93,477 research outputs found
Physical Fault Injection and Side-Channel Attacks on Mobile Devices:A Comprehensive Analysis
Today's mobile devices contain densely packaged system-on-chips (SoCs) with
multi-core, high-frequency CPUs and complex pipelines. In parallel,
sophisticated SoC-assisted security mechanisms have become commonplace for
protecting device data, such as trusted execution environments, full-disk and
file-based encryption. Both advancements have dramatically complicated the use
of conventional physical attacks, requiring the development of specialised
attacks. In this survey, we consolidate recent developments in physical fault
injections and side-channel attacks on modern mobile devices. In total, we
comprehensively survey over 50 fault injection and side-channel attack papers
published between 2009-2021. We evaluate the prevailing methods, compare
existing attacks using a common set of criteria, identify several challenges
and shortcomings, and suggest future directions of research
A Comprehensive Survey on Non-Invasive Fault Injection Attacks
Non-invasive fault injection attacks have emerged as significant threats to a spectrum of microelectronic systems ranging from commodity devices to high-end customized processors. Unlike their invasive counterparts, these attacks are more affordable and can exploit system vulnerabilities without altering the hardware physically. Furthermore, certain non-invasive fault injection strategies allow for remote vulnerability exploitation without the requirement of physical proximity. However, existing studies lack extensive investigation into these attacks across diverse target platforms, threat models, emerging attack strategies, assessment frameworks, and mitigation approaches. In this paper, we provide a comprehensive overview of contemporary research on non-invasive fault injection attacks. Our objective is to consolidate and scrutinize the various techniques, methodologies, target systems susceptible to the attacks, and existing mitigation mechanisms advanced by the research community. Besides, we categorize attack strategies based on several aspects, present a detailed comparison among the categories, and highlight research challenges with future direction. By underlining and discussing the landscape of cutting-edge, non-invasive fault injection, we hope more researchers, designers, and security professionals examine the attacks further and take such threats into consideration while developing effective countermeasures
Fault-Tolerant Secure Data Aggregation Schemes in Smart Grids: Techniques, Design Challenges, and Future Trends
Secure data aggregation is an important process that enables a smart meter to perform efficiently and accurately. However, the fault tolerance and privacy of the user data are the most serious concerns in this process. While the security issues of Smart Grids are extensively studied, these two issues have been ignored so far. Therefore, in this paper, we present a comprehensive survey of fault-tolerant and differential privacy schemes for the Smart Gird. We selected papers from 2010 to 2021 and studied the schemes that are specifically related to fault tolerance and differential privacy. We divided all existing schemes based on the security properties, performance evaluation, and security attacks. We provide a comparative analysis for each scheme based on the cryptographic approach used. One of the drawbacks of existing surveys on the Smart Grid is that they have not discussed fault tolerance and differential privacy as a major area and consider them only as a part of privacy preservation schemes. On the basis of our work, we identified further research areas that can be explored
Characterization of Model-Based Detectors for CPS Sensor Faults/Attacks
A vector-valued model-based cumulative sum (CUSUM) procedure is proposed for
identifying faulty/falsified sensor measurements. First, given the system
dynamics, we derive tools for tuning the CUSUM procedure in the fault/attack
free case to fulfill a desired detection performance (in terms of false alarm
rate). We use the widely-used chi-squared fault/attack detection procedure as a
benchmark to compare the performance of the CUSUM. In particular, we
characterize the state degradation that a class of attacks can induce to the
system while enforcing that the detectors (CUSUM and chi-squared) do not raise
alarms. In doing so, we find the upper bound of state degradation that is
possible by an undetected attacker. We quantify the advantage of using a
dynamic detector (CUSUM), which leverages the history of the state, over a
static detector (chi-squared) which uses a single measurement at a time.
Simulations of a chemical reactor with heat exchanger are presented to
illustrate the performance of our tools.Comment: Submitted to IEEE Transactions on Control Systems Technolog
- …