242 research outputs found

    A Framework for Evaluating Security in the Presence of Signal Injection Attacks

    Full text link
    Sensors are embedded in security-critical applications from medical devices to nuclear power plants, but their outputs can be spoofed through electromagnetic and other types of signals transmitted by attackers at a distance. To address the lack of a unifying framework for evaluating the effects of such transmissions, we introduce a system and threat model for signal injection attacks. We further define the concepts of existential, selective, and universal security, which address attacker goals from mere disruptions of the sensor readings to precise waveform injections. Moreover, we introduce an algorithm which allows circuit designers to concretely calculate the security level of real systems. Finally, we apply our definitions and algorithm in practice using measurements of injections against a smartphone microphone, and analyze the demodulation characteristics of commercial Analog-to-Digital Converters (ADCs). Overall, our work highlights the importance of evaluating the susceptibility of systems against signal injection attacks, and introduces both the terminology and the methodology to do so.Comment: This article is the extended technical report version of the paper presented at ESORICS 2019, 24th European Symposium on Research in Computer Security (ESORICS), Luxembourg, Luxembourg, September 201

    System and IC level analysis of electrostatic discharge (ESD) and electrical fast transient (EFT) immunity and associated coupling mechanisms

    Get PDF
    The exposure of electronic circuits to lightning, electrostatic discharge (ESD), electrical fast transients (EFT) or sine wave signals can reveal RF immunity problems. Typical problems include temporary malfunctions or permanent damage of integrated circuits (ICs). In an effort to reproduce those disturbances, a series of electromagnetic compatibility standards has been developed. However, a complete understanding of the root cause of the immunity problems has yet to be established. This dissertation discusses immunity problems in three papers, starting at the system level, via the coupling path into the IC --Abstract, page iv

    Trick or Heat? Manipulating Critical Temperature-Based Control Systems Using Rectification Attacks

    Full text link
    Temperature sensing and control systems are widely used in the closed-loop control of critical processes such as maintaining the thermal stability of patients, or in alarm systems for detecting temperature-related hazards. However, the security of these systems has yet to be completely explored, leaving potential attack surfaces that can be exploited to take control over critical systems. In this paper we investigate the reliability of temperature-based control systems from a security and safety perspective. We show how unexpected consequences and safety risks can be induced by physical-level attacks on analog temperature sensing components. For instance, we demonstrate that an adversary could remotely manipulate the temperature sensor measurements of an infant incubator to cause potential safety issues, without tampering with the victim system or triggering automatic temperature alarms. This attack exploits the unintended rectification effect that can be induced in operational and instrumentation amplifiers to control the sensor output, tricking the internal control loop of the victim system to heat up or cool down. Furthermore, we show how the exploit of this hardware-level vulnerability could affect different classes of analog sensors that share similar signal conditioning processes. Our experimental results indicate that conventional defenses commonly deployed in these systems are not sufficient to mitigate the threat, so we propose a prototype design of a low-cost anomaly detector for critical applications to ensure the integrity of temperature sensor signals.Comment: Accepted at the ACM Conference on Computer and Communications Security (CCS), 201

    On-die transient event sensors and system-level ESD testing

    Get PDF
    System level electrostatic discharge (ESD) testing of electronic products is a critical part of product certification. Test methods were investigated to develop system level ESD simulation models to predict soft-failures in a system with multiple sensors. These methods rely completely on measurements. The model developed was valid only for the linear operation range of devices within the system. These methods were applied to a commercial product and used to rapidly determine when a soft failure would occur. Attaching cables and probes to determine stress voltages and currents within a system, as in the previous study, is time-consuming and can alter the test results. On-chip sensors have been developed which allow the user to avoid using cables and probes and can detect an event along with the level, polarity, and location of a transient event seen at the I/O pad. The sensors were implemented with minimum area consumption and can be implemented within the spacer cell of an I/O pad. Some of the proposed sensors were implemented in a commercial test microcontroller and have been tested to successfully record the event occurrence, location, level, and polarity on that test microcontroller. System level tests were then performed on a pseudo-wearable device using the on-chip sensors. The measurements were successful in capturing the peak disturbance and counting the number of ESD events without the addition of any external measurement equipment. A modification of the sensors was also designed to measure the peak voltage on a trace or pin inside a complex electronic product. The peak current can also be found when the sensor is placed across a transient voltage suppressor with a known I-V curve. The peak level is transmitted wirelessly to a receiver outside the system using frequency-modulated magnetic or electric fields, thus allowing multiple measurements to be made without opening the enclosure or otherwise modifying the system. Simulations demonstrate the sensors can accurately detect the peak transient voltage and transmit the level to an external receiver --Abstract, page iv

    Analog-Digital System Modeling for Electromagnetic Susceptibility Prediction

    Get PDF
    The thesis is focused on the noise susceptibility of communication networks. These analog-mixed signal systems operate in an electrically noisy environment, in presence of multiple equipments connected by means of long wiring. Every module communicates using a transceiver as an interface between the local digital signaling and the data transmission through the network. Hence, the performance of the IC transceiver when affected by disturbances is one of the main factors that guarantees the EM immunity of the whole equipment. The susceptibility to RF and transient disturbances is addressed at component level on a CAN transceiver as a test case, highlighting the IC features critical for noise immunity. A novel procedure is proposed for the IC modeling for mixed-signal immunity simulations of communication networks. The procedure is based on a gray-box approach, modeling IC ports with a physical circuit and the internal links with a behavioural block. The parameters are estimated from time and frequency domain measurements, allowing accurate and efficient reproduction of non-linear device switching behaviours. The effectiveness of the modeling process is verified by applying the proposed technique to a CAN transceiver, involved in a real immunity test on a data communication link. The obtained model is successfully implemented in a commercial solver to predict both the functional signals and the RF noise immunity at component level. The noise immunity at system level is then evaluated on a complete communication network, analyzing the results of several tests on a realistic CAN bus. After developing models for wires and injection probes, a noise immunity test in avionic environment is carried out in a simulation environment, observing good overall accuracy and efficiency

