SBIR-STTR Award

The convergence of operational technology and information technology systems has left many critical infrastructure deployments vulnerable to cyber attack. Defensive guidelines from organizations such as the U.S. National Institute of Standards and Technology call for the implementation of device authentication. However, there are no technologies currently available to provide device authentication at the network physical layer. The Physical layer Authentication for Wired Networks effort intends to provide a solution to this capability gap by exploiting intrinsic physical features of device communication signals. This technique is often referred to as fingerprinting in an effort to compare the technique to the use of human fingerprints for authentication purposes. This is essentially a classification problem that will be solved via machine learning techniques, specifically deep learning. The Phase I effort will focus on two main goals: the development of the required machine learning techniques, including the creation of a realistic training and validation data set, and prototype system design. The data set generated will be made publicly available for validation of results and to assist in advancing the overall field. The prototype will be constructed during the Phase II effort and will be a passive, small form factor, embedded device capable of interfacing with the network to capture physical layer device signals as well as network packet data. There is also the intent to publish any novel results that are obtained during the Phase I effort. PAWN Phases II and/or III will result in a commercial product line capable of non-intrusively adding physical layer authentication to OT networks. This will be through the addition of a small form factor hardware appliance that provides the capability to sample electrical signals traveling on the network as well as monitor network traffic at higher layer of the protocol stack. This device will provide processing power when deployed in a traditional network, but in the future will be integrated with the control plane of a software-defined network.

Today, much of the United States’ most critical infrastructure is at risk of cyberattack from the insertion of unauthorized, malicious devices into operational technology networks due to a lack of suitable commercially available protection solutions. Critical infrastructure networks help to monitor and control the cyber-physical systems that comprise energy distribution facilities, oil pipelines, steel mills, etc. throughout the country. It is paramount that operators maintain complete control of critical infrastructure networks to ensure proper system operation because a loss of control can result in serious damage and potentially lost lives. The technical approach developed in this effort provides device authentication that is completely passive to the network and transparent to devices. This means that there is no need for active probing/scanning, device modification through agent installation, or digital certificate deployment. It does this by exploiting the unique physical characteristics of a physical device that are imprinted onto its transmitted signal. This is similar to the way that fingerprints or other biometrics are used to authenticate humans. During Phase I, the technical feasibility of physical layer device authentication on wired networks was demonstrated through data collection, machine learning model experimentation, and prototype design. The experiments resulted in the development of a patent pending method of authenticating devices operating on wired networks which motivates the work proposed for Phase II. The Phase II effort is focused on the development of prototype devices that fill a gap in currently available device authentication solutions for critical infrastructure networks. These prototypes will use the previously developed novel machine learning technique to passively authenticate devices operating on operational technology networks without utilizing power/computational resources or requiring modification of the deployed devices. Energy production/distribution facilities, oil refineries, and many others operate large, secure facilities that strictly limit access to authorized personnel. In fact, organizations go to great lengths to authenticate the people within their facilities (badges, personal identification numbers, and/or biometrics) and those using devices on their networks (usernames/passwords, physical tokens, multi-factor authentication, etc.). However, there is much less emphasis placed on authenticating the devices operating within their facilities. The Physical layer Authentication of Wired Networks effort will provide a device authentication method that is passive, non-invasive, and capable of reducing the mean time to detect an unauthorized device by orders of magnitude.