ABSTRACT
Real-world process control requires continuous sensor measurements and automatic control of the environment. Typical process control systems consist of three main components: controllers functioning as the system's "brain'', sensors acting as measurement devices, and final control elements that modify the environment. Prior works showed that adversaries could inject signals into analog sensors to affect the control process; however, an adversarial controller that is necessary to achieve process control is inherently missing in conventional physical-level sensor signal injection attacks, which revealed mechanisms to perturb sensor systems but did not describe the computations necessary to adjust and regulate the process over time. This paper introduces an adversarial control loop approach that computes attack signals during the attack to guide the adversarial process control. Our approach allows constructing the external "brain'' of the adversarial process control with programs. Further, we characterize the Physical Feedback Side Channel (PFSC) in out-of-band signal injection attacks, and study how the adversarial prototype system can be constructed non-invasively to gain control over two types of inertial sensor-actuator systems, including a MegaWheels self-balancing scooter. We demonstrate proof-of-concept process control without accessing or tampering with internal modules of the victim system.
- 1996. Problems with the Anti-aliasing Filter. https://ccrma.stanford.edu/CCRMA/ Courses/252/sensors/node35.html. Tim Stilson, 1996--10--17.Google Scholar
- 2012. STMicroelectronics LSM330 datasheet. www.st.com/resource/en/datasheet/ dm00037200.pdf. Accessed: 2018-06--14.Google Scholar
- 2013. STMicroelectronics L3GD20 datasheet. http://www.st.com/en/mems-andsensors/l3gd20.html. Accessed: 2017-06--12.Google Scholar
- 2015. L. Corporation, LRAD 2000X datasheet. https://genasys.com/wp-content/ uploads/2015/06/LRAD_Datasheet_2000X.pdf. Accessed: 2022-01--12.Google Scholar
- 2019. Boston Dynamics' Handle robot brings mobile manipulation to logistics. https://www.therobotreport.com/boston-dynamics-handle-robot-pallets/. Steve Crowe, 2019-03--28.Google Scholar
- 2019. Handle - ROBOTS. Boston Dynamics. https://robots.ieee.org/robots/handle/. 2019.Google Scholar
- 2020. DJI Osmo Mobile 3 review. https://www.techradar.com/reviews/dji-osmomobile-3-review. Basil Kronfli, 2020-01--15.Google Scholar
- 2021. Myskunkworks 10" Long-Range Horn. http://myskunkworks.net/index. php?route=product/product&path=61&product_id=63. Accessed: 2021-05-05.Google Scholar
- 2021. An open-source parabolic reflector design. https://www.thingiverse.com/ thing:2721955. Accessed: 2021-08--28.Google Scholar
- 2022. UltraElectronics HyperShield datasheet. https://www.nixalite.com/ SiteContent/Documents/PDFs/HyperShield.pdf. Accessed: 2022-01-07Google Scholar
- 2023. Advanced Linux Sound Architecture (ALSA) project homepage. https: //www.alsa-project.org/wiki/Main_Page.Google Scholar
- 2023. DIRECTIONAL MICROPHONE FOR LONG-RANGE SURVEILLANCE. https://ampflab.com/. Accessed: 2023-08--28.Google Scholar
- Jürgen Altmann. 2001. Acoustic weapons-a prospective assessment. Science & Global Security 9, 3 (2001), 165--234.Google ScholarCross Ref
- Riccardo Antonello, Roberto Oboe, et al. 2011. MEMS gyroscopes for consumers and industrial applications. InTech.Google Scholar
- Roberto Antonucci, Annalisa Porcella, and Vassilios Fanos. 2009. The infant incubator in the neonatal intensive care unit: unresolved issues and future developments. Journal of perinatal medicine 37, 6 (2009), 587--598.Google ScholarCross Ref
- Edward F Bell. 2006. Servocontrol: Incubator and radiant warmer. Iowa Neonatology Handbook (2006).Google Scholar
- Ariful Islam Bhuyan and Tuton Chandra Mallick. 2014. Gyro-accelerometer based control of a robotic Arm using AVR microcontroller. In 9th International Forum on Strategic Technology (IFOST). IEEE.Google ScholarCross Ref
- Connor Bolton, Sara Rampazzi, Chaohao Li, Andrew Kwong, Wenyuan Xu, and Kevin Fu. 2018. Blue note: How intentional acoustic interference damages availability and integrity in hard disk drives and operating systems. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 1048--1062.Google ScholarCross Ref
- Yulong Cao, Chaowei Xiao, Benjamin Cyr, Yimeng Zhou, Won Park, Sara Rampazzi, Qi Alfred Chen, Kevin Fu, and Z Morley Mao. 2019. Adversarial sensor attack on lidar-based perception in autonomous driving. In Proceedings of the 2019 ACM SIGSAC conference on computer and communications security. 2267--2281.Google ScholarDigital Library
- Gökçen Yilmaz Dayanikli, Rees R Hatch, Ryan M Gerdes, Hongjie Wang, and Regan Zane. 2020. Electromagnetic sensor and actuator attacks on power converters for electric vehicles. In 2020 IEEE Security and Privacy Workshops (SPW). IEEE, 98--103.Google ScholarCross Ref
- Robert Neal Dean, Simon Thomas Castro, George T Flowers, Grant Roth, Anwar Ahmed, Alan Scottedward Hodel, Brian Eugene Grantham, David Allen Bittle, and James P Brunsch. 2010. A characterization of the performance of a MEMS gyroscope in acoustically harsh environments. IEEE Transactions on Industrial Electronics 58, 7 (2010), 2591--2596.Google ScholarCross Ref
- Robert N Dean, George T Flowers, A Scotte Hodel, Grant Roth, Simon Castro, Ran Zhou, Alfonso Moreira, Anwar Ahmed, Rifki Rifki, Brian E Grantham, et al. 2007. On the degradation of MEMS gyroscope performance in the presence of high power acoustic noise. In 2007 IEEE International Symposium on Industrial Electronics. IEEE, 1435--1440.Google ScholarCross Ref
- J Lopes Esteves and C Kasmi. 2018. Remote and silent voice command injection on a smartphone through conducted IEMI: Threats of smart IEMI for information security. Wireless Security Lab, French Network and Information Security Agency (ANSSI), Tech. Rep (2018).Google Scholar
- M. Sami Fadali and Antonio Visioli. 2020. Chapter 12 - Practical issues. In Digital Control Engineering (Third Edition) (third edition ed.), M. Sami Fadali and Antonio Visioli (Eds.). Academic Press, 567--614. https://doi.org/10.1016/B978-0- 12--814433--6.00012-0Google ScholarCross Ref
- Juan A Gallego-Juárez, G Rodriguez-Corral, and L Gaete-Garreton. 1978. An ultrasonic transducer for high power applications in gases. Ultrasonics 16, 6 (1978), 267--271.Google ScholarCross Ref
- Ilias Giechaskiel and Kasper Rasmussen. 2019. Taxonomy and challenges of out-of-band signal injection attacks and defenses. IEEE Communications Surveys & Tutorials 22, 1 (2019), 645--670.Google ScholarDigital Library
- Ilias Giechaskiel, Youqian Zhang, and Kasper B Rasmussen. 2019. A Framework for Evaluating Security in the Presence of Signal Injection Attacks. In European Symposium on Research in Computer Security (ESORICS). 512--532.Google ScholarDigital Library
- Xiali Hei and Yazhou Tu. 2021. Glucose monitorying method and system. US Patent App. 16/952,692.Google Scholar
- Yusuke Hirao, Weiwei Wan, Dimitrios Kanoulas, and Kensuke Harada. 2023. Body Extension by Using Two Mobile Manipulators. Cyborg and Bionic Systems 4 (2023), 0014.Google ScholarCross Ref
- Md Imran Hossen, Yazhou Tu, and Xiali Hei. 2023. A First Look at the Security of EEG-based Systems and Intelligent Algorithms under Physical Signal Injections. In Proceedings of the 2023 Secure and Trustworthy Deep Learning Systems Workshop. 1--8.Google ScholarDigital Library
- Xiaoyu Ji, Yushi Cheng, Yuepeng Zhang, Kai Wang, Chen Yan, Wenyuan Xu, and Kevin Fu. 20201. Poltergeist: Acoustic Adversarial Machine Learning against Cameras and ComputerVision. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE.Google Scholar
- Xiaoyu Ji, Juchuan Zhang, Shui Jiang, Jishen Li, and Wenyuan Xu. 2021. CapSpeaker: Injecting Voices to Microphones via Capacitors. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. 1915--1929.Google ScholarDigital Library
- Chaouki Kasmi and Jose Lopes Esteves. 2015. IEMI threats for information security: Remote command injection on modern smartphones. IEEE Transactions on Electromagnetic Compatibility 57, 6 (2015), 1752--1755.Google ScholarCross Ref
- PK Kavale, Mohini Amritkar, and Sakshi Joshi. 2022. DESIGN AND DEVELOPMENT OF SELF BALANCING PLATFORM. (2022).Google Scholar
- Victor Klemm, Alessandro Morra, Ciro Salzmann, Florian Tschopp, Karen Bodie, Lionel Gulich, Nicola Küng, Dominik Mannhart, Corentin Pfister, Marcus Vierneisel, et al. 2019. Ascento: A two-wheeled jumping robot. In 2019 International Conference on Robotics and Automation (ICRA). IEEE, 7515--7521.Google ScholarDigital Library
- Sebastian Köhler, Richard Baker, and Ivan Martinovic. 2021. Signal Injection Attacks against CCD Image Sensors. arXiv preprint arXiv:2108.08881 (2021).Google Scholar
- Denis Foo Kune, John Backes, Shane S Clark, Daniel Kramer, Matthew Reynolds, Kevin Fu, Yongdae Kim, and Wenyuan Xu. 2013. Ghost talk: Mitigating EMI signal injection attacks against analog sensors. In 2013 IEEE Symposium on Security and Privacy. IEEE, 145--159.Google ScholarDigital Library
- Yan Long, Sara Rampazzi, Takeshi Sugawara, and Kevin Fu. 2021. Protecting COVID-19 Vaccine Transportation and Storage from Analog Cybersecurity Threats. Biomedical Instrumentation & Technology 55, 3 (2021), 112--117.Google ScholarCross Ref
- Ralph P Muscatell. 1984. Laser microphone. The Journal of the Acoustical Society of America 76, 4 (1984), 1284--1284.Google ScholarCross Ref
- Shoei Nashimoto, Daisuke Suzuki, Takeshi Sugawara, and Kazuo Sakiyama. 2018. Sensor CON-Fusion: Defeating Kalman filter in signal injection attack. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security. 511--524.Google ScholarDigital Library
- Steven Nasiri. 2009. A critical review of MEMS gyroscopes technology and commercialization status. (2009). InvenSense whitepaper (2009).Google Scholar
- Vittorio MN Passaro, Antonello Cuccovillo, Lorenzo Vaiani, Martino De Carlo, and Carlo Edoardo Campanella. 2017. Gyroscope technology and applications: A review in the industrial perspective. Sensors 17, 10 (2017), 2284.Google ScholarCross Ref
- Gianni Pavan, Gregory Budney, Holger Klinck, Hervé Glotin, Dena J Clink, and Jeanette A Thomas. 2022. History of sound recording and analysis equipment. Exploring Animal Behavior Through Sound: Volume 1: Methods (2022), 1--36.Google Scholar
- Md Fazle Rabby, Yazhou Tu, Md Imran Hossen, Insup Lee, Anthony S Maida, and Xiali Hei. 2021. Stacked LSTM based deep recurrent neural network with kalman smoothing for blood glucose prediction. BMC Medical Informatics and Decision Making 21 (2021), 1--15.Google ScholarCross Ref
- Jayaprakash Selvaraj, Neelam Prabhu Gaunkar, David Ware, Ryan M Gerdes, and Mani Mina. 2018. Electromagnetic induction attacks against embedded systems. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security. 499--510.Google ScholarDigital Library
- Yunmok Son, Hocheol Shin, Dongkwan Kim, Youngseok Park, Juhwan Noh, Kibum Choi, Jungwoo Choi, and Yongdae Kim. 2015. Rocking drones with intentional sound noise on gyroscopic sensors. In 24th USENIX Security Symposium (USENIX Security 15). 881--896.Google Scholar
- Takeshi Sugawara, Benjamin Cyr, Sara Rampazzi, Daniel Genkin, and Kevin Fu. 2020. Light commands: laser-based audio injection attacks on voice-controllable systems. In 29th USENIX Security Symposium (USENIX Security 20). 2631--2648.Google Scholar
- Shintaro Takeda, Ikuharu Morioka, Kazuhisa Miyashita, Akeharu Okumura, Yoshiaki Yoshida, and Kenji Matsumoto. 1992. Age variation in the upper limit of hearing. European journal of applied physiology and occupational physiology 65, 5 (1992), 403--408.Google Scholar
- Kevin Sam Tharayil, Benyamin Farshteindiker, Shaked Eyal, Nir Hasidim, Roy Hershkovitz, Shani Houri, Ilia Yoffe, Michal Oren, and Yossi Oren. 2020. Sensor defense in-software (SDI): Practical software based detection of spoofing attacks on position sensors. Engineering Applications of Artificial Intelligence 95 (2020), 103904.Google ScholarCross Ref
- Jing Tian, Wenshu Yang, Zhenming Peng, Tao Tang, and Zhijun Li. 2016. Application of MEMS accelerometers and gyroscopes in fast steering mirror control systems. Sensors 16, 4 (2016), 440.Google ScholarCross Ref
