, p. 107583, Dec. 2020

    work page 2020

  7. [7]

    Securing modbus transactions using hash-based message authentication codes and stream transmission control protocol,

    G. Hayes and K. El-Khatib, “Securing modbus transactions using hash-based message authentication codes and stream transmission control protocol,” in2013 Third International Conference on Communications and Information Technology (ICCIT). Beirut, Lebanon: IEEE, Jun. 2013, pp. 179–184

    work page 2013

  8. [8]

    Secure Networked Control Systems,

    H. Sandberg, V . Gupta, and K. H. Johansson, “Secure Networked Control Systems,”Annual Review of Control, Robotics, and Autonomous Systems, vol. 5, no. V olume 5, 2022, pp. 445–464, May 2022

    work page 2022

  9. [9]

    G. F. Franklin, D. J. Powell, M. L. Workman, and J. D. Powell,Digital control of dynamic systems, 3rd ed. Menlo Park, Calif.: Addison Wesley Longman, 2002

    work page 2002

  10. [10]

    Widrow and I

    B. Widrow and I. Koll ´ar,Quantization noise: roundoff error in digital computation, signal processing, control, and communications. Cambridge New York: Cambridge University Press, 2008

    work page 2008

  11. [11]

    Performance Analysis of Two 8-Bit Floating-Point- based Piecewise Uniform Quantizers for a Laplacian Data Source,

    J. R. Nikolic, Z. H. Peric, A. Z. Jovanovic, S. S. Tomic, and S. Z. Peric, “Performance Analysis of Two 8-Bit Floating-Point- based Piecewise Uniform Quantizers for a Laplacian Data Source,” Elektronika ir Elektrotechnika, vol. 31, no. 1, pp. 56–61, Feb. 2025

    work page 2025

  12. [12]

    HOTP: An HMAC-Based One-Time Password Algorithm,

    D. M’Raihi, F. Hoornaert, D. Naccache, M. Bellare, and O. Ranen, “HOTP: An HMAC-Based One-Time Password Algorithm,” Internet Engineering Task Force, Request for Comments RFC 4226, Dec. 2005

    work page 2005

  13. [13]

    Cryptographic Extraction and Key Derivation: The HKDF Scheme,

    H. Krawczyk, “Cryptographic Extraction and Key Derivation: The HKDF Scheme,” inAdvances in Cryptology – CRYPTO 2010, T. Ra- bin, Ed. Berlin, Heidelberg: Springer, 2010, pp. 631–648

    work page 2010

  14. [14]

    Chaskey: An Efficient MAC Algorithm for 32-bit Microcontrollers,

    N. Mouha, B. Mennink, A. V . Herrewege, D. Watanabe, B. Preneel, and I. Verbauwhede, “Chaskey: An Efficient MAC Algorithm for 32-bit Microcontrollers,” 2014

    work page 2014

  15. [15]

    Constraining Attacker Capabilities Through Actuator Saturation,

    S. H. Kafash, J. Giraldo, C. Murguia, A. A. Cardenas, and J. Ruths, “Constraining Attacker Capabilities Through Actuator Saturation,” in2018 Annual American Control Conference (ACC). Milwaukee, Wisconsin, USA: IEEE, Jun. 2018, pp. 986–991

    work page 2018

  16. [16]

    Floating-point arithmetic in signal processing,

    J. Kontro, K. Kalliojarvi, and Y . Neuvo, “Floating-point arithmetic in signal processing,” in[Proceedings] 1992 IEEE International Symposium on Circuits and Systems, vol. 4. San Diego, California, USA: IEEE, May 1992, pp. 1784–1791 vol.4

    work page 1992

  17. [17]

    Stealthy Adversaries Against Uncertain Cyber-Physical Systems: Threat of Robust Zero-Dynamics Attack,

    G. Park, C. Lee, H. Shim, Y . Eun, and K. H. Johansson, “Stealthy Adversaries Against Uncertain Cyber-Physical Systems: Threat of Robust Zero-Dynamics Attack,”IEEE Transactions on Automatic Control, vol. 64, no. 12, pp. 4907–4919, Dec. 2019

    work page 2019