Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How 'Power fingerprint' could improve security for ICS/SCADA systems

Taylor Armerding | Feb. 24, 2015
A new company says monitoring the ‘power fingerprint’ of digital systems can secure them by detecting anomalies in that fingerprint in real time. Other experts believe it will help to secure ICS/SCADA systems, but falls short of being a silver bullet.

And Cryptography Research has a long-term deal with Samsung, in which, "devices such as smartphones, payment chips, content protection systems, and enterprise applications," come with DPA countermeasures meant to protect those devices from side-channel attacks.

But experts agree that this type of power fingerprinting should improve the security of ICS/SCADA systems.

"It's certainly an ideal approach for ICS, SCADA, and other embedded equipment where any other kind of security instrumentation or measurement is simply infeasible," Oberheide said.

At the same time, however, they say it adds a tool to the security toolkit, but doesn't replace the toolkit.

"I doubt this will be the end-all-be-all of ICS security," Lanier said. "Undoubtedly, adversaries will eventually unearth the details of this technology and refine their tools and techniques to slip past. That isn't to say that it won't at least provide a pretty major security benefit for some period of time, though."

Another possible flaw, Pack said, is that, "an anomaly doesn't necessarily mean something malicious is going on," so there could be a problem with "false positives."

Oberheide agreed. "If you're too sensitive, you flood an operator with false security concerns and costly investigation. If you're not sensitive enough, you open the door to attackers hiding their malicious activity within the baseline operation," he said.

Gonzalez, however, contends that PFP's technology is very difficult to evade. "While it is technically possible to develop an intrusion that matches perfectly the power consumed each clock cycle in the original logic, in practice it is extremely difficult to do so," he said.

"In our demo, we show how PFP is able detect an intrusion in an ICS system even when the intrusion is in a dormant state, waiting for a trigger condition to activate."

And regarding false positives, Gonzalez said the technology is flexible enough to allow users to set a tolerable false-positive rate. "PFP can be very accurate, with a really small false alarm rate if it is able to observe multiple instances of the same execution," he said.

Finally, whether power fingerprinting could be used to secure the billions of devices that make up the IoT is still an open question. But experts have doubts, since each device will not only have a different fingerprint, but also be used in different ways.

"It's not like ICS or a factory floor," Pack said. "As you move out to the IoT, those are being used in all sorts of different ways and times by human schedules. Anomalies will be a bit more difficult to find."

Oberheide said consumer devices, "vary so wildly in functionality that power measurement would not be the most effective approach for detecting malicious behavior."

 

Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.