Abstract
Sensors are embedded in security-critical applications from medical devices to nuclear power plants, but their outputs can be spoofed through electromagnetic and other types of signals transmitted by attackers at a distance. To address the lack of a unifying framework for evaluating the effect of such transmissions, we introduce a system and threat model for signal injection attacks. We further define the concepts of existential, selective, and universal security, which address attacker goals from mere disruptions of the sensor readings to precise waveform injections. Moreover, we introduce an algorithm which allows circuit designers to concretely calculate the security level of real systems. Finally, we apply our definitions and algorithm in practice using measurements of injections against a smartphone microphone, and analyze the demodulation characteristics of commercial Analog-to-Digital Converters (ADCs). Overall, our work highlights the importance of evaluating the susceptibility of systems against signal injection attacks, and introduces both the terminology and the methodology to do so.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The terminology chosen was inspired by attacks against signature schemes, where how broken a system is depends on what types of messages an attacker can forge [7].
References
Bolshev, A., Larsen, J., Krotofil, M., Wightman, R.: A rising tide: design exploits in industrial control systems. In: USENIX Workshop on Offensive Technologies (WOOT) (2016)
Davidson, D., Wu, H., Jellinek, R., Singh, V., Ristenpart, T.: Controlling UAVs with sensor input spoofing attacks. In: USENIX Workshop on Offensive Technologies (WOOT) (2016)
Friis, H.T.: A note on a simple transmission formula. Proc. IRE (JRPROC) 34(5), 254–256 (1946)
Fu, K., Xu, W.: Risks of trusting the physics of sensors. Commun. ACM 61(2), 20–23 (2018)
Gago, J., Balcells, J., González, D., Lamich, M., Mon, J., Santolaria, A.: EMI susceptibility model of signal conditioning circuits based on operational amplifiers. IEEE Trans. Electromagn. Compat. 49(4), 849–859 (2007)
Giechaskiel, I., Rasmussen, K.B.: Taxonomy and challenges of out-of-band signal injection attacks and defenses. arXiv:1901.06935 (2019)
Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17(2), 281–308 (1988)
Kasmi, C., Lopes-Esteves, J.: IEMI threats for information security: remote command injection on modern smartphones. IEEE Trans. Electromagn. Compat. 57(6), 1752–1755 (2015)
Kune, D.F., et al.: Ghost talk: mitigating EMI signal injection attacks against analog sensors. In: IEEE Symposium on Security and Privacy (S&P) (2013)
Leone, M., Singer, H.L.: On the coupling of an external electromagnetic field to a printed circuit board trace. IEEE Trans. Electromagn. Compat. 41(4), 418–424 (1999)
Lissner, A., Hoene, E., Stube, B., Guttowski, S.: Predicting the influence of placement of passive components on EMI behaviour. In: European Conference on Power Electronics and Applications (2007)
Park, Y.S., Son, Y., Shin, H., Kim, D., Kim, Y.: This ain’t your dose: sensor spoofing attack on medical infusion pump. In: USENIX Workshop on Offensive Technologies (WOOT) (2016)
Pelgrom, M.J.M.: Analog-to-Digital Conversion, 3rd edn. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-44971-5
Petit, J., Stottelaar, B., Feiri, M., Kargl, F.: Remote attacks on automated vehicles sensors: experiments on camera and LiDAR. Black Hat Europe (2015)
Redouté, J.M., Steyaert, M.: EMC of Analog Integrated Circuits, 1st edn. Springer, Dordrecht (2009). https://doi.org/10.1007/978-90-481-3230-0
Roy, N., Hassanieh, H., Roy Choudhury, R.: BackDoor: making microphones hear inaudible sounds. In: International Conference on Mobile Systems, Applications, and Services (MobiSys) (2017)
Selvaraj, J., Dayanikli, G.Y., Gaunkar, N.P., Ware, D., Gerdes, R.M., Mina, M.: Electromagnetic induction attacks against embedded systems. In: Asia Conference on Computer and Communications Security (ASIACCS) (2018)
Shoukry, Y., Martin, P., Tabuada, P., Srivastava, M.: Non-invasive spoofing attacks for anti-lock braking systems. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 55–72. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40349-1_4
Shoukry, Y., Martin, P.D., Yona, Y., Diggavi, S., Srivastava, M.B.: PyCRA: physical challenge-response authentication for active sensors under spoofing attacks. In: Conference on Computer and Communications Security (CCS) (2015)
Son, Y., et al.: Rocking drones with intentional sound noise on gyroscopic sensors. In: USENIX Security Symposium (2015)
Sutu, Y.H., Whalen, J.J.: Statistics for demodulation RFI in operational amplifiers. In: International Symposium on Electromagnetic Compatibility (EMC) (1983)
Trippel, T., Weisse, O., Xu, W., Honeyman, P., Fu, K.: WALNUT: waging doubt on the integrity of MEMS accelerometers with acoustic injection attacks. In: IEEE European Symposium on Security and Privacy (EuroS&P) (2017)
Tu, Y., Lin, Z., Lee, I., Hei, X.: Injected and delivered: fabricating implicit control over actuation systems by spoofing inertial sensors. In: USENIX Security Symposium (2018)
Yan, C., Xu, W., Liu, J.: Can you trust autonomous vehicles: contactless attacks against sensors of self-driving vehicle. DEFCON (2016)
Zhang, G., Yan, C., Ji, X., Zhang, T., Zhang, T., Xu, W.: DolphinAttack: inaudible voice commands. In: Conference on Computer and Communications Security (CCS) (2017)
Zhang, Y., Rasmussen, K.B.: Detection of electromagnetic interference attacks on sensor systems. In: IEEE Symposium on Security and Privacy (S&P) (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Giechaskiel, I., Zhang, Y., Rasmussen, K.B. (2019). A Framework for Evaluating Security in the Presence of Signal Injection Attacks. In: Sako, K., Schneider, S., Ryan, P. (eds) Computer Security – ESORICS 2019. ESORICS 2019. Lecture Notes in Computer Science(), vol 11735. Springer, Cham. https://doi.org/10.1007/978-3-030-29959-0_25
Download citation
DOI: https://doi.org/10.1007/978-3-030-29959-0_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-29958-3
Online ISBN: 978-3-030-29959-0
eBook Packages: Computer ScienceComputer Science (R0)