Skip to main content
SpringerLink
Log in

A Framework for Evaluating Security in the Presence of Signal Injection Attacks

  • Conference paper
  • First Online:
Computer Security – ESORICS 2019 (ESORICS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11735))

Included in the following conference series:

Abstract

Sensors are embedded in security-critical applications from medical devices to nuclear power plants, but their outputs can be spoofed through electromagnetic and other types of signals transmitted by attackers at a distance. To address the lack of a unifying framework for evaluating the effect of such transmissions, we introduce a system and threat model for signal injection attacks. We further define the concepts of existential, selective, and universal security, which address attacker goals from mere disruptions of the sensor readings to precise waveform injections. Moreover, we introduce an algorithm which allows circuit designers to concretely calculate the security level of real systems. Finally, we apply our definitions and algorithm in practice using measurements of injections against a smartphone microphone, and analyze the demodulation characteristics of commercial Analog-to-Digital Converters (ADCs). Overall, our work highlights the importance of evaluating the susceptibility of systems against signal injection attacks, and introduces both the terminology and the methodology to do so.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The terminology chosen was inspired by attacks against signature schemes, where how broken a system is depends on what types of messages an attacker can forge [7].

References

  1. Bolshev, A., Larsen, J., Krotofil, M., Wightman, R.: A rising tide: design exploits in industrial control systems. In: USENIX Workshop on Offensive Technologies (WOOT) (2016)

    Google Scholar 

  2. Davidson, D., Wu, H., Jellinek, R., Singh, V., Ristenpart, T.: Controlling UAVs with sensor input spoofing attacks. In: USENIX Workshop on Offensive Technologies (WOOT) (2016)

    Google Scholar 

  3. Friis, H.T.: A note on a simple transmission formula. Proc. IRE (JRPROC) 34(5), 254–256 (1946)

    Article  Google Scholar 

  4. Fu, K., Xu, W.: Risks of trusting the physics of sensors. Commun. ACM 61(2), 20–23 (2018)

    Article  Google Scholar 

  5. Gago, J., Balcells, J., González, D., Lamich, M., Mon, J., Santolaria, A.: EMI susceptibility model of signal conditioning circuits based on operational amplifiers. IEEE Trans. Electromagn. Compat. 49(4), 849–859 (2007)

    Article  Google Scholar 

  6. Giechaskiel, I., Rasmussen, K.B.: Taxonomy and challenges of out-of-band signal injection attacks and defenses. arXiv:1901.06935 (2019)

  7. Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)

    Article  MathSciNet  Google Scholar 

  8. Kasmi, C., Lopes-Esteves, J.: IEMI threats for information security: remote command injection on modern smartphones. IEEE Trans. Electromagn. Compat. 57(6), 1752–1755 (2015)

    Article  Google Scholar 

  9. Kune, D.F., et al.: Ghost talk: mitigating EMI signal injection attacks against analog sensors. In: IEEE Symposium on Security and Privacy (S&P) (2013)

    Google Scholar 

  10. Leone, M., Singer, H.L.: On the coupling of an external electromagnetic field to a printed circuit board trace. IEEE Trans. Electromagn. Compat. 41(4), 418–424 (1999)

    Article  Google Scholar 

  11. Lissner, A., Hoene, E., Stube, B., Guttowski, S.: Predicting the influence of placement of passive components on EMI behaviour. In: European Conference on Power Electronics and Applications (2007)

    Google Scholar 

  12. Park, Y.S., Son, Y., Shin, H., Kim, D., Kim, Y.: This ain’t your dose: sensor spoofing attack on medical infusion pump. In: USENIX Workshop on Offensive Technologies (WOOT) (2016)

    Google Scholar 

  13. Pelgrom, M.J.M.: Analog-to-Digital Conversion, 3rd edn. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-44971-5

    Book  Google Scholar 

  14. Petit, J., Stottelaar, B., Feiri, M., Kargl, F.: Remote attacks on automated vehicles sensors: experiments on camera and LiDAR. Black Hat Europe (2015)

    Google Scholar 

  15. Redouté, J.M., Steyaert, M.: EMC of Analog Integrated Circuits, 1st edn. Springer, Dordrecht (2009). https://doi.org/10.1007/978-90-481-3230-0

    Book  Google Scholar 

  16. Roy, N., Hassanieh, H., Roy Choudhury, R.: BackDoor: making microphones hear inaudible sounds. In: International Conference on Mobile Systems, Applications, and Services (MobiSys) (2017)

    Google Scholar 

  17. Selvaraj, J., Dayanikli, G.Y., Gaunkar, N.P., Ware, D., Gerdes, R.M., Mina, M.: Electromagnetic induction attacks against embedded systems. In: Asia Conference on Computer and Communications Security (ASIACCS) (2018)

    Google Scholar 

  18. Shoukry, Y., Martin, P., Tabuada, P., Srivastava, M.: Non-invasive spoofing attacks for anti-lock braking systems. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 55–72. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40349-1_4

    Chapter  Google Scholar 

  19. Shoukry, Y., Martin, P.D., Yona, Y., Diggavi, S., Srivastava, M.B.: PyCRA: physical challenge-response authentication for active sensors under spoofing attacks. In: Conference on Computer and Communications Security (CCS) (2015)

    Google Scholar 

  20. Son, Y., et al.: Rocking drones with intentional sound noise on gyroscopic sensors. In: USENIX Security Symposium (2015)

    Google Scholar 

  21. Sutu, Y.H., Whalen, J.J.: Statistics for demodulation RFI in operational amplifiers. In: International Symposium on Electromagnetic Compatibility (EMC) (1983)

    Google Scholar 

  22. Trippel, T., Weisse, O., Xu, W., Honeyman, P., Fu, K.: WALNUT: waging doubt on the integrity of MEMS accelerometers with acoustic injection attacks. In: IEEE European Symposium on Security and Privacy (EuroS&P) (2017)

    Google Scholar 

  23. Tu, Y., Lin, Z., Lee, I., Hei, X.: Injected and delivered: fabricating implicit control over actuation systems by spoofing inertial sensors. In: USENIX Security Symposium (2018)

    Google Scholar 

  24. Yan, C., Xu, W., Liu, J.: Can you trust autonomous vehicles: contactless attacks against sensors of self-driving vehicle. DEFCON (2016)

    Google Scholar 

  25. Zhang, G., Yan, C., Ji, X., Zhang, T., Zhang, T., Xu, W.: DolphinAttack: inaudible voice commands. In: Conference on Computer and Communications Security (CCS) (2017)

    Google Scholar 

  26. Zhang, Y., Rasmussen, K.B.: Detection of electromagnetic interference attacks on sensor systems. In: IEEE Symposium on Security and Privacy (S&P) (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Oxford, Oxford, UK

    Ilias Giechaskiel, Youqian Zhang & Kasper B. Rasmussen

Authors
  1. Ilias Giechaskiel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Youqian Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kasper B. Rasmussen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ilias Giechaskiel .

Editor information

Editors and Affiliations

  1. NEC Corporation, Kawasaki, Japan

    Kazue Sako

  2. University of Surrey, Guildford, UK

    Steve Schneider

  3. University of Luxembourg, Esch-sur-Alzette, Luxembourg

    Peter Y. A. Ryan

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Giechaskiel, I., Zhang, Y., Rasmussen, K.B. (2019). A Framework for Evaluating Security in the Presence of Signal Injection Attacks. In: Sako, K., Schneider, S., Ryan, P. (eds) Computer Security – ESORICS 2019. ESORICS 2019. Lecture Notes in Computer Science(), vol 11735. Springer, Cham. https://doi.org/10.1007/978-3-030-29959-0_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-29959-0_25

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-29958-3

  • Online ISBN: 978-3-030-29959-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation