Carlos R. Aguayo Gonzalez
Power Fingerprinting, Inc.
Over the past two years, sophisticated malware has emerged capable of targeting industrial controllers and inflicting significant damage to critical infrastructure. Attacks such as Stuxnet, Flame, or Gauss stunned researchers with their sophistication and capabilities and illustrated the dramatic evolution of cyber attacks in terms of reach, scope, and target diversity. Traditional cyber defense approaches have been unable to prevent well-funded adversaries from compromising critical systems. Furthermore, current monitoring approaches, such as antivirus systems, depend on having explicit knowledge of the attack itself and only work on specific platforms.
In this presentation, we introduce Power Fingerprinting (PFP), a novel approach to assess the integrity of critical systems and detect malicious intrusions. PFP captures fine-grain traces of a processor’s power consumption and performs sophisticated anomaly detection to determine whether the integrity of the system has been compromised. Using this approach, PFP is capable of detecting even the most elusive attacks, such as zero-day attacks, covert rootkits, and HW Trojans. PFP introduces negligible overhead and is an orthogonal solution independent of the target platform, operating system, or application. Thus, PFP allows monitoring of resource-constrained and specialized systems that are not able to support traditional anti-virus or intrusion detection solutions.
The startup company Power Fingerprinting, Inc., a Wireless@ Virginia Tech spin-off, has been established with the objective of commercializing this unique cyber security technology. PFP has received significant validation from the SBIR program, having received several contract awards and grants from different government agencies, including the National Science Foundation, the US Army, and the US Air Force.