research-article

Electromagnetic Induction Attacks Against Embedded Systems

Authors:
Jayaprakash Selvaraj

Iowa State University, Ames, IA, USA

Iowa State University, Ames, IA, USA
View Profile

,
Gökçen Yılmaz Dayanıklı

Virginia Tech, Arlington, VA, USA

Virginia Tech, Arlington, VA, USA
View Profile

,
Neelam Prabhu Gaunkar

Iowa State University, Ames, IA, USA

Iowa State University, Ames, IA, USA
View Profile

,
David Ware

Utah State University, Logan, UT, USA

Utah State University, Logan, UT, USA
View Profile

,
Ryan M. Gerdes

Virginia Tech, Arlington, VA, USA

Virginia Tech, Arlington, VA, USA
View Profile

,
Mani Mina

Iowa State University, Ames, IA, USA

Iowa State University, Ames, IA, USA
View Profile

ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications SecurityMay 2018Pages 499–510https://doi.org/10.1145/3196494.3196556

Published:29 May 2018Publication History

ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications Security

Pages 499–510

ABSTRACT

Embedded and cyber-physical systems are critically dependent on the integrity of input and output signals for proper operation. Input signals acquired from sensors are assumed to correspond to the phenomenon the system is monitoring and responding to. Similarly, when such systems issue an actuation signal it is expected that the mechanism being controlled will respond in a predictable manner. Recent work has shown that sensors can be manipulated through the use of intentional electromagnetic interference (IEMI). In this work, we demonstrate thatboth input and output signals, analog and digital, can be remotely manipulated via the physical layer---thus bypassing traditional integrity mechanisms. Through the use of specially crafted IEMI it is shown that the physical layer signaling used for sensor input to, and digital communications between, embedded systems may be undermined to an attacker's advantage. Three attack scenarios are analyzed and their efficacy demonstrated. In the first scenario the analog sensing channel is manipulated to produce arbitrary sensor readings, while in the second it is shown that an attacker may induce bit flips in serial communications. Finally, a commonly used actuation signal is shown to be vulnerable to IEMI. The attacks are effective over appreciable distances and at low power.

