October 23, 2018
Covert defenses: New technology from Purdue advances protection of critical systems from insider-assisted attacks
Technology shows promise in providing additional ‘covert’ security for nuclear plants, refineries, driverless vehicles, drones and Internet of Things devices
WEST LAFAYETTE, Ind. – Here’s a scary yet realistic scenario: Attackers sponsored by a rogue organization or radical state gain access to the control system of a nuclear reactor, a chemical reactor or a similar critical system.
Is the reactor system smart enough to know it is attacked? The answer: Most experts would tell you if an insider assists attackers, nearly all industrial systems become vulnerable. Worse yet, the system could remain defenseless and sustain physical damage from an attack.
“Security defenses against digital attacks are for the most part based on the concept of erecting walls or fences to stop unauthorized access from outsiders,” said Hany Abdel-Khalik, a Purdue University associate professor of nuclear engineering, who is leading the research team.
He said it is similar to building a physical wall, a trench or a line of armed warriors to stop enemy advances.
“When there is a clear barrier, your job is well defined and you will try everything you know until the wall comes down.” Abdel-Khalik said. “Hackers have proven it is possible in the digital world to take down a barrier without operators being aware. There is a clear need for another line of defense when these types of security walls are compromised.”
The Purdue team has developed a new covert defense algorithm that employs evasive tactics to deceive attackers. The idea is to modify all the signals flowing through the network, from and to the sensors and plant components, by small amounts that do not impact system behavior but provide the ability to detect intrusion.
Different from a real wall, the attackers do not see their target because the covert signals look like noise normally expected in the system traffic. Operators also can make the covert signals nearly impossible to figure out by continuously changing them.
The Purdue team said the new defense has applications for many industrial control systems that uses computers to continuously monitor operations and issue commands to maintain safe and economical system operations. These include nuclear plants, refineries, driverless vehicles, drones and Internet of Things devices.
Their technology aligns with Purdue's Giant Leaps celebration, acknowledging the university’s global advancements made in artificial intelligence as part of Purdue’s 150th anniversary. This is one of the four themes of the yearlong celebration’s Ideas Festival, designed to showcase Purdue as an intellectual center solving real-world issues.
Researchers worked with the Purdue Office of Technology Commercialization to secure a patent for the technology. It is available for licensing.
About Purdue Office of Technology Commercialization
The Purdue Office of Technology Commercialization operates one of the most comprehensive technology transfer programs among leading research universities in the U.S. Services provided by this office support the economic development initiatives of Purdue University and benefit the university's academic activities. The office is managed by the Purdue Research Foundation, which received the 2016 Innovation and Economic Prosperity Universities Award for Innovation from the Association of Public and Land-grant Universities. For more information about funding and investment opportunities in startups based on a Purdue innovation, contact the Purdue Foundry at firstname.lastname@example.org. For more information on licensing a Purdue innovation, contact the Office of Technology Commercialization at email@example.com. The Purdue Research Foundation is a private, nonprofit foundation created to advance the mission of Purdue University.