Detecting zero-day hack in one millisecond with 'power fingerprinting'

A company claims its tech can detect a zero-day hack in one millisecond by monitoring the 'power fingerprint' of a system or device; in testing with the DOE, it detected Stuxnet even before it became active.

Short circuit on a power plant
Credit: Anton Novoselov

What if a vicious zero-day cyber-attack could be detected in one millisecond, discovered one thousandth of a second after the hack started?

Identifying an attack in an instant is reportedly possible with “power fingerprinting,” meaning technology that detects changes in the amount of power devices use. If a device’s “energy fingerprint” changes, the user receives an alert from PFP Cybersecurity.

PFP describes itself as:

PFP Cybersecurity provides cyber intrusion detection for SCADA, semiconductor, mobile, and network devices. Using out-of-band, physical-layer approaches, PFP detects tiny anomalies in power patterns to catch zero-day attacks on day zero providing an early warning system. PFP enables continuous, real-time monitoring, requires no electrical contact/software install, and complements existing solutions. 

It works by first determining a system’s baseline pattern of power consumption. Bloomberg explained that “PFP’s monitor can then detect even the smallest change” in the system’s power signature. The company described its technology as being “based on taking fine-grained measurement of a processor’s power consumption and performing anomaly detection using base references from trusted software.”

PFP claims deviations from the baseline power fingerprint can detect “even the most elusive attacks” on Industrial Control Systems (ICS) “without being restricted to a specific platform or operating system.” The company added that power fingerprinting can identify malware-tainted hardware in the supply chain and counterfeit components in electronics. It can detect covert privilege-escalation attacks on mobile devices, as well as attacks on network equipment like Wi-Fi routers and “OS-level backdoor-access type attacks” on crucial hubs of network traffic.

PFP has been testing its technology with the Department of Energy’s Savannah River National Laboratory; in one test, the technology detected Stuxnet even before it became active. DOE’s “biggest area of concern” is being able to detect and block a zero-day attack on the power grid. PFP is not replacing any security defenses, but is being used as another layer.

SRNL engineer Joe Cordaro told Bloomberg, “Grid systems are difficult to patch and scan for problems because they're constantly operating.” He added:

The PFP technology works because it is "air-gapped" from the device it's fingerprinting—the sensors used for fingerprinting aren't connected, and you don't have to load any software onto the system to take the measurement—so it doesn't interfere with normal daily operations. That way, it can't be detected or interfered with by a hacker nosing around in the system. 

Dr. Jeffrey Reed, PFP Founder and President, said that it is “practically impossible for malware to evade his technology.” Besides testing with DOE, the company has contracts with the Army, Air Force, Department of Homeland Security and Defense Advanced Research Projects Agency (DARPA).

DARPA wants computers to autocorrect programmers' buggy code

Speaking of the DARPA, the agency would like to do away with coding errors by computers helping to write their own code. Computer scientists from Rice University in Houston, the University of Texas at Austin, the University of Wisconsin-Madison and the GrammaTech company will work together on a project called Pliny.

Pliny will work as an autocomplete and /or autocorrect system for programmers, computer scientists and computer engineers. After Pliny is developed, professional and student software developers will use Pliny as a tool to "make writing good code faster and more problem-free."

“Based on knowing how people use English, autocomplete tries to make a best guess about what you're going to type,” explained UW-Madison professor Ben Liblit. “Similarly, there's a vast amount of software out there in the world, and what you're writing (as a software engineer) probably looks similar to what other people have written.” Pliny will draw upon a huge repository of billions of lines of code to identify possible errors and buggy code that cause security vulnerabilities.

DARPA is funding Pliny with a four-year $11 million grant as part DARPA's Mining and Understanding Software Enclaves (MUSE) program, “an initiative that seeks to gather publicly available, open-source code and to mine it to create a searchable database of properties, behaviors, and vulnerabilities.”

DARPA’s plan to replace passwords with behavioral biometrics

Lastly, DARPA helped create the Internet and it wants to secure it. Since so many people are terrible at creating long and complex passwords, DARPA wants biometrics to replace passwords. Biometrics are unique, based upon one or more behavioral trait, and could be used for authentication instead of passwords.

When describing its Active Authentication program, DARPA said “behavioral traits can be observed through how we interact with the world. Just as when you touch something with your finger you leave behind a fingerprint, when you interact with technology you do so in a pattern based on how your mind processes information, leaving behind a 'cognitive fingerprint'."

In an announcement posted on Federal Business Opportunities, DARPA explained that a “cognitive fingerprint” is the “computational behavioral ‘fingerprint’ of the person at the keyboard.” Some examples of computational behavior metrics of the cognitive fingerprint include:

  • keystrokes
  • eye scans
  • how the user searches for information (verbs and predicates used)
  • how the user selects information (verbs and predicates used)
  • how the user reads the material selected
  • eye tracking on the page
  • speed with which the individual reads the content
  • methods and structure of communication (exchange of email)

Researchers at the US military's West Point academy were reportedly awarded a multi-million dollar grant to work on DARPA’s Active Authentication program; after the technology trickles down from the military, your passwords may be replaced by your own unique cognitive fingerprint. That might include how you move your mouse cursor, how many typos you make when writing, the speed with which you type, or your writing rhythm.

Not everyone will champion passwords being replaced by a sort of “invisible” authentication “tech that passively and rapidly identifies internet users,” even though Sky News has a quote claiming that such monitoring would help make the web “more civilized.”

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
7 Wi-Fi vulnerabilities beyond weak passwords
Shop Tech Products at Amazon