592 research outputs found
Overview of Sensing Attacks on Autonomous Vehicle Technologies and Impact on Traffic Flow
While perception systems in Connected and Autonomous Vehicles (CAVs), which
encompass both communication technologies and advanced sensors, promise to
significantly reduce human driving errors, they also expose CAVs to various
cyberattacks. These include both communication and sensing attacks, which
potentially jeopardize not only individual vehicles but also overall traffic
safety and efficiency. While much research has focused on communication
attacks, sensing attacks, which are equally critical, have garnered less
attention. To address this gap, this study offers a comprehensive review of
potential sensing attacks and their impact on target vehicles, focusing on
commonly deployed sensors in CAVs such as cameras, LiDAR, Radar, ultrasonic
sensors, and GPS. Based on this review, we discuss the feasibility of
integrating hardware-in-the-loop experiments with microscopic traffic
simulations. We also design baseline scenarios to analyze the macro-level
impact of sensing attacks on traffic flow. This study aims to bridge the
research gap between individual vehicle sensing attacks and broader macroscopic
impacts, thereby laying the foundation for future systemic understanding and
mitigation
Secure Instruction and Data-Level Information Flow Tracking Model for RISC-V
Rising device use and third-party IP integration in semiconductors raise
security concerns. Unauthorized access, fault injection, and privacy invasion
are potential threats from untrusted actors. Different security techniques have
been proposed to provide resilience to secure devices from potential
vulnerabilities; however, no one technique can be applied as an overarching
solution. We propose an integrated Information Flow Tracking (IFT) technique to
enable runtime security to protect system integrity by tracking the flow of
data from untrusted communication channels. Existing hardware-based IFT schemes
are either fine-, which are resource-intensive, or coarse-grained models, which
have minimal precision logic, providing either control flow or data-flow
integrity. No current security model provides multi-granularity due to the
difficulty in balancing both the flexibility and hardware overheads at the same
time. This study proposes a multi-level granularity IFT model that integrates a
hardware-based IFT technique with a gate-level-based IFT (GLIFT) technique,
along with flexibility, for better precision and assessments. Translation from
the instruction level to the data level is based on module instantiation with
security-critical data for accurate information flow behaviors without any
false conservative flows. A simulation-based IFT model is demonstrated, which
translates the architecture-specific extensions into a compiler-specific
simulation model with toolchain extensions for Reduced Instruction Set
Architecture (RISC-V) to verify the security extensions. This approach provides
better precision logic by enhancing the tagged mechanism with 1-bit tags and
implementing an optimized shadow logic that eliminates the area overhead by
tracking the data for only security-critical modules
Drivers and barriers for secure hardware adoption across ecosystem stakeholders
The decisions involved in choosing technology components for systems are poorly understood. This is especially so where the choices pertain to system security and countering the threat of cybersecurity attack. Although common in some commercial products, secure hardware chips provide security functions such as authentication, secure execution and integrity validation on system start, and are increasingly deemed to have a role in devices across sectors, such as IoT devices, autonomous vehicle systems and critical infrastructure components. To understand the decisions and opinions regarding the adoption of secure hardware, we conducted 23 semi-structured interviews with senior decision-makers from companies spanning a range of sectors, sizes and supply-chain roles. Our results consider the business propositional drivers, barriers and economic factors that influence the adoption decisions. Understanding these would help those seeking to influence the adoption process, whether as a business decision, or as a trade or national strategy
SystemC Model of Power Side-Channel Attacks Against AI Accelerators: Superstition or not?
As training artificial intelligence (AI) models is a lengthy and hence costly
process, leakage of such a model's internal parameters is highly undesirable.
In the case of AI accelerators, side-channel information leakage opens up the
threat scenario of extracting the internal secrets of pre-trained models.
