who s in control of your control system device
play

Whos In Control of Your Control System? Device Fingerprinting for - PowerPoint PPT Presentation

Jul 09, 2023 •272 likes •481 views

Whos In Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems David Formby , Preethi Srinivasan, Andrew Leonard, Jonathan Rogers, Raheem Beyah NDSS 2016 Presented by: Yi Zhang October 18 th , 2016 Cyber Physical

  1. Who’s In Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems David Formby , Preethi Srinivasan, Andrew Leonard, Jonathan Rogers, Raheem Beyah NDSS 2016 Presented by: Yi Zhang October 18 th , 2016

  2. Cyber Physical Systems (CPS) Cyber Physical Personal Computers Motors, pumps, CPS Mobile Phones Generators, Embedded Devices Valves, Relays…

  3. Cyber Physical Systems (CPS) • Home automaPon – LighPng, locks, thermostat, security system • Industrial control systems (ICS) – Power grid, water/sewage, oil/gas, manufacturing, supervisory control and data acquisiPon (SCADA) – Cyber-based compromise can lead to physical harm – Current ICS is filled with vulnerable, legacy devices

  4. Motivation • ICS are vulnerable to false data and command injecPons – push system into unsafe state, cause physical harm – Previous fingerprinPng work not suited for ICS – TradiPonal IDS have limitaPons Illustration of simple false data injection • CPS fingerprinPng helps defend against these a\acks

  5. Threat Model and Goals • Two a\acker models – Compromised node • Stuxnet – Physical access • Weak physical security • Goal – Develop accurate fingerprinPng methods to idenPfy what type of device the responses are originaPng from.

  6. CPS Fingerprinting in ICS • Data AcquisiPon FuncPons • Control FuncPons – Cross Layer Response Time – Physical fingerprinPng (CLRT) – EsPmate physical operaPon – EsPmate device processing Pme Pme – Black Box Model fingerprints – Black Box Model fingerprints – New class of fingerprinPng - White Box Modeling

  7. Cross-Layer Response Time (CLRT) • Fingerprints devices from data acquisiPon traffic • EsPmates device processing Pme – Time between TCP ACK and SCADA response – StaPc and unique distribuPon Adversary cannot simply respond faster • Fast links (100Mbps) with slow devices, to beat IED, must match the CLRT slow and regular traffic fingerprint

  8. CLRT Experiment • Use a real world dataset before and ader changes in the network • AddiPonal capture from another substaPon with different network architecture • CLRT measurements taken from DNP3 polling requests

  9. CLRT Results Same hardware, different software

  10. CLRT Results • Uses FF-ANN • Time slices as small as 5 mins – Average accuracy 93% • Supervised Bayes classifier performs even be\er • Unsupervised learning also works well

  11. CLRT Results • Network architecture found to have minimal effect Training Data – Original dataset Training Data – Original dataset Testing Data – Different substation Testing Data – Upgraded network

  12. Physical Fingerprinting • Fingerprint devices from control traffic • EsPmate physical operaPon Pme – Time between command packet and event Pmestamp – Requires Pme synchronizaPon • Black Box and White Box Adversary must guess what Methods event timestamp to respond with

  13. Physical Fingerprinting Setup • Relays – Typically used to open or close higher voltage circuits with a lower voltage signal. Common device in ICS and analogous to large scale circuit breakers Relays used in testbed, Testbed setup nearly identical specifications

  14. Physical Fingerprinting Results No obvious differences between Clear differences in Close Open operations due to nearly operations allow for device identical ratings. fingerprinting.

  15. Physical Fingerprinting Results

  16. White Box Modeling • Black Box Modeling somePmes infeasible – Operate infrequently, no physical access • Construct physical model and esPmate parameters Current in coil Magnetic field Coil Force Permanent magnet force Equation of motion

  17. White Box Modeling Results Reduced accuracy, but could be refined as true samples become available

  18. Robust Against Forgery • Two classes of adversary – Weak adversary : compromise one of the low powered devices – Strong adversary: gain physical access to the network • The adversary is assumed to have gathered accurate samples

  19. Conclusion • Novel passive fingerprinPng techniques for ICS – Data acquisiPon and control – 99% and 92% classificaPon accuracy – Inventory and complemenPng tradiPonal IDS – Resistant to simple mimicry a\acks • New class of fingerprinPng – White Box Models • Future work – Internet of Things, developing white box methods

  20. Discussion • What is the contribuPon of the paper? • What are the limitaPons of the paper? • How is ICS different from other systems? • How to improve the white box modeling?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Whos In Control of Your Control System? Device Fingerprin<ng for Cyber-Physical Systems David

Whos In Control of Your Control System? Device Fingerprin<ng for Cyber-Physical Systems David

Whos In Control of Your Control System? Device Fingerprin<ng for Cyber-Physical Systems David Formby 1 , Preethi Srinivasan 1 , Andrew Leonard 2 , Jonathan Rogers 2 , Raheem Beyah 1 Communica<ons Assurance and Performance (CAP) Group

