Denial-of-service attacks on battery-powered mobile computers

Sleep deprivation attacks are a form of denial of service attack whereby an attacker renders a pervasive computing device inoperable by draining the battery more quickly than it would be drained under normal usage. We describe three main methods for an attacker to drain the battery: (1) service request power attacks, where repeated requests are made to the victim for services, typically over a network - even if the service is not provided the victim must expend energy deciding whether or not to honor the request; (2) benign power attacks, where the victim is made to execute a valid but energy-hungry task repeatedly, and (3) malignant power attacks, where the attacker modifies or creates an executable to make the system consume more energy than it would otherwise. Our initial results demonstrate the increased power consumption due to these attacks, which we believe are the first real examples of these attacks to appear in the literature. We also propose a power-secure architecture to thwart these power attacks by employing multi-level authentication and energy signatures.

[1]  Andrew Wolfe,et al.  Compilation techniques for low energy: an overview , 1994, Proceedings of 1994 IEEE Symposium on Low Power Electronics.

[2]  Nigel P. Smart,et al.  Physical side channel attacks on cryptographic systems , 2000 .

[3]  Miodrag Potkonjak,et al.  On communication security in wireless ad-hoc sensor networks , 2002, Proceedings. Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[4]  P. Kocher,et al.  Differential power analysis, advances in cryptology-CRYPTO'99 , 1999 .

[5]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[6]  Michael S. Hsiao,et al.  Fast, flexible, cycle-accurate energy estimation , 2001, ISLPED '01.

[7]  Mahadev Satyanarayanan,et al.  Pervasive computing: vision and challenges , 2001, IEEE Wirel. Commun..

[8]  Pekka Nikander,et al.  DOS-Resistant Authentication with Client Puzzles , 2000, Security Protocols Workshop.

[9]  Jonathan M. Smith,et al.  The Power Broker: Intelligent Power Management for Mobile Computers , 1996 .

[10]  Ibrahim N. Hajj,et al.  Resolving Signal Correlations for Estimating Maximum Currents in CMOS Combinational Circuits , 1993, 30th ACM/IEEE Design Automation Conference.

[11]  John T. Kohl,et al.  The Evolution of the Kerberos Authentication Service , 1992 .

[12]  Dan S. Wallach,et al.  Denial of Service via Algorithmic Complexity Attacks , 2003, USENIX Security Symposium.

[13]  Mahadev Satyanarayanan,et al.  PowerScope: a tool for profiling the energy usage of mobile applications , 1999, Proceedings WMCSA'99. Second IEEE Workshop on Mobile Computing Systems and Applications.

[14]  Salvador Manich,et al.  Maximizing the weighted switching activity in combinational CMOS circuits under the variable delay model , 1997, Proceedings European Design and Test Conference. ED & TC 97.

[15]  Mark Weiser,et al.  Some computer science issues in ubiquitous computing , 1993, CACM.

[16]  Luca Benini,et al.  Energy-efficient design of battery-powered embedded systems , 1999, Proceedings. 1999 International Symposium on Low Power Electronics and Design (Cat. No.99TH8477).

[17]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[18]  Mandayam T. Raghunath,et al.  Energy trade-offs in the IBM wristwatch computer , 2001, Proceedings Fifth International Symposium on Wearable Computers.

[19]  Kaushik Roy,et al.  Maximum power estimation for sequential circuits using a test generation based technique , 1996, Proceedings of Custom Integrated Circuits Conference.

[20]  Scott Shenker,et al.  Scheduling for reduced CPU energy , 1994, OSDI '94.

[21]  Emil Jovanov,et al.  Issues in wearable computing for medical monitoring applications: a case study of a wearable ECG monitoring device , 2000, Digest of Papers. Fourth International Symposium on Wearable Computers.

[22]  Marc A. Viredaz The Itsy Pocket Computer Version 1.5: User's Manual , 1999 .

[23]  J.A. Stankovic,et al.  Denial of Service in Sensor Networks , 2002, Computer.

[24]  Ping-Wen Ong,et al.  Power-conscious software design-a framework for modeling software on hardware , 1994, Proceedings of 1994 IEEE Symposium on Low Power Electronics.

[25]  Michael S. Hsiao Peak power estimation using genetic spot optimization for large VLSI circuits , 1999, DATE '99.

[26]  Nigel P. Smart,et al.  Physical side-channel attacks on cryptographic systems , 2000, Softw. Focus.