Device 'fingerprints' could help protect power grid, other industrial systems

February 29, 2016
Georgia Tech researchers have developed a device fingerprinting technique that could improve the security of the electrical grid and other industrial systems. The system would be used in electrical substations like this one. Credit: Fitrah Hamid, Georgia Tech

Human voices are individually recognizable because they're generated by the unique components of each person's voice box, pharynx, esophagus and other physical structures.

Researchers are using the same principle to identify devices on control networks, using their unique electronic "voices" - fingerprints produced by the devices' individual physical characteristics - to determine which signals are legitimate and which signals might be from attackers. A similar approach could also be used to protect networked industrial control systems in oil and gas refineries, manufacturing facilities, wastewater treatment plants and other critical industrial systems.

The research, reported February 23 at the Network and Distributed System Security Symposium in San Diego, was supported in part by the National Science Foundation (NSF). While device fingerprinting isn't a complete solution in itself, the technique could help address the unique security challenges of the electrical grid and other cyber-physical systems. The approach has been successfully tested in two electrical substations.

"We have developed fingerprinting techniques that work together to protect various operations of the to prevent or minimize spoofing of packets that could be injected to produce false data or false control commands into the system," said Raheem Beyah, an associate professor in the School of Electrical and Computer Engineering at the Georgia Institute of Technology. "This is the first technique that can passively fingerprint different devices that are part of critical infrastructure networks. We believe it can be used to significantly improve the security of the grid and other networks."

Georgia Tech researchers have developed a device fingerprinting technique that could improve the security of the electrical grid and other industrial systems. The system would be used in electrical substations like this one. Credit: Fitrah Hamid, Georgia Tech

The networked systems controlling the U.S. electrical grid and other industrial systems often lack the ability to run modern encryption and authentication systems, and the legacy systems connected to them were never designed for networked security. Because they are distributed around the country, often in remote areas, the systems are also difficult to update using the "patching" techniques common in computer networks. And on the electric grid, keeping the power on is a priority, so security can't cause delays or shutdowns.

"The stakes are extremely high, but the systems are very different from home or office computer networks," said Beyah. "It is critical that we secure these systems against attackers who may introduce false data or issue malicious commands."

Beyah, his students, and colleagues in Georgia Tech's George W. Woodruff School of Mechanical Engineering set out to develop security techniques that take advantage of the unique of the grid and the consistent type of operations that take place there.

For instance, control devices used in the power grid produce signals that are distinctive because of their unique physical configurations and compositions. Security devices listening to signals traversing the grid's control systems can differentiate between these legitimate devices and signals produced by equipment that's not part of the system.

Another aspect of the work takes advantage of simple physics. Devices such as circuit breakers and electrical protection systems can be told to open or close remotely, and they then report on the actions they've taken. The time required to open a breaker or a valve is determined by the physical properties of the device. If an acknowledgement arrives too soon after the command is issued - less time than it would take for a breaker or valve to open, for instance - the security system could suspect spoofing, Beyah explained.

To develop the device fingerprints, the researchers, including mechanical engineering assistant professor Jonathan Rogers, have built computer models of utility grid devices to understand how they operate. Information to build the models came from "black box" techniques - watching the information that goes into and out of the system - and "white box" techniques that utilize schematics or physical access to the systems.

"Device fingerprinting is a unique signature that indicates the identity of a specific device, or device type, or an action associated with that device type," Beyah explained. "We can use physics and mathematics to analyze and build a model using first principles based on the devices themselves. Schematics and specifications allow us to determine how the devices are actually operating."

The researchers have demonstrated the technique on two electrical substations, and plan to continue refining it until it becomes close to 100 percent accurate. Their current technique addresses the protocol used for more than half of the devices on the electrical grid, and future work will include examining application of the method to other protocols.

Because they also include devices with measurable physical properties, Beyah believes the approach could have broad application to securing industrial control systems used in manufacturing, oil and gas refining, wastewater treatment and other industries. Beyond industrial controls, the principle could also apply to the Internet of Things (IoT), where the devices being controlled have specific signatures related to switching them on and off.

"All of these IoT devices will be doing physical things, such as turning your air-conditioning on or off," Beyah said. "There will be a physical action occurring, which is similar to what we have studied with valves and actuators."

Explore further: Combined cyber and physical security system for charging electric vehicles

More information: David Formby, Preethi Srinivasan, Andrew Leonard, Jonathan Rogers and Raheem Beyah, "Who's in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems," (NDSS 2016). DOI: 10.14722/ndss.2016.23142.

Related Stories

Really, what is the internet of things?

November 13, 2015

The Internet of Things, IoT, the cloud, big data...buzzwords for the modern age. But, asks Won Kim, Jaehyuk Choi and colleagues in the Department of Software at Gachon University, in Gyeonggi-do, South Korea: Is the IoT actually ...

Recommended for you

Inferring urban travel patterns from cellphone data

August 29, 2016

In making decisions about infrastructure development and resource allocation, city planners rely on models of how people move through their cities, on foot, in cars, and on public transportation. Those models are largely ...

How machine learning can help with voice disorders

August 29, 2016

There's no human instinct more basic than speech, and yet, for many people, talking can be taxing. 1 in 14 working-age Americans suffer from voice disorders that are often associated with abnormal vocal behaviors - some of ...

