Physical Layer Data Integrity Attacks and Defenses in Cyber-Physical Systems

Loss of data integrity in a safety-critical cyber-physical system (CPS), such as healthcare or intelligent transport, has a severe impact on its operation that can potentially lead to life-threatening consequences. This work investigates the vulnerability of CPS to physical-layer data integrity attacks and proposes countermeasures to enhance system resilience. Software-based cybersecurity approaches may not be efficient in mitigating threats aimed at the physical layer, leaving CPS particularly susceptible to manipulation through methods that exploit hardware vectors such as electromagnetic interference and data transmission medium. This work begins with a focus on using intentional electromagnetic interference (IEMI) to manipulate data and further explores other physical layer characteristics that can be exploited to conduct physical-layer attacks across various CPS environments. In the first phase of the research, the use of IEMI to induce controlled bit flips in widely used serial digital communication protocols is examined. In contrast to state-of-the-art IEMI attacks that use a narrow-band sinusoid as an attack signal, a complex, wideband, rectangular waveform is designed to improve the attack success rate from less than 50% to 75%. Further, the vulnerabilities of printed circuit board (PCB) traces to IEMI in highly safety-critical applications, such as electric vehicle (EV) charging, is addressed. On PCBs, IEMI attacks exploit the signal-carrying traces, that act as unintentional antennas under an adversarial electromagnetic field. Experiments demonstrated that such attacks are more challenging due to the PCB's structure but are still feasible with sufficient attacker power. A suite of passive countermeasures is evaluated, including differential signaling, via-fencing, and optical fiber interconnects, along with a novel multiplexer-based defense that dynamically modifies signal paths to evade detection. Each countermeasure is extensively evaluated and ranked based on its effectiveness, and adaptive attack strategies are analyzed to address potential future threats. In the IoT domain, this work presented a preliminary investigation on a novel "wireless spiking" technique on smart locks, that enables attackers to bypass standard security measures and unlock/lock with no physical contact. Using IEMI, the control circuitry is manipulated to unlock devices remotely. The methodology, involving hardware reverse engineering and attack point identification, is presented, which applies to other IoT devices in smart home environments. In the field of automotive cybersecurity, bit manipulation attacks targeting the Controller Area Network (CAN) bus are investigated. By exploiting its transmission line nature, these attacks challenge the fundamental assumptions of the CAN's physical layer and are capable of inducing bidirectional bit flips, from recessive to dominant (R→D) and significantly difficult dominant to recessive (D→R). The flips are further made undetectable to CAN's standard error-checking mechanisms. These attacks are simulated and validated in both lab and real-world vehicle environments. Finally, a defense mechanism for vehicle identification security in intelligent transportation systems using device fingerprinting is proposed. This approach utilizes inductive loop detectors (ILD) to capture unique electromagnetic signatures of vehicles, achieving up to 93% accuracy in identifying their make, model, and year. The ILD-based technique secures access control in automated systems and provides a cost-effective, drop-in solution for existing infrastructure, mitigating risks such as unauthorized vehicle impersonation and charging station exploitation. This work establishes a systematic framework for understanding, detecting, and defending against physical-layer data integrity attacks in CPS. Through the development of novel attack vectors and robust countermeasures, this research enhances the field of CPS security, emphasizing the need for comprehensive defenses that extend beyond conventional software-based approaches.