Physical Layer Data Integrity Attacks and Defenses in Cyber-Physical Systems
| dc.contributor.author | Mohammed, Abdullah Zubair | en |
| dc.contributor.committeechair | Gerdes, Ryan M. | en |
| dc.contributor.committeemember | Hicks, Matthew | en |
| dc.contributor.committeemember | Mina, Mani | en |
| dc.contributor.committeemember | Xiong, Wenjie | en |
| dc.contributor.committeemember | Ampadu, Paul K. | en |
| dc.contributor.department | Electrical Engineering | en |
| dc.date.accessioned | 2025-01-25T09:00:29Z | en |
| dc.date.available | 2025-01-25T09:00:29Z | en |
| dc.date.issued | 2025-01-24 | en |
| dc.description.abstract | Loss of data integrity in a safety-critical cyber-physical system (CPS), such as healthcare or intelligent transport, has a severe impact on its operation that can potentially lead to life-threatening consequences. This work investigates the vulnerability of CPS to physical-layer data integrity attacks and proposes countermeasures to enhance system resilience. Software-based cybersecurity approaches may not be efficient in mitigating threats aimed at the physical layer, leaving CPS particularly susceptible to manipulation through methods that exploit hardware vectors such as electromagnetic interference and data transmission medium. This work begins with a focus on using intentional electromagnetic interference (IEMI) to manipulate data and further explores other physical layer characteristics that can be exploited to conduct physical-layer attacks across various CPS environments. In the first phase of the research, the use of IEMI to induce controlled bit flips in widely used serial digital communication protocols is examined. In contrast to state-of-the-art IEMI attacks that use a narrow-band sinusoid as an attack signal, a complex, wideband, rectangular waveform is designed to improve the attack success rate from less than 50% to 75%. Further, the vulnerabilities of printed circuit board (PCB) traces to IEMI in highly safety-critical applications, such as electric vehicle (EV) charging, is addressed. On PCBs, IEMI attacks exploit the signal-carrying traces, that act as unintentional antennas under an adversarial electromagnetic field. Experiments demonstrated that such attacks are more challenging due to the PCB's structure but are still feasible with sufficient attacker power. A suite of passive countermeasures is evaluated, including differential signaling, via-fencing, and optical fiber interconnects, along with a novel multiplexer-based defense that dynamically modifies signal paths to evade detection. Each countermeasure is extensively evaluated and ranked based on its effectiveness, and adaptive attack strategies are analyzed to address potential future threats. In the IoT domain, this work presented a preliminary investigation on a novel "wireless spiking" technique on smart locks, that enables attackers to bypass standard security measures and unlock/lock with no physical contact. Using IEMI, the control circuitry is manipulated to unlock devices remotely. The methodology, involving hardware reverse engineering and attack point identification, is presented, which applies to other IoT devices in smart home environments. In the field of automotive cybersecurity, bit manipulation attacks targeting the Controller Area Network (CAN) bus are investigated. By exploiting its transmission line nature, these attacks challenge the fundamental assumptions of the CAN's physical layer and are capable of inducing bidirectional bit flips, from recessive to dominant (R→D) and significantly difficult dominant to recessive (D→R). The flips are further made undetectable to CAN's standard error-checking mechanisms. These attacks are simulated and validated in both lab and real-world vehicle environments. Finally, a defense mechanism for vehicle identification security in intelligent transportation systems using device fingerprinting is proposed. This approach utilizes inductive loop detectors (ILD) to capture unique electromagnetic signatures of vehicles, achieving up to 93% accuracy in identifying their make, model, and year. The ILD-based technique secures access control in automated systems and provides a cost-effective, drop-in solution for existing infrastructure, mitigating risks such as unauthorized vehicle impersonation and charging station exploitation. This work establishes a systematic framework for understanding, detecting, and defending against physical-layer data integrity attacks in CPS. Through the development of novel attack vectors and robust countermeasures, this research enhances the field of CPS security, emphasizing the need for comprehensive defenses that extend beyond conventional software-based approaches. | en |
| dc.description.abstractgeneral | In our increasingly connected world, cyber-physical systems (CPS)—technologies that combine digital and physical processes—are essential to modern life. These systems, from smart homes to intelligent vehicles, integrate sensors, actuators, and controllers to manage everything from personal security to automated transportation. While they bring convenience and efficiency, these systems are also vulnerable to attacks that can alter their data and disrupt operations, specifically at the hardware level, posing serious risks to safety and security. The adversary can attack the communication channels between sensors/actuators and the controller seeking to manipulate the signals and falsify data. Incorrect decision-making based on manipulated data leads to safety risks or system failure. Unlike typical cyberattacks, which often exploit software vulnerabilities, these threats target the hardware layer directly, bypassing conventional cybersecurity defenses designed only to protect software. This work investigates attacks against data integrity, where attackers use intentional electromagnetic interference (IEMI) to corrupt data exchanged between CPS components. For instance, it is demonstrated that attackers can, without physical access, interfere with communication channels in industrial and automotive systems, altering data exchanged between sensors and controllers. By sending precisely crafted electromagnetic signals, an attacker can inject or modify data in real-time, allowing them to influence system behavior wirelessly. In addition to IEMI, this work also highlights how vulnerabilities in hardware could compromise critical systems in modern automobiles. For example, we demonstrate how attackers could subtly alter messages on a vehicle's communication network (the controller area network), interfering with safety-critical functions. These attacks evade standard error-checking systems, further underscoring the need for hardware-level defenses that software cannot address. Additionally, we tackle the growing challenge of vehicle identification security in intelligent transportation systems. Unauthorized access to restricted areas or privileges, such as electric vehicle (EV) charging stations, could be exploited if attackers impersonate legitimate vehicles. To counter this, we propose a new method that "fingerprints" each vehicle based on its unique physical characteristics, helping ensure only authorized vehicles gain access. Through extensive testing, we validate our proposed countermeasures across different CPS environments, offering practical defenses against these physical-layer attacks. By providing solutions that secure both communication and identification in CPS, this work lays the groundwork for a safer and more resilient future where these critical systems are better protected from physical-layer attacks. | en |
| dc.description.degree | Doctor of Philosophy | en |
| dc.format.medium | ETD | en |
| dc.identifier.other | vt_gsexam:42347 | en |
| dc.identifier.uri | https://hdl.handle.net/10919/124382 | en |
| dc.language.iso | en | en |
| dc.publisher | Virginia Tech | en |
| dc.rights | In Copyright | en |
| dc.rights.uri | http://rightsstatements.org/vocab/InC/1.0/ | en |
| dc.subject | IEMI | en |
| dc.subject | Device Fingerprinting | en |
| dc.subject | Physical Layer Security | en |
| dc.subject | Automotive secuirty | en |
| dc.title | Physical Layer Data Integrity Attacks and Defenses in Cyber-Physical Systems | en |
| dc.type | Dissertation | en |
| thesis.degree.discipline | Electrical Engineering | en |
| thesis.degree.grantor | Virginia Polytechnic Institute and State University | en |
| thesis.degree.level | doctoral | en |
| thesis.degree.name | Doctor of Philosophy | en |
Files
Original bundle
1 - 1 of 1