Apple issues update after cyber weapon captured

August 26, 2016

Apple iPhone owners on Friday were urged to install a quickly released security update after a sophisticated attack on an Emirati dissident exposed vulnerabilities targeted by cyber arms dealers.

12 comments

Adjust slider to filter visible comments by rank

Display comments: newest first

gkam
1 / 5 (7) Feb 29, 2016
How will this system adapt to changes in those particular characteristics caused by changes in springs, or temperature, or wear?
Uncle Ira
4 / 5 (8) Feb 29, 2016
@ glam-Skippy. How you are? I am fine me, thanks for asking.

This is not me being mean or making a personal attack. This is me talking about the technical and science stuffs,,,,,,,,,

How will this system adapt to changes in those particular characteristics caused by changes in springs, or temperature, or wear?


The same way they already been doing that for years and years. They keep track of the little bitty tiny differences that accumulate each day over time and make the necessary accounting of it. They do it with with everything from GPS and communication satellites to ocean navigation buoys to car engine parts to all sorts of things. You can build sensors and algorithms to keep track and adjust for just about anything.

Us in the business of mechanical things know about this stuffs. Armchair goobers don't.
gkam
1.6 / 5 (7) Feb 29, 2016
Ira, you do not know how it happens, you are guessing. Tell me about SCADA and its problems.

Do you have accountants keeping track of the changes in a half-million devices?
Uncle Ira
4.5 / 5 (8) Feb 29, 2016
Ira, you do not know how it happens, you are guessing.
I am not guessing. Everything I just said is true. You would know all about that sort of stuffs if you actually read some the articles about technology here on the physorg.

Tell me about SCADA and its problems.
Why you don't look it up for your self. I only have a certain amount of letters and certain amount of time to spend here and I don't intend to use it looking up stuffs for you. You said you don't have to go to work anymore, you should have plenty of time to read up all about it.

Do you have accountants keeping track of the changes in a half-million devices?
Well us in the business don't call them accountants but I suppose a goober who doesn't know about them things might call them that. But to answer your question, yeah we got micro-controllers and data recorders that track the changes in a lot more than half of a million devices, more like millions and millions and millions and more millions.
Whydening Gyre
4.5 / 5 (8) Feb 29, 2016
Ira, you do not know how it happens, you are guessing. Tell me about SCADA and its problems.

Do you have accountants keeping track of the changes in a half-million devices?

It's also why we have inspectors and mechanics...
gkam
1.6 / 5 (7) Feb 29, 2016
We are speaking of the Internet of Things, essentially.

It will have to be done automatically, with those trends of each device built-in, and deviations tracked. Not an easy task, which was my point.
Uncle Ira
3.9 / 5 (7) Feb 29, 2016
It will have to be done automatically, with those trends of each device built-in, and deviations tracked.
We already do it with other stuffs, a lot of other stuffs Cher, no reason it can't be done with the grid.

Not an easy task, which was my point.
A person not in the business of things like would not know it is pretty easy. Tracking of hundreds of satellites second by second. Thousands and thousands and more thousands of UPS and FedEx trucks feet by feet and second by second. Millions of cars are doing it all day every day, they just aren't wired together. Millions and millions of shipping containers all across the world inch by inch second by second all the time. Cell phones by gazillion, 24/7,,,, the list goes on and on.

Cher you need to get out of the 70's and 80's and into the 20 plus 1 century.
gkam
1 / 5 (7) Feb 29, 2016
Ira, you are on a mud boat, and have not worked with technical electronics at the system level. You blabber these things like " a lot more than half of a million devices, more like millions and millions and millions and more millions.". I appreciate your ability to narrow it down like that.

Until you have worked with computer-controlled devices on such a level, stop pretending you know about it. This is a science site, and needs more than "millions and millions and millions".
Uncle Ira
3.9 / 5 (7) Feb 29, 2016
Ira, you are on a mud boat, and have not worked with technical electronics at the system level.
Skippy, it is a towboat, and yes I have worked with things, and obviously you have not.

You blabber these things like " a lot more than half of a million devices, more like millions and millions and millions and more millions.". I appreciate your ability to narrow it down like that.
But what I said is true. I appreciate your ability to pretend that you are not embarrassed to get caught blurting a wrong thing,,, AGAIN.

Until you have worked with computer-controlled devices on such a level, stop pretending you know about it.
I have and do and you should quit pretending you know what I might know and what I might not know. So far you have been about 99% wrong on that.

This is a science site, and needs more than "millions and millions and millions".
Says the King of the Slogans and Sarah Palin wannabe.
TheGhostofOtto1923
4.4 / 5 (7) Feb 29, 2016
Ira, you do not know how it happens, you are guessing. Tell me about SCADA and its problems
Translation: "Im obviously an expert (and you know nothing) because I can drop acronyms with ease."

When conversing with a psychopath it helps to know the lingo.
Lord_jag
3 / 5 (2) Feb 29, 2016
He does have a point though. VERY often there are replacement parts with different characteristics substituted for historically available ones.

For instance, a solid state relay could replace a magnetic switch relay. It'll do the job far better, have no moving parts, switch faster and last longer, but all those things would change the "fingerprint"

Parts are going obsolete all the time. Not every change is predicted by the engineering team.
inforcb2
not rated yet Mar 01, 2016
DOI: 10.14722/ndss.2016.23142. IT'S NOT RIGHT
PLEASE RIGHT LINK TO PAPER

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.