Securing Industrial Control Systems with Hardware ‘Fingerprints’

by

Author: Denis Avetisyan

A novel security framework leverages the unique characteristics of physically unclonable functions to authenticate sensor data and protect critical infrastructure from faults and malicious intrusion.

This review details a PUF-based system for robust sensor authentication and fault/intrusion detection in Industrial Control Systems, offering protection against hardware Trojans and temporal attacks.

Despite increasing connectivity, industrial control systems remain vulnerable to both accidental faults and sophisticated cyberattacks. This paper, ‘A PUF-Based Security Framework for Fault and Intrusion Detection’, introduces a hardware-rooted security architecture leveraging a Physically Unclonable Function (PUF) to authenticate sensor readings at the measurement layer. Experimental results on a hardware-in-the-loop water tank testbed demonstrate 99.97% accuracy in detecting anomalies, including hardware trojans and signal degradation, over extended operation. Can this vendor-agnostic, process-aware framework offer a practical path toward bolstering the resilience of legacy and modern industrial infrastructure against evolving threats?

Securing Critical Infrastructure: The Evolving Threat Landscape

The escalating reliance on interconnected digital systems has unfortunately extended to critical infrastructure, making industrial control systems (ICS) prime targets for malicious actors. These systems, which govern everything from water treatment facilities and power grids to manufacturing processes, are increasingly subjected to cyberattacks aimed at operational disruption or data manipulation. Unlike attacks targeting data theft, these intrusions often prioritize causing physical consequences – overflowing a water tank, shutting down a power substation, or interfering with manufacturing equipment. The motivation ranges from financially driven ransomware attacks to state-sponsored sabotage and even acts of hacktivism, but the outcome consistently involves a heightened risk to public safety, economic stability, and national security. This shift in targeting necessitates a proactive and adaptive approach to ICS security, moving beyond traditional perimeter defenses to encompass comprehensive monitoring, threat intelligence, and robust incident response capabilities.

The escalating sophistication of cyberattacks increasingly renders conventional security protocols inadequate for safeguarding industrial control systems. While firewalls and intrusion detection systems offer a baseline defense, they often fail to detect subtle manipulations of the very data these systems rely upon – sensor readings. Attackers are now adept at injecting false data or altering existing signals, effectively ‘poisoning’ the information used to make critical decisions. This bypasses traditional security, as the system isn’t detecting an unauthorized access attempt, but rather accepting compromised data as legitimate. Consequently, control systems can be tricked into initiating dangerous actions, like opening valves at incorrect times or misreporting equipment status, all without triggering conventional alarms. This focus on sensor data integrity represents a significant shift in attack vectors, demanding more robust and data-centric security approaches.

The integrity of sensor data is paramount in industrial control systems, as manipulated readings can directly induce flawed operational decisions. Consider a water treatment facility: a compromised sensor reporting inaccurate pH levels could trigger the release of inadequately treated water, posing a public health risk. Similarly, in a power plant, falsified temperature readings might lead to equipment overheating and potential catastrophic failure. These aren’t merely theoretical concerns; attacks targeting sensor data have demonstrated the ability to bypass traditional cybersecurity defenses and directly manipulate physical processes, highlighting a critical vulnerability where subtle data alterations can cascade into significant damage, safety hazards, and widespread disruption of essential services. The potential for both intentional sabotage and accidental errors underscores the necessity for robust sensor validation and anomaly detection mechanisms.

Hardware-Based Authentication: The Foundation of Trust

The proposed authentication system utilizes a Physically Unclonable Function (PUF) architecture to establish a unique identity for each sensor device. This approach departs from traditional security measures by exploiting the inherent, random variations that occur during the manufacturing process of integrated circuits. Specifically, the PUF generates a unique digital ‘fingerprint’ for each sensor based on these unpredictable physical characteristics, making it exceptionally difficult to clone or counterfeit the device. This fingerprint serves as the basis for authentication, allowing verification of the sensor’s legitimacy without the need for storing secret keys or relying on potentially compromised digital storage.

