PROTECTING THE GRID BY LISTENING
Device fingerprinting can reveal attacks
Georgia Tech researchers are “fingerprinting” devices on the electric grid to improve security. Shown with grid devices and a schematic are graduate student David Formby, Associate Professor Raheem Beyah, and Assistant Professor Jonathan Rogers. Photo: Rob Felt
Human voices are individually recognizable because they’re generated by the unique components of each person’s voice box, pharynx, and other physical structures.
Researchers are using the same principle to identify devices on electrical grid control networks, using their unique electronic “voices” — fingerprints produced by the devices’ individual physical characteristics — to determine which signals are legitimate and which might be from attackers. A similar approach could also be used to protect networked industrial control systems in oil and gas refineries, manufacturing facilities, wastewater treatment plants, and other critical systems.
The research, reported at the Network and Distributed System Security Symposium, was supported in part by the National Science Foundation.
“We have developed fingerprinting techniques that work together to protect various operations of the power grid to prevent or minimize spoofing of packets that could be injected to produce false data or false control commands into the system,” said Raheem Beyah, the Motorola Foundation Professor in Georgia Tech’s School of Electrical and Computer Engineering. “This is the first technique that can passively fingerprint different devices that are part of critical infrastructure networks. We believe it can be used to significantly improve the security of the grid and other networks.”
The networked systems controlling the U.S. electrical grid and other industrial systems often lack the ability to run modern encryption and authentication programs, and the legacy equipment connected to them were never designed for networked security. The grid systems are also difficult to update using the “patching” techniques common in computer networks.
Device fingerprinting takes advantage of the unique physical properties of the grid and the consistent types of operations that take place there. For instance, security devices listening to signals traversing the grid’s control systems can differentiate between these legitimate devices and signals produced by equipment that’s not part of the system. — John Toon