DeepAI AI Chat
Log In Sign Up

A Framework for Evaluating Security in the Presence of Signal Injection Attacks

by   Ilias Giechaskiel, et al.
University of Oxford

Sensors are embedded in security-critical applications from medical devices to nuclear power plants, but their outputs can be spoofed through signals transmitted by attackers at a distance. To address the lack of a unifying framework for evaluating the effect of such transmissions, we introduce a system and threat model for signal injection attacks. Our model abstracts away from specific circuit-design issues, and highlights the need to characterize the response of Analog-to-Digital Converters (ADCs) beyond their Nyquist frequency. This ADC characterization can be conducted using direct power injections, reducing the amount of circuit-specific experiments to be performed. We further define the concepts of existential, selective, and universal security, which address attacker goals from mere disruptions of the sensor readings to precise waveform injections. As security in our framework is not binary, it allows for the direct comparison of the level of security between different systems. We additionally conduct extensive experiments across all major ADC types, and demonstrate that an attacker can inject complex waveforms such as human speech into ADCs by transmitting amplitude-modulated (AM) signals over carrier frequencies up to the GHz range. All ADCs we test are vulnerable and demodulate the injected AM signal, although some require a more fine-tuned selection of the carrier frequency. We finally introduce an algorithm which allows circuit designers to concretely calculate the security level of real systems, and we apply our definitions and algorithm in practice using measurements of injections against a smartphone microphone. Overall, our work highlights the importance of evaluating the susceptibility of systems against signal injection attacks, and introduces both the terminology and the methodology to do so.


page 1

page 6

page 13


SoK: Taxonomy and Challenges of Out-of-Band Signal Injection Attacks and Defenses

Research on how hardware imperfections impact security has primarily foc...

SoundFence: Securing Ultrasonic Sensors in Vehicles Using Physical-Layer Defense

Autonomous vehicles (AVs), equipped with numerous sensors such as camera...

Injected and Delivered: Fabricating Implicit Control over Actuation Systems by Spoofing Inertial Sensors

Inertial sensors provide crucial feedback for control systems to determi...

Electromagnetic Signal Injection Attacks on Differential Signaling

Differential signaling is a method of data transmission that uses two co...

Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems

We propose a new class of signal injection attacks on microphones by phy...

Detection of Electromagnetic Signal Injection Attacks on Actuator Systems

An actuator is a device that converts electricity into another form of e...