skip to main content
10.1145/3274694.3274748acmotherconferencesArticle/Chapter ViewAbstractPublication PagesacsacConference Proceedingsconference-collections
research-article

Noise Matters: Using Sensor and Process Noise Fingerprint to Detect Stealthy Cyber Attacks and Authenticate sensors in CPS

Published: 03 December 2018 Publication History

Abstract

A novel scheme is proposed to authenticate sensors and detect data integrity attacks in a Cyber Physical System (CPS). The proposed technique uses the hardware characteristics of a sensor and physics of a process to create unique patterns (herein termed as fingerprints) for each sensor. The sensor fingerprint is a function of sensor and process noise embedded in sensor measurements. Uniqueness in the noise appears due to manufacturing imperfections of a sensor and due to unique features of a physical process. To create a sensor's fingerprint a system-model based approach is used. A noise-based fingerprint is created during the normal operation of the system. It is shown that under data injection attacks on sensors, noise pattern deviations from the fingerprinted pattern enable the proposed scheme to detect attacks. Experiments are performed on a dataset from a real-world water treatment (SWaT) facility. A class of stealthy attacks is designed against the proposed scheme and extensive security analysis is carried out. Results show that a range of sensors can be uniquely identified with an accuracy as high as 98%. Extensive sensor identification experiments are carried out on a set of sensors in SWaT testbed. The proposed scheme is tested on a variety of attack scenarios from the reference literature which are detected with high accuracy

