I-Corps: Active fingerprinting security feature embedded in sensors of cyberphysical systems
Purdue University, West Lafayette IN
Investigators
Abstract
The broader impact/commercial potential of this I-Corps project is the development of a cybersecurity paradigm that is expected to improve the cybersecurity posture of critical infrastructure that rely on IoT (internet of things) devices for their day-to-day operations. The IoT revolution has significantly improved the efficiency of supply chains by providing unprecedent levels of data-driven insight but has opened up the dark side of cyberthreats. The key value of the proposed technology to adopters is minimized losses due to ransom payouts and system downtime that has significant downstream effects on the national economy and public confidence in national security. Investing in the proposed technology is expected to pay for itself multi-fold by preventing just one cyberattack each year. A nation-wide adoption of the technology would allow the energy industry to leverage the benefits of the IoT revolution without sacrificing security. In addition, the proposed technology may bring next-generation technologies to the forefront that can significantly reinforce the energy resiliency of the US and augment renewable sources. In light of the looming energy crisis, promoting such technologies plays a pivotal role in ensuring self-sufficiency and maintaining an edge against state-sponsored adversaries. This I-Corps project is based on the development of an active fingerprinting security feature embedded in sensors of cyberphysical systems that serves as a last line of defense against insider threats, while also providing an avenue for data recovery even if the system is hacked. It relies on the inherent redundancy of the physics of the system to store a permanent incorruptible record of the system's operational history, which may then be cross-referenced for both intrusion detection and data recovery if the system is compromised. The proposed technology is designed with zero-impact and zero-observability conditions in mind, i.e., the implementation must not affect the system operation and remain covert to a third-party malicious agent inspecting the data. This significantly deviates from overt security measures such as encryption and other active techniques, which may be visible, leave a footprint on the system and/or be reverse-engineered by artificial intelligence (AI). To the contrary, the proposed technology is rendered immune to detection by AI and cannot be bypassed even by insiders intimate with the system due to its zero-impact and zero-observability conditions, and is further enhanced by a cryptographically secure one-time-pad. Due to the ability to understand the physics of the system, a key merit of the prosed technology is its ability to recover data immediately using the physics itself without requiring additional vault-like data storage and backup mechanisms, all of which cause significant downtime. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →