7 research outputs found
Electromagnetic Sensor and Actuator Attacks on Power Converters for Electric Vehicles
Alleviating range anxiety for electric vehicles (i.e., whether such vehicles
can be relied upon to travel long distances in a timely manner) is critical for
sustainable transportation. Extremely fast charging (XFC), whereby electric
vehicles (EV) can be quickly recharged in the time frame it takes to refuel an
internal combustion engine, has been proposed to alleviate this concern. A
critical component of these chargers is the efficient and proper operation of
power converters that convert AC to DC power and otherwise regulate power
delivery to vehicles. These converters rely on the integrity of sensor and
actuation signals. In this work the operation of state-of-the art XFC
converters is assessed in adversarial conditions, specifically against
Intentional Electromagnetic Interference Attacks (IEMI). The targeted system is
analyzed with the goal of determining possible weak points for IEMI, viz.
voltage and current sensor outputs and gate control signals. This work
demonstrates that, with relatively low power levels, an adversary is able to
manipulate the voltage and current sensor outputs necessary to ensure the
proper operation of the converters. Furthermore, in the first attack of its
kind, it is shown that the gate signal that controls the converter switches can
be manipulated, to catastrophic effect; i.e., it is possible for an attacker to
control the switching state of individual transistors to cause irreparable
damage to the converter and associated systems. Finally, a discussion of
countermeasures for hardware designers to mitigate IEMI-based attacks is
provided.Comment: Accepted by IEEE S&P Workshop on the Internet of Safe Things 202
They See Me Rollin': Inherent Vulnerability of the Rolling Shutter in CMOS Image Sensors
In this paper, we describe how the electronic rolling shutter in CMOS image
sensors can be exploited using a bright, modulated light source (e.g., an
inexpensive, off-the-shelf laser), to inject fine-grained image disruptions. We
demonstrate the attack on seven different CMOS cameras, ranging from cheap IoT
to semi-professional surveillance cameras, to highlight the wide applicability
of the rolling shutter attack. We model the fundamental factors affecting a
rolling shutter attack in an uncontrolled setting. We then perform an
exhaustive evaluation of the attack's effect on the task of object detection,
investigating the effect of attack parameters. We validate our model against
empirical data collected on two separate cameras, showing that by simply using
information from the camera's datasheet the adversary can accurately predict
the injected distortion size and optimize their attack accordingly. We find
that an adversary can hide up to 75% of objects perceived by state-of-the-art
detectors by selecting appropriate attack parameters. We also investigate the
stealthiness of the attack in comparison to a na\"{i}ve camera blinding attack,
showing that common image distortion metrics can not detect the attack
presence. Therefore, we present a new, accurate and lightweight enhancement to
the backbone network of an object detector to recognize rolling shutter
attacks. Overall, our results indicate that rolling shutter attacks can
substantially reduce the performance and reliability of vision-based
intelligent systems.Comment: 15 pages, 15 figure
PoF: Proof-of-Following for Vehicle Platoons
Cooperative vehicle platooning significantly improves highway safety and fuel
efficiency. In this model, a set of vehicles move in line formation and
coordinate functions such as acceleration, braking, and steering using a
combination of physical sensing and vehicle-to-vehicle (V2V) messaging. The
authenticity and integrity of the V2V messages are paramount to highway safety.
For this reason, recent V2V and V2X standards support the integration of a PKI.
However, a PKI cannot bind a vehicle's digital identity to the vehicle's
physical state (location, heading, velocity, etc.). As a result, a vehicle with
valid cryptographic credentials can impact the platoon by creating "ghost"
vehicles and injecting false state information.
In this paper, we seek to provide the missing link between the physical and
the digital world in the context of verifying a vehicle's platoon membership.
We focus on the property of following, where vehicles follow each other in a
close and coordinated manner. We aim at developing a Proof-of-Following (PoF)
protocol that enables a candidate vehicle to prove that it follows a verifier
within the typical platooning distance. The main idea of the proposed PoF
protocol is to draw security from the common, but constantly changing
environment experienced by the closely traveling vehicles. We use the
large-scale fading effect of ambient RF signals as a common source of
randomness to construct a PoF primitive. The correlation of large-scale fading
is an ideal candidate for the mobile outdoor environment because it
exponentially decays with distance and time. We evaluate our PoF protocol on an
experimental platoon of two vehicles in freeway, highway, and urban driving
conditions. In such realistic conditions, we demonstrate that the PoF
withstands both the pre-recording and following attacks with overwhelming
probability.Comment: 19 pages, 24 figures, 1 tabl
Taxonomy and challenges of out-of-band signal injection attacks and defenses
Recent research has shown that the integrity of sensor measurements can be violated through out-of-band signal injection attacks. These attacks target the conversion process from a physical quantity to an analog property - a process that fundamentally cannot be authenticated. Out-of-band signal injection attacks thus pose previously-unexplored security risks by exploiting hardware imperfections in the sensors themselves, or in their interfaces to microcontrollers. In response to the growing-yet-disjointed literature in the subject, this article presents the first survey of out-of-band signal injection attacks. It focuses on unifying their terminology and identifying commonalities in their causes and effects through a chronological, evolutionary, and thematic taxonomy of attacks. By highlighting cross-influences between different types of out-of-band signal injections, this paper underscores the need for a common language irrespective of the attack method. By placing attack and defense mechanisms in the wider context of their dual counterparts of side-channel leakage and electromagnetic interference, this study identifies common threads and gaps that can help guide and inform future research. Overall, the ever-increasing reliance on sensors embedded in everyday commodity devices necessitates that a stronger focus be placed on improving the security of such systems against out-of-band signal injection attacks
Sensor-Based Covert Channels on Mobile Devices
Smartphones have become ubiquitous in our daily activities, having billions of active users worldwide. The wide range of functionalities of modern mobile devices is enriched by many embedded sensors. These sensors, accessible by third-party mobile applications, pose novel security and privacy threats to the users of the devices. Numerous research works demonstrate that user keystrokes, location, or even speech can be inferred based on sensor measurements. Furthermore, the sensor itself can be susceptible to external physical interference, which can lead to attacks on systems that rely on sensor data.
In this dissertation, we investigate how reaction of sensors in mobile devices to malicious physical interference can be exploited to establish covert communication channels between otherwise isolated devices or processes. We present multiple covert channels that use sensors’ reaction to electromagnetic and acoustic interference to transmit sensitive data from nearby devices with no dedicated equipment or hardware modifications. In addition, these covert channels can also transmit information between applications within a mobile device, breaking the logical isolation enforced by the operating system. Furthermore, we discuss how sensor-based covert channels can affect privacy of end users by tracking their activities on two different devices or across two different applications on the same device. Finally, we present a framework that automatically identifies covert channels that are based on physical interference between hardware components of mobile devices. As a result of the experimental evaluation, we can confirm previously known covert channels on smartphones, and discover novel sources of cross-component interference that can be used to establish covert channels.
Focusing on mobile platforms in this work, we aim to show that it is of crucial importance to consider physical covert channels when assessing the security of the systems that rely on sensors, and advocate for holistic approaches that can proactively identify and estimate corresponding security and privacy risks