SCREAM: Sensory Channel Remote Execution Attack Methods

Sensory channel threats on embedded systems are an often overlooked attack vector. Because many computing systems focus on digital communication, much of the security research for embedded systems has focused on securing the communication channels between devices. This project explores the concept of sensory channel attacks and demonstrates that an attack on an embedded device purely through sensory channel input can achieve arbitrary code execution. Unlike previous research on sensory channel attacks, this work does not require the device to have preloaded malware. We demonstrate that our attacks were successful in two separate, realistic applications with up to a 100.00% success rate. Finally, we propose a possible defense to these attacks and suggest future avenues of research in this field.

[1]  C. Kasmi,et al.  IEMI Threats for Information Security: Remote Command Injection on Modern Smartphones , 2015, IEEE Transactions on Electromagnetic Compatibility.

[2]  Azzedine Boukerche,et al.  A secure mobile healthcare system using trust-based multicast scheme , 2009, IEEE Journal on Selected Areas in Communications.

[3]  Pedro José Marrón,et al.  Enlighten me! secure key assignment in wireless sensor networks , 2009, 2009 IEEE 6th International Conference on Mobile Adhoc and Sensor Systems.

[4]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[5]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[6]  Sergey Bratus,et al.  Attacking and Defending Networked Embedded Devices , 2007 .

[7]  Charalampos Manifavas,et al.  Lightweight Cryptography for Embedded Systems - A Comparative Analysis , 2013, DPM/SETOP.

[8]  A. Shanmugam,et al.  A Novel Intrusion Detection System for Wireless Body Area Network in Health Care Monitoring , 2010 .

[9]  Raheem A. Beyah,et al.  Sensory channel threats to Cyber Physical Systems: A wake-up call , 2014, 2014 IEEE Conference on Communications and Network Security.

[10]  Mitsuru Matsui,et al.  A Description of the Camellia Encryption Algorithm , 2004, RFC.

[11]  Felix Wortmann,et al.  Internet of Things , 2015, Business & Information Systems Engineering.

[12]  Wenyuan Xu,et al.  Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors , 2013, 2013 IEEE Symposium on Security and Privacy.

[13]  A. One,et al.  Smashing The Stack For Fun And Profit , 1996 .

[14]  Matthew J. B. Robshaw,et al.  PRINTcipher: A Block Cipher for IC-Printing , 2010, CHES.

[15]  Michael S. Hsiao,et al.  Denial-of-service attacks on battery-powered mobile computers , 2004, Second IEEE Annual Conference on Pervasive Computing and Communications, 2004. Proceedings of the.

[16]  Wenyuan Xu,et al.  Jamming sensor networks: attack and defense strategies , 2006, IEEE Network.

[17]  Li Huang,et al.  A Lightweight Security Scheme for Wireless Body Area Networks: Design, Energy Evaluation and Proposed Microprocessor Design , 2011, Journal of Medical Systems.