Browsing by Author "Dayanikli, Gokcen Yilmaz"
Now showing 1 - 2 of 2
Results Per Page
Sort Options
- Electromagnetic Interference Attacks on Cyber-Physical Systems: Theory, Demonstration, and DefenseDayanikli, Gokcen Yilmaz (Virginia Tech, 2021-08-27)A cyber-physical system (CPS) is a complex integration of hardware and software components to perform well-defined tasks. Up to this point, many software-based attacks targeting the network and computation layers have been reported by the researchers. However, the physical layer attacks that utilize natural phenomena (e.g., electromagnetic waves) to manipulate safety-critic signals such as analog sensor outputs, digital data, and actuation signals have recently taken the attention. The purpose of this dissertation is to detect the weaknesses of cyber-physical systems against low-power Intentional Electromagnetic Interference (IEMI) attacks and provide hardware-level countermeasures. Actuators are irreplaceable components of electronic systems that control the physically moving sections, e.g., servo motors that control robot arms. In Chapter 2, the potential effects of IEMI attacks on actuation control are presented. Pulse Width Modulation (PWM) signal, which is the industry–standard for actuation control, is observed to be vulnerable to IEMI with specific frequency and modulated–waveforms. Additionally, an advanced attacker with limited information about the victim can prevent the actuation, e.g., stop the rotation of a DC or servo motor. For some specific actuator models, the attacker can even take the control of the actuators and consequently the motion of the CPS, e.g., the flight trajectory of a UAV. The attacks are demonstrated on a fixed-wing unmanned aerial vehicle (UAV) during varying flight scenarios, and it is observed that the attacker can block or take control of the flight surfaces (e.g., aileron) which results in a crash of the UAV or a controllable change in its trajectory, respectively. Serial communication protocols such as UART or SPI are widely employed in electronic systems to establish communication between peripherals (e.g., sensors) and controllers. It is observed that an adversary with the reported three-phase attack mechanism can replace the original victim data with the 'desired' false data. In the detection phase, the attacker listens to the EM leakage of the victim system. In the signal processing phase, the exact timing of the victim data is determined from the victim EM leakage, and in the transmission phase, the radiated attack waveform replaces the original data with the 'desired' false data. The attack waveform is a narrowband signal at the victim baud rate, and in a proof–of–concept demonstration, the attacks are observed to be over 98% effective at inducing a desired bit sequence into pseudorandom UART frames. Countermeasures such as twisted cables are discussed and experimentally validated in high-IEMI scenarios. In Chapter 4, a state-of-art electrical vehicle (EV) charger is assessed in IEMI attack scenarios, and it is observed that an attacker can use low–cost RF components to inject false current or voltage sensor readings into the system. The manipulated sensor data results in a drastic increase in the current supplied to the EV which can easily result in physical damage due to thermal runaway of the batteries. The current switches, which control the output current of the EV charger, can be controlled (i.e., turned on) by relatively high–power IEMI, which gives the attacker direct control of the current supplied to the EV. The attacks on UAVs, communication systems, and EV chargers show that additional hardware countermeasures should be added to the state-of-art system design to alleviate the effect of IEMI attacks. The fiber-optic transmission and low-frequency magnetic field shielding can be used to transmit 'significant signals' or PCB-level countermeasures can be utilized which are reported in Chapter 5.
- Wireless Manipulation of Serial CommunicationDayanikli, Gokcen Yilmaz; Mohammed, Abdullah Zubair; Gerdes, Ryan M.; Mina, Mani (ACM, 2022-05-30)Wired serial communication (e.g., UART, I2C) is widely used to exchange information between sensors, actuators, and controllers in automation, control, and cyber-physical systems. In this work, it is demonstrated that intentional electromagnetic interference (IEMI) can be utilized to not only induce spurious serial communications but to also alter legitimate communications, arbitrarily and at a distance, through attacks that cause controlled, bidirectional bit flips. To prove the efficacy of such attacks, two attack signal types, which require differing levels of attacker knowledge and resources to be effective, are proposed and evaluated against UART and I2C serial communication systems. The first attack waveform, which we call simple, is an inexpensive–to–produce narrowband waveform that has high power and tight timing constraints, but requires little attacker knowledge about the targeted system, while the second waveform, which we call complex, leverages a wideband signal that requires less power to achieve the same effect, is more tolerant of timing error in the signal processing phase, but requires a high amount of attacker knowledge of the targeted system. The simple waveform is shown to be over 98.3% effective at inducing a desired bit sequence into randomly transmitted UART frames, which indicates that an attacker could also choose to inject spurious UART frames, at will. On the I2C data streams, the complex waveform is demonstrated to be overall 75% effective in inducing random bits. Countermeasures are discussed and experimentally validated in high-IEMI scenarios.