Sensor and Process Fingerprinting in Industrial Control Systems

Sensor and Process Fingerprinting in Industrial Control Systems

Critical infrastructure, such as electricity and water distribution, is heavily dependent on automated control. The security of these cyber-physical systems is vital for the normal functioning of modern societies; attacks to those infrastructures can result in damage to the physical world and potentially harm human lives. In this talk we revisit some common cyber and cyber-physical attack vectors to critical infrastructure and defense strategies. We demonstrate how noise in industrial sensors and their inherent processes can be used to detect both cyber and physical attacks. We will show videos of attacks and defenses taken in a realistic and state-of-the-art water treatment testbed (SWaT) hosted by the Singapore University of Technology and Design. In particular, we will show how man-in-the-middle attacks can tamper with critical sensor data and cause unwanted behavior in the plant, as well as how physically tampering with sensors results in attacks. We will briefly review defense strategies against such attacks, including the use of physical invariants and process models. Next, we will illustrate how building a model based on the noise profile of both sensors and process can effectively detect the attacks illustrated. Sensors (such as ultrasonic distance sensors) have microscopic differences that make them produce slightly different noise patterns. Using noise for identification has been explored in other fields (predominantly in mobile phones) but has yet to be investigated in the context of CPS. We show that sensor noise can be a powerful sensor data authentication tool, especially in combination with model-based defenses.

Presented by