13 research outputs found
Discussing the Feasibility of Acoustic Sensors for Side Channel-aided Industrial Intrusion Detection: An Essay
The fourth industrial revolution leads to an increased use of embedded
computation and intercommunication in an industrial environment. While reducing
cost and effort for set up, operation and maintenance, and increasing the time
to operation or market respectively as well as the efficiency, this also
increases the attack surface of enterprises. Industrial enterprises have become
targets of cyber criminals in the last decade, reasons being espionage but also
politically motivated. Infamous attack campaigns as well as easily available
malware that hits industry in an unprepared state create a large threat
landscape. As industrial systems often operate for many decades and are
difficult or impossible to upgrade in terms of security, legacy-compatible
industrial security solutions are necessary in order to create a security
parameter. One plausible approach in industry is the implementation and
employment of side-channel sensors. Combining readily available sensor data
from different sources via different channels can provide an enhanced insight
about the security state. In this work, a data set of an experimental
industrial set up containing side channel sensors is discussed conceptually and
insights are derived
CSI Neural Network: Using Side-channels to Recover Your Artificial Neural Network Information
Machine learning has become mainstream across industries. Numerous examples
proved the validity of it for security applications. In this work, we
investigate how to reverse engineer a neural network by using only power
side-channel information. To this end, we consider a multilayer perceptron as
the machine learning architecture of choice and assume a non-invasive and
eavesdropping attacker capable of measuring only passive side-channel leakages
like power consumption, electromagnetic radiation, and reaction time.
We conduct all experiments on real data and common neural net architectures
in order to properly assess the applicability and extendability of those
attacks. Practical results are shown on an ARM CORTEX-M3 microcontroller. Our
experiments show that the side-channel attacker is capable of obtaining the
following information: the activation functions used in the architecture, the
number of layers and neurons in the layers, the number of output classes, and
weights in the neural network. Thus, the attacker can effectively reverse
engineer the network using side-channel information.
Next, we show that once the attacker has the knowledge about the neural
network architecture, he/she could also recover the inputs to the network with
only a single-shot measurement. Finally, we discuss several mitigations one
could use to thwart such attacks.Comment: 15 pages, 16 figure
Towards Inferring Mechanical Lock Combinations using Wrist-Wearables as a Side-Channel
Wrist-wearables such as smartwatches and fitness bands are equipped with a
variety of high-precision sensors that support novel contextual and
activity-based applications. The presence of a diverse set of on-board sensors,
however, also expose an additional attack surface which, if not adequately
protected, could be potentially exploited to leak private user information. In
this paper, we investigate the feasibility of a new attack that takes advantage
of a wrist-wearable's motion sensors to infer input on mechanical devices
typically used to secure physical access, for example, combination locks. We
outline an inference framework that attempts to infer a lock's unlock
combination from the wrist motion captured by a smartwatch's gyroscope sensor,
and uses a probabilistic model to produce a ranked list of likely unlock
combinations. We conduct a thorough empirical evaluation of the proposed
framework by employing unlocking-related motion data collected from human
subject participants in a variety of controlled and realistic settings.
Evaluation results from these experiments demonstrate that motion data from
wrist-wearables can be effectively employed as a side-channel to significantly
reduce the unlock combination search-space of commonly found combination locks,
thus compromising the physical security provided by these locks
An Optimal Energy Efficient Design of Artificial Noise for Preventing Power Leakage based Side-Channel Attacks
Side-channel attacks (SCAs), which infer secret information (for example
secret keys) by exploiting information that leaks from the implementation (such
as power consumption), have been shown to be a non-negligible threat to modern
cryptographic implementations and devices in recent years. Hence, how to
prevent side-channel attacks on cryptographic devices has become an important
problem. One of the widely used countermeasures to against power SCAs is the
injection of random noise sequences into the raw leakage traces. However, the
indiscriminate injection of random noise can lead to significant increases in
energy consumption in device, and ways must be found to reduce the amount of
energy in noise generation while keeping the side-channel invisible. In this
paper, we propose an optimal energy-efficient design for artificial noise
generation to prevent side-channel attacks. This approach exploits the sparsity
among the leakage traces. We model the side-channel as a communication channel,
which allows us to use channel capacity to measure the mutual information
between the secret and the leakage traces. For a given energy budget in the
noise generation, we obtain the optimal design of the artificial noise
injection by solving the side-channel's channel capacity minimization problem.
The experimental results also validate the effectiveness of our proposed
scheme
Recommended from our members
Link Prediction with Deep Learning Models
Deep Learning has been used extensively in many applications by researchers. With the increased attraction to Deep Learning, more and more unique models are created each year. However, sometimes some of the model details are not included in the publications. This makes using new Deep Learning models for research a time-consuming task for researchers. In order to tackle with this problem, we propose a prediction mechanism for the missing information in the model. By creating a dataset where the Deep Learning models are represented as knowledge graphs, we made it possible to use knowledge graph embedding algorithms which are specifically designed for eliminating missing information in a given data. We inspected 6 different algorithms and compared their performances on a small-scale experiment. After the comparison, we picked the most promising algorithm and used it for link prediction in Deep Learning models
Graph-Theoretic Approach for Manufacturing Cybersecurity Risk Modeling and Assessment
Identifying, analyzing, and evaluating cybersecurity risks are essential to
assess the vulnerabilities of modern manufacturing infrastructures and to
devise effective decision-making strategies to secure critical manufacturing
against potential cyberattacks. In response, this work proposes a
graph-theoretic approach for risk modeling and assessment to address the lack
of quantitative cybersecurity risk assessment frameworks for smart
manufacturing systems. In doing so, first, threat attributes are represented
using an attack graphical model derived from manufacturing cyberattack
taxonomies. Attack taxonomies offer consistent structures to categorize threat
attributes, and the graphical approach helps model their interdependence.
Second, the graphs are analyzed to explore how threat events can propagate
through the manufacturing value chain and identify the manufacturing assets
that threat actors can access and compromise during a threat event. Third, the
proposed method identifies the attack path that maximizes the likelihood of
success and minimizes the attack detection probability, and then computes the
associated cybersecurity risk. Finally, the proposed risk modeling and
assessment framework is demonstrated via an interconnected smart manufacturing
system illustrative example. Using the proposed approach, practitioners can
identify critical connections and manufacturing assets requiring prioritized
security controls and develop and deploy appropriate defense measures
accordingly.Comment: 25 pages, 10 figure