Jiachang Wen,Chen Yan,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/eeet58130.2022.00019

2022-01-01

Abstract:With the widespread use of new technologies such as mobile Internet, cloud computing, and Internet of Things in power systems, the number of terminal devices in power systems has increased dramatically, and the ensuing security vulnerabilities have increased, making terminal devices increasingly vulnerable to cyber attacks such as ransomware viruses. In this paper, we focus on the security of terminal devices in power systems and realize security monitoring of power terminals by collecting power consumption side channel information of power terminal devices in normal and abnormal states, using training device abnormality identification models using supervised learning algorithms with some time-domain frequency-domain feature information of power consumption as power consumption features of the devices.

Yuehan Chi,Yushi Cheng,Xiaoyu Ji

DOI: https://doi.org/10.1088/1742-6596/2242/1/012038

2022-01-01

Journal of Physics Conference Series

Abstract:The application of information technology in many fields is becoming more and more popular, but while bringing about a rapid increase in productivity, it also brings some safety issues, especially in industrial control systems. Since the industrial control system often uses a computer as the control center of some devices, once this computer is attacked, it will cause serious harm. The use of additional security software for security monitoring is not completely credible, after all, security monitoring software will also be attacked and become invalid. Therefore, the method of using some side channels and machine learning is very popular recently, especially the power consumption side channels. However, the power consumption will change with the running time of the device. If the model trained by supervised learning will fail after a few days, this paper proposes a self-learning method based on the power consumption side channel, which can be stable for a long time with a high accuracy of 97%.

Aidong Xu,Yixin Jiang,Yang Cao,Guoming Zhang,Xiaoyu Ji,Wenyuan Xu

DOI: https://doi.org/10.1109/ei247390.2019.9062014

2019-01-01

Abstract:With the rapid development of information technology and the Internet of Things, the common information technologies are being applied to the power grid. It brings about the tremendous improvement in productivity, yet breaks down the safety barrier, which makes the power grid a popular target for attacks. The Distribution Terminal Unit (DTU) is a critical part of the power grid because of the acts as access points in the substation and controls the grid equipment. However, DTUs are vulnerable to different types of attacks, which can cause significant property loss or even casualties To monitor the operation of DTU, we proposed a real-time monitoring system by analyzing the side-channel information of power consumption. To validate this idea, we design 3 types of attacks and collect the power information separately, then we choose representational power features and machine learning algorithm for detecting those attacks. We validate that it is feasible to detect attacks and achieves a detection accuracy above 99%.

Shane S. Clark,Benjamin Ransford,Amir Rahmati,Shane Guineau,Jacob Sorber,Wenyuan Xu,Kevin Fu

2013-01-01

Abstract:Medical devices based on embedded systems are ubiquitous in clinical settings. Increasingly, they connect to networks and run off-the-shelf operating systems vulnerable to malware. But strict validation requirements make it prohibitively difficult or costly to use anti-virus software or automated operating system updates on these systems. Our add-on monitoring system, WattsUpDoc, uses a traditionally undesirable side channel of power consumption to enable run-time malware detection. In our experiments, WattsUpDoc detected previously known malware with at least 94% accuracy and previously unknown malware with at least 85% accuracy on several embedded devices--detection rates similar to those of conventional malware-detection systems on PCs. WattsUpDoc detects malware without requiring hardware or software modifications or network communication.

Kai Wang,Shilin Xiao,Xiaoyu Ji,Chen Yan,Chaohao Li,Wenyuan Xu

DOI: https://doi.org/10.1109/sp46215.2023.10179340

2023-01-01

Abstract:This paper analyzes the security of Internet of Things (IoT) devices from the perspective of sensing and actuating. Particularly, we discover a vulnerability in power supply modules and propose Volttack attacks. To launch a Volttack attack, attackers may compromise the power source and inject malicious signals through the power supply module, which is indispensable in most devices. Eventually, Volttack attacks may cause the sensor measurement irrelevant to reality or maneuver the actuator in a way disregarding the desired command. To understand Volttack, we systematically analyze the underlying principle of power supply signals affecting the electronic components, which are building blocks to constitute the sensor or actuator modules. Derived from these findings, we implement and validate Volttack on off-the-shelf products: 6 sensors and 3 actuators, which are used in applications ranging from automobile braking systems, industrial process control to robotic arms. The consequences of manipulating the sensor measurement or actuation include doubled car braking distance and a natural gas leak. The root cause of such a vulnerability stems from the common belief that noises from the power line are unintentional, and our work aims to call for attention to enhancing the security of power supply modules and adding countermeasures to mitigate the attacks.