269 views • 25 slides
What is process control system Why a new control system? Aiming control system field main flaws

What is process control system Why a new control system? Aiming control system field main flaws

What is process control system Why a new control system? Aiming control system field main flaws Fully-featured systems are expensive and not available to general public - professional individuals, schools, small companies... AIMING: WIDE USE

350 views • 9 slides
Summary 12th June 2003 The ST/CV control system requirements ST/CV control system

Summary 12th June 2003 The ST/CV control system requirements ST/CV control system

LHC Controls Project Workshop Summary 12th June 2003 The ST/CV control system requirements ST/CV control system architecture ST/CV Control System and Projects Integration in CERN Network Projects and contracts ( running /

202 views • 4 slides
director One system to control them all Director excels at PA system supervision and control

director One system to control them all Director excels at PA system supervision and control

connect. control. monitor. visualize. director One system to control them all Director excels at PA system supervision and control Supported public address systems What is Director and what can it do? Director is a system management so

699 views • 15 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
INPUT DEVICES An input device is any peripheral used to provide data and control signals to a

INPUT DEVICES An input device is any peripheral used to provide data and control signals to a

8/29/2010 Device: is an instrument that performs a simple task. Input: something put into a system. INPUT DEVICES An input device is any peripheral used to provide data and control signals to a computer. Maninder Kaur An input

286 views • 7 slides
What is Lighting Controls Lighting control is an ideal solution to ensure the comfort of

What is Lighting Controls Lighting control is an ideal solution to ensure the comfort of

LightSweep - Lighting Control System Components and Applications What is Lighting Controls Lighting control is an ideal solution to ensure the comfort of residents, tenants, consumers, or employees. Lighting control represents any device,

262 views • 22 slides
System Operations and Control Jeff Dagle, PNNL April 21, 2016 System Operations and Control

System Operations and Control Jeff Dagle, PNNL April 21, 2016 System Operations and Control

System Operations and Control Jeff Dagle, PNNL April 21, 2016 System Operations and Control Advanced control technologies to enhance reliability and resilience, increase asset utilization, and enable greater flexibility of transmission and

227 views • 6 slides
FACTORY AUTOMATION & CONTROL INSTRUMENTS FIELDMAN CONTROL SYSTEM HEAD OFFICE: 201,

FACTORY AUTOMATION & CONTROL INSTRUMENTS FIELDMAN CONTROL SYSTEM HEAD OFFICE: 201,

FIELDMAN CONTROL SYSTEM FACTORY AUTOMATION & CONTROL INSTRUMENTS FIELDMAN CONTROL SYSTEM HEAD OFFICE: 201, SHANTIMALL, NR. BHARAT PETROL PUMP, SATTADHAR CROSS ROAD, GHALTODIYA, AHMEDABAD 380061. GUJARAT, INDIA. WORKS: PLOT NO. B-9,

536 views • 7 slides
Aurora Control System y by WaterFurnace Aurora Base Control Board Aurora Base Control Board

Aurora Control System y by WaterFurnace Aurora Base Control Board Aurora Base Control Board

Aurora Control System y by WaterFurnace Aurora Base Control Board Aurora Base Control Board Provide basic safety shutdown, fault indication, and time delays Provide control for ECM and Dual capacity unit Provide Hot Gas Reheat Control

515 views • 20 slides
The LHCb Experiment Control System Clara Gaspar, May 2016 Control System Scope In charge of

The LHCb Experiment Control System Clara Gaspar, May 2016 Control System Scope In charge of

The LHCb Experiment Control System Clara Gaspar, May 2016 Control System Scope In charge of the Control and Monitoring of all areas of the experiment Detector & General Infrastructure (Power, Gas, Cooling, etc.) Experiment Control

171 views • 15 slides
DCS-ctrl: A Fast and Flexible Device-Control Mechanism for Device-Centric Server Architecture

DCS-ctrl: A Fast and Flexible Device-Control Mechanism for Device-Centric Server Architecture

DCS-ctrl: A Fast and Flexible Device-Control Mechanism for Device-Centric Server Architecture Dongup Kwon 1 , Jaehyung Ahn 2 , Dongju Chae 2 , Mohammadamin Ajdari 2 , Jaewon Lee 1 , Suheon Bae 1 , Youngsok Kim 1 , and Jangwoo Kim 1 1 Dept. of

648 views • 29 slides
Adaptive PID Controller Yiming Zhao 1 Contents Control system PID controller

Adaptive PID Controller Yiming Zhao 1 Contents Control system PID controller

Adaptive PID Controller Yiming Zhao 1 Contents Control system PID controller Adaptive PID 2 Control System Open-loop system OUT IN PLANT 3 Control System Closed-loop system/feedback control system input reference

843 views • 20 slides
Dispatching control system Miroslav Kocur for substation Own products Dispatching control

