Attack Resilience and Recovery using Physical Challenge Response Authentication for Active Sensors Under Integrity Attacks

Author(s): Shoukry, Yasser; Martin, Paul; Yona, Yair; Diggavi, Suhas; Srivastava, Mani | Abstract: Embedded sensing systems are pervasively used in life- and security-critical systems such as those found in airplanes, automobiles, and healthcare. Traditional security mechanisms for these sensors focus on data encryption and other post-processing techniques, but the sensors themselves often remain vulnerable to attacks in the physical/analog domain. If an adversary manipulates a physical/analog signal prior to digitization, no amount of digital security mechanisms after the fact can help. Fortunately, nature imposes fundamental constraints on how these analog signals can behave. This work presents PyCRA, a physical challenge-response authentication scheme designed to protect active sensing systems against physical attacks occurring in the analog domain. PyCRA provides security for active sensors by continually challenging the surrounding environment via random but deliberate physical probes. By analyzing the responses to these probes, and by using the fact that the adversary cannot change the underlying laws of physics, we provide an authentication mechanism that not only detects malicious attacks but provides resilience against them. We demonstrate the effectiveness of PyCRA through several case studies using two sensing systems: (1) magnetic sensors like those found wheel speed sensors in robotics and automotive, and (2) commercial RFID tags used in many security-critical applications. Finally, we outline methods and theoretical proofs for further enhancing the resilience of PyCRA to active attacks by means of a confusion phase---a period of low signal to noise ratio that makes it more difficult for an attacker to correctly identify and respond to PyCRA's physical challenges. In doing so, we evaluate both the robustness and the limitations of PyCRA, concluding by outlining practical considerations as well as further applications for the proposed authentication mechanism.

[1]  Alan S. Willsky,et al.  A survey of design methods for failure detection in dynamic systems , 1976, Autom..

[2]  T. Humphreys,et al.  Assessing the Spoofing Threat: Development of a Portable GPS Civilian Spoofer , 2008 .

[3]  Henrik Sandberg,et al.  Stealth Attacks and Protection Schemes for State Estimators in Power Systems , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[4]  Mani Srivastava,et al.  PyCRA: Physical Challenge-Response Authentication For Active Sensors Under Spoofing Attacks , 2015, CCS.

[5]  George J. Pappas,et al.  Stochastic game approach for replay attack detection , 2013, 52nd IEEE Conference on Decision and Control.

[6]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[7]  J. Fraden,et al.  Handbook of Modern Sensors: Physics, Designs, and Applications, 2nd ed. , 1998 .

[8]  Peng Ning,et al.  False data injection attacks against state estimation in electric power grids , 2009, CCS.

[9]  Vinay M. Igure,et al.  Security issues in SCADA networks , 2006, Comput. Secur..

[10]  Srivaths Ravi,et al.  Tamper resistance mechanisms for secure embedded systems , 2004, 17th International Conference on VLSI Design. Proceedings..

[11]  Wenyuan Xu,et al.  Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors , 2013, 2013 IEEE Symposium on Security and Privacy.

[12]  Rogelio Lozano,et al.  Adaptive Control: Algorithms, Analysis and Applications , 2011 .

[13]  R. K. Mehra,et al.  Correspondence item: An innovations approach to fault detection and diagnosis in dynamic systems , 1971 .

[14]  Craig A. Grimes,et al.  Encyclopedia of Sensors , 2006 .

[15]  V. Veeravalli,et al.  General Asymptotic Bayesian Theory of Quickest Change Detection , 2005 .

[16]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[17]  Paulo Tabuada,et al.  Non-invasive Spoofing Attacks for Anti-lock Braking Systems , 2013, CHES.

[18]  Paulo Tabuada,et al.  Secure State Estimation Under Sensor Attacks: A Satisfiability Modulo Theory Approach , 2014, ArXiv.

[19]  Lang Tong,et al.  Malicious Data Attacks on the Smart Grid , 2011, IEEE Transactions on Smart Grid.

[20]  Tassos Dimitriou,et al.  A Lightweight RFID Protocol to protect against Traceability and Cloning attacks , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[21]  Yongdae Kim,et al.  Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors , 2015, USENIX Security Symposium.

[22]  Paulo Tabuada,et al.  Secure Estimation and Control for Cyber-Physical Systems Under Adversarial Attacks , 2012, IEEE Transactions on Automatic Control.

[23]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[24]  Florian Dörfler,et al.  Attack Detection and Identification in Cyber-Physical Systems -- Part II: Centralized and Distributed Monitor Design , 2012, ArXiv.

[25]  Karl Henrik Johansson,et al.  On the Exact Solution to a Smart Grid Cyber-Security Analysis Problem , 2011, IEEE Transactions on Smart Grid.

[26]  Lennart Ljung,et al.  System Identification: Theory for the User , 1987 .

[27]  Sergey Y. Yurish,et al.  Smart sensors and MEMS , 2004 .

[28]  J.E. Mazo,et al.  Digital communications , 1985, Proceedings of the IEEE.

[29]  John R. Brauer Magnetic Actuators and Sensors , 2006 .

[30]  H. Vincent Poor,et al.  Strategic Protection Against Data Injection Attacks on Power Grids , 2011, IEEE Transactions on Smart Grid.

[31]  Aikaterini Mitrokotsa,et al.  Classifying RFID attacks and defenses , 2010, Inf. Syst. Frontiers.

[32]  S. Shankar Sastry,et al.  Research Challenges for the Security of Control Systems , 2008, HotSec.