hardware-induced security & privacy vulnerabilities in the...
TRANSCRIPT
Hardware-Induced Security & Privacy Vulnerabilities in the Internet of Things
Kiruba S. Subramani, Angelos Antonopoulos, Aria Nosratinia, Yiorgos Makris
Testable & RELiable Architectures Lab, University of Texas at Dallas
Insecure network services (UPnP), cloud services, insecure wireless communications (WiFi)
Security and Privacy
– Remote control of home appliances
– Loss of sensitive user information, e.g. health data, health habits, etc.
Software and Firmware attacks
Do you Trust your IoT hardware?
– Performance vs. power vs. security
– Hardware Trojans, counterfeit ICs, rogue devices
2
IoT: Architectural Vulnerabilities
Hardware Trojans at the Device Level
Hardware Trojans in Wireless Cryptographic ICs
– Steal sensitive information (i.e. key, plaintext)
– Hide leaked data as “added” structure of the transmission profile, exploiting process variations
– No violation of digital, analog/RF or system specifications
3
Liu et al., ICCAD 2013
Trojan Infested Transmission
Hardware Trojans at the Network Level
Hardware Trojans in wireless networks
– Stealing sensitive information in 802.11a/g.
– Exploiting the unused space (Gap) between wireless standards, device operating point and specifications
– Experiments in a single-link WiFi network (WARP boards, 1 AP, 1 STA)
4
Hardware Trojans at the Network Level
Baseband attack changes the packet-error-rate profile
5
RF attack changes the power transmission profile
0.5dB
Detection and Prevention
Detection: PDF of noise affected by Trojan
6
Prevention: Occupying the Trojan space w. temp.
operating states
Encoder Channel Decoder
EncoderΣ
+-
PD
F o
f N
ois
e
Trojan noise Trojan noise
Detection: Statistical Fingerprinting
Trojan-infested chipsTrojan-free chips
1-class classifier
Hardware Threats in Interoperable IoT
Gap can be amplified in the presence of multiple interoperable communication protocols, links and devices
No security features
IoT testing becomes complicated
7
DoS based attack Spurious leakage attack Collusion attack
Conclusions
Hardware-induced vulnerabilities in IoT security and privacy
Malicious hardware in the device and network level in single-link IoT environment
Sensitive private information can be leaked without disrupting communication
Proposed detection and prevention mechanisms
Extension of hardware attacks and defenses in an open interoperable IoT environment
8
Recommendations
In the event of performance degradation / deviation, individual devices need to alert the user
Rate devices based on data sensitivity
Identify security and privacy primitives
Develop detection and prevention mechanisms to ensure that the IoT is trusted
Introduce metrics for assessing detection and prevention
Develop architectures to make interoperable IoT secure, reliable and private
9
Acknowledgment:Material on Chip-Level Security partially supported by NSF 1149465, “THWART: Trojan Hardware in Wireless ICs: Analysis and Remedies for Trust”
Material on Wireless Network Security partially supported by NSF 1514050, “TWC: MEDIUM: Hardware Trojans in Wireless Networks - Risks and Remedies”