CPS: TTP Option: Medium: Collaborative Research: Cyber-Physical System Integrity and Security with Impedance Signatures
Cyber-physical systems (CPS), such as automobiles, planes, and heavy equipment rely on complex distributed supply chains that source parts from manufacturers across the world. A fundamental problem that these systems face is ensuring the safety, security, and integrity of both the cyber components and physical parts that they receive through their supply chain. Because of the separation between the manufacturer and the consumer of the part, there are immense challenges in ensuring that physical parts arrive from the desired source and are not modified or swapped for inferior copies in transit. For example, the Aerospace Industries Association states that "though we know counterfeit parts enter the aerospace supply chain, the time and place of their entry is unpredictable." If either the cyber-components or the physical parts being incorporated into these systems have been tampered with, significant cyber-physical security risk is introduced. As an example, an attacker who has a part's cyber-information can simply produce a counterfeit part, clone any physical identifiers (serial numbers, etc.), and claim that the cyber-information is for the cloned part.
While cyber-security techniques, such as roots of trust and signing chains, exist to help ensure software integrity, there are no commensurate roots of trust and signing chains that can guarantee the source and integrity of both the cyber components and physical parts. As such, there is a risk that the algorithms and control approaches used in a supply chain will not identify the inferior performance characteristics of a counterfeit part and control its operation in an unsafe manner. The primary goal of this research is to create an integrity mechanism based on physically unclonable functions to ensure that an entire CPS is built from both trusted software and physical parts. To achieve this goal, the research investigates (i) a physical measurement technique (electro-mechanical impedance) to provide parts an unclonable physical identity and (ii) the cyber signing approaches to build chains of trust from these identities.