How sound-fingerprinting could spot grid attackers

Like a human’s voice box, electrical equipment creates unique sounds. Scientists think those identifiers could be used to look for industrial control attacks. IoT could be a beneficiary, too.

nyc power plant
Credit: m01229

A kind of fingerprinting, using the unique noises that emanate from hybrid cyber-physical systems could be used to thwart large-infrastructure attacks that some experts think are a danger.

Fake, malicious control commands injected into electrical grids and other large-scale hybrid physical and cyber installations could devastate systems. But existing control equipment sometimes can’t run encryption; is often remote, therefore hard to patch frequently; and can lack redundancy, so needs to be kept running. It can’t be shut down to be updated like regular networks.

Scientists think that one answer is to harness a major advantage of physical-cyber hybrid equipment—which is that the industrial control performs a physical action, such as turning a valve, or motor on. The action not only creates a unique sound, but also takes a specific amount of time to be performed. The theory is that by knowing what the characteristics should be, anomalies can get spotted—such as a spoofing.

“The stakes are extremely high,” Raheem Beyah, an associate professor in the School of Electrical and Computer Engineering at the Georgia Institute of Technology, says on the school’s website. “But the systems are very different from home or office computer networks,” he explains.

In the proposed fingerprinting, the scientists use “physics and mathematics to analyze and build a model” based on the equipment, Beyah says.

“Schematics and specifications allow us to determine how the devices are actually operating,” he says.

The team creates computer models to understand the unique device fingerprint. So far, they say they’ve addressed half of the devices used on the electrical grid and reckon they’ve demonstrated that their concept works at two electrical substations.

The sound and time it takes for a control to perform an action “passively fingerprints different devices that are part of critical infrastructure networks.” Beyah says.

It’s not the first time that sound has been used to identify things in an industrial context. Sound monitoring is used to predict mechanical failure too. Connecting vibration and ultrasonic Internet of Things sensors to machines lets algorithms predict problems based on the sound the machine makes.

I wrote about that equipment last year. If you know what the machine should sound like, and it doesn’t sound right, you know there’s a problem. I used the analogy of a washing machine spin cycle that’s been overloaded. It sounded a lot different to one with the right number of towels in it.

That idea is similar to the Georgia Institute of Technology fingerprinting. The spoof doesn’t sound right, or take the correct amount of time. It’s thus bogus.

Beyah reckons his team’s idea also applies to Internet of Things. Those IoT devices have “specific signatures related to switching them on and off,” the Georgia Tech website explains.

“There will be a physical action occurring, which is similar to what we have studied with valves and actuators” in the electrical grid scenario, says Beyah.

So conceivably small IoT devices could ultimately see future cyber protections that don’t involve chip-hogging software. All one might need for IoT security, ultimately, is an adjacent microphone sensor and clock chip, along with a set of algorithms.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10