Therefore, sufficiently elaborate methods for design verification as well as
fault and security evaluation at the electronic system level are in demand. In
this paper, we propose estimating information leakage from the early design
steps of AI accelerators to aid in a more robust architectural design. We first
introduce the threat scenario before diving into SystemC as a standard method
for early design evaluation and how this can be applied to threat modeling. We
present two successful side-channel attack methods executed via SystemC-based
power modeling: correlation power analysis and template attack, both leading to
total information leakage. The presented models are verified against an
industry-standard netlist-level power estimation to prove general feasibility
and determine accuracy. Consequently, we explore the impact of additive noise
in our simulation to establish indicators for early threat evaluation. The
presented approach is again validated via a model-vs-netlist comparison,
showing high accuracy of the achieved results. This work hence is a solid step
towards fast attack deployment and, subsequently, the design of
attack-resilient AI accelerators
Abusing Commodity DRAMs in IoT Devices to Remotely Spy on Temperature
The ubiquity and pervasiveness of modern Internet of Things (IoT) devices
opens up vast possibilities for novel applications, but simultaneously also
allows spying on, and collecting data from, unsuspecting users to a previously
unseen extent. This paper details a new attack form in this vein, in which the
decay properties of widespread, off-the-shelf DRAM modules are exploited to
accurately sense the temperature in the vicinity of the DRAM-carrying device.
Among others, this enables adversaries to remotely and purely digitally spy on
personal behavior in users' private homes, or to collect security-critical data
in server farms, cloud storage centers, or commercial production lines. We
demonstrate that our attack can be performed by merely compromising the
software of an IoT device and does not require hardware modifications or
physical access at attack time. It can achieve temperature resolutions of up to
0.5{\deg}C over a range of 0{\deg}C to 70{\deg}C in practice. Perhaps most
interestingly, it even works in devices that do not have a dedicated
temperature sensor on board. To complete our work, we discuss practical attack
scenarios as well as possible countermeasures against our temperature espionage
attacks.Comment: Submitted to IEEE TIFS and currently under revie
Systematic Literature Review of EM-SCA Attacks on Encryption
Cryptography is vital for data security, but cryptographic algorithms can
still be vulnerable to side-channel attacks (SCAs), physical assaults
exploiting power consumption and EM radiation. SCAs pose a significant threat
to cryptographic integrity, compromising device keys. While literature on SCAs
focuses on real-world devices, the rise of sophisticated devices necessitates
fresh approaches. Electromagnetic side-channel analysis (EM-SCA) gathers
information by monitoring EM radiation, capable of retrieving encryption keys
and detecting malicious activity. This study evaluates EM-SCA's impact on
encryption across scenarios and explores its role in digital forensics and law
enforcement. Addressing encryption susceptibility to EM-SCA can empower
forensic investigators in overcoming encryption challenges, maintaining their
crucial role in law enforcement. Additionally, the paper defines EM-SCA's
current state in attacking encryption, highlighting vulnerable and resistant
encryption algorithms and devices, and promising EM-SCA approaches. This study
offers a comprehensive analysis of EM-SCA in law enforcement and digital
forensics, suggesting avenues for further research
Built-In Return-Oriented Programs in Embedded Systems and Deep Learning for Hardware Trojan Detection
Microcontrollers and integrated circuits in general have become ubiquitous in the world today. All aspects of our lives depend on them from driving to work, to calling our friends, to checking our bank account balance. People who would do harm to individuals, corporations and nation states are aware of this and for that reason they seek to find or create and exploit vulnerabilities in integrated circuits. This dissertation contains three papers dealing with these types of vulnerabilities. The first paper talks about a vulnerability that was found on a microcontroller, which is a type of integrated circuit. The final two papers deal with hardware trojans. Hardware trojans are purposely added to the design of an integrated circuit in secret so that the manufacturer doesn’t know about it. They are used to damage the integrated circuit, leak confidential information, or in other ways alter the circuit. Hardware trojans are a major concern for anyone using integrated circuits because an attacker can alter a circuit in almost any way if they are successful in inserting one. A known method to prevent hardware trojan insertion is discussed and a type of circuit for which this method does not work is revealed. The discussion of hardware trojans is concluded with a new way to detect them before the integrated circuit is manufactured. Modern deep learning models are used to detect the portions of the hardware trojan called triggers that activate them
- …