References

[1]
Sridhar Adepu and Aditya Mathur. 2016. Distributed Detection of Single-Stage Multipoint Cyber Attacks in a Water Treatment Plant. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (ASIACCS '16). ACM, New York, NY, USA, 449--460.
[2]
C. M. Ahmed, A. Sridhar, and M. Aditya. 2016. Limitations of state estimation based cyber attack detection schemes in industrial control systems. In IEEE Smart City Security and Privacy Workshop, CPSWeek.
[3]
Chuadhry Mujeeb Ahmed and Aditya P. Mathur. 2017. Hardware Identification via Sensor Fingerprinting in a Cyber Physical System. In 2017 IEEE International Conference on Software Quality, Reliability and Security Companion (QRS-C). 517--524.
[4]
Chuadhry Mujeeb Ahmed, Carlos Murguia, and Justin Ruths. 2017. Model-based Attack Detection Scheme for Smart Water Distribution Networks. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (ASIACCS '17). ACM, New York, NY, USA, 101--113.
[5]
Chuadhry Mujeeb Ahmed, Martin Ochoa, Jianying Zhou, Aditya P. Mathur, Rizwan Qadeer, Carlos Murguia, and Justin Ruths. 2018. NoisePrint: Attack Detection Using Sensor and Process Noise Fingerprint in Cyber Physical Systems. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security (ASIACCS '18). ACM, New York, NY, USA, 483--497.
[6]
Karl J. Aström and Björn Wittenmark. 1997. Computer-controlled Systems (3rd Ed.). Prentice-Hall, Inc., Upper Saddle River, NJ, USA.
[7]
Alvaro Cardenas, Saurabh Amin, Bruno Sinopoli, Annarita Giani, Adrian Perrig, and Shankar Sastry. 2009. Challenges for securing cyber physical systems. In Workshop on future directions in cyber-physical systems security.5.
[8]
Defense Use Case. 2016. Analysis of the Cyber Attack on the Ukrainian Power Grid. (2016).
[9]
Chih-Chung Chang and Chih-Jen Lin. 2011. LIBSVM: A library for support vector machines. ACM Transactions on Intelligent Systems and Technology 2 (2011), 27:1--27:27. Issue 3. Software available at http://www.csie.ntu.edu.tw/cjlin/libsvm.
[10]
Yuqi Chen, Christopher M. Poskitt, and Jun Sun. 2018. Learning from Mutants: Using Code Mutation to Learn and Monitor Invariants of a Cyber-Physical System. IEEE Security and Privacy 2018 abs/1801.00903 (2018). arXiv:1801.00903 http://arxiv.org/abs/1801.00903
[11]
CNN. {n. d.}. Staged cyber attack reveals vulnerability in power grid. http://edition.cnn.com/2007/US/09/26/power.at.risk/index.html, year = 2007.
[12]
Boris Danev, Thomas S. Heydt-Benjamin, and Srdjan Čapkun. 2009. Physical-layer Identification of RFID Devices. In Proceedings of the 18th Conference on USENIX Security Symposium (SSYM'09). USENIX Association, Berkeley, CA, USA, 199--214. http://dl.acm.org/citation.cfm?id=1855768.1855781
[13]
Sanorita. Dey, Nirupam Roy, Wenyuan Xu, Romit Roy Choudhury, and Srihari Nelakuditi. 2014. Accelprint: Imperfections of accelerometers make smartphones trackable. In Network and Distributed System Security Symposium (NDSS).
[14]
N. Falliere, L.O. Murchu, and E. Chien. 2011. W32 Stuxnet Dossier. Symantec, version 1.4. https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf.
[15]
David Formby, Preethi Srinivasan, Andrew Leonard, Jonathan Rogers, and Raheem Beyah. 2016. Who's in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems. In NDSS.
[16]
Jonathan Goh, Sridhar Adepu, Khurum Nazir Junejo, and Aditya Mathur. 2017. A Dataset to Support Research in the Design of Secure Water Treatment Systems. In Critical Information Infrastructures Security, Grigore Havarneanu, Roberto Setola, Hypatia Nassopoulos, and Stephen Wolthusen (Eds.). Springer International Publishing, Cham, 88--99.
[17]
Dieter Gollmann and Marina Krotofil. 2016. Cyber-Physical Systems Security. Springer Berlin Heidelberg, Berlin, Heidelberg, 195--204.
[18]
Charles M. Grinstead. {n. d.}. Introduction to Probability. Swarthmore College J. Laurie Snell Dartmouth College. http://www.dartmouth.edu/~chance/teaching_aids/books_articles/probability_book/amsbook.mac.pdf
[19]
Roger A.Horn and Charles R. Johnson. 2012. Matrix Analysis (2nd ed.). Cambridge University Press, New York, NY, USA.
[20]
Abdulmalik Humayed, Jingqiang Lin, Fengjun Li, and Bo Luo. 2017. Cyber-Physical Systems Security - A Survey. CoRR abs/1701.04525 (2017). arXiv:1701.04525 http://arxiv.org/abs/1701.04525
[21]
Tadayoshi Kohno, Andre Broido, and KC Claffy. 2005. Remote physical device fingerprinting. IEEE Transactions on Dependable and Secure Computing 2, 2 (April 2005), 93--108.
[22]
Marina Krotofil, Alvaro A. Cárdenas, Bradley Manning, and Jason Larsen. 2014. CPS: Driving Cyber-physical Systems to Unsafe Operating Conditions by Timing DoS Attacks on Sensor Signals. In Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC '14). ACM, New York, NY, USA, 146--155.
[23]
Marina Krotofil, Jason Larsen, and Dieter Gollmann. 2015. The Process Matters: Ensuring Data Veracity in Cyber-Physical Systems. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIA CCS '15). ACM, New York, NY, USA, 133--144.
[24]
Edward A. Lee. 2008. Cyber Physical Systems: Design Challenges. In 2008 11th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC). 363--369.
