Researchers have announced a new technique called “device fingerprinting” that could be used to improve the security of power grids and other industrial control systems.
Just as human voices are individually recognizable because they are generated by the unique components of each person’s voice box, pharynx, esophagus and other physical structures, the same principle can be used to identify devices on electrical grid control networks.
The technique developed at the Georgia Institute of Technology uses fingerprints produced by the devices’ individual physical characteristics in order to determine which signals are legitimate and which signals might be from attackers.
A similar approach could be used to protect networked industrial control systems in oil and gas refineries, manufacturing facilities, wastewater treatment plants, and other critical industrial systems, the researchers said.
“Device fingerprinting is a unique signature that indicates the identity of a specific device, or device type, or an action associated with that device type,” explained Raheem Beyah, an associate professor in the School of Electrical and Computer Engineering at Georgia Tech. “We can use physics and mathematics to analyze and build a model using first principles based on the devices themselves. Schematics and specifications allow us to determine how the devices are actually operating.”
The researchers have already demonstrated device fingerprinting at two electrical substations, and they plan to continue refining the technique until it becomes close to 100% accurate.
As well as industrial controls, the principle could also apply to the Internet of Things (IoT), where the devices being controlled have specific signatures related to switching them on and off, Georgia Tech reported.