xSense: ICS/SCADA Sensor Integrity
XorIDA splits each SCADA sensor reading across independent verifier nodes, making Stuxnet-style sensor manipulation detectable and information-theoretically impossible to forge.
The Problem
SCADA and ICS sensors are single points of failure. Stuxnet demonstrated that attackers can manipulate sensor readings to mask physical sabotage of critical infrastructure processes.
Industrial Control Systems (ICS) and SCADA networks manage power grids, water treatment plants, oil pipelines, and manufacturing processes. These systems rely on sensor readings that travel through single communication channels to Human-Machine Interfaces (HMIs). An attacker who compromises the channel — or the sensor controller — can feed operators false readings.
Stuxnet proved this attack is not theoretical. The malware intercepted centrifuge speed sensors and replayed normal readings while the centrifuges were spinning to destruction. Operators saw nothing wrong until physical damage occurred. The fundamental flaw is that sensor integrity depends on a single trust path.
The Old Way
The PRIVATE.ME Solution
XorIDA splits each sensor reading across independent verifier nodes on separate network segments. No single compromised node can forge a valid reading. Typed integrity alerts catch tampering in real time.
Each sensor reading is split into N shares distributed to independent verifier nodes on isolated network segments. The verifier nodes operate on separate hardware, separate networks, and ideally separate physical locations. An attacker would need to simultaneously compromise K independent nodes to forge a reading.
Every share carries HMAC-SHA256 integrity verification. When the control system reconstructs a reading, it first verifies every share. A Stuxnet-style replay attack would fail because the replayed share would not match the HMAC of the current timestamp and sequence number. Typed alerts (TAMPER_DETECTED, REPLAY_DETECTED, SEQUENCE_GAP) immediately notify operators.
The New Way
How It Works
A four-stage pipeline: sensor reading capture, XorIDA split with sequence numbering, multi-network verifier distribution, and HMAC-verified threshold reconstruction with typed alerts.
Network isolation: Verifier nodes on separate network segments ensure that compromising one OT network does not grant access to all shares.
Typed alerting: Machine-readable alert types (TAMPER_DETECTED, REPLAY_DETECTED, SEQUENCE_GAP) enable automated incident response without operator interpretation.
Use Cases
Split grid sensor readings across independent verifier nodes. Detect manipulation of voltage, frequency, and load readings that could mask grid instability or enable cascading failures.
Grid SecurityProtect chemical dosing and pH sensor readings from manipulation. Tampered water treatment readings could mask contamination that endangers public health.
Public SafetySplit pressure, flow rate, and temperature readings across verifier nodes. Detect manipulation that could mask pipeline overpressure or leak conditions.
Pipeline SafetyVerify sensor integrity in automated manufacturing lines. Prevents quality control sabotage where manipulated readings pass defective products.
Quality AssuranceIntegration
import { splitSensorData, detectTamper } from '@private.me/scradasplit'; // Split sensor reading across 3 verifier nodes const shares = await splitSensorData( sensorReading, ['verifier-net1', 'verifier-net2', 'verifier-net3'] ); // Detect tampering during reconstruction const result = await detectTamper(collectedShares); if (!result.ok) { // result.error.type: 'TAMPER_DETECTED' | 'REPLAY_DETECTED' alertOperator(result.error); }
Security Properties
| Property | Mechanism | Guarantee |
|---|---|---|
| Confidentiality | XorIDA K-of-N threshold | Information-theoretic (unconditional) |
| Integrity | HMAC-SHA256 per share | Tamper detection before reconstruction |
| Anti-Replay | Monotonic sequence + timestamp | Stale readings rejected automatically |
| Isolation | Separate network segments | No single-network compromise |
| Alerting | Typed alert system | Machine-readable incident response |
Verifiable Data Protection
Every operation in this ACI produces a verifiable audit trail via xProve. HMAC-chained integrity proofs let auditors confirm that data was split, stored, and reconstructed correctly — without accessing the data itself.
Read the xProve white paper →
Ready to deploy xSense?
Talk to Ren, our AI sales engineer, or book a live demo with our team.
Ship Proofs, Not Source
xSense generates cryptographic proofs of correct execution without exposing proprietary algorithms. Verify integrity using zero-knowledge proofs — no source code required.
- Tier 1 HMAC (~0.7KB)
- Tier 2 Commit-Reveal (~0.5KB)
- Tier 3 IT-MAC (~0.3KB)
- Tier 4 KKW ZK (~0.4KB)
Use Cases
Deployment Options
SaaS Recommended
Fully managed infrastructure. Call our REST API, we handle scaling, updates, and operations.
- Zero infrastructure setup
- Automatic updates
- 99.9% uptime SLA
- Enterprise SLA available
SDK Integration
Embed directly in your application. Runs in your codebase with full programmatic control.
npm install @private.me/xsense- TypeScript/JavaScript SDK
- Full source access
- Enterprise support available
On-Premise Upon Request
Enterprise CLI for compliance, air-gap, or data residency requirements.
- Complete data sovereignty
- Air-gap capable deployment
- Custom SLA + dedicated support
- Professional services included
Enterprise On-Premise Deployment
While xSense is primarily delivered as SaaS or SDK, we build dedicated on-premise infrastructure for customers with:
- Regulatory mandates — HIPAA, SOX, FedRAMP, CMMC requiring self-hosted processing
- Air-gapped environments — SCIF, classified networks, offline operations
- Data residency requirements — EU GDPR, China data laws, government mandates
- Custom integration needs — Embed in proprietary platforms, specialized workflows
Includes: Enterprise CLI, Docker/Kubernetes orchestration, RBAC, audit logging, and dedicated support.