Advertisement

Exploitation of HART Wired Signal Distinct Native Attribute (WS-DNA) Features to Verify Field Device Identity and Infer Operating State

  • Juan LopezJr.Email author
  • Michael A. Temple
  • Barry E. Mullins
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8985)

Abstract

Infusion of Information Technology (IT) into Industrial Control System (ICS) applications has increased Critical Infrastructure Protection (CIP) challenges. A layered security strategy is addressed that exploits Physical (PHY) features to verify field device identity and infer normal-anomalous operating state using Distinct Native Attribute (DNA) features. The goal is inferential confirmation that Human Machine Interface (HMI) indicated conditions match the system’s true physical state. Feasibility is shown using Wired Signal DNA (WS-DNA) from Highway Addressable Remote Transducer (HART) enabled field devices. Results are based on experiments using an instrumented Process Control System (PCS) with smart field devices communicating via wired HART. Results are presented for two field devices operating at two different set-points and suggest that the WS-DNA technical approach is promising for inferring device physical state.

Keywords

CIP ICS HART DNA Anomaly detection Process control 

References

  1. 1.
    Cobb, W.E., et al.: Physical layer identification of embedded devices using RF-DNA fingerprinting. In: Military Communications Conference, pp. 2168–2173 (2010)Google Scholar
  2. 2.
    Lopez Jr., J., Temple, M.A.: Inferring field device identity and operating state using physical features of highway addressable remote transducer (HART) signals. In: 9th International Conference on Critical Information Infrastructures Security, Limassol, October 2014Google Scholar
  3. 3.
    Reising, D.R. et al.: Gabor-based RF-DNA fingerprinting for classifying 802.16e WiMAX mobile subscribers. In: International Conference on Computing, Networking and Communications, January 2012Google Scholar
  4. 4.
    Suski II, W.M., et al.: Using spectral fingerprints to improve wireless network security. In: IEEE Global Communications Conference, New Orleans (2008)Google Scholar
  5. 5.
    Williams, M.D., et al.: Augmenting bit-level network security using physical layer RF-DNA fingerprinting. In: IEEE Global Communications Conference, December 2010Google Scholar
  6. 6.
    Cobb, W., et al.: Intrinsic physical layer authentication of ICs. IEEE Trans. Inf. Forensics Secur. 2(4), 793–808 (2011)MathSciNetGoogle Scholar
  7. 7.
    Stone, S., Temple, M.: RF-based anomaly detection for programmable logic controllers in the critical infrastructure. Int. J. Crit. Infrastruct. Prot. 5(2), 66–73 (2012)CrossRefGoogle Scholar
  8. 8.
    Igure, V., Laughter, S., Williams, R.: Security issues in SCADA networks. Comput. Secur. 25, 498–506 (2006)CrossRefGoogle Scholar
  9. 9.
    Rameback, C.: Process automation systems history and future. In: IEEE Conference on Emerging Technologies and Factory Automation (ETFA 2003), Lisbon (2003)Google Scholar
  10. 10.
    Stouffer, K., et al.: Guide to Industrial Control System (ICS) Security (Special Publication 800–82). Nat’l Inst of Stands and Tech, Gaithersburg (2013)Google Scholar
  11. 11.
    Parthasarathy, S., Kundur, D.: Bloom filter intrusion detection for smart grid SCADA. In: 25th IEEE Canadian Conference on Electrical and Computer Engineering, Montreal (2012)Google Scholar
  12. 12.
    Langner, R.: Robust Control System Networks: How to Achieve Reliable Control After Stuxnet. Momemtum Press, New York (2012)Google Scholar
  13. 13.
    Lewis, T.: Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation. Wiley, Hoboken (2006)CrossRefGoogle Scholar
  14. 14.
    Baker, S., Waterman, S., Ivanov, G.: In the Crossfire: Critical Infrastructure in the Age of Cyber War. McAfee Inc., Santa Clara (2010)Google Scholar
  15. 15.
