Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How 'Power fingerprint' could improve security for ICS/SCADA systems

Taylor Armerding | Feb. 24, 2015
A new company says monitoring the ‘power fingerprint’ of digital systems can secure them by detecting anomalies in that fingerprint in real time. Other experts believe it will help to secure ICS/SCADA systems, but falls short of being a silver bullet.

"In 2010, researchers found that the LEDs used in TV monitors consume a significant amount of the overall power," Jun said. "They could identify which scene from which Star Trek movie was playing at a house simply by looking at the house's power meter data."

Another use for it has been to defeat encryption. "The more prominent application is monitoring power fluctuations to recover encryption keys," said Zach Lanier, senior research scientist at Accuvant Labs.

Jon Oberheide, cofounder and CTO at Duo Security, agreed. "Traditionally, monitoring power and other side channels has been used to break security, as opposed to increasing security," he said.

"For example, an attacker who is attempting to compromise an embedded system may use side channels such as power consumption to extract secrets from an embedded device."

Carlos Aguayo Gonzalez, CTO at PFP Cybersecurity, agrees with all that. But, he said, the power fingerprinting technology his firm has developed is "drastically different" from those offensive uses.

"There are some elements that PFP has in common with side-channel attacks, such as capturing side-channels," he said. "But after the power or emissions are captured, the analysis is completely different. You cannot use our monitors to break cryptographic devices.

"To the best of our knowledge, we are the first to use side-channel information to assess the integrity of devices and detect malicious intrusions directly at the endpoint and without having to install any software on the target."

That makes sense to Pack, who called it, "a really interesting, side-channel approach that, over time could prove to be valuable," noting that programmable logic controllers (PLC), "don't allow vendors to install some piece of software directly on them to monitor what it's doing.

"So if the goal is to fully instrument your environment, to find out when anything changes, this will be an effective part of a toolkit," he said.

Power analysis has, however, been used for defensive or authentication purposes in the past. IBM researchers presented a paper at an IEEE Symposium in 2007, in which they said, "side-channel information such as power, temperature, and electromagnetic (EM) profiles," could be used to develop "fingerprints" that could authenticate integrated circuits (IC) made overseas, to make sure they did not contain Trojan circuits.

Kevin Fu, chief scientist at Virta Labs and MIT Technology Review's "2009 Innovator of the Year," led a research group at the University of Michigan that developed a system called WattsUpDoc to detect malware in medical devices and SCADA systems based on analyzing anomalies in the devices' power consumption.

Fu said Virta has since created a commercial product that requires, "no software to install, and no modification to the protected devices. It's as simple as a surge protector."

 

Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.