[25]
Jan Lukas, Jessica Fridrich, and Miroslav Goljan. 2006. Digital camera identification from sensor pattern noise. IEEE Transactions on Information Forensics and Security 1, 2 (2006).
[26]
Aditya P. Mathur and Nils O. Tippenhauer. 2016. SWaT: a water treatment testbed for research and training on ICS security. In 2016 International Workshop on Cyber-physical Systems for Smart Water Networks (CySWater). 31--36.
[27]
Robert Mitchell and Ing-Ray Chen. 2014. A Survey of Intrusion Detection Techniques for Cyber-physical Systems. ACM Comput. Surv. 46, 4, Article 55 (March 2014), 29 pages.
[28]
Yilin Mo, Sean Weerakkody, and Bruno Sinopoli. 2015. Physical Authentication of Control Systems: Designing Watermarked Control Inputs to Detect Counterfeit Sensor Outputs. IEEE Control Systems 35, 1 (Feb 2015), 93--109.
[29]
Sue B. Moon, Paul Skelly, and Don Towsley. 1999. Estimation and removal of clock skew from network delay measurements. In INFOCOM '99. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE, Vol. 1. 227--234 vol.1.
[30]
Mujeeb Ahmed, Aditya Mathur, and Martin Ochoa. 2017. NoiSense: Detecting Data Integrity Attacks on Sensor Measurements using Hardware based Fingerprints. ArXiv e-prints (Dec. 2017). arXiv:cs.CR/1712.01598
[31]
Carlos Murguia and Justin Ruths. 2016. Characterization of a CUSUM modelbased sensor attack detector. In 2016 IEEE 55th Conference on Decision and Control (CDC). 1303--1309.
[32]
P. Van Overschee and B. De Moor. 1996. Subspace Identification for Linear Systems: theory, implementation, applications. Boston: Kluwer Academic Publications (1996).
[33]
Youngseok Park, Yunmok Son, Hocheol Shin, Dohyun Kim, and Yongdae Kim. 2016. This Ain't Your Dose: Sensor Spoofing Attack on Medical Infusion Pump. In 10th USENIX Workshop on Offensive Technologies (WOOT 16). USENIX Association, Austin, TX. https://www.usenix.org/conference/woot16/workshop-program/presentation/park
[34]
Vern Paxson. 1998. On Calibrating Measurements of Packet Transit Times. In Proceedings of the 1998 ACM SIGMETRICS Joint International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS '98/PERFORMANCE '98). ACM, New York, NY, USA, 11--21.
[35]
Jay Prakash and Mujeeb Ahmed. 2017. Can You See Me On Performance of Wireless Fingerprinting in a Cyber Physical System. In 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE). 163--170.
[36]
Qadeer R., Murguia C.and Ahmed C.M., and Ruths J. 2017. Multistage Downstream Attack Detection in a Cyber Physical System. In CyberICPS Workshop 2017, in conjunction with ESORICS 2017.
[37]
Sakthi V. Radhakrishnan, Selcuk Uluagac, and Raheem Beyah. 2015. GTID: A Technique for Physical Device and Device Type Fingerprinting. IEEE Transactions on Dependable and Secure Computing 12, 5 (Sept 2015), 519--532.
[38]
Hocheol Shin, Yunmok Son, Youngseok Park, Yujin Kwon, and Yongdae Kim. 2016. Sampling Race: Bypassing Timing-based Analog Active Sensor Spoofing Detection on Analog-digital Systems. In Proceedings of the 10th USENIX Conference on Offensive Technologies (WOOT'16). USENIX Association, Berkeley, CA, USA, 200--210. http://dl.acm.org/citation.cfm?id=3027019.3027037
[39]
Yasser Shoukry, Paul Martin, Yair Yona, Suhas Diggavi, and Mani Srivastava. 2015. PyCRA: Physical Challenge-Response Authentication For Active Sensors Under Spoofing Attacks. In Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security (CCS '15). ACM, New York, NY, USA, 1004--1015.
[40]
Yunmok Son, Hocheol Shin, Dongkwan Kim, Youngseok Park, Juhwan Noh, Kibum Choi, Jungwoo Choi, and Yongdae Kim. 2015. Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors. In Proceedings of the 24th USENIX Conference on Security Symposium (SEC'15). USENIX Association, Berkeley, CA, USA, 881--896. http://dl.acm.org/citation.cfm?id=2831143.2831199
[41]
Adepu Sridhar and Mathur Aditya. 2016. Generalized Attacker and Attack Models for Cyber Physical Systems. In 40th IEEE COMPSAC.
[42]
Siddharth Sridhar, Adam Hahn, and Manimaran Govindarasu. 2012. Cyber Physical System Security for the Electric Power Grid. Proc. IEEE 100, 1 (Jan 2012), 210--224.
[43]
Timothy Trippel, Ofir Weisse, Wenyuan Xu, Peter Honeyman, and Kevin Fu. 2017. WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks. In 2017 IEEE European Symposium on Security and Privacy (EuroS P). 3--18.
[44]
David I Urbina, Jairo A Giraldo, Alvaro A Cardenas, Nils Ole Tippenhauer, Junia Valente, Mustafa Faisal, Justin Ruths, Richard Candell, and Henrik Sandberg. 2016. Limiting the impact of stealthy attacks on industrial control systems. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1092--1105.
[45]
Xiukun Wei, Michel Verhaegen, and Tim van Engelen. 2010. Sensor fault detection and isolation for wind turbines based on subspace identification and Kalman filter techniques. International Journal of Adaptive Control and Signal Processing 24, 8 (2010), 687--707.
[46]
Shoukry Yasser, Martin Paul, Tabuada Paulo, and Srivastava Mani. 2013. Noninvasive Spoofing Attacks for Anti-lock Braking Systems. In CHES, Springer Link, Vol. 8086. 55--72.