    Powner, D., Rhodes, K.A.: Critical Infrastructure Protection: Multiple Efforts to Secure Control Systems Are Under Way, but Challenges Remain [GAO-07-1036]. Government Accounting Office, Washington, DC (2007)Google Scholar
  16. 16.
    Baker, S., et al.: In the Dark: Crucial Industries Confront Cyberattacks. McAfee, Santa Clara (2011)Google Scholar
  17. 17.
    Government Accountability Office, Cybersecurity national strategy, roles, and responsibilities need to be better defined and more effectively implemented (GAO-13-187). Government Printing Office, Washington, DC (2013)Google Scholar
  18. 18.
    Government Accountability Office, Critical infrastructure protection: Challenges in addressing cybersecurity (GAO-05-827T). GAO, Washington, DC (2005)Google Scholar
  19. 19.
    Chertoff, M.: National infrastructure protection plan: Partnering to enhance protection and resiliency (2009). www.dhs.gov/files/programs/editorial_0827.shtm
  20. 20.
    Northcote-Green, J., Wilson, R.: Control and Automation of Electrical Power Distribution Systems. Taylor and Francis, Boca Raton (2007)Google Scholar
  21. 21.
    Markey, E., Waxman, H.: Electric Grid Vulnerability: Industry Responses Reveal Security Gaps. US House of Representatives, Washington, DC (2013)Google Scholar
  22. 22.
    Leverett, E., Stajano, F., Crowcroft, J.: Quantitatively Assessing and Visualising Industrial System Attack Surfaces. University of Cambridge, Cambridge (2011)Google Scholar
  23. 23.
    Phillippe, J., Axelrod, J.: Industrial control system security,: Protecting your operational technology network from cyber attacks. Ernst and Young LLP (2012)Google Scholar
  24. 24.
    Government Accountability Office, Defense Critical Infrastructure: Actions needed to improve the identification and management of electrical power risks and vulnerabilities to DOD critical assets (GAO-10-147). Government Printing Office, Washington, DC (2009)Google Scholar
  25. 25.
    Abshier, J., Weiss, J.: Securing your control system, 22 November 2004. www.controlglobal.com/articles/2004/238.html?page=1
  26. 26.
    Liu, A.: Critical U.S. infrastructure at risk of cyber attack, experts warn, 22 March 2011. www.foxnews.com/scitech/201103/22/major-industries-vulnerable-cyber-attack/
  27. 27.
    Control Global, The Once & Future Protocol: HART is the Most Widely Used Communication Protocol in the Process Industries and the Best Choice for the Future, 11 September 2012. www.controlglobal.com/articles/2012/hart-future-protocol/?show=all
  28. 28.
    Akella, R., et al.: Analysis of information flow security in cyber physical systems. Int. J. Crit. Infrastruct. 3(3–4), 157–173 (2010)CrossRefGoogle Scholar
  29. 29.
    Campbell, R., Rrushi, J.: Detecting cyber attacks on nuclear power plants. In: IFIP Advances in Information and Communication Technology (AICT), vol. 290, pp. 1–54 (2011)Google Scholar
  30. 30.
    Solomakhin, R., Tsang, P., Smith, S.: High security with low latency in legacy SCADA systems. In: Moore, T., Shenoi, S. (eds.) Critical Infrastructure Protection IV, pp. 63–79. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  31. 31.
    Verba, J., Milvich, M.: Idaho national laboratory supervisory control and data acquisition intrusion detection system (IDS). In: IEEE Conference on Technologies for Homeland Security, pp. 469–473 (2008)Google Scholar
  32. 32.
    Parthasarathy, S., Kundur, D.: Bloom filter based intrusion detection for smart grid SCADA. In: IEEE Canadian Conference on Electrical and Computer Engineering, pp. 1–6 (2012)Google Scholar
  33. 33.
    Yang, Y., et al.: Rule-based intrusion detection system for SCADA networks. In: 2nd IET Renewable Power Generation Conference, pp. 1–4 (2013)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Juan LopezJr.
    • 1
    Email author
  • Michael A. Temple
    • 1
  • Barry E. Mullins
    • 1
  1. 1.Department of Electrical and Computer EngineeringUS Air Force Institute of TechnologyDaytonUSA

Personalised recommendations