Ethernet card discrimination using unintentional cable emissions and constellation-based fingerprinting

2016 IEEE International Conference on Communications (ICC)

López

2016

Self Cite

Hackers have multiple avenues for accessing Industrial Control System (ICS) and can adversely impact network hardware, operating systems, and executables. This includes attacking hardware/software switches commonly used in waste water, water treatment, and power substation facilities. Unauthorized network intrusion can be mitigated by augmenting Media Access Control (MAC) based device identity (ID) verification processes using Physical-Layer (PHY) features. PHY augmentation is addressed here using Constellation Based Distinct Native Attribute (CB-DNA) features derived from unintentional Ethernet cable emissions. Collected emission symbols are mapped to a gradient-based binary constellation space where, for the first time, conditional constellation symbol features are used for device ID verification. Serial number discrimination is assessed using 16 devices from 4 different manufactures, with 12 serving as authorized devices and 4 (one from each manufacturer) serving as attacking rogue devices. Collectively considering 12,288 rogue attack scenarios using 256 verification models, the proposed CB-DNA method is promising and yielded average Rogue Reject Rates (RRR) of 85.2%

Section: B Cb-dna Fingerprintingmentioning

confidence: 89%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Conditional Constellation Based-Distinct Native Attribute (CB-DNA) fingerprinting for network device authentication

Carbino

2016 IEEE International Conference on Communications (ICC)

López

2016

Self Cite

“…The CB-DNA Fingerprinting method developed here differs considerably and exploits features extracted from full-burst responses, including regions where variant (data dependent) symbols are transmitted. The CB-DNA Fingerprinting development here is motivated by concepts first used in [13] to discriminate Ethernet cards but it fundamentally differs in that work in [13] is based on features extracted from a contrived (nonconventional) binary constellation while the development here is for any application using conventional M-QAM signaling as introduced in Section 2.1. The development for unconditional and conditional fingerprinting is supported by the process depicted in Figure 3.…”

Section: Cb-dna Fingerprinting Developmentmentioning

confidence: 99%

“…The Constellation Based DNA (CB-DNA) development here is motivated by concepts introduced in [13] used to discriminate Ethernet cards with features extracted from a contrived (nonconventional) binary constellation. The extension to this earlier work includes (1) formal analytic development of CB-DNA Fingerprinting for systems using conventional M-ary Quadrature Amplitude Modulation (M-QAM) signaling, (2) demonstration of CB-DNA Fingerprinting applicability to ZigBee and related 802.15.4 communication protocols, and (3) proposition of a network device ID process that incorporates mechanisms of localised RF air monitors that have been vetted for other wireless networks [14][15][16][17] while achieving security benefits of verification-based Multifactor Authentication (MFA).…”

Section: Introductionmentioning

confidence: 99%

Securing ZigBee Commercial Communications Using Constellation Based Distinct Native Attribute Fingerprinting

Rondeau

Betances

Security and Communication Networks

2018

Self Cite

This work provides development of Constellation Based DNA (CB-DNA) Fingerprinting for use in systems employing quadrature modulations and includes network protection demonstrations for ZigBee offset quadrature phase shift keying modulation. Results are based on 120 unique networks comprised of seven authorized ZigBee RZSUBSTICK devices, with three additional like-model devices serving as unauthorized rogue devices. Authorized network device fingerprints are used to train a Multiple Discriminant Analysis (MDA) classifier and Rogue Rejection Rate (RRR) estimated for 2520 attacks involving rogue devices presenting themselves as authorized devices. With MDA training thresholds set to achieve a True Verification Rate (TVR) of TVR = 95% for authorized network devices, the collective rogue device detection results for SNR ≥ 12 dB include average burst-by-burst RRR ≈ 94% across all 2520 attack scenarios with individual rogue device attack performance spanning 83.32% < RRR < 99.81%.

A Comparison of PHY-Based Fingerprinting Methods Used to Enhance Network Access Control

Carbino

ICT Systems Security and Privacy Protection

López

2015

Self Cite

Network complexity continues to evolve and more robust measures are required to ensure network integrity and mitigate unauthorized access. A physical-layer (PHY) augmentation to Medium Access Control (MAC) authentication is considered using PHY-based Distinct Native Attribute (DNA) features to form device fingerprints. Specifically, a comparison of waveform-based Radio Frequency DNA (RF-DNA) and Constellation-Based DNA (CB-DNA) fingerprinting methods is provided using unintentional Ethernet cable emissions for 10BASE-T signaling. For the first time a direct comparison is achievable between the two methods given the evaluation uses the same experimentally collected emissions to generate RF-DNA and CB-DNA fingerprints. RF-DNA fingerprinting exploits device dependent features derived from instantaneous preamble responses within communication bursts. For these same bursts, the CB-DNA approach uses device dependent features derived from mapped symbol clusters within an adapted two-dimensional (2D) binary constellation. The evaluation uses 16 wired Ethernet devices from 4 different manufacturers and both Cross-Model (manufacturer) Discrimination (CMD) and Like-Model (serial number) Discrimination (LMD) is addressed. Discrimination is assessed using a Multiple Discriminant Analysis, Maximum Likelihood (MDA/ML) classifier. Results show that both RF-DNA and CB-DNA approaches perform well for CMD with average correct classification of %C=90% achieved at Signal-to-Noise Ratios of SN R ≥ 12.0 dB. Consistent with prior related work, LMD discrimination is more challenging with CB-DNA achieving %C=90.0% at SN R=22.0 dB and significantly outperforming RF-DNA which only achieved %C=56.0% at this same SN R.