Human voices are individually recognizable because they’re generated by the unique components of each person’s voice box, pharynx, esophagus and other physical structures.
Researchers are using the same principle to identify devices on electrical grid control networks, using their unique electronic “voices” – fingerprints produced by the devices’ individual physical characteristics – to determine which signals are legitimate and which signals might be from attackers. A similar approach could also be used to protect networked industrial control systems in oil and gas refineries, manufacturing facilities, wastewater treatment plants and other critical industrial systems.
The research, reported February 23 at the Network and Distributed System Security Symposium in San Diego, was supported in part by the National Science Foundation (NSF). While device fingerprinting isn’t a complete solution in itself, the technique could help address the unique security challenges of the electrical grid and other cyber-physical systems. The approach has been successfully tested in two electrical substations.
“We have developed fingerprinting techniques that work together to protect various operations of the power grid to prevent or minimize spoofing of packets that could be injected to produce false data or false control commands into the system,” said Raheem Beyah, an associate professor in the School of Electrical and Computer Engineering at the Georgia Institute of Technology. “This is the first technique that can passively fingerprint different devices that are part of critical infrastructure networks. We believe it can be used to significantly improve the security of the grid and other networks.”
The networked systems controlling the U.S. electrical grid and other industrial systems often lack the ability to run modern encryption and authentication systems, and the legacy systems connected to them were never designed for networked security. Because they are distributed around the country, often in remote areas, the systems are also difficult to update using the “patching” techniques common in computer networks. And on the electric grid, keeping the power on is a priority, so security can’t cause delays or shutdowns.
“The stakes are extremely high, but the systems are very different from home or office computer networks,” said Beyah. “It is critical that we secure these systems against attackers who may introduce false data or issue malicious commands.”
Beyah, his students, and colleagues in Georgia Tech’s George W. Woodruff School of Mechanical Engineering set out to develop security techniques that take advantage of the unique physical properties of the grid and the consistent type of operations that take place there.
For instance, control devices used in the power grid produce signals that are distinctive because of their unique physical configurations and compositions. Security devices listening to signals traversing the grid’s control systems can differentiate between these legitimate devices and signals produced by equipment that’s not part of the system.
Another aspect of the work takes advantage of simple physics. Devices such as circuit breakers and electrical protection systems can be told to open or close remotely, and they then report on the actions they’ve taken. The time required to open a breaker or a valve is determined by the physical properties of the device. If an acknowledgement arrives too soon after the command is issued – less time than it would take for a breaker or valve to open, for instance – the security system could suspect spoofing, Beyah explained.
To develop the device fingerprints, the researchers, including mechanical engineering assistant professor Jonathan Rogers, have built computer models of utility grid devices to understand how they operate. Information to build the models came from “black box” techniques – watching the information that goes into and out of the system – and “white box” techniques that utilize schematics or physical access to the systems.
“Device fingerprinting is a unique signature that indicates the identity of a specific device, or device type, or an action associated with that device type,” Beyah explained. “We can use physics and mathematics to analyze and build a model using first principles based on the devices themselves. Schematics and specifications allow us to determine how the devices are actually operating.”
The researchers have demonstrated the technique on two electrical substations, and plan to continue refining it until it becomes close to 100 percent accurate. Their current technique addresses the protocol used for more than half of the devices on the electrical grid, and future work will include examining application of the method to other protocols.
Because they also include devices with measurable physical properties, Beyah believes the approach could have broad application to securing industrial control systems used in manufacturing, oil and gas refining, wastewater treatment and other industries. Beyond industrial controls, the principle could also apply to the Internet of Things (IoT), where the devices being controlled have specific signatures related to switching them on and off.
“All of these IoT devices will be doing physical things, such as turning your air-conditioning on or off,” Beyah said. “There will be a physical action occurring, which is similar to what we have studied with valves and actuators.”
Learn more: Device “Fingerprints” Could Help Protect Power Grid, Other Industrial Systems
The Latest on: Electronic device fingerprints
[google_news title=”” keyword=”electronic device fingerprints” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
via Google News
The Latest on: Electronic device fingerprints
- LIVE UPDATES | Alex Cox’s fingerprints found on plastic surrounding JJ Vallow’s body, forensic scientist testifieson May 8, 2024 at 7:20 am
LIVE UPDATES FROM THE CHAD DAYBELL TRIAL CLICK HERE TO WATCH THE TRIAL LIVE Please excuse the typos. These are live updates from the courtroom. WARNING: GRAPHIC DETAILS ARE CONTAINED IN THIS STORY ...
- Pixel 8A vs. Pixel 8: How Their Cameras, Batteries and Other Key Specs Compareon May 7, 2024 at 10:19 am
The Pixel 8, by comparison, has a 50-megapixel Octa PD wide camera, with a 1.68 aperture and the same 8x Super Res Zoom. The accompanying 12-megapixel ultrawide camera also has a 2.2 aperture and lens ...
- DFG project NANOSEC2: More secure “fingerprints” through more chanceon May 7, 2024 at 7:33 am
During the production of chips for sensors, minimal, unwanted deviations occur that make the chip unique and can serve as a “fingerprint” for identification. In the Nanosec2 project, researchers at ...
- Why not clean your laptop this bank hol – because it’s probably disgustingon May 6, 2024 at 4:24 am
The May bank holiday can be hit or miss with rainy weather – so why not take this time to clean your laptop? In fact, if you think about it, when was the last time you actually did? The surface may be ...
- The Best Electronic Keypad Door Lockon May 5, 2024 at 5:09 pm
An electronic lock opens via a code entered into a keypad or touchscreen. It’s keyless convenience but stops short of device connectivity ... smudged, so fingerprints don’t just sit ...
- Three-judge panel says cops can force you to unlock your phone using your fingerprint or faceon April 27, 2024 at 2:46 pm
An appeals court ruling with limited reach allows cops to force suspects to unlock their phones using fingerprint or facial recognition.
- The best places to find pre-Memorial Day appliance dealson April 26, 2024 at 12:47 pm
Have you seen all of the new features bundled into the latest refrigerators, ranges, dishwashers, microwaves, washers and dryers? With all of the most popular appliance brands hosting pre-Memorial Day ...
- Stop Using Your Face or Thumb to Unlock Your Phoneon April 26, 2024 at 12:16 pm
The laws surrounding 5th Amendment protections and biometric passwords are still undecided, so just turn it off.
- Appeals Court Rules That Cops Can Physically Make You Unlock Your Phoneon April 19, 2024 at 5:50 am
And one can argue that fingerprinting a suspect as they're ... to all instances where a biometric is used to unlock an electronic device." But, he adds, "the outcome…may have been different ...
- Home Comms: Disney+ Aims To Boost Streamer Subs With Password Crackdownon January 17, 2024 at 4:00 pm
Media analysts think the company will use IP addresses and device fingerprinting techniques to detect accounts ... are designed to reduce electronic waste and standardise how devices are charged.
via Bing News