WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks

@article{Trippel2017WALNUTWD,
  title={WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks},
  author={Timothy Trippel and Ofir Weisse and W. Xu and P. Honeyman and Kevin Fu},
  journal={2017 IEEE European Symposium on Security and Privacy (EuroS\&P)},
  year={2017},
  pages={3-18}
}
Cyber-physical systems depend on sensors to make automated decisions. Resonant acoustic injection attacks are already known to cause malfunctions by disabling MEMS-based gyroscopes. However, an open question remains on how to move beyond denial of service attacks to achieve full adversarial control of sensor outputs. Our work investigates how analog acoustic injection attacks can damage the digital integrity of a popular type of sensor: the capacitive MEMS accelerometer. Spoofing such sensors… Expand
Sensor Defense In-Software (SDI): Practical Software Based Detection of Spoofing Attacks on Position Sensor
TLDR
This work presents two software-only defenses against attacks on two common types of position sensors, specifically the gyroscope and the magnetometer: a machine learning based single sensor defense, and a sensor fusion defense which makes use of the mathematical relationship between the two sensors. Expand
SoK: A Minimalist Approach to Formalizing Analog Sensor Security
TLDR
A simple sensor security model such that sensor engineers can better express analog security properties of sensor circuitry without needing to learn significantly new notation to enable more meaningful quantification of risk for the design and evaluation of past and future sensors. Expand
Injected and Delivered: Fabricating Implicit Control over Actuation Systems by Spoofing Inertial Sensors
TLDR
This work studies the out-of-band signal injection methods to deliver adversarial control to embedded MEMS inertial sensors and evaluates consequent vulnerabilities exposed in control systems relying on them. Expand
Special Session: Noninvasive Sensor-Spoofing Attacks on Embedded and Cyber-Physical Systems
TLDR
This paper presents a motivational example of a sensor-spoofing attack on Hall sensors in the context of smart grids to demonstrate the harmful consequences of this type of attack in ECPSs. Expand
Vulnerability of MEMS Gyroscopes to Targeted Acoustic Attacks
TLDR
It is concluded that ultrasonic attacks on MEMS gyroscopes can impose high-security risks and new measures have to be taken to protect the gyroscope from targeted acoustic attacks. Expand
A Framework for Evaluating Security in the Presence of Signal Injection Attacks
TLDR
This work introduces a system and threat model for signal injection attacks, and introduces an algorithm which allows circuit designers to concretely calculate the security level of real systems. Expand
Impact of injection attacks on sensor-based continuous authentication for smartphones
TLDR
The goal of this paper is to study the impact of injection attacks in terms of accuracy and immediacy to illustrate the time the adversary remains unnoticed and it is shown that the type of sensor at stake and configuration settings may have a dramatic effect on countering this threat. Expand
An intentional acoustic interference approach to control output signals of MEMS gyroscope based on short-time Fourier analysis
TLDR
An intentional acoustic interference approach is proposed to achieve fully adversarial control over the output signals of capacitive MEMS gyroscopes and demonstrates the feasibility of output biasing attack. Expand
Learning-based Practical Smartphone Eavesdropping with Built-in Accelerometer
TLDR
A novel deep learning based system that learns to recognize and reconstruct speech information from the spectrogram representation of acceleration signals and employs adaptive optimization on deep neural networks with skip connections using robust and generalizable losses to achieve robust recognition and reconstruction performance. Expand
Taxonomy and Challenges of Out-of-Band Signal Injection Attacks and Defenses
TLDR
The first survey of out-of-band signal injection attacks is presented, focusing on unifying their terminology and identifying commonalities in their causes and effects through a chronological, evolutionary, and thematic taxonomy of attacks. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 38 REFERENCES
Non-invasive Spoofing Attacks for Anti-lock Braking Systems
TLDR
The development of a prototype ABS spoofer is described to enable a disruptive, naive attack aimed to corrupt the measured wheel speed by overwhelming the original signal and a more advanced spoofing attack, designed to inject a counter-signal such that the braking system mistakenly reports a specific velocity. Expand
Sampling Race: Bypassing Timing-Based Analog Active Sensor Spoofing Detection on Analog-Digital Systems
TLDR
It is shown that PyCRA can be completely bypassed, both by theoretical analysis and by real-world experiment, and shows that there is currently no effective robust and generalizable defense scheme against active sensor spoofing attacks. Expand
Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors
TLDR
This paper investigated whether an adversary could incapacitate drones equipped with Micro-Electro-Mechanical Systems (MEMS) gyroscopes using intentional sound noise to disrupt the operation of drones. Expand
PyCRA: Physical Challenge-Response Authentication For Active Sensors Under Spoofing Attacks
TLDR
Evaluating both the robustness and the limitations of the PyCRA security scheme is evaluated, concluding by outlining practical considerations as well as further applications for the proposed authentication mechanism. Expand
Ghost Talk: Mitigating EMI Signal Injection Attacks against Analog Sensors
TLDR
This work measures the susceptibility of analog sensor systems to signal injection attacks by intentional, low-power emission of chosen electromagnetic waveforms, and proposes defense mechanisms to reduce the risks. Expand
This Ain't Your Dose: Sensor Spoofing Attack on Medical Infusion Pump
TLDR
A new type of sensor spoofing attack based on saturation is proposed, which can make a sensor to ignore legitimate inputs and bypass the alarm systems of the targets. Expand
AccelPrint: Imperfections of Accelerometers Make Smartphones Trackable
TLDR
This paper submits a hypothesis that smartphone/tablet accelerometers possess unique fingerprints, which can be exploited for tracking users, and believes that the fingerprints arise from hardware imperfections during the sensor manufacturing process, causing every sensor chip to respond differently to the same motion stimulus. Expand
Influence of Acoustic Noise on the Dynamic Performance of MEMS Gyroscopes
Advances in MEMS technology have resulted in relatively low cost gyroscopes and accelerometers and, correspondingly, inexpensive inertial measurement systems. This has opened up the field ofExpand
On the Degradation of MEMS Gyroscope Performance in the Presence of High Power Acoustic Noise
Due to their reduced size, cost, and power requirements relative to traditional gyroscopes, MEMS gyroscopic sensors are finding increasing use in many applications. It is well known that unshieldedExpand
Practicality of accelerometer side channels on smartphones
TLDR
This paper demonstrates how to use the accelerometer sensor to learn user tap- and gesture-based input as required to unlock smartphones using a PIN/password or Android's graphical password pattern and develops sample rate independent features for accelerometer readings based on signal processing and polynomial fitting techniques. Expand
...
1
2
3
4
...