This Hacker Knows Physics: Device Physics Aware Mimicry Attacks in Cyber-Physical Systems

Recent work proposed to improve the security of CPSs by authenticating the CPS devices through the device operation times in the response packets from the devices, due to the strong correlation between the timing fingerprints and the physics of the devices. Although such a technique may be effective...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on dependable and secure computing Vol. 19; no. 5; pp. 3218 - 3230
Main Authors Gu, Qinchen, Formby, David, Ji, Shouling, Saltaformaggio, Brendan, Bourgeois, Anu, Beyah, Raheem
Format Journal Article
LanguageEnglish
Published Washington IEEE 01.09.2022
IEEE Computer Society
Subjects
Actuators
Authentication
Computational modeling
Cyber-physical systems
Devices
Mathematical model
Mimicry
Physics
Sensor systems
Time measurement
Timing
Valves
Online AccessGet full text

Cover

Abstract Recent work proposed to improve the security of CPSs by authenticating the CPS devices through the device operation times in the response packets from the devices, due to the strong correlation between the timing fingerprints and the physics of the devices. Although such a technique may be effective in defending against naive attackers, an advanced attacker may monitor the operation of the CPS before launching a device physics aware mimicry attack. In this paper, we show how the spoofed response packets can be crafted by an attacker to deceive the CPS device authentication method based on the device operation times. Specifically, we use the timing and physical measurements embedded in the packets to reconstruct the devices in the physical system, which can be used to spoof response packets corresponding to the actual model and configuration of the devices in the CPS. We demonstrate the performance of our technique in realistic testbeds with real devices. Finally, we propose an upgraded defense mechanism that may be used against such mimicry attacks.
AbstractList Recent work proposed to improve the security of CPSs by authenticating the CPS devices through the device operation times in the response packets from the devices, due to the strong correlation between the timing fingerprints and the physics of the devices. Although such a technique may be effective in defending against naive attackers, an advanced attacker may monitor the operation of the CPS before launching a device physics aware mimicry attack. In this paper, we show how the spoofed response packets can be crafted by an attacker to deceive the CPS device authentication method based on the device operation times. Specifically, we use the timing and physical measurements embedded in the packets to reconstruct the devices in the physical system, which can be used to spoof response packets corresponding to the actual model and configuration of the devices in the CPS. We demonstrate the performance of our technique in realistic testbeds with real devices. Finally, we propose an upgraded defense mechanism that may be used against such mimicry attacks.
Author Bourgeois, Anu
Beyah, Raheem
Gu, Qinchen
Formby, David
Ji, Shouling
Saltaformaggio, Brendan
Author_xml – sequence: 1
  givenname: Qinchen
  orcidid: 0000-0001-5678-5212
  surname: Gu
  fullname: Gu, Qinchen
  email: qgu7@gatech.edu