Zainab Alwaisi,Simone Soderi,Rocco De Nicola

DOI: https://doi.org/10.1007/978-3-031-50051-0_12

2024-10-15

Abstract:With the rapid development of Internet of Things (IoT) technology, intelligent systems are increasingly integrating into everyday life and people's homes. However, the proliferation of these technologies raises concerns about the security of smart home devices. These devices often face resource constraints and may connect to unreliable networks, posing risks to the data they handle. Securing IoT technology is crucial due to the sensitive data involved. Preventing energy attacks and ensuring the security of IoT infrastructure are key challenges in modern smart homes. Monitoring energy consumption can be an effective approach to detecting abnormal behavior and IoT cyberattacks. Lightweight algorithms are necessary to accommodate the resource limitations of IoT devices. This paper presents a lightweight technique for detecting energy consumption attacks on smart home devices by analyzing received packets. The proposed algorithm considers TCP, UDP, and MQTT protocols, as well as device statuses (Idle, active, under attack). It accounts for resource constraints and promptly alerts administrators upon detecting an attack. The proposed approach effectively identifies energy consumption attacks by measuring packet reception rates for different protocols.

Cryptography and Security

K. Nimmy,M. Dilraj,Sriram Sankaran,Krishnashree Achuthan

DOI: https://doi.org/10.1007/s12652-022-04110-6

IF: 3.662

2022-06-23

Journal of Ambient Intelligence and Humanized Computing

Abstract:Anomaly detection in smart homes is paramount in the prevailing information age as smart devices remain susceptible to sophisticated cyber-attacks. Hackers exploit vulnerabilities such as weak passwords and insecure, unencrypted data transfer to launch Distributed Denial of Service (DDoS) attacks. Sensible deployment of conventional security measures is jeopardized by the heterogeneity and resource constraints of smart devices. This article presents a novel approach that leverages the power consumption of Internet of Things (IoT) devices to detect anomalous behavior in smart home environments. We prototype a smart camera using Raspberry Pi and gather power traces for normal activity. Furthermore, we model DDoS attacks on the experimental setup and generate attack traces of power consumption. Besides, we compare the performances of several machine learning models for accurate prediction of the presence of anomalies. A deep feed-forward neural network model achieves an accuracy of 99.2% compared to other models. Empirical evaluations of the proposed concept affirm that power consumption is a promising parameter in detecting anomalies in smart homes. The proposed method is suitable for smart homes as it does not impose additional overhead on resource-constrained IoT devices.

computer science, information systems,telecommunications, artificial intelligence

Eirini Anthi,Lowri Williams,Małgorzata Słowińska,George Theodorakopoulos,Pete Burnap,Malgorzata Slowinska

DOI: https://doi.org/10.1109/jiot.2019.2926365

IF: 10.6

2019-10-01

IEEE Internet of Things Journal

Abstract:The proliferation in Internet of Things (IoT) devices, which routinely collect sensitive information, is demonstrated by their prominence in our daily lives. Although such devices simplify and automate every day tasks, they also introduce tremendous security flaws. Current insufficient security measures employed to defend smart devices make IoT the "weakest" link to breaking into a secure infrastructure, and therefore an attractive target to attackers. This paper proposes a three layer intrusion detection system (IDS) that uses a supervised approach to detect a range of popular network based cyber-attacks on IoT networks. The system consists of three main functions: 1) classify the type and profile the normal behavior of each IoT device connected to the network; 2) identifies malicious packets on the network when an attack is occurring; and 3) classifies the type of the attack that has been deployed. The system is evaluated within a smart home testbed consisting of eight popular commercially available devices. The effectiveness of the proposed IDS architecture is evaluated by deploying 12 attacks from 4 main network based attack categories, such as denial of service (DoS), man-in-the-middle (MITM)/spoofing, reconnaissance, and replay. Additionally, the system is also evaluated against four scenarios of multistage attacks with complex chains of events. The performance of the system's three core functions result in an F-measure of: 1) 96.2%; 2) 90.0%; and 3) 98.0%. This demonstrates that the proposed architecture can automatically distinguish between IoT devices on the network, whether network activity is malicious or benign, and detect which attack was deployed on which device connected to the network successfully.

