Side-channel based intrusion detection for industrial control systems

Industrial Control Systems are under increased scrutiny. Their security is historically sub-par, and although measures are being taken by the manufacturers to remedy this, the large installed base of legacy systems cannot easily be updated with state-of-the-art security measures. We propose a system that uses electromagnetic side-channel measurements to detect behavioural changes of the software running on industrial control systems. To demonstrate the feasibility of this method, we show it is possible to profile and distinguish between even small changes in programs on Siemens S7-317 PLCs, using methods from cryptographic side-channel analysis.Comment: 12 pages, 7 figures. For associated code, see https://polvanaubel.com/research/em-ics/code

On the Effectiveness of Hardware Trojan Horse Detection via Side-Channel Analysis

International audienceHardware Trojan Horses (HTHs) are malicious and stealthy alterations of integrated circuits introduced at design or fabrication steps in order to modify the circuit's intended behavior when deployed in the field. Due to HTHs stealth and diversity (intended alteration, implementation, triggering conditions), detecting and/or locating them is a challenging task. Several HTHs detection approaches have been proposed to address this problem. This paper focuses on so-called "side-channel analysis" methods, i.e., methods that use power or delay measurements to detect potential HTHs. It reviews these methods and raises some considerations about the experiments made to evaluate them. Moreover, an original case study is presented in which we show that weak experiments may lead to misleading interpretations. Last, we evoke problems inherent to actual power and delay measurements