TY - GEN
T1 - The chatty-sensor
T2 - 35th Annual Computer Security Applications Conference, ACSAC 2019
AU - Herzberg, Amir
AU - Kfir, Yehonatan
N1 - Publisher Copyright:
© 2019 Association for Computing Machinery.
PY - 2019/12/9
Y1 - 2019/12/9
N2 - Cyber physical systems (CPS) typically contain multiple control loops, where the controllers use actuators to trigger a physical process, based on sensor readings. Attackers typically coordinate attack with multiple corrupted devices; defenses often focus on detecting this abnormal communication. We present the first provably-covert channel from a ‘covertly-transmitting sensor’ to a ‘covertly-receiving actuator’, interacting only indirectly, via a benign threshold-based controller. The covert devices cannot be practically distinguished from benign devices. The covert traffic is encoded within the output noise of the covertly-transmitting sensor, whose distribution is indistinguishable from that of a benign sensor (with comparable specifications). We evaluated the channel, showing its applicability for signaling and coordinating attacks between the sensor and the actuator. This capability requires to re-evaluate security monitoring and preventing systems in CPS.
AB - Cyber physical systems (CPS) typically contain multiple control loops, where the controllers use actuators to trigger a physical process, based on sensor readings. Attackers typically coordinate attack with multiple corrupted devices; defenses often focus on detecting this abnormal communication. We present the first provably-covert channel from a ‘covertly-transmitting sensor’ to a ‘covertly-receiving actuator’, interacting only indirectly, via a benign threshold-based controller. The covert devices cannot be practically distinguished from benign devices. The covert traffic is encoded within the output noise of the covertly-transmitting sensor, whose distribution is indistinguishable from that of a benign sensor (with comparable specifications). We evaluated the channel, showing its applicability for signaling and coordinating attacks between the sensor and the actuator. This capability requires to re-evaluate security monitoring and preventing systems in CPS.
KW - Covert channel
KW - Cyber physical systems
KW - Cyber security
KW - Intrusion detection
UR - http://www.scopus.com/inward/record.url?scp=85077812961&partnerID=8YFLogxK
U2 - 10.1145/3359789.3359794
DO - 10.1145/3359789.3359794
M3 - Conference contribution
AN - SCOPUS:85077812961
T3 - ACM International Conference Proceeding Series
SP - 638
EP - 649
BT - Proceedings - 35th Annual Computer Security Applications Conference, ACSAC 2019
PB - Association for Computing Machinery
Y2 - 9 December 2019 through 13 December 2019
ER -