Sensor and Process Fingerprinting in Industrial Control Systems

Presented at Black Hat USA 2019, Aug. 7, 2019, 1:30 p.m. (50 minutes)

Critical infrastructure, such as electricity and water distribution, is heavily dependent on automated control. The security of these cyber-physical systems is vital for the normal functioning of modern societies; attacks to those infrastructures can result in damage to the physical world and potentially harm human lives. In this talk we revisit some common cyber and cyber-physical attack vectors to critical infrastructure and defense strategies. We demonstrate how noise in industrial sensors and their inherent processes can be used to detect both cyber and physical attacks. We will show videos of attacks and defenses taken in a realistic and state-of-the-art water treatment testbed (SWaT) hosted by the Singapore University of Technology and Design. In particular, we will show how man-in-the-middle attacks can tamper with critical sensor data and cause unwanted behavior in the plant, as well as how physically tampering with sensors results in attacks. We will briefly review defense strategies against such attacks, including the use of physical invariants and process models. Next, we will illustrate how building a model based on the noise profile of both sensors and process can effectively detect the attacks illustrated. Sensors (such as ultrasonic distance sensors) have microscopic differences that make them produce slightly different noise patterns. Using noise for identification has been explored in other fields (predominantly in mobile phones) but has yet to be investigated in the context of CPS. We show that sensor noise can be a powerful sensor data authentication tool, especially in combination with model-based defenses.

Presenters:

• Mujeeb Ahmed Chuadhry - PhD Student, Singapore University of Technology and Design
  Chuadhry Mujeeb Ahmed is currently a final year PhD student at Singapore University of Technology and Design. His research interests are Cyber Physical Systems Security, IoT Security, Hardware Security and Wireless and, Multimedia Communications. Prior to that he received the BS Communication Systems Engineering degree, from Institute of Space Technology Islamabad, Pakistan. After working sometime in industry and academia, he enrolled at Seoul National University South Korea for MS in Electrical Engineering with a focus on 4G wireless networks. Upon graduation from SNU, he joined HITEC University Pakistan as a lecturer in Department of Electrical Engineering.
• Martin Ochoa - Principal Security Researcher, Cyxtera Technologies
  Martin Ochoa is a Principal Security Research at Cyxtera Technologies. He holds a PhD in Computer Science from the TU Dortmund (Germany), and M.Sc. and B.Sc. degrees in math and systems engineering. He has published over 40 scientific papers in Cybersecurity. Previous to his current appointment he was assistant professor at the Universidad del Rosario, the Singapore University of Technology and Design, post-doctoral researcher at the TU München and researcher at Siemens.

Links:

• https://www.blackhat.com/us-19/briefings/schedule/#sensor-and-process-fingerprinting-in-industrial-control-systems-16102
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2019/Sensor and Process Fingerprinting in Industrial Control Systems.mp4
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2019/Sensor and Process Fingerprinting in Industrial Control Systems.en.transcribed.srt (subtitles)
• https://www.youtube.com/watch?v=JW5svIOMkMI

Similar Presentations:

• May Contain Hackers (MCH2022) / Honey, let's hack the kitchen: attacks on critical and not-so-critical cyber physical systems
• Black Hat USA 2013 / Compromising Industrial Facilities From 40 Miles Away
• The Circle Of HOPE (2018) / Sensors Everywhere! What's Available, How They Work, and How You Can Use Them