References

2009. Electromagnetic Compatibility Engineering. 1--843 pages.Google Scholar
C.K. Alexander and M.N.O Sadiku. 2001. Fundamentals of Electric Circuits. Google ScholarDigital Library
Analog Devices. 2016. Accelerometers Product Selection Table. (2016). Datasheet.Google Scholar
U. Azad and Y. E. Wang. 2012. Analysis and experimental results for an inductively coupled near-field power transmission system. In 2012 IEEE International Workshop on Antenna Technology (iWAT). 157--160.Google Scholar
Mats G Backstrom and Karl Gunnar Lovstrand. 2004. Susceptibility of electronic systems to high-power microwaves: Summary of test experience. IEEE Transactions on Electromagnetic Compatibility 46, 3 (2004), 396--403.Google ScholarCross Ref
Jeremie Bourqui, Michal Okoniewski, and Elise C Fear. 2010. Balanced antipodal Vivaldi antenna with dielectric director for near-field microwave imaging. IEEE Transactions on Antennas and Propagation 58, 7 (2010), 2318--2326.Google ScholarCross Ref
A Boyer, S Bendhia, and E Sicard. 2007. Modelling of a direct power injection aggression on a 16 bit microcontroller input buffer. EMC Compo 7 (2007), 35--39.Google Scholar
B. L Cannon, J. F Hoburg, D. D Stancil, and S. C Goldstein. 2009. Magnetic resonant coupling as a potential means for wireless power transfer to multiple small receivers. IEEE Trans. on Power Electronics 24, 7 (2009), 1819--1825.Google ScholarCross Ref
Ruchir Chauhan. 2014. A platform for false data injection in frequency modulated continuous wave radar. Ph.D. Dissertation. Utah State University.Google Scholar
J-H Chun and Boris Murmann. 2006. Analysis and measurement of signal distortion due to ESD protection circuits. IEEE journal of solid-state circuits 41, 10 (2006), 2354--2358.Google Scholar
J Delsing, J Ekman, J Johansson, S Sundberg, M Backstrom, and T Nilsson. 2006. Susceptibility of sensor networks to intentional electromagnetic interference. In 17th International Zurich Symposium on Electromagnetic Compatibility. IEEE, 172--175.Google ScholarCross Ref
Mark Harris. 2015. Researcher hacks self-driving car sensors. IEEE Spectrum (2015).Google Scholar
Yu-ichi Hayashi, Naofumi Homma, Takaaki Mizuki, Takafumi Aoki, and Hideaki Sone. 2013. Transient IEMI threats for cryptographic devices. IEEE Transactions on Electromagnetic Compatibility 55, 1 (2013), 140--148.Google ScholarCross Ref
Stephen Hopwood. 2010. EMI Filter Hints and Tips. (2010).Google Scholar
J. Huijsing, M. Steyaert, and A.H.M. van Roermund. 2013. Analog Circuit Design: Sensor and Actuator Interface Electronics, Integrated High-Voltage Electronics and Power Management, Low-Power and High-Resolution ADC's. Springer US. Google ScholarDigital Library
Ryan Hurley. 2005. Design Considerations for ESD/EMI Filters: I. Technical Report. ON Semiconductor.Google Scholar
Ali Khaleghi and Ilangko Balasingham. 2009. Improving in-body ultra wideband communication using near-field coupling of the implanted antenna. Microwave and Optical Technology Letters 51, 3 (2009), 585--589.Google ScholarCross Ref
Kyechong Kim and Agis A Iliadis. 2010. Operational upsets and critical new bit errors in CMOS digital inverters due to high power pulsed electromagnetic interference. Solid-State Electronics 54, 1 (2010), 18--21.Google ScholarCross Ref
Denis Foo Kune, John Backes, Shane S Clark, Daniel Kramer, Matthew Reynolds, Kevin Fu, Yongdae Kim, and Wenyuan Xu. 2013. Ghost talk: Mitigating EMI signal injection attacks against analog sensors. In Security and Privacy (SP), 2013 IEEE Symposium on. IEEE, 145--159. Google ScholarDigital Library
David Kushner. 2013. The Real Story of Stuxnet. IEEE Spectrum (Feb. 26 2013).Google Scholar
Jonas Larsson. 2007. Electromagnetics from a quasistatic perspective. American Jourrnal of Physics (Mar. 2007).Google Scholar
Shridhar Atmaram More. 2013. ADC Input Protection. Technical Report. Texas Instruments.Google Scholar
D.A. Neamen. 2012. Semiconductor Physics and Devices. McGraw-Hill. Google ScholarDigital Library
H.W. Ott. 1988. Noise reduction techniques in electronic systems. Wiley.Google Scholar
Nicolas MORA PARRA. 2016. Contribution to the study of the vulnerability of critical systems to Intentional Electromagnetic Interference (IEMI). Ph.D. Dissertation. École Polytechnique FéDéRale De Lausanne.Google Scholar
C.R. Paul. 2006. Introduction to Electromagnetic Compatibility. Wiley. Google ScholarDigital Library
William A Radasky, Carl E Baum, and Manuem W Wik. 2004. Introduction to the special issue on high-power electromagnetics (HPEM) and intentional electromagnetic interference (IEMI). IEEE Transactions on Electromagnetic Compatibility 46, 3 (2004), 314--321.Google ScholarCross Ref
J.M. Redouté and M. Steyaert. 2009. EMC of Analog Integrated Circuits. Springer. Google ScholarDigital Library
Alan Rich. 1983. Shielding and Guarding. Analog Dialogue 17, 1 (1983).Google Scholar
S. G. Beebe S. Cao, J. H. Chun and R. W. Dutton. 2010. ESD Design Strategies for High-Speed Digital and RF Circuits in Deeply Scaled Silicon Technologies. IEEE Transactions on Circuits and Systems I: Regular Papers 57, 9 (2010), 2301--2311. Google ScholarDigital Library
Richard B Schulz. 1968. ELF and VLF shielding effectiveness of high-permeability materials. IEEE Transactions on Electromagnetic Compatibility 1 (1968), 95--100.Google ScholarCross Ref
OSRAM Opto Semiconductors. 2015. Silicon PIN Photodiode with Daylight Blocking Filter SFH 235 FA. (2015), 9 pages.Google Scholar
Daniel H Sheingold. 1986. Analog-digital conversion handbook. Vol. 16. PrenticeHall Englewood Cliffs, NJ. Google ScholarDigital Library
Yasser Shoukry, Paul Martin, Paulo Tabuada, and Mani Srivastava. 2013. Noninvasive spoofing attacks for anti-lock braking systems. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 55--72. Google ScholarDigital Library
Yasser Shoukry, Paul Martin, Yair Yona, Suhas Diggavi, and Mani Srivastava. 2015. PyCRA: Physical challenge-response authentication for active sensors under spoofing attacks. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 1004--1015. Google ScholarDigital Library
Y. So, W. Kim, J. Kim, Y. J. Yoon, and J. Park. 2016. Double-slot antipodal vivaldi antenna for improved directivity and radiation patterns. In 2016 International Symposium on Antennas and Propagation (ISAP). 382--383.Google Scholar
Stormwise. 2018. Ultra Low Frequency Antennas for 150 Hz to 1.5 KHz. http://www.stormwise.com/index.html. (2018).Google Scholar
Junko Takahashi, Yu-ichi Hayashi, Naofumi Homma, Hitoshi Fuji, and Takafumi Aoki. 2012. Feasibility of fault analysis based on intentional electromagnetic interference. In Electromagnetic Compatibility (EMC), 2012 IEEE International Symposium on. IEEE, 782--787.Google ScholarCross Ref
Aaron D Taylor. 2011. Microcontroller (8051-core) instruction susceptibility to intentional electromagnetic interference (IEMI). Master's thesis. University of New Mexico.Google Scholar
Texas Instruments. 2014. TM4C123GH6PM Microcontroller. (2014). Datasheet.Google Scholar
Yamarita Villavicencio, Francesco Musolino, and Franco Fiori. 2009. Electrical model of a microcontroller for EMC analysis. In Proc. Int. workshop of EMC for ICs (EMCCOMPO 09). 38.Google Scholar
David Voltmer. 2007. Fundamentals of Electromagnetics. Vol. 2. 1--217 pages.Google Scholar
D.R. White. 1986. A Handbook on Electromagnetic Shielding Materials and Performance. Interference Control Technologies.Google Scholar
Chen Yan, X Wenyuan, and Jianhao Liu. 2016. Can you trust autonomous vehicles: Contactless attacks against sensors of self-driving vehicle. DEF CON (2016).Google Scholar
Qin Yu, Thomas W. Holmes, and Krishna Naishadham. 2002. RF equivalent circuit modeling of ferrite-core inductors and characterization of core materials. IEEE Transactions on Electromagnetic Compatibility 44, 1 (2002), 258--262.Google ScholarCross Ref

