Enhancing Critical Infrastructure and Key Resources (CIKR) Level-0 Physical Process Security Using Field Device Distinct Native Attribute Features

The need for improved critical infrastructure and key resource security is unquestioned and there has been minimal emphasis on level-0 (PHY process) improvements. Wired signal distinct native attribute finger-printing is investigated here as a non-intrusive PHY-based security augmentation to support an envisioned layered security strategy. Results are based on experimental response collections from highway addressable remote transducer differential pressure transmitter devices from three manufacturers (Yokogawa, Honeywell, and Endress+Hauser) in an automated process control system. Device discrimination is assessed using time domain (TD) and slope-based FSK (SB-FSK) fingerprints input to multiple discriminant analysis, maximum likelihood and random forest (RndF) classifiers. For 12 different classes (two devices per manufacturer at two distinct set points), both classifiers performed reliably and achieved an arbitrary performance benchmark of average cross-class percent correct of % C > 90%. The least challenging cross-manufacturer results included near-perfect % C≈ 100 %, while the more challenging like-model (serial number) discrimination results included 90% < % C < 100%, with TD fingerprinting marginally outperforming SB-FSK fingerprinting; SB-FSK benefits from having less stringent response alignment and registration requirements. The RndF classifier was most beneficial and enabled reliable selection of dimensionally reduced fingerprint subsets that minimize data storage and computational requirements. The RndF selected feature sets contained 15% of the full-dimensional feature sets and only suffered a worst case % C_Δ = 3% to % C_Δ = 4% performance degradation.