Time Constant: Actuator Fingerprinting using Transient Response of Device and Process in ICS
Chuadhry Mujeeb Ahmed, Matthew Calder, Sean Gunawan, Jay Prakash,, Shishir Nagaraja, Jianying Zhou
TL;DR
This paper introduces Time Constant, a novel actuator fingerprinting method that leverages transient response characteristics of devices and processes in ICS to detect and resist command injection and replay attacks, validated on real-world water treatment data.
Contribution
The paper presents a new fingerprinting technique combining device and process transient behaviors to enhance security against insider threats in ICS.
Findings
Successfully distinguished actuators based on their Time Constant.
Effective detection of command injection and replay attacks in real-time.
Validated on a real water treatment testbed.
Abstract
Command injection and replay attacks are key threats in Cyber Physical Systems (CPS). We develop a novel actuator fingerprinting technique named Time Constant. Time Constant captures the transient dynamics of an actuator and physical process. The transient behavior is device-specific. We combine process and device transient characteristics to develop a copy-resistant actuator fingerprint that resists command injection and replay attacks in the face of insider adversaries. We validated the proposed scheme on data from a real water treatment testbed, as well as through real-time attack detection in the live plant. Our results show that we can uniquely distinguish between process states and actuators based on their Time Constant.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsIntegrated Circuits and Semiconductor Failure Analysis · Industrial Vision Systems and Defect Detection · Electrostatic Discharge in Electronics