    An Activity Monitor for Diabetic Individuals

    Get PDF
    An activity monitor that diabetic individuals can wear continuously will provide important information on how these individuals should make adjustments to their exercise, diet, and insulin dosage in order to maintain a healthy lifestyle. The device is composed of both heart rate sensing components and components to measure the magnitude of physical movement. The energy expenditure is calculated using an algorithm that continuously adjusts depending on the type of activity. The system display provides the carbohydrates burned in order to be adjunctive to carbohydrate counting, a common technique used for glucose management

    System-level transient ESD noise monitoring using off-chip and on-chip circuits

    Get PDF
    Department of Electrical EngineeringElectrostatic discharge (ESD) is defined as a sudden flow of electric charge between the objects with different electrostatic potentials caused by contact and breakdown of air gap or dielectric layer. In electronic systems, ESD is the remarkable critical issue for reliability of compact and complex integrated circuits (IC) and systems and must be deliberated from the initial design process for the safety of users and wasted cost from damaged products. To analyze the effects by the ESD events, the noise voltages inside the products induced by ESD events can be measured. However, the passive measurement method using cables has some limitations. Various on-die ESD detector circuits have previously been proposed to overcome the limits, providing the useful information for ESD noise analysis. But these circuits require lots of time and cost for design and fabrication, so it is hard to apply from the initial design process. In this thesis, two approaches are proposed for monitoring the system-level transient ESD noise as the further progress of previous researches regarding the detection of system-level transient ESD event. One is the usage of the off-chip ESD detection module including multiple detection circuits with different thresholds for characterizing the range of ESD noises. The proposed detection circuit utilizes the time delay by RC network and can sense the positive ESD events at power line. The sensing characteristics of the detection circuit against ESD event can be represented as a threshold curve. Utilizing the detection threshold curve, the range of ESD noises can be estimated without measurement. For more specific identification of ESD noise range, the detection module with multiple detection circuits are designed and the more exact estimation of noise range becomes possible, depending on which detection circuits sense the ESD event. The threshold curves of detection module are extracted using transmission line pulse (TLP) signals and validated through ESD current injection tests. After then, as an application to real situation, the system-level transient ESD noises in a commercial solid-state drive (SSD) storage system are characterized and analyzed. The other approach is the capturing the noise waveform itself like digital oscilloscope. Although the previous on-die ESD detector circuits and the proposed approach provide useful information, it is further demanded to obtain the accurate noise waveforms for more complete analysis. So, an on-die oscilloscope circuit including on-chip ESD event detectors is designed and fabricated in a 180-nm CMOS process. The validation of operation is performed, and the measurement results of on-chip ESD detectors are comparable to the results from circuit simulations. However, the ability of waveform capturing is under the designed specification due to several problems in circuit design process.clos

    Design and Realization of Electronic Measurement Systems for Partial Discharge Monitoring on Electrical Equipment

    Get PDF
    The monitoring of insulations that composing high voltage apparatus and electrical machines is a crucial aspect for a predictive maintenance program. The insulation system of an electrical machine is affected by partial discharges (PDs), phenomena that can lead to the breakdown in a certain time, with a consequent and significant economic loss. Partial discharges are identified as both the symptom and the cause of a deterioration of solid-type electrical insulators. Thus, it is necessary to adopt solutions for monitoring the insulation status. To do this, different techniques and devices can be adopted. During this research activity, two different systems have been developed at the circuit and layout level, which base their operation respectively on the conducted and on the irradiated measurement, in compliance with the provisions of current standards, if foreseen. The first system is based on the use of a classic signal conditioning chain in which gain value can be set through PC control, allowing the conducted measurement of partial discharges in two frequency bands, Low Frequency (LF) and High Frequency (HF). Based on these bands, the application of the system is diversified. In this case, the information obtained from the measurement can be analysed by an expert operator or processed by an intelligent system, obtaining in both cases information on the status of the machine under test. The second makes use of a UHF antenna built on PCB, which takes care of detecting the irradiated signal generated in the presence of discharge activity, which is then appropriately conditioned and processed by analog electronics, to then be acquired through a programmable logic, which interprets it and returns information on the status of the machine, which can also be checked by an expert user. The application of this system is linked to the type of insulation and the type of power supply adopted, which differentiate its characteristics. In both systems, the analysis of the measurement of partial discharges is suitable for the prevention of failures and the planning of suitable maintenance interventions

    Biomedical Signal Transceivers

    Get PDF
    With the growing costs of healthcare, the need for mobile health monitoring devices is critical. A wireless transceiver provides a cost effective way to transmit biomedical signals to the various personal electronic devices, such as computers, cellular devices, and other mobile devices. Different kinds of biomedical signals can be processed and transmitted by these devices, including electroencephalograph (EEG), electrocardiograph (ECG), and electromyography (EMG). By utilizing wireless transmission, the user gains freedom to connect with fewer constraints to their personal devices to view and monitor their health condition. In this chapter, in the first few sections, we will introduce the reader with the basic design of the biomedical transceivers and some of the design issues. In the subsequent sections, we will be presenting design challenges for wireless transceivers, specially using a common wireless protocol Bluetooth. Furthermore, we will share our experience of implementing a biomedical transceiver for ECG signals and processing them. We conclude the discussion with current trends and future work
    corecore