Attending this event?
Welcome to the Interactive Agenda for SecurityWeek’s 2017 ICS Cyber Security Conference! (View the full conference website here)  

(You can register for the conference here)
View analytic
Wednesday, October 25 • 2:15pm - 3:00pm
Enhancing CIKR Level-0 Security Using Field Device Distinct Native Attribute Features

Sign up or log in to save this to your schedule and see who's attending!

The need for improved Critical Infrastructure and Key Resource (CIKR) security is unquestioned and there has been minimal emphasis on Level-0 (PHY Process) security improvements. Wired Signal Distinct Native Attribute (WS- DNA) Fingerprinting is investigated here as a non-intrusive PHY-based security augmentation approach to support an envisioned layered security strategy. Demonstrations here are based on experimental response collections from Highway Addressable Remote Transducer (HART) Differential Pressure Transmitters (DPT) installed in an automated process control system independently controlled by three manufacturers (Yokogawa, Honeywell, and Endress+Hauer). Device discrimination assessments are made using Time Domain (TD) and Slope-Based FSK (SB-FSK) fingerprint features input to Multiple Discriminant Analysis, Maximum Likelihood (MDA/ML) and Random Forest (RndF) classifiers. Considering 12 different classes (two devices per manufacturer at two distinct set points), both classifiers performed reliably and achieved an arbitrary performance benchmark of average cross-class percent correct of %C > 90%. The least challenging Cross-Manufacturer (CM) results included near-perfect %C ≈ 100%, while the more challenging Like-Model/Manufacturer (LM) serial number discrimination results included 90% < %C < 100% with TD Fingerprinting marginally outperforming SB-FSK Fingerprinting; SB-FSK Fingerprinting benefits from having less stringent alignment and registration requirements. Introduction of the RndF classifier was very beneficial and enabled reliable selection of dimensionally reduced fingerprint subsets that minimize data storage and computational requirements. The RndF selected feature sets contained as few as 15% of the full-dimensional feature sets and only suffered a worst case %C∆ = 3% to 4% performance degradation.

avatar for Juan Lopez Jr., PhD

Juan Lopez Jr., PhD

Oak Ridge National Lab, Oak Ridge National Lab

Wednesday October 25, 2017 2:15pm - 3:00pm

Attendees (9)