Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Industrial IoT cross-layer forensic investigation

Journal Article · · WIREs. Forensic Science
DOI:https://doi.org/10.1002/wfs2.1322· OSTI ID:1491327
 [1];  [1];  [2]
  1. US Air Force Institute of Technology, Wright-Patterson AFB, OH (United States)
  2. Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States). Global Security Directorate
+ Show Author Affiliations

Cross-layer forensic investigation is addressed for Industrial Internet of Things (IIoT) device attacks in Critical Infrastructure (CI) applications. The operational motivation for cross-layer investigation is provided by the desire to directly correlate bit-level network anomaly detection with physical layer (PHY) device connectivity and/or status (normal, defective, attacked, etc.) at the time of attack. The technical motivation for developing cross-layer techniques is motivated by (a) having considerable capability in place for Higher-Layer Digital Forensic Information exploitation—real-time network cyberattack and postattack analysis, (b) having considerably less capability in place for Lowest-Layer PHY Forensic Information exploitation—the PHY domain remains largely under exploited, and (c) considering cyber-physical integration as a means to jointly exploit higher-layer digital and lowest-layer PHY forensic information to maximize investigative benefit in IIoT cyber forensics. A delineation of higher-layer digital and lowest-layer PHY elements is provided for the standard network Open Systems Interconnection model and the specific Perdue Enterprise Reference Architecture commonly used in IIoT Industrial Control System/Supervisory Control and Data Acquisition applications. Finally, a forensics work summary is provided for each delineated area based on selected representative publications and provides the basis for presenting the envisioned cross-layer forensic investigation.

Research Organization:
Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)
Sponsoring Organization:
USDOE
Grant/Contract Number:
AC05-00OR22725
OSTI ID:
1491327
Journal Information:
WIREs. Forensic Science, Journal Name: WIREs. Forensic Science Journal Issue: 1 Vol. 1; ISSN 2573-9468
Publisher:
WileyCopyright Statement
Country of Publication:
United States
Language:
English

References (37)

Probabilistic Radio-Frequency Fingerprinting and Localization on the Run journal February 2014
Big forensic data reduction: digital forensic images and electronic evidence journal March 2016
The future for the policing of cybercrime journal January 2004
Anomaly-based network intrusion detection: Techniques, systems and challenges journal February 2009
The cyber threat landscape: Challenges and future research directions journal November 2011
Detecting rogue attacks on commercial wireless Insteon home automation systems journal May 2018
Network forensic frameworks: Survey and research challenges journal October 2010
Impacts of increasing volume of digital forensic data: A survey and future research challenges journal December 2014
A unified data mining solution for authorship analysis in anonymous textual communications journal May 2013
Network forensics: Review, taxonomy, and open challenges journal May 2016
Bit-level n-gram based forensic authorship analysis on social media: Identifying individuals from linguistic profiles journal July 2016
Radio Frequency Fingerprint Extraction of Radio Emitter Based on I/Q Imbalance journal January 2017
Incident Analysis & Digital Forensics in SCADA and Industrial Control Systems conference January 2013
Radio frequency fingerprinting based on the constellation errors conference October 2012
System-level design solutions: Enabling the IoT explosion conference November 2015
Cross-Layer Attack and Defense in Cognitive Radio Networks conference December 2010
Digital Forensics in the Age of Big Data: Challenges, Approaches, and Opportunities
  • Zawoad, Shams; Hasan, Ragib
  • 2015 IEEE 17th International Conference on High-Performance Computing and Communications; 2015 IEEE 7th International Symposium on Cyberspace Safety and Security; and 2015 IEEE 12th International Conference on Embedded Software and Systems, 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems https://doi.org/10.1109/HPCC-CSS-ICESS.2015.305
conference August 2015
A review of passive forensic techniques for detection of copy-move attacks on digital videos
  • Sharma, Shashank; Dhavale, Sunita V.
  • 2016 3rd International Conference on Advanced Computing and Communication Systems (ICACCS ), 2016 3rd International Conference on Advanced Computing and Communication Systems (ICACCS) https://doi.org/10.1109/ICACCS.2016.7586396
conference January 2016
Information security and digital forensics in the world of cyber physical systems conference September 2016
Network Forensics: An Analysis of Techniques, Tools, and Trends journal December 2012
SCADA Systems: Challenges for Forensic Investigators journal December 2012
FAIoT: Towards Building a Forensics Aware Eco System for the Internet of Things conference June 2015
Modeling the network forensics behaviors conference January 2005
Authorized and Rogue Device Discrimination Using Dimensionally Reduced RF-DNA Fingerprints journal June 2015
Enhancing Critical Infrastructure and Key Resources (CIKR) Level-0 Physical Process Security Using Field Device Distinct Native Attribute Features journal May 2018
Effective identification of source code authors using byte-level information conference January 2006
A Practical Method for Grid Structures Damage Location journal January 2015
A Cross-Layer Wireless Sensor Network Energy-Efficient Communication Protocol for Real-Time Monitoring of the Long-Distance Electric Transmission Lines journal January 2015
Radio Frequency Fingerprint Extraction Based on Multidimension Permutation Entropy journal January 2017
Securing ZigBee Commercial Communications Using Constellation Based Distinct Native Attribute Fingerprinting journal July 2018
Cross-layer design for reducing delay and maximizing lifetime in industrial wireless sensor networks journal March 2018
A Forensic Taxonomy of SCADA Systems and Approach to Incident Response
  • Eden, Peter; Blyth, Andrew; Burnap, Pete
  • 3rd International Symposium for ICS & SCADA Cyber Security Research 2015 (ICS-CSR 2015), Electronic Workshops in Computing https://doi.org/10.14236/ewic/ICS2015.5
conference September 2015
Forensic Readiness for SCADA/ICS Incident Response conference August 2016
Towards a SCADA Forensics Architecture
  • Wu, Tina; Disso, Jules Ferdinand Pagna; Jones, Kevin
  • 1st International Symposium for ICS & SCADA Cyber Security Research 2013 (ICS-CSR 2013), Electronic Workshops in Computing https://doi.org/10.14236/ewic/ICSCSR2013.2
conference September 2013
Radio frequency fingerprinting commercial communication devices to enhance electronic security journal January 2008
An Overview of Radio Frequency Fingerprinting for Low-End Devices journal July 2014
Guide to Industrial Control Systems (ICS) Security report May 2015

Figures / Tables (6)

Figure 1(p. 4)figure Figure 1
Figure 2(p. 6)figure Figure 2
Figure 3(p. 7)figure Figure 3
Figure 4(p. 8)figure Figure 4
Figure 5(p. 17)figure Figure 5
Table 1(p. 25)table Table 1

Similar Records

Challenge Paper: Validation of Forensic Techniques for Criminal Prosecution
Conference · Tue Apr 10 00:00:00 EDT 2007 · OSTI ID:983450

Related Subjects

97 MATHEMATICS AND COMPUTING
99 GENERAL AND MISCELLANEOUS
ICS/SCADA
cross-layer
fingerprinting
forensics
industrial IoT
radio frequency