Detection and survival method against adversarial attacks on automated systems

Abstract

Methods provide device authentication for an intrusion detection system implementing building automation and control network (BACnet) Master-Slave/Token-Passing (MS/TP). An authentication protocol provides countermeasures to vulnerabilities in the BACnet MS/TP physical layer by utilizing an extended message format to cloak device identifiers (IDs). Adversaries are prevented from using known device IDs to gain access to the network. An authenticating device hashes a device identifier of a device to be authenticated combined with a random number. The authenticating device receives a hash of the random number plus the device identifier from the device. The authenticating device compares the hashes and authenticates the device if the hashes match. To transmit the hash, the BACnet MS/TP frame format includes an extended header cyclic redundancy check (CRC) field having bytes reallocated from the data field of the frame format. Another countermeasure utilizes a physical unclonable function (PUF) of the device in the extended header CRC.

CPC Classifications