Dispatching control system Miroslav Kocur for substation Own products Dispatching control

www.elvac.eu Dispatching control system Miroslav Kocur for substation Own products Dispatching control system for enterprise energetics RTU RTUs for control, protection, data acquisition and communication Content Enterprises www.elvac.eu |

620 views • 25 slides
NSLS-II SRX Beamline KB Mirror Control System FDR Jun Ma Control Engineer 11 December 2018

NSLS-II SRX Beamline KB Mirror Control System FDR Jun Ma Control Engineer 11 December 2018

NSLS-II SRX Beamline KB Mirror Control System FDR Jun Ma Control Engineer 11 December 2018 Outline Motion Axes Piezo-expansion control With Delta Tau Brick controller With PI E-518 controller Piezo-walker control Phytron

217 views • 11 slides
CONTROL-M Presentation Introducing CONTROL-M CONTROL-M is an interoperable solution for the

CONTROL-M Presentation Introducing CONTROL-M CONTROL-M is an interoperable solution for the

1 Control-M Presenation CONTROL-M Presentation Introducing CONTROL-M CONTROL-M is an interoperable solution for the integration of production control from a focal point of management across diverse environments Challenges Managing

559 views • 38 slides
Building a Secure, Performant Network Fabric for Microservice Applications August 24, 2016

Building a Secure, Performant Network Fabric for Microservice Applications August 24, 2016

Building a Secure, Performant Network Fabric for Microservice Applications August 24, 2016 Christopher Stetson Chief Architect, Professional Services NGINX MORE INFORMATION AT NGINX.COM Agenda Agenda A little NGINX History The

774 views • 45 slides
Handling Imperfections in Energy Disaggregation Authors: Angshul Majumdar, Megha

Handling Imperfections in Energy Disaggregation Authors: Angshul Majumdar, Megha

Handling Imperfections in Energy Disaggregation Authors: Angshul Majumdar, Megha Gupta Presenter: Manoj Gula7 Spikes or Surges Short-term increases in the electrical supply

473 views • 20 slides
High Voltage Safety High Voltage Access W. Maes Department of Marine Engineering Antwerp

High Voltage Safety High Voltage Access W. Maes Department of Marine Engineering Antwerp

High Voltage Safety High Voltage Access W. Maes Department of Marine Engineering Antwerp Maritime Academy HV, 2016 Willem Maes High Voltage Safety Outline Willem Maes High Voltage Safety The Use of the High Voltage Access procedure is

677 views • 36 slides
Secure Contingency Prediction and Response for Cyber-Physical Systems Erik Miehling, Cedric

Secure Contingency Prediction and Response for Cyber-Physical Systems Erik Miehling, Cedric

Secure Contingency Prediction and Response for Cyber-Physical Systems Erik Miehling, Cedric Langbort, Tamer Ba ar Coordinated Science Lab University of Illinois at Urbana-Champaign Urbana, IL, 61820 CCTA 2020 August 26, 2020 Some

354 views • 16 slides
Site Planning for SGI Products Robert Hoehn Product Support Engineer Global Product Support

Site Planning for SGI Products Robert Hoehn Product Support Engineer Global Product Support

Site Planning for SGI Products Robert Hoehn Product Support Engineer Global Product Support SGI 41st Cray User Group Conference Minneapolis, Minnesota Comparing the facility impacts of Liquid Cooled Supercomputers of the 80s and 90s

343 views • 20 slides
EFFECT OF SFCL ON DISTRIBUTION POWER QUALITY by Shahram Najafi, Prof. Vijay K. Sood , Ahmed

EFFECT OF SFCL ON DISTRIBUTION POWER QUALITY by Shahram Najafi, Prof. Vijay K. Sood , Ahmed

EFFECT OF SFCL ON DISTRIBUTION POWER QUALITY by Shahram Najafi, Prof. Vijay K. Sood , Ahmed Hosny University of Ontario Institute of Technology, Oshawa, Ontario Electrical Power and Energy Conference ( London-Canada) October 2012 1 Outline

556 views • 19 slides
1 A ball is fastened to a string and is swung in a vertical circle. When the ball is at the

1 A ball is fastened to a string and is swung in a vertical circle. When the ball is at the

Slide 1 / 62 1 A ball is fastened to a string and is swung in a vertical circle. When the ball is at the highest point of the circle its velocity and acceleration directions are: A C B D Slide 2 / 62 2 A ball with a mass m is fastened to a

911 views • 62 slides
Matching the circular Wilson loop with dual open string solution at 1 -loop in strong coupling M.

Matching the circular Wilson loop with dual open string solution at 1 -loop in strong coupling M.

Matching the circular Wilson loop with dual open string solution at 1 -loop in strong coupling M. Kruczenski and A. Tirziu arXiv:0803.0315 [hep-th] Compute the 1 -loop correction to the effective action for the string solution ending on a

482 views • 22 slides

More recommend