  organization: Department of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, GA, USA
– sequence: 2
  givenname: David
  orcidid: 0000-0003-0491-8241
  surname: Formby
  fullname: Formby, David
  email: djformby@gatech.edu
  organization: Fortiphyd Logic, Atlanta, GA, USA
– sequence: 3
  givenname: Shouling
  orcidid: 0000-0003-4268-372X
  surname: Ji
  fullname: Ji, Shouling
  email: sji@zju.edu.cn
  organization: Zhejiang University, Hangzhou, Zhejiang, China
– sequence: 4
  givenname: Brendan
  surname: Saltaformaggio
  fullname: Saltaformaggio, Brendan
  email: brendan@ece.gatech.edu
  organization: Department of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, GA, USA
– sequence: 5
  givenname: Anu
  surname: Bourgeois
  fullname: Bourgeois, Anu
  email: abourgeois@cs.gsu.edu
  organization: Department of Computer Science, Georgia State University, Atlanta, GA, USA
– sequence: 6
  givenname: Raheem
  surname: Beyah
  fullname: Beyah, Raheem
  email: rbeyah@ece.gatech.edu
  organization: Department of Electrical and Computer Engineering, Georgia Institute of Technology, Atlanta, GA, USA
BookMark eNo9kF1PwjAUhhuDiYD-AONNE6-HPWu7rt6RoWLEaAJeeLWM7iwUYcN2SPbvHRl6dT7yvOckz4D0yqpEQq6BjQCYvltM5skoZCGMOIs1RPyM9EELCBiDuNf2UshAagUXZOD9mrFQxFr0yediZT2dZuYLHX0pq4On76vGW-Pv6QR_rMG_mY4PmUP6arfWuIaO67oNeWpLmjRLdEGHZRs6b3yNW39Jzots4_HqVIfk4_FhkUyD2dvTczKeBSbUvA5CDJVScSSyLAfMmSgEB4ECltKoWCrFZQRFu41QA4CQMkduJORK5VjomA_JbXd356rvPfo6XVd7V7Yv01Cx9jAXSrQUdJRxlfcOi3Tn7DZzTQosPRpMjwbTo8H0ZLDN3HQZi4j_vBatyijmv-3qbR4
CODEN ITDSCM
CitedBy_id crossref_primary_10_1016_j_cose_2023_103531
crossref_primary_10_1145_3565570
Cites_doi 10.14722/ndss.2017.23313
10.1109/ICDCS.Workshops.2008.40
10.1109/MSPEC.2013.6471059
10.1145/3134600.3134618
10.1109/SECPRI.2003.1199328
10.1145/2976749.2978388
10.14722/ndss.2016.23142
10.5555/3277203.3277223
10.1145/1966913.1966959
10.1145/3243734.3243817
10.1145/1609956.1609960
10.1145/586110.586145
10.1109/MSP.2018.3761722
10.1109/MSP.2014.122
ContentType Journal Article
Copyright Copyright IEEE Computer Society 2022
Copyright_xml – notice: Copyright IEEE Computer Society 2022
DBID 97E
RIA
RIE
AAYXX
CITATION
JQ2
DOI 10.1109/TDSC.2021.3089163
DatabaseName IEEE All-Society Periodicals Package (ASPP) 2005-present
IEEE All-Society Periodicals Package (ASPP) 1998-Present
IEEE Electronic Library (IEL)
CrossRef
ProQuest Computer Science Collection
DatabaseTitle CrossRef
ProQuest Computer Science Collection
DatabaseTitleList ProQuest Computer Science Collection
Database_xml – sequence: 1
  dbid: RIE
  name: IEEE Electronic Library (IEL)
  url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Physics
Computer Science
EISSN 1941-0018
EndPage 3230
ExternalDocumentID 10_1109_TDSC_2021_3089163
9454568
Genre orig-research
GroupedDBID .4S
.DC
0R~
29I
3V.
4.4
5GY
5VS
6IK
7WY
8FE
8FG
8FL
8R4
8R5
97E
AAJGR
AASAJ
AAYOK
ABJCF
ABQJQ
ABUWG
ABVLG
ACGFO
ACIWK
AENEX
AETIX
AFKRA
AIBXA
AKJIK
ALMA_UNASSIGNED_HOLDINGS
ARAPS
ARCSS
ATWAV
AZQEC
BEFXN
BENPR
BEZIV
BFFAM
BGLVJ
BGNUA
BKEBE
BPEOZ
BPHCQ
CCPQU
CS3
DU5
DWQXO
EBS
EDO
EJD
FRNLG
GNUQQ
GROUPED_ABI_INFORM_COMPLETE
HCIFZ
HZ~
IEDLZ
IFIPE
IPLJI
ITG
ITH
JAVBF
K60
K6V
K6~
K7-
L6V
LAI
M0C
M0N
M43
M7S
O9-
OCL
P2P
P62
PQBIZ
PQBZA
PQQKQ
PROAC
PTHSS
Q2X
RIA
RIC
RIE
RIG
RNI
RNS
RZB
XFK
AAYXX
CITATION
JQ2
ID FETCH-LOGICAL-c293t-2e2777864aad1ed04f4314e41b5c785773561f4f46e9111455de3c51d77def983