Ethan Chen,John Kan,Bo-Yuan Yang,Jimmy Zhu,Vanessa Chen

DOI: https://doi.org/10.3390/s21248288

IF: 3.9

2021-12-11

Sensors

Abstract:Rapid growth of sensors and the Internet of Things is transforming society, the economy and the quality of life. Many devices at the extreme edge collect and transmit sensitive information wirelessly for remote computing. The device behavior can be monitored through side-channel emissions, including power consumption and electromagnetic (EM) emissions. This study presents a holistic self-testing approach incorporating nanoscale EM sensing devices and an energy-efficient learning module to detect security threats and malicious attacks directly at the front-end sensors. The built-in threat detection approach using the intelligent EM sensors distributed on the power lines is developed to detect abnormal data activities without degrading the performance while achieving good energy efficiency. The minimal usage of energy and space can allow the energy-constrained wireless devices to have an on-chip detection system to predict malicious attacks rapidly in the front line.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Sefatun-Noor Puspa,Abyad Enan,Reek Majumdar,M Sabbir Salek,Gurcan Comert,Mashrur Chowdhury

2024-11-20

Abstract:Cyber-physical systems rely on sensors, communication, and computing, all powered by integrated circuits (ICs). ICs are largely susceptible to various hardware attacks with malicious intents. One of the stealthiest threats is the insertion of a hardware trojan into the IC, causing the circuit to malfunction or leak sensitive information. Due to supply chain vulnerabilities, ICs face risks of trojan insertion during various design and fabrication stages. These trojans typically remain inactive until triggered. Once triggered, trojans can severely compromise system safety and security. This paper presents a non-invasive method for hardware trojan detection based on side-channel power analysis. We utilize the dynamic power measurements for twelve hardware trojans from IEEE DataPort. Our approach applies to signal processing techniques to extract crucial time-domain and frequency-domain features from the power traces, which are then used for trojan detection leveraging Artificial Intelligence (AI) models. Comparison with a baseline detection approach indicates that our approach achieves higher detection accuracy than the baseline models used on the same side-channel power dataset.

Cryptography and Security

Marcell Szakály,Sebastian Köhler,Martin Strohmeier,Ivan Martinovic

DOI: https://doi.org/10.48550/arXiv.2305.06901

2023-05-11

Abstract:Many modern devices, including critical infrastructures, depend on the reliable operation of electrical power conversion systems. The small size and versatility of switched-mode power converters has resulted in their widespread adoption. Whereas transformer-based systems passively convert voltage, switched-mode converters feature an actively regulated feedback loop, which relies on accurate sensor measurements. Previous academic work has shown that many types of sensors are vulnerable to Intentional Electromagnetic Interference (IEMI) attacks, and it has been postulated that power converters, too, are affected. In this paper, we present the first detailed study on switched-mode power converters by targeting their voltage and current sensors through IEMI attacks. We present a theoretical framework for evaluating IEMI attacks against feedback-based power supplies in the general case. We experimentally validate our theoretical predictions by analyzing multiple AC-DC and DC-DC converters, automotive grade current sensors, and dedicated battery chargers, and demonstrate the systematic vulnerability of all examined categories under real-world conditions. Finally, we demonstrate that sensor attacks on power converters can cause permanent damage to Li-Ion batteries during the charging process.

Cryptography and Security

Jie Su,Zhen Hong,Lei Ye,Tao Liu,Sizhuang Liang,Shouling Ji,Gagangeet Singh Aujla,Reheem Beyah,Zhenyu Wen

DOI: https://doi.org/10.1109/tce.2023.3347651

2024-01-01

IEEE Transactions on Consumer Electronics

Abstract:As a typical representative of the Internet of Energy (IoE) intelligent era, consumer electronic (CE) devices continue to evolve at a remarkable pace. Computers, as typical and essential CE devices, have been instrumental in enhancing efficiency, communication, entertainment, and information access. As part of this evolution, a significant trend in computer design focuses on achieving low power consumption while maintaining high performance. For instance, a computer’s central processing unit (CPU) dynamically modulates its output power in response to the varying workload demands of running applications. However, these power efficiency mechanisms may inadvertently introduce implicit patterns into the operational states of CE devices. Particularly, the power consumption of a CE device executing various tasks can manifest distinguishable temporal patterns, thereby exposing potential vulnerabilities. Thus, this work aims to investigate the vulnerabilities of CE devices on power consumption mechanisms. We focus on exploring the possibility of using alternating current (AC) power consumption to infer the running applications on a consumer computer. To achieve that, we construct a physical attack system that employs data acquisition, processing, classification, and inference stages to establish a “profiler" for application profiling. The extensive experiment results on the self-collected power consumption dataset (36 applications) demonstrate the effectiveness of the attacking system.