- Timothy Trippel, Ofir Weisse, Wenyuan Xu, Peter Honeyman, and Kevin Fu. 2017. WALNUT: Waging doubt on the integrity of MEMS accelerometers with acoustic injection attacks. In 2017 IEEE European symposium on security and privacy (EuroS&P). IEEE, 3--18.Google ScholarCross Ref
- Yazhou Tu, Zhiqiang Lin, Insup Lee, and Xiali Hei. 2018. Injected and delivered: Fabricating implicit control over actuation systems by spoofing inertial sensors. In 27th USENIX Security Symposium (USENIX Security 18). 1545--1562.Google Scholar
- Yazhou Tu, Sara Rampazzi, Bin Hao, Angel Rodriguez, Kevin Fu, and Xiali Hei. 2019. Trick or heat? Manipulating critical temperature-based control systems using rectification attacks. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. 2301--2315.Google ScholarDigital Library
- Yazhou Tu, Vijay Srinivas Tida, Zhongqi Pan, and Xiali Hei. 2021. Transduction Shield: A Low-Complexity Method to Detect and Correct the Effects of EMI Injection Attacks on Sensors. In Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security. 901--915.Google ScholarDigital Library
- Yuanda Wang, Hanqing Guo, and Qiben Yan. 2022. GhostTalk: Interactive Attack on Smartphone Voice System Through Power Line. arXiv preprint arXiv:2202.02585 (2022).Google Scholar
- Zhengbo Wang, Kang Wang, Bo Yang, Shangyuan Li, and Aimin Pan. 2017. Sonic gun to smart devices: Your devices lose control under ultrasound/sound. BlackHat USA (2017).Google Scholar
- Zhifei Xu, Runbing Hua, Jack Juang, Shengxuan Xia, Jun Fan, and Chulsoon Hwang. 2021. Inaudible Attack on Smart Speakers With Intentional Electromagnetic Interference. IEEE Transactions on Microwave Theory and Techniques 69, 5 (2021), 2642--2650.Google ScholarCross Ref
- Chen Yan, Hocheol Shin, Connor Bolton, Wenyuan Xu, Yongdae Kim, and Kevin Fu. 2020. Sok: A minimalist approach to formalizing analog sensor security. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE, 233--248.Google ScholarCross Ref
- Qiben Yan, Kehai Liu, Qin Zhou, Hanqing Guo, and Ning Zhang. 2020. Surfingattack: Interactive hidden attack on voice assistants using ultrasonic guided waves. In Network and Distributed Systems Security (NDSS) Symposium.Google ScholarCross Ref
- Guoming Zhang, Chen Yan, Xiaoyu Ji, Tianchen Zhang, Taimin Zhang, and Wenyuan Xu. 2017. Dolphinattack: Inaudible voice commands. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 103--117.Google ScholarDigital Library
- Youqian Zhang and Kasper Rasmussen. 2020. Detection of electromagnetic interference attacks on sensor systems. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE, 203--216Google ScholarCross Ref
Index Terms
- Towards Adversarial Process Control on Inertial Sensor Systems with Physical Feedback Side Channels
Recommendations
Modeling and control of Cyber-Physical Systems subject to cyber attacks: A survey of recent advances and challenges
Highlights- In general, the cyber-attacks in the literature can be classified into three main types: denial of service (DoS) attacks, deception attacks, and replay ...
AbstractCyber Physical Systems (CPS) are almost everywhere; they can be accessed and controlled remotely. These features make them more vulnerable to cyber attacks. Since these systems provide critical services, having them under attack would ...
Adversarial regression for detecting attacks in cyber-physical systems
IJCAI'18: Proceedings of the 27th International Joint Conference on Artificial IntelligenceAttacks in cyber-physical systems (CPS) which manipulate sensor readings can cause enormous physical damage if undetected. Detection of attacks on sensors is crucial to mitigate this issue. We study supervised regression as a means to detect anomalous ...
Protecting Enclaves from Intra-Core Side-Channel Attacks through Physical Isolation
CYSARM'20: Proceedings of the 2nd Workshop on Cyber-Security Arms RaceSystems that protect enclaves from privileged software must consider software-based side-channel attacks. Our system isolates enclaves on separate secure cores to stop attackers from running on the same core as the victim, which mitigates intra-core ...
Comments