IEDL.DBID RIE
ISSN 1545-5971
IngestDate Fri Sep 13 03:25:42 EDT 2024
Fri Aug 23 02:57:30 EDT 2024
Wed Jun 26 19:26:26 EDT 2024
IsPeerReviewed false
IsScholarly true
Issue 5
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c293t-2e2777864aad1ed04f4314e41b5c785773561f4f46e9111455de3c51d77def983
ORCID 0000-0003-0491-8241
0000-0003-4268-372X
0000-0001-5678-5212
PQID 2708643474
PQPubID 27603
PageCount 13
ParticipantIDs proquest_journals_2708643474
ieee_primary_9454568
crossref_primary_10_1109_TDSC_2021_3089163
PublicationCentury 2000
PublicationDate 2022-09-01
PublicationDateYYYYMMDD 2022-09-01
PublicationDate_xml – month: 09
  year: 2022
  text: 2022-09-01
  day: 01
PublicationDecade 2020
PublicationPlace Washington
PublicationPlace_xml – name: Washington
PublicationTitle IEEE transactions on dependable and secure computing
PublicationTitleAbbrev TDSC
PublicationYear 2022
Publisher IEEE
IEEE Computer Society
Publisher_xml – name: IEEE
– name: IEEE Computer Society
References ref23
Albright (ref7) 2018
ref15
ref26
ref14
ref25
ref20
Cárdenas (ref9)
ref10
Falliere (ref13)
Electric (ref12) 2014
ref17
ref16
ref19
ref18
ref8
Srinivasan (ref24) 2015
ref6
ref5
Neilson (ref21) 2013; 55
Drury (ref11) 2010
Provos (ref22)
References_xml – ident: ref16
  doi: 10.14722/ndss.2017.23313
– ident: ref10
  doi: 10.1109/ICDCS.Workshops.2008.40
– year: 2018
  ident: ref7
  article-title: It fits! Qom site layout
  contributor:
    fullname: Albright
– ident: ref19
  doi: 10.1109/MSPEC.2013.6471059
– volume: 55
  year: 2013
  ident: ref21
  article-title: Securing a control systems network
  publication-title: BACnet Today Suppl. ASHRAE J.
  contributor:
    fullname: Neilson
– year: 2010
  ident: ref11
  article-title: Interfaces, communications and PC tools
  contributor:
    fullname: Drury
– year: 2015
  ident: ref24
  article-title: Fingerprinting cyber physical systems: A Physics-based approach
  contributor:
    fullname: Srinivasan
– ident: ref6
  doi: 10.1145/3134600.3134618
– ident: ref14
  doi: 10.1109/SECPRI.2003.1199328
– ident: ref25
  doi: 10.1145/2976749.2978388
– ident: ref15
  doi: 10.14722/ndss.2016.23142
– year: 2014
  ident: ref12
  article-title: Modicon M241 logic controller - Hardware guide - 04/2014
  contributor:
    fullname: Electric
– start-page: 1
  volume-title: Proc. Symantec-Secur. Response
  ident: ref13
  article-title: W32.Stuxnet dossier.
  contributor:
    fullname: Falliere
– ident: ref18
  doi: 10.5555/3277203.3277223
– volume-title: Proc. Conf. USENIX Secur. Symp. - Volume 12
  ident: ref22
  article-title: Improving host security with system call policies
  contributor:
    fullname: Provos
– start-page: 1
  volume-title: Proc. Conf. Hot Top. Secur.
  ident: ref9
  article-title: Research challenges for the security of control systems
  contributor:
    fullname: Cárdenas
– ident: ref8
  doi: 10.1145/1966913.1966959
– ident: ref23
  doi: 10.1145/3243734.3243817
– ident: ref5
  doi: 10.1145/1609956.1609960
– ident: ref26
  doi: 10.1145/586110.586145
– ident: ref17
  doi: 10.1109/MSP.2018.3761722
– ident: ref20
  doi: 10.1109/MSP.2014.122
SSID ssj0024894
Score 2.3698828
Snippet Recent work proposed to improve the security of CPSs by authenticating the CPS devices through the device operation times in the response packets from the...
