Identifying Process Structure and Parameters Using Side-channel Information presented at ICSCyberSecurityConference 2020

by Raheem Beyah, Chuadhry Mujeeb Ahmed, Qinchen Gu,

Summary : When securing a cyber-physical system (CPS), the most commonly used methods focus CPS itself, including both the information technology (IT) and operation technology (OT) domains. While such domains are most tightly associated with the underlying systems and thus can block most of the active and passive attack vectors, physical side channel has inevitably become an important source of information leakage, which can be a form of passive attack or even a pre-sequel of an active and orchestrated attack. The use of physical side channels to infer information about a (presumably secure) system has been demonstrated to be effective in many areas, such as reconstructing the object being printed with 3D printers through the sound emitted, or detect the leaking information about the underlying cryptographic computation in a CMOS from its electromagnetic emanations. In this research, audio channel information is leveraged as side channel information of an operating CPS to study the feasibility of identifying the process parameters using the side channel information. More specifically, the types of devices, their operation status and their locations in space are inferred from the audio recorded using microphones. Convolutional neural network (CNN) is employed to learn and predict these parameters based on the transformed audio data. The result demonstrates that with only a small amount of training data, CNN can correctly predict the operation status of individual devices in a realistic water treatment testbed with approximately 100% accuracy.