PAtt: Physics-based Attestation of Control Systems


Ensuring the integrity of embedded programmable logic controllers (PLCs) is critical for the safe operation of industrialcontrol systems. In particular, a cyber-attack could manipulate control logic running on the PLCs to bring the processof safety-critical application into unsafe states. Unfortunately,PLCs are typically not equipped with hardware support thatallows the use of techniques such as remote attestation to verify the integrity of the logic code. In addition, so far remoteattestation is not able to verify the integrity of the physicalprocess controlled by the PLC. In this work, we present PAtt, a system that combines remote software attestation with control process validation. PAtt leverages operation permutations – subtle changes in the operation sequences based on integrity measurements – which do not affect the physical process but yield unique traces ofsensor readings during execution. By encoding integrity measurements of the PLC’s memory state (software and data) into its control operation, our system allows us to remotely verifythe integrity of the control logic based on the resulting sensor traces. We implement the proposed system on a real PLC,controlling a robot arm, and demonstrate its feasibility. Ourimplementation enables the detection of attackers that manipulate the PLC logic to change process state and/or reportspoofed sensor readings (with an accuracy of 97% againsttested attacks)

Proceedings of International Symposium on Research in Attacks, Intrusions and Defenses (RAID)