Electromagnetic Induction Attacks Against Embedded Systems

Embedded and cyber-physical systems are critically dependent on the integrity of input and output signals for proper operation. Input signals acquired from sensors are assumed to correspond to the phenomenon the system is monitoring and responding to. Similarly, when such systems issue an actuation signal it is expected that the mechanism being controlled will respond in a predictable manner. Recent work has shown that sensors can be manipulated through the use of intentional electromagnetic interference (IEMI). In this work, we demonstrate thatboth input and output signals, analog and digital, can be remotely manipulated via the physical layer---thus bypassing traditional integrity mechanisms. Through the use of specially crafted IEMI it is shown that the physical layer signaling used for sensor input to, and digital communications between, embedded systems may be undermined to an attacker's advantage. Three attack scenarios are analyzed and their efficacy demonstrated. In the first scenario the analog sensing channel is manipulated to produce arbitrary sensor readings, while in the second it is shown that an attacker may induce bit flips in serial communications. Finally, a commonly used actuation signal is shown to be vulnerable to IEMI. The attacks are effective over appreciable distances and at low power.

[1]  Henry Ott,et al.  Electromagnetic Compatibility Engineering , 2009 .

[2]  Kyechong Kim,et al.  Operational upsets and critical new bit errors in CMOS digital inverters due to high power pulsed electromagnetic interference , 2010 .

[3]  C. Martin 2015 , 2015, Les 25 ans de l’OMC: Une rétrospective en photos.

[4]  Ruchir Chauhan,et al.  A platform for false data injection in frequency modulated continuous wave radar , 2014 .

[5]  Mani Srivastava,et al.  PyCRA: Physical Challenge-Response Authentication For Active Sensors Under Spoofing Attacks , 2015, CCS.

[6]  m.a Wazed Miah Fundamentals Of Electromagnetics , 1989 .

[7]  J. Ekman,et al.  Susceptibility of sensor networks to intentional electromagnetic interference , 2006, 2006 17th International Zurich Symposium on Electromagnetic Compatibility.

[8]  Wenyuan Xu,et al.  Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors , 2013, 2013 IEEE Symposium on Security and Privacy.

[9]  J. L. Norman Violette,et al.  An Introduction to Electromagnetic Compatibility , 1987 .

[10]  S.C. Goldstein,et al.  Magnetic Resonant Coupling As a Potential Means for Wireless Power Transfer to Multiple Small Receivers , 2009, IEEE Transactions on Power Electronics.

[11]  Chen Yan Can You Trust Autonomous Vehicles : Contactless Attacks against Sensors of Self-driving Vehicle , 2016 .

[12]  R. Schulz ELF and VLF Shielding Effectiveness of High-Permeability Materials , 1968 .

[13]  A.H.M. van Roermund,et al.  Analog circuit design : sensor and actuator interface electronics, integrated high-voltage electronics and power management, low-power and high-resolution ADC's , 2004 .

[14]  M.G. Backstrom,et al.  Susceptibility of electronic systems to high-power microwaves: summary of test experience , 2004, IEEE Transactions on Electromagnetic Compatibility.

[15]  D. Neamen Semiconductor physics and devices , 1992 .

[16]  Daniel H. Sheingold,et al.  Analog-digital conversion handbook , 1972 .

[17]  Paulo Tabuada,et al.  Non-invasive Spoofing Attacks for Anti-lock Braking Systems , 2013, CHES.

[18]  Nicolas Mora Parra,et al.  Contribution to the study of the vulnerability of critical systems to Intentional Electromagnetic Interference (IEMI) , 2016 .

[19]  Ilangko Balasingham,et al.  Improving in‐body ultra wideband communication using near‐field coupling of the implanted antenna , 2009 .

[20]  D. Kushner,et al.  The real story of stuxnet , 2013, IEEE Spectrum.

[21]  Jaesik Kim,et al.  Double-slot antipodal vivaldi antenna for improved directivity and radiation patterns , 2016, 2016 International Symposium on Antennas and Propagation (ISAP).

[22]  Charles K. Alexander,et al.  Fundamentals of Electric Circuits , 1999 .

[23]  Y. Hayashi,et al.  Transient IEMI Threats for Cryptographic Devices , 2013, IEEE Transactions on Electromagnetic Compatibility.

[24]  Jonas Larsson,et al.  Electromagnetics from a quasistatic perspective , 2007 .

[25]  C. Paul Introduction to Electromagnetic Compatibility: Paul/Introduction to Electromagnetic Compatibility, Second Edition , 2005 .

[26]  Donald R. J. White,et al.  A Handbook on Electromagnetic Shielding Materials and Performance , 1980 .

[27]  Jung-Hoon Chun,et al.  Analysis and Measurement of Signal Distortion due to ESD Protection Circuits , 2006, IEEE Journal of Solid-State Circuits.

[28]  Aaron D Taylor Microcontroller (8051-Core) Instruction Susceptibility to Intentional Electromagnetic Interference (IEMI) , 2011 .

[29]  Michiel Steyaert,et al.  EMC of Analog Integrated Circuits , 2009 .

[30]  U. Azad,et al.  Analysis and experimental results for an inductively coupled near-field power transmission system , 2012, 2012 IEEE International Workshop on Antenna Technology (iWAT).

[31]  Michiel Steyaert,et al.  Analog Circuit Design , 2005, Springer US.

[32]  N. Homma,et al.  Feasibility of fault analysis based on intentional electromagnetic interference , 2012, 2012 IEEE International Symposium on Electromagnetic Compatibility.

[33]  Jung-Hoon Chun,et al.  ESD Design Strategies for High-Speed Digital and RF Circuits in Deeply Scaled Silicon Technologies , 2010, IEEE Transactions on Circuits and Systems I: Regular Papers.

[34]  Jeremie Bourqui,et al.  Balanced Antipodal Vivaldi Antenna With Dielectric Director for Near-Field Microwave Imaging , 2010, IEEE Transactions on Antennas and Propagation.

[35]  W.A. Radasky,et al.  Introduction to the special issue on high-power electromagnetics (HPEM) and intentional electromagnetic interference (IEMI) , 2004, IEEE Transactions on Electromagnetic Compatibility.

[36]  Qin Yu,et al.  RF equivalent circuit modeling of ferrite-core inductors and characterization of core materials , 2002 .

[37]  Francesco Musolino,et al.  Electrical Model of a Microcontroller for EMC Analysis , 2009 .

[38]  Klaudia Kaiser,et al.  Noise Reduction Techniques In Electronic Systems , 2016 .