Cited By

View all
  • (2024)On Practical Realization of Evasion Attacks for Industrial Control SystemsProceedings of the 2024 Workshop on Re-design Industrial Control Systems with Security10.1145/3689930.3695213(9-25)Online publication date: 20-Nov-2024
  • (2024)Diagnosis-guided Attack Recovery for Securing Robotic Vehicles from Sensor Deception AttacksProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3644997(915-929)Online publication date: 1-Jul-2024
  • (2024)Exposing Hidden Attackers in Industrial Control Systems Using Micro-DistortionsIEEE Transactions on Smart Grid10.1109/TSG.2023.330071015:2(2089-2101)Online publication date: Mar-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
ACSAC '18: Proceedings of the 34th Annual Computer Security Applications Conference
December 2018
766 pages
ISBN:9781450365697
DOI:10.1145/3274694
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

  • ACSA: Applied Computing Security Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 December 2018

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Attacks on Sensors
  2. Authentication
  3. CPS/ICS Security
  4. Cyber Physical Systems
  5. Device Fingerprinting
  6. Physical Attacks
  7. Security
  8. Sensor Fingerprinting
  9. Sensors and Actuators

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

ACSAC '18

Acceptance Rates

Overall Acceptance Rate 104 of 497 submissions, 21%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)101
  • Downloads (Last 6 weeks)10
Reflects downloads up to 18 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)On Practical Realization of Evasion Attacks for Industrial Control SystemsProceedings of the 2024 Workshop on Re-design Industrial Control Systems with Security10.1145/3689930.3695213(9-25)Online publication date: 20-Nov-2024
  • (2024)Diagnosis-guided Attack Recovery for Securing Robotic Vehicles from Sensor Deception AttacksProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3644997(915-929)Online publication date: 1-Jul-2024
  • (2024)Exposing Hidden Attackers in Industrial Control Systems Using Micro-DistortionsIEEE Transactions on Smart Grid10.1109/TSG.2023.330071015:2(2089-2101)Online publication date: Mar-2024
  • (2024)Physics-Aware Watermarking Embedded in Unknown Input Observers for False Data Injection Attack Detection in Cyber-Physical MicrogridsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.344723519(7824-7840)Online publication date: 2024
  • (2024) HoneyJudge : A PLC Honeypot Identification Framework Based on Device Memory Testing IEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.340752019(6028-6043)Online publication date: 2024
  • (2024)TranBF: Deep Transformer Networks and Bayesian Filtering for Time Series Anomalous Signal Detection in Cyber-physical Systems2024 IEEE International Conference on Multimedia and Expo (ICME)10.1109/ICME57554.2024.10687464(1-6)Online publication date: 15-Jul-2024
  • (2024)False Data Injection Detection in Nuclear Systems Using Dynamic Noise AnalysisIEEE Access10.1109/ACCESS.2024.342527012(94936-94949)Online publication date: 2024
  • (2024)AFMFKnowledge-Based Systems10.1016/j.knosys.2024.111912296:COnline publication date: 19-Jul-2024
  • (2024)Identification and analysis of stochastic deception attacks on cyber–physical systemsJournal of the Franklin Institute10.1016/j.jfranklin.2024.106774361:8(106774)Online publication date: May-2024
  • (2024)Hybrid Cyber-Attack Detection Model on Cyber-Physical Systems Using Machine Learning TechniquesProceedings of Data Analytics and Management10.1007/978-981-99-6547-2_16(197-214)Online publication date: 3-Jan-2024
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media