Bringing security to the IIOT

Programmable logic controllers are a prime example of a platform that is too rigid. Often networked, PLCs rarely have any kind of security monitoring or integrity assessment. Nor are these platforms updated often enough to prevent against zero-day attacks or security holes in software. Power fingerprinting (PFP) technology offers a novel solution to this problem - one that is non-intrusive, operates effectively with the existing installed base of equipment and does not entail significant equipment or software upgrades.

An effective approach

Just as a human fingerprint is a unique identifier for an individual, the same idea works for a particular system or chip. PFP uses a physical side channel to obtain information about the internal execution status in a processor across the full execution stack and independent of the platform or application. The PFP technology will identify the ‘fingerprint’ of what the system looks like normally. When a fingerprint changes, it could indicate something amiss.

PFP is implemented using an external monitor that is physically separated from the target processor and capable of detecting when a cyber attack has compromised the target.

To cater for IIoT applications, PFP supports a variety of sensors to capture side channel signals and relies on compute intensive signal processing algorithms for feature extraction, along with machine learning for classification. Sensing side channels can be accomplished using a variety of approaches, including AC or DC current, or electromagnetic (EM) sensors that pick up the changes in the electric or magnetic fields around the target. PFP extracts unique discriminatory features from the captured signals, compares them against a set of baseline references and looks for deviations.

A PC-based proof of concept monitoring system developed by PFP Cybersecurity uses multiple digital down converters (DDCs) to process the wide band raw data from the acquisition device. These DDCs tune to smaller bands of interest within the broader band and then filter and decimate them, ensuring manageable data bandwidth for the follow-on processing and simplifying the analogue system design. The feature extraction and classification algorithms then process the outputs of the DDCs through a number of processes including fast Fourier transform (FFT).

Hardware implementation

This implementation yields excellent results, but falls short as a commercially viable system. In particular, the performance requirements of PFP, and the bulk and cost of PC systems, make them unsuitable for widespread deployment. Also the PC itself is vulnerable to cyber attacks.

A distributed computing architecture is the most desirable alternative, with one compute node for every sensor. This not only reduces cost and complexity but is also simple to network as data rates are very low. However, combining the sensor node with monitor algorithm processing makes design of the monitor node more challenging.

ARM-based processors would be a logical hardware choice, given their meagre power requirements and low cost. However, no standard processor can handle the raw ADC data at rates up to 8Gbps, nor do they have the digital signal processing (DSP) capability required. To do this requires adding programmable logic to the chip.

Leveraging the ZYNQ SoC

These stringent requirements make the Zynq system-on-chip (SoC) well suited for this application. Its combination of a dual core ARM processing system with high performance programmable logic delivers a heterogeneous computing architecture that can handle all processing demands of the application while simplifying code portability from the PC-based system.

Programmable logic enables glueless connection to the ADC and provides ability to process the full data rate of the ADC. There are hundreds of DSP blocks and tens of thousands of logic blocks in the programmable logic fabric that can be harnessed to greatly accelerate the detection and training algorithms. For this application a Zynq SoC-based system-on-a-module (SoM) can both reduce risk and accelerate time to market.

Handling compute intensive system functions

With such emphasis on time to market, the software design is partitioned by moving compute intensive functions that have equivalent, readily available IP cores into programmable logic. The DDCs and FFT blocks are key candidates.

The DDC core is configured from the ARM processor using an application programming interface that allows software running on the ARM to change DDC parameters on the fly. Centre frequency, bandwidth and decimation rates are updated in real time. Bottlenecks in FFT performance are eliminated by using compact FFT functions from the open source Ne10 library, which accelerates the control algorithm sufficiently to maintain detection accuracy without needing a larger SoC.

The resulting Zynq SoC-based monitor design performs at least as well as the PC-based prototype. It is significantly cheaper to manufacture - nearly an order of magnitude smaller - and uses less power.