SourceID proquest
crossref
ieee
SourceType Aggregation Database
Publisher
StartPage 3218
SubjectTerms Actuators
Authentication
Computational modeling
Cyber-physical systems
Devices
Mathematical model
Mimicry
Physics
Sensor systems
Time measurement
Timing
Valves
Title This Hacker Knows Physics: Device Physics Aware Mimicry Attacks in Cyber-Physical Systems
URI https://ieeexplore.ieee.org/document/9454568
https://www.proquest.com/docview/2708643474/abstract/
Volume 19
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1bS8MwFD5MQfDFy1ScN_Lgk9jZtEmb-jamMoSJ4AR9KmlyikOcsnWI_nqTNFW8PPjWO2m-nHO-JOcCcCiN6sNCyoBxoQImQmZkjtKAl4XBW2WyXnAbXiWDW3Z5x-9acPwZC4OIzvkMu_bQ7eXrZzW3S2UnGbP2XizAggijOlbrK6-ecEUPLSMIDEmmfgeThtnJ6Oymb2aCEe3GoTB0KP5mg1xRlV-a2JmXi1UYNg2rvUoeu_Oq6Kr3Hzkb_9vyNVjxPJP06oGxDi2ctGG1qeFAvEi3Ycm5gKrZBtyPHsYzMpDWz4LYatgz4u-dkjO0CqU5J71XOUUyHD-N1fSN9KrKBuqT8YT03wqcBtcee-LToW_C7cX5qD8IfOGFQBnrXwURRqnNK8ek1BR1yEpDMxgyWnCVCp6msWFdpbmaoNWVjHONseJUp6nGMhPxFixOnie4DYSqksmECqELxmQpRCaTJCu51oY4hanqwFEDRf5S59fI3bwkzHKLW25xyz1uHdiwXfv5oO_VDuw14OVeAme5-br5gZilbOfvt3ZhObKhDM5fbA8Wq-kc9w3BqIoDN7I-ABOUyzs
link.rule.ids 315,786,790,802,27957,27958,55109
linkProvider IEEE
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1bT9swFD4Cpom90I2LVlaYH_Y0kRI3duLsrSqgDtpqEkWCp8ixT0SFKFObaiq_HttxOnF54C0XJ7L92ed8ts8F4Ic0og9zKQPGhQqYCJmZc5QGvMgN3iqV1YbbcBT3r9j5Nb9eg6OVLwwiOuMzbNtLd5avH9TCbpUdp8zqe7EOH4yeD9PKW-t_ZD3h0h5aThAYmkz9GaYpeDw-ueyZtWCHtqNQGEIUPdNCLq3KK1nsFMxZA4Z11Sq7krv2oszb6vFF1Mb31v0zbHmmSbrV0PgCazjdhkadxYH4Sb0NH50RqJrvwM34djInfWktLYjNhz0n_t0vcoJWpNT3pPtPzpAMJ_cTNVuSbllaV30ymZLeMsdZ8MejT3xA9F24Ojsd9_qBT70QKKP_y6CDncRGlmNSaoo6ZIUhGgwZzblKBE-SyPCuwjyN0UpLxrnGSHGqk0RjkYpoDzamD1P8CoSqgsmYCqFzxmQhRCrjOC241oY6hYlqws8aiuxvFWEjcyuTMM0sbpnFLfO4NWHHdu2qoO_VJrRq8DI_B-eZ-btpQMQStv_2V99hsz8eDrLB79HFN_jUsY4NznqsBRvlbIEHhm6U-aEbZU_6Z86R
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=This+Hacker+Knows+Physics%3A+Device+Physics+Aware+Mimicry+Attacks+in+Cyber-Physical+Systems&rft.jtitle=IEEE+transactions+on+dependable+and+secure+computing&rft.au=Gu%2C+Qinchen&rft.au=mby%2C+David&rft.au=Ji%2C+Shouling&rft.au=Saltaformaggio%2C+Brendan&rft.date=2022-09-01&rft.pub=IEEE+Computer+Society&rft.issn=1545-5971&rft.eissn=1941-0018&rft.volume=19&rft.issue=5&rft.spage=3218&rft_id=info:doi/10.1109%2FTDSC.2021.3089163&rft.externalDBID=NO_FULL_TEXT
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=1545-5971&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=1545-5971&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=1545-5971&client=summon