Process-Aware Side Channel Shaping and Watermarking for Cyber-Physical Systems

This paper considers process-aware modifications to real-time code running on embedded devices in cyber-physical systems (CPS) so as to create signatures in analog side channel signals without impacting process characteristics. We consider side channel signals emanating from the digital components of the CPS as well as from physical instrumentation such as actuators. We show that code in an embedded device can be instrumented to shape the side channel signals so as to carry auxiliary information without appreciably altering the stability and performance characteristics of the closed-loop process. Inserting auxiliary information into analog side channels can be used both for attack (e.g., leaking information) and defense (e.g., remote real-time monitoring) purposes. The proposed process-aware side channel shaping approach is demonstrated on the Tennessee Eastman process control benchmark implemented in a hardware-in-the-loop simulator.

[1]  E. F. Vogel,et al.  A plant-wide industrial process control problem , 1993 .

[2]  Ramesh Karri,et al.  Cybersecurity for Control Systems: A Process-Aware Perspective , 2016, IEEE Design & Test.

[3]  Michail Maniatakos,et al.  ConFirm: Detecting firmware modifications in embedded systems using Hardware Performance Counters , 2015, 2015 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[4]  Berk Sunar,et al.  Trojan Detection using IC Fingerprinting , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[5]  Mordechai Guri,et al.  BitWhisper: Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations , 2015, 2015 IEEE 28th Computer Security Foundations Symposium.

[6]  Milos Prvulovic,et al.  A Practical Methodology for Measuring the Side-Channel Signal Available to the Attacker for Instruction-Level Events , 2014, 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture.

[7]  Ramesh Karri,et al.  Process-aware side channel monitoring for embedded control system security , 2017, 2017 IFIP/IEEE International Conference on Very Large Scale Integration (VLSI-SoC).

[8]  Daniel Genkin,et al.  Stealing Keys from PCs Using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation , 2015, CHES.

[9]  J. H. Reed,et al.  Enhancing Smart Grid cyber security using power fingerprinting: Integrity assessment and intrusion detection , 2012, 2012 Future of Instrumentation International Workshop (FIIW) Proceedings.

[10]  Jörg Henkel,et al.  Special session: emerging (Un-)reliability based security threats and mitigations for embedded systems , 2017, 2017 International Conference on Compilers, Architectures and Synthesis For Embedded Systems (CASES).

[11]  Ramesh Karri,et al.  Reusing Hardware Performance Counters to Detect and Identify Kernel Control-Flow Modifying Rootkits , 2016, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[12]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[13]  Georg Sigl,et al.  Side Channel Attacks on Smartphones and Embedded Devices Using Standard Radio Equipment , 2015, COSADE.

[14]  Carlisle M. Adams,et al.  On Acoustic Covert Channels Between Air-Gapped Systems , 2014, FPS.

[15]  Stefan Katzenbeisser,et al.  Hard Drive Side-Channel Attacks Using Smartphone Magnetic Field Sensors , 2015, Financial Cryptography.

[16]  Michael Hutter,et al.  The Temperature Side Channel and Heating Fault Attacks , 2013, CARDIS.

[17]  Wenyuan Xu,et al.  WattsUpDoc: Power Side Channels to Nonintrusively Discover Untargeted Malware on Embedded Medical Devices , 2013, HealthTech.

[18]  Michail Maniatakos,et al.  The Cybersecurity Landscape in Industrial Control Systems , 2016, Proceedings of the IEEE.

[19]  Arquimedes Canedo,et al.  Acoustic Side-Channel Attacks on Additive Manufacturing Systems , 2016, 2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS).

[20]  Bruno Sinopoli,et al.  Challenges for Securing Cyber Physical Systems , 2009 .

[21]  Michail Maniatakos,et al.  Machine learning-based defense against process-aware attacks on Industrial Control Systems , 2016, 2016 IEEE International Test Conference (ITC).

[22]  Adrian Thillard,et al.  How to Estimate the Success Rate of Higher-Order Side-Channel Attacks , 2014, IACR Cryptol. ePrint Arch..

[23]  Michael Hanspach,et al.  On Covert Acoustical Mesh Networks in Air , 2014, J. Commun..

[24]  E. Byres,et al.  The Myths and Facts behind Cyber Security Risks for Industrial Control Systems , 2004 .