A Comprehensive Survey of Attacks without Physical Access Targeting Hardware Vulnerabilities in IoT/IIoT Devices, and Their Detection Mechanisms

With the advances in the field of the Internet of Things (IoT) and Industrial IoT (IIoT), these devices are increasingly used in daily life or industry. To reduce costs related to the time required to develop these devices, security features are usually not considered. This situation creates a major security concern. Many solutions have been proposed to protect IoT/IIoT against various attacks, most of which are based on attacks involving physical access. However, a new class of attacks has emerged targeting hardware vulnerabilities in the micro-architecture that do not require physical access. We present attacks based on micro-architectural hardware vulnerabilities and the side effects they produce in the system. In addition, we present security mechanisms that can be implemented to address some of these attacks. Most of the security mechanisms target a small set of attack vectors or a single specific attack vector. As many attack vectors exist, solutions must be found to protect against a wide variety of threats. This survey aims to inform designers about the side effects related to attacks and detection mechanisms that have been described in the literature. For this purpose, we present two tables listing and classifying the side effects and detection mechanisms based on the given criteria.

[1]  Ramesh Karri,et al.  Attacks and Defenses for JTAG , 2010, IEEE Design & Test of Computers.

[2]  Jakub Szefer,et al.  Survey of Microarchitectural Side and Covert Channels, Attacks, and Defenses , 2018, Journal of Hardware and Systems Security.

[3]  Ning Zhang,et al.  TruSpy: Cache Side-Channel Information Leakage from the Secure World on ARM Devices , 2016, IACR Cryptol. ePrint Arch..

[4]  Chris Fallin,et al.  Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors , 2014, 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA).

[5]  Assia Tria,et al.  Voltage Glitch Attacks on Mixed-Signal Systems , 2014, 2014 17th Euromicro Conference on Digital System Design.

[6]  Cemal Yilmaz,et al.  MeltdownDetector: A Runtime Approach for Detecting Meltdown Attacks , 2019, IACR Cryptol. ePrint Arch..

[7]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[8]  Rami G. Melhem,et al.  Counter-Based Tree Structure for Row Hammering Mitigation in DRAM , 2017, IEEE Computer Architecture Letters.

[9]  Guy Gogniat,et al.  Meet the Sherlock Holmes’ of Side Channel Leakage: A Survey of Cache SCA Detection Techniques , 2020, IEEE Access.

[10]  David Naccache,et al.  Cryptographically secure shields , 2014, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[11]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[12]  Georgios Kambourakis,et al.  DDoS in the IoT: Mirai and Other Botnets , 2017, Computer.

[13]  Régis Leveugle,et al.  Glitch and Laser Fault Attacks onto a Secure AES Implementation on a SRAM-Based FPGA , 2011, Journal of Cryptology.

[14]  Thomas F. Wenisch,et al.  Breaking Virtual Memory Protection and the SGX Ecosystem with Foreshadow , 2019, IEEE Micro.

[15]  L. Bossuet,et al.  JTAG Fault Injection Attack , 2018, IEEE Embedded Systems Letters.

[16]  Fengwei Zhang,et al.  Hardware-Assisted Transparent Tracing and Debugging on ARM , 2019, IEEE Transactions on Information Forensics and Security.

[17]  Marco Chiappetta,et al.  Real time detection of cache-based side-channel attacks using hardware performance counters , 2016, Appl. Soft Comput..