The security of the proposed authentication system is predicated on the inherent, unavoidable variations that occur during the manufacturing of CMOS inverters. These variations, stemming from minute differences in transistor threshold voltages, oxide thicknesses, and doping concentrations, result in unique electrical characteristics for each individual inverter. This creates a device-specific “fingerprint” – a measurable response profile – that is statistically improbable to reproduce in a separate manufacturing process. Attempts to clone the sensor will inevitably yield a device with a different response profile due to these variations, rendering the clone unauthenticatable by the system. The reliance on these physical characteristics, rather than programmed keys, provides resistance against software-based attacks and physical cloning attempts.

To facilitate rapid authentication, a Lookup Table (LUT) is implemented to store pre-computed expected responses from the PUF circuitry. This avoids the need for real-time analysis of the Total Harmonic Distortion (THD) for every authentication attempt, significantly reducing processing time. Security is further enhanced by integrating a Pseudo-Random Number Generator (PRNG). The PRNG dynamically varies the input challenge applied to the CMOS inverters within the PUF, preventing replay attacks and making it significantly more difficult for an attacker to predict or forge a valid response, even with knowledge of previously successful authentication exchanges.

Total Harmonic Distortion (THD) serves as the primary quantifiable metric for characterizing the output of the PUF circuit and validating sensor authenticity. The PUF’s response to a challenge input is analyzed in the frequency domain, and THD measures the ratio of the sum of harmonic components to the fundamental frequency. A pre-defined acceptable range for THD is established during sensor manufacturing and stored as a reference value. During authentication, the THD of the sensor’s response is calculated and compared to this stored reference. Deviations exceeding a predetermined threshold indicate a compromised or non-authentic sensor, as manufacturing variations causing the unique ‘fingerprint’ would not produce the expected harmonic content. This method provides a robust, hardware-based authentication mechanism independent of software or cryptographic keys.

Validation Through Simulation: A Realistic Test Environment

A dedicated Hardware-in-the-Loop (HIL) testbed, replicating a water tank control system, was constructed to provide a realistic environment for validating the Physical Unforgeable Key (PUF)-based authentication framework. This testbed incorporates a Programmable Logic Controller (PLC) interfacing with simulated sensors via TCP-MODBUS communication. The HIL setup allows for comprehensive testing of the authentication process under controlled conditions, including the injection of simulated faults and anomalies, thereby enabling assessment of the framework’s performance and robustness prior to deployment in a physical water tank system. This approach facilitates early detection of vulnerabilities and ensures the security and reliability of the authentication mechanism in a practical application.

The Programmable Logic Controller (PLC) utilizes the TCP-MODBUS protocol for communication with all connected sensors within the water tank system. Crucially, each sensor reading undergoes authentication via the Physically Unclonable Function (PUF) before being incorporated into the control logic. This process involves the PLC receiving data via TCP-MODBUS, initiating a PUF challenge-response sequence with the originating sensor, and verifying the response against a stored baseline. Only authenticated readings are then used for process variables, ensuring that compromised or malicious sensor data cannot influence system operation or control decisions.

The water tank control system, utilizing PUF-based authentication, demonstrably mitigates the impact of common sensor failures. Specifically, the system accurately identifies and rejects data associated with Spike Faults – transient, erroneous readings – and Hard-Over Faults, which represent a complete sensor failure resulting in a fixed, incorrect value. This detection capability prevents these faulty readings from influencing the PLC’s control logic, thereby maintaining system stability and preventing potentially unsafe operational states. Successful mitigation of both fault types was consistently observed throughout testing, validating the robustness of the authentication framework against realistic sensor malfunction scenarios.

Over a 5.18-hour testing period, the implemented Physically Unclonable Function (PUF)-based authentication framework demonstrated a 99.97% accuracy rate in validating sensor readings originating from the water tank system. This high level of accuracy extended to the detection of injected anomalies, specifically encompassing both spike faults – transient, erroneous readings – and simulated hardware trojan scenarios intended to mimic compromised sensor functionality. The consistent performance indicates the framework’s capability to reliably distinguish legitimate sensor data from malicious or faulty inputs within the operational timeframe.

Fortifying the System: Resilience Against Evolving Threats

The proposed Physically Unclonable Function (PUF) architecture delivers a robust defense against both accidental sensor failures and deliberate malicious attacks. Unlike traditional security measures that focus solely on external threats, this system inherently resists Hardware Trojan infiltration by leveraging the unique, unpredictable characteristics of the sensor itself. A Trojan attempting to inject false data would need to perfectly replicate this inherent randomness – an effectively impossible task. This intrinsic security stems from the PUF’s reliance on manufacturing variations within the sensor, creating a ‘fingerprint’ that is exceedingly difficult to clone or forge. Consequently, the architecture doesn’t simply detect anomalies; it actively prevents the acceptance of compromised data, ensuring the integrity of the entire sensing system and bolstering the reliability of critical infrastructure relying on accurate readings.

The system’s security isn’t reliant on a single check, but rather a layered defense built around continuous behavioral monitoring. The Verification Module doesn’t simply assess sensor data at a given moment; it leverages Temporal Authentication to establish a baseline of expected operation over time. By tracking patterns and deviations from this established norm, the module can identify anomalies indicative of either sensor malfunction or, more critically, malicious interference. This proactive approach allows for the detection of subtle attacks that might evade traditional security measures, as even a minor alteration in a sensor’s behavior, when viewed through the lens of its historical performance, can trigger an alert and prevent compromised data from impacting the system.

Extensive testing of the security system demonstrated a remarkably low false positive rate of 0.025% over a 5.18-hour period. This translates to just 72 false positives identified amongst a substantial dataset of 286,281 sensor readings. The consistently low incidence of erroneous alerts is critical; it signifies the system’s ability to reliably distinguish between genuine threats and normal operational fluctuations, preventing alarm fatigue and ensuring that security personnel can focus on addressing actual vulnerabilities. Such precision is paramount in maintaining the integrity and availability of monitored infrastructure, reducing unnecessary interventions and bolstering overall system resilience.

By actively fortifying systems against compromise, this security approach significantly reduces the potential for stealthy attacks that could otherwise remain hidden for extended periods. Critical infrastructure, encompassing power grids, transportation networks, and communication systems, demands unwavering reliability; a compromised sensor, subtly manipulated, could initiate cascading failures with devastating consequences. This proactive methodology doesn’t simply react to threats – it anticipates and neutralizes them, bolstering the resilience of these vital services and safeguarding against both intentional malicious acts and unintentional system errors. The result is a demonstrably more secure and dependable operational environment, minimizing downtime and preserving public trust in essential services.

The presented framework prioritizes a holistic approach to security, recognizing that isolated protections are often illusory. It echoes Kolmogorov’s sentiment: “The most important thing in science is not to be right, but to be rigorous.” The system doesn’t simply attempt to detect intrusions; it establishes a foundation of trust through hardware-intrinsic randomness, embodied by the PUF. This rigor, particularly in authenticating sensor data within the critical infrastructure of ICS, moves beyond superficial defenses. If the system survives on duct tape-reactive patches against emerging threats-it’s probably overengineered, attempting to solve symptoms rather than securing the foundational elements of data integrity. The PUF’s role in temporal authentication, ensuring readings are current and untampered, exemplifies this commitment to a robust, inherently secure system.

Beyond the Horizon

The elegance of a hardware root of trust, as demonstrated by this work, lies not in its complexity, but in its potential for simplification. Current iterations rightly focus on sensor authentication within industrial control systems, yet the true scalability rests on extending this principle beyond discrete points. A truly robust system must consider the entire signal chain – not merely verifying individual readings, but establishing a continuous, temporally-anchored lineage of trust. The current framework provides a strong foundation, but the ecosystem demands a move toward inherent, systemic security, not bolted-on defenses.

A persistent challenge remains the inherent variability within PUFs themselves. While this work addresses accuracy, long-term drift and environmental factors pose scaling issues. Future research should investigate adaptive challenge-response mechanisms, allowing the system to learn and compensate for these changes – effectively allowing the hardware to ‘self-correct’. This moves the focus from static verification to dynamic attestation, a crucial distinction when considering systems designed for decades of operation.

Ultimately, the value of this approach is not simply in detecting hardware trojans, but in shifting the balance of power. Security predicated on computational complexity is an arms race. Security rooted in the unpredictable nature of physical systems – in the unique ‘fingerprint’ of each device – offers a more sustainable, and perhaps more poetic, path forward. The question is not whether a system can be breached, but whether the cost of breaching it exceeds its value.

Original article: https://arxiv.org/pdf/2601.17661.pdf

Contact the author: https://www.linkedin.com/in/avetisyan/

See also:

2026-01-27 22:49