Hardware-Induced Security & Privacy Vulnerabilities in the Internet of Things

Kiruba S. Subramani, Angelos Antonopoulos, Aria Nosratinia, Yiorgos Makris

Testable & RELiable Architectures Lab, University of Texas at Dallas

Insecure network services (UPnP), cloud services, insecure wireless communications (WiFi)

Security and Privacy

– Remote control of home appliances

– Loss of sensitive user information, e.g. health data, health habits, etc.

Software and Firmware attacks

Do you Trust your IoT hardware?

– Performance vs. power vs. security

– Hardware Trojans, counterfeit ICs, rogue devices

2

IoT: Architectural Vulnerabilities

Hardware Trojans at the Device Level

Hardware Trojans in Wireless Cryptographic ICs

– Steal sensitive information (i.e. key, plaintext)

– Hide leaked data as “added” structure of the transmission profile, exploiting process variations

– No violation of digital, analog/RF or system specifications

3

Liu et al., ICCAD 2013

Trojan Infested Transmission

Hardware Trojans at the Network Level

Hardware Trojans in wireless networks

– Stealing sensitive information in 802.11a/g.

– Exploiting the unused space (Gap) between wireless standards, device operating point and specifications

– Experiments in a single-link WiFi network (WARP boards, 1 AP, 1 STA)

4

Hardware Trojans at the Network Level

Baseband attack changes the packet-error-rate profile

5

RF attack changes the power transmission profile

0.5dB

Detection and Prevention

Detection: PDF of noise affected by Trojan

6

Prevention: Occupying the Trojan space w. temp.

operating states

Encoder Channel Decoder

EncoderΣ

+-

PD

F o

f N

ois

e

Trojan noise Trojan noise

Detection: Statistical Fingerprinting

Trojan-infested chipsTrojan-free chips

1-class classifier

Hardware Threats in Interoperable IoT

Gap can be amplified in the presence of multiple interoperable communication protocols, links and devices

No security features

IoT testing becomes complicated

7

DoS based attack Spurious leakage attack Collusion attack

Conclusions

Hardware-induced vulnerabilities in IoT security and privacy

Malicious hardware in the device and network level in single-link IoT environment

Sensitive private information can be leaked without disrupting communication

Proposed detection and prevention mechanisms

Extension of hardware attacks and defenses in an open interoperable IoT environment

8

Recommendations

In the event of performance degradation / deviation, individual devices need to alert the user

Rate devices based on data sensitivity

Identify security and privacy primitives

Develop detection and prevention mechanisms to ensure that the IoT is trusted

Introduce metrics for assessing detection and prevention

Develop architectures to make interoperable IoT secure, reliable and private

9

Acknowledgment:Material on Chip-Level Security partially supported by NSF 1149465, “THWART: Trojan Hardware in Wireless ICs: Analysis and Remedies for Trust”

Material on Wireless Network Security partially supported by NSF 1514050, “TWC: MEDIUM: Hardware Trojans in Wireless Networks - Risks and Remedies”

Questions?

10

aanton@utdallas.edu