Welcome to the Interactive Agenda for the 2016 ICS Cyber Security Conference! (View the full ICS Cyber Security Conference website here)  This agenda is currently a work in progress, please check back often as our team is making upates DAILY. (You can register for the conference here)
Tuesday, October 25 • 3:30pm - 4:15pm
Enhanced ICS/SCADA Security Using Field Device Fingerprints Composed of WS-DNA Features

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Protecting Critical Infrastructure and Key Resources (CIKR) of the United States emerged as a national priority [Oba13] and simple adaptation of Information Technology (IT) security solutions for Industrial Control System (ICS) applications presents certain technical challenges for the cybersecurity community.

Results here expand upon AFIT’s PHY-based Level 0 protection strategy that was first introduced by researchers in [LoT14, LTM15]. These early works demonstrated a promising proof-of- concept capability for a Level 0 (physical end-device) anomaly detection scheme that aims to improve cyber-physical system resilience using device fingerprints composed of Wired Signal Distinct Native Attribute (WS-DNA) features. The WS-DNA features were extracted from WS responses of differential pressure transmitters employing smart sensor technology to control and monitor an experimental automated control process.

AFIT’s WS-DNA exploitation capability has been expanded, with results here based on field devices from four different manufacturers (Siemens, Yokogawa, Honeywell and Endress+Hauser) implementing the Highway Addressable Remote Transducer (HART) protocol. The aim is on discovering discriminable PHY features from the Frequency Shift Keyed (FSK) signals used for closed-loop control. Discriminability is assessed for a multi-state problem using each of the manufacturer devices operating under two different conditions. Manufacturer and operating state discrimination results include percent correct classification of %C ≥ 90% for both manufacturer (cross-model) and serial number (like-model) assessments. Thus, Level 0 WS-DNA processing is promising for discriminating field device manufacturer/operating state and remains a viable alternative for securing ICS operations. 

avatar for Juan Lopez Jr.

Juan Lopez Jr.

Cybersecurity Research Engineer, Air Force Institute of Technology
US Air Force Institute of Technology

Tuesday October 25, 2016 3:30pm - 4:15pm EDT
Breakout 1 (Salon 1,2,3)