TY - GEN
T1 - The chatty-sensor
T2 - 35th Annual Computer Security Applications Conference, ACSAC 2019
AU - Herzberg, Amir
AU - Kfir, Yehonatan
N1 - Funding Information:
This research is in part supported by an endowment from the Comcast corporation. The opinions expressed in the paper are those of the researchers themselves and not of their universities or of Comcast. We would like to acknowledge Dvir Shemesh for his support in this research.
Funding Information:
ACKNOWLEDGEMENTS: This research is in part supported by an endowment from the Comcast corporation. The opinions expressed in the paper are those of the researchers themselves and not of their universities or of Comcast. We would like to acknowledge Dvir Shemesh for his support in this research.
Publisher Copyright:
© 2019 Association for Computing Machinery.
PY - 2019/12/9
Y1 - 2019/12/9
N2 - Cyber physical systems (CPS) typically contain multiple control loops, where the controllers use actuators to trigger a physical process, based on sensor readings. Attackers typically coordinate attack with multiple corrupted devices; defenses often focus on detecting this abnormal communication. We present the first provably-covert channel from a ‘covertly-transmitting sensor’ to a ‘covertly-receiving actuator’, interacting only indirectly, via a benign threshold-based controller. The covert devices cannot be practically distinguished from benign devices. The covert traffic is encoded within the output noise of the covertly-transmitting sensor, whose distribution is indistinguishable from that of a benign sensor (with comparable specifications). We evaluated the channel, showing its applicability for signaling and coordinating attacks between the sensor and the actuator. This capability requires to re-evaluate security monitoring and preventing systems in CPS.
AB - Cyber physical systems (CPS) typically contain multiple control loops, where the controllers use actuators to trigger a physical process, based on sensor readings. Attackers typically coordinate attack with multiple corrupted devices; defenses often focus on detecting this abnormal communication. We present the first provably-covert channel from a ‘covertly-transmitting sensor’ to a ‘covertly-receiving actuator’, interacting only indirectly, via a benign threshold-based controller. The covert devices cannot be practically distinguished from benign devices. The covert traffic is encoded within the output noise of the covertly-transmitting sensor, whose distribution is indistinguishable from that of a benign sensor (with comparable specifications). We evaluated the channel, showing its applicability for signaling and coordinating attacks between the sensor and the actuator. This capability requires to re-evaluate security monitoring and preventing systems in CPS.
KW - Covert channel
KW - Cyber physical systems
KW - Cyber security
KW - Intrusion detection
UR - http://www.scopus.com/inward/record.url?scp=85077812961&partnerID=8YFLogxK
U2 - 10.1145/3359789.3359794
DO - 10.1145/3359789.3359794
M3 - Conference contribution
AN - SCOPUS:85077812961
T3 - ACM International Conference Proceeding Series
SP - 638
EP - 649
BT - Proceedings - 35th Annual Computer Security Applications Conference, ACSAC 2019
PB - Association for Computing Machinery
Y2 - 9 December 2019 through 13 December 2019
ER -