Index Terms

Electromagnetic Induction Attacks Against Embedded Systems
1. Hardware
2. Security and privacy
  1. Security in hardware
    1. Embedded systems security
    2. Hardware attacks and countermeasures

Recommendations

Secure Traffic Lights: Replay Attack Detection for Model-based Smart Traffic Controllers
AutoSec '20: Proceedings of the Second ACM Workshop on Automotive and Aerial Vehicle Security

Rapid urbanization calls for smart traffic management solutions that incorporate sensors, distributed traffic controllers and V2X communication technologies to provide fine-grained traffic control to mitigate congestion. As in many other cyber-physical ...
Read More
Modeling and control of Cyber-Physical Systems subject to cyber attacks: A survey of recent advances and challenges
Highlights
- In general, the cyber-attacks in the literature can be classified into three main types: denial of service (DoS) attacks, deception attacks, and replay ...
Abstract
Cyber Physical Systems (CPS) are almost everywhere; they can be accessed and controlled remotely. These features make them more vulnerable to cyber attacks. Since these systems provide critical services, having them under attack would ...
Read More
Towards clock skew based services in wireless sensor networks

Clock skew, an inherent property of clock crystals of physical devices, is defined as the rate of deviation of a device clock from the true time. The frequency of a device's clock actually depends on its environment, such as the temperature, humidity, ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications Security
May 2018
866 pages
ISBN:9781450355766
DOI:10.1145/3196494
General Chairs:
Jong Kim
Pohang University of Science and Technology, South Korea
,
Gail-Joon Ahn
Arizona State University, USA &Samsung Electronics, South Korea
,
Seungjoo Kim
Korea University, South Korea
,
Program Chairs:
Yongdae Kim
KAIST, South Korea
,
Javier Lopez
University of Malaga, Spain
,
Taesoo Kim
Georgia Tech, USA
Copyright © 2018 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 29 May 2018
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
electromagnetic interference
embedded and cyber-physical systems
false-actuation attack
false-data injection
physical-layer attack
Qualifiers
- research-article
Conference

Acceptance Rates
ASIACCS '18 Paper Acceptance Rate52of310submissions,17%Overall Acceptance Rate418of2,322submissions,18%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 42
  Total Citations
  View Citations
- 1,069
  Total Downloads
- Downloads (Last 12 months)166
- Downloads (Last 6 weeks)25
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Electromagnetic Induction Attacks Against Embedded Systems

ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Secure Traffic Lights: Replay Attack Detection for Model-based Smart Traffic Controllers

Modeling and control of Cyber-Physical Systems subject to cyber attacks: A survey of recent advances and challenges

Towards clock skew based services in wireless sensor networks

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Electromagnetic Induction Attacks Against Embedded Systems

ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Secure Traffic Lights: Replay Attack Detection for Model-based Smart Traffic Controllers

Modeling and control of Cyber-Physical Systems subject to cyber attacks: A survey of recent advances and challenges

Towards clock skew based services in wireless sensor networks

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media