Zag ElSayed,Nelly Elsayed,Chengcheng Li,Magdy Bayoumi

DOI: https://doi.org/10.48550/arXiv.2106.00834

2021-06-01

Networking and Internet Architecture

Abstract:Network security morning (NSM) is essential for any cybersecurity system, where the average cost of a cyber attack is 1.1 million. No matter how secure a system, it will eventually fail without proper and continuous monitoring. No wonder that the cybersecurity market is expected to grow up to $170.4 billion in 2022. However, the majority of legacy industries do not invest in NSM implementation until it is too late due to the initial and operation costs and static unutilized resources. Thus, this paper proposes a novel dynamic Internet of things (IoT) architecture for an industrial NSM that features a low installation and operation cost, low power consumption, intelligent organization behavior, and environmentally friendly operation. As a case study, the system is implemented in a mid-range oil a gas manufacturing facility in the southern states with more than 300 machines and servers over three remote locations and a production plant that features a challenging atmosphere condition. The proposed system successfully shows a significant saving (>65%) in power consumption, acquires one-tenth of the installation cost, develops an intelligent operation expert system tool as well as saves the environment from more than 500mg of CO2 pollution per hour, promoting green IoT systems.

Ping He,Zhengyi Zhu,Xuyan Wang,Can Zhang,Wei Yuan,Junhua Hao

DOI: https://doi.org/10.13052/dgaej2156-3306.3847

2023-01-01

Distributed Generation & Alternative Energy Journal

Abstract:A power-system protection device built using Internet-of-Things (IoT) technologies in an intelligent environment. IoT supports electrical and physical parameters monitoring. One of the characteristics that must be checked is electricity usage from electronic gadgets. It is a complex problem to design energy-efficient IoT methods. IoT gets more complicated because of its vast size, and current wireless sensor network approaches cannot be used directly to IoT. Information gathering on the area is monitored by intelligent cellular terminals, intelligent security tools, and other multi-source sensing equipment. That is the foundation for the combined analysis and evaluation of security risk extensive data by cloud computing and edge computing. The IoT-based Power safety tools management (IoT-PSTM) system has been developed to integrate it into intelligent settings, such as smart homes or smart cities, to safeguard electrical equipment. It is meant to increase power security by quickly disconnecting in failure events such as leaking current. The system allows for real-time monitoring and alerting of events using a sophisticated data-concentration architecture communication interface. The goal is to progress and merge several technologies technically and integrate them into a personal safety system to increase security, preserve their availability, eliminate mistakes, and reduce the time required for scheduled or ad hoc interventions. Real-time data transmission, instant data processing from diverse sources, local intelligence in low-power embedded systems, interaction with many on-site users, sophisticated user interfaces, portability, and wearability are the main difficulties for the research project. This article offers a comprehensive explanation of the design and execution of the proposed system and the test findings. The results denote the higher performance of the suggested IoT-PSTM system with IoT module and enhanced performance of 94.7%.

Dominik Breitenbacher,Ivan Homoliak,Yan Lin Aung,Nils Ole Tippenhauer,Yuval Elovici

DOI: https://doi.org/10.48550/arXiv.1905.01027

2019-05-03

Abstract:Internet of Things (IoT) devices have become ubiquitous and are spread across many application domains including the industry, transportation, healthcare, and households. However, the proliferation of the IoT devices has raised the concerns about their security, especially when observing that many manufacturers focus only on the core functionality of their products due to short time to market and low-cost pressures, while neglecting security aspects. Moreover, it does not exist any established or standardized method for measuring and ensuring the security of IoT devices. Consequently, vulnerabilities are left untreated, allowing attackers to exploit IoT devices for various purposