2017 ICS Cyber Security Conference

The need for improved Critical Infrastructure and Key Resource (CIKR) security is unquestioned and there has been minimal emphasis on Level-0 (PHY Process) security improvements. Wired Signal Distinct Native Attribute (WS- DNA) Fingerprinting is investigated here as a non-intrusive PHY-based security augmentation approach to support an envisioned layered security strategy. Demonstrations here are based on experimental response collections from Highway Addressable Remote Transducer (HART) Differential Pressure Transmitters (DPT) installed in an automated process control system independently controlled by three manufacturers (Yokogawa, Honeywell, and Endress+Hauer). Device discrimination assessments are made using Time Domain (TD) and Slope-Based FSK (SB-FSK) fingerprint features input to Multiple Discriminant Analysis, Maximum Likelihood (MDA/ML) and Random Forest (RndF) classifiers. Considering 12 different classes (two devices per manufacturer at two distinct set points), both classifiers performed reliably and achieved an arbitrary performance benchmark of average cross-class percent correct of %C > 90%. The least challenging Cross-Manufacturer (CM) results included near-perfect %C ≈ 100%, while the more challenging Like-Model/Manufacturer (LM) serial number discrimination results included 90% < %C < 100% with TD Fingerprinting marginally outperforming SB-FSK Fingerprinting; SB-FSK Fingerprinting benefits from having less stringent alignment and registration requirements. Introduction of the RndF classifier was very beneficial and enabled reliable selection of dimensionally reduced fingerprint subsets that minimize data storage and computational requirements. The RndF selected feature sets contained as few as 15% of the full-dimensional feature sets and only suffered a worst case %C∆ = 3% to 4% performance degradation.