Taxonomy and Challenges of Out-of-Band Signal Injection Attacks and Defenses

Giechaskiel, Ilias; Rasmussen, Kasper

doi:10.1109/comst.2019.2952858

Cited by 61 publications

(54 citation statements)

References 148 publications

(328 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Ever since a 2013 paper by Kune et al showed that electromagnetic (EM) signals can be used to cause medical devices to deliver defibrillation shocks [10], there has been a rise in EM, acoustic, and optical signal injection attacks against sensor and actuator systems [7]. Although some papers have focused on vulnerabilities caused by the ADC sampling process itself [2], others have focused on exploiting the control algorithms that make use of the digitized signal.…”

Section: Related Workmentioning

confidence: 99%

“…Using Equations (6) and (7), the similarity metric between the measured signal s f (t) and the ideal signal w(t) can be defined as follows: To sanity-check this metric and the experimental setup, an unmodulated 20 mV f m = 1 kHz signal is generated. Figure 9a shows this waveform as measured by the smartphone of Section 4.2 along with an ideal 1 kHz signal.…”

Section: A1 Similarity Metric and Setup Validationmentioning

confidence: 99%

See 1 more Smart Citation

Computer Security – ESORICS 2019

Gritzalis¹,

Preneel²,

Theoharidou³

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Sensors are embedded in security-critical applications from medical devices to nuclear power plants, but their outputs can be spoofed through electromagnetic and other types of signals transmitted by attackers at a distance. To address the lack of a unifying framework for evaluating the effects of such transmissions, we introduce a system and threat model for signal injection attacks. We further define the concepts of existential, selective, and universal security, which address attacker goals from mere disruptions of the sensor readings to precise waveform injections. Moreover, we introduce an algorithm which allows circuit designers to concretely calculate the security level of real systems. Finally, we apply our definitions and algorithm in practice using measurements of injections against a smartphone microphone, and analyze the demodulation characteristics of commercial Analog-to-Digital Converters (ADCs). Overall, our work highlights the importance of evaluating the susceptibility of systems against signal injection attacks, and introduces both the terminology and the methodology to do so. 1

show abstract

Section: Related Workmentioning

confidence: 99%

Section: A1 Similarity Metric and Setup Validationmentioning

confidence: 99%

Computer Security – ESORICS 2019

Gritzalis¹,

Preneel²,

Theoharidou³

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…The convection term gives account of the change of F (t, x) as particles are transported from one point to the other with velocity u. If we go back to (1) and (2) and drop the max min operators, we end up with a partial differential equation very similar to 7, where the dot product ∇J T •ẋ is in the form of a convection term where the velocity term is given by the dynamics of the logic gate component. Broadly speaking, this HJI equation has similarity with a material derivative of some particular substance, in this case, the cost function.…”

Section: Materials Derivative and Navier-stokes Equationmentioning

confidence: 99%

“…A number of authors have reported exploitable erratic behavior on the execution of software under EEMI targeting a processor at particular points in time and space [2], [3] We have tampered with the execution of a program in assembler language for a processor in simulation [4]. We produced the same deviation in software execution assuming knowledge of the processor layout.…”

Section: Introductionmentioning

confidence: 96%

A Hamilton-Jacobi Equation for Evaluating EEMI Propagation in a Computing System

Valbuena

Heileman

Hemmady

et al. 2019

2019 International Conference on Electromagnetics in Advanced Applications (ICEAA)

View full text Add to dashboard Cite

In this paper, we present a theoretical framework for modeling the empirically observed cascading of software failures on a complicated computing system exposed to extreme electromagnetic interference (EEMI). Our approach is to treat the temporal evolution of the electromagnetic coupling and the resultant cascading series of electromagnetic-induced faults as the "flow" in a dynamic fluid-mechanical system and thereby utilize aspects of the Navier Stokes and Hamilton-Jacobi equations to predict the rate of this flow. Therefore, inspired by the concepts of fluid dynamics [1], we include a diffusion term in the Hamilton-Jacobi-Isaacs (HJI) equation. We have considered two approaches. In one we apply a Taylor expansion to the optimality principle and consider additional terms; in the other scenario, we simply add a diffusion term in the form of a Laplacian applied to the cost function H(x,. . .) and some constant c, as it is present in the Navier-Stokes equation for incompressible flow. We provide numerical comparisons for both approaches with respect to the original HJI equation where the dynamical vector field corresponds to analytical models of a NOR logic gate. This model is a second-order differential equation that describes the behavior of the gate that incorporates a new term accounting for EEMI injection.

show abstract

“…The academic curiosity question of how the interaction of sensors/actuators with computing systems can render an adversarial vulnerability has evolved into practical relevance. There are various works where medical devices such as insulin injectors or pacemakers have been compromised to the point of reporting spurious levels of insulin, switching on/off the flow of insulin or producing shock commands [2]. Usually, these adversarial intrusions take advantage of the computing systems' ports of entry.…”

Section: Introductionmentioning

confidence: 99%

Simplified Flip-Flop Gate Model for EEMI Injection

Valbuena

Heileman

Hemmady

et al. 2019

2019 International Conference on Electromagnetics in Advanced Applications (ICEAA)

View full text Add to dashboard Cite

We present a second order dynamical system to represent the behavior of a D flip-flop. We employ windowing functions and vector fields to replicate a characteristic found in [1],which resorts to switching. The model also takes into account metastable behavior, which can be exploited when studying software execution faults due to an undefined logical state. We conceived the noise injection to be additive noise targeting the transition between the stable equilibrium points. However, the model is flexible and many parameters can be changed to alter its behavior.

show abstract

Taxonomy and Challenges of Out-of-Band Signal Injection Attacks and Defenses

Cited by 61 publications

References 148 publications

Computer Security – ESORICS 2019

Computer Security – ESORICS 2019

A Hamilton-Jacobi Equation for Evaluating EEMI Propagation in a Computing System

Simplified Flip-Flop Gate Model for EEMI Injection

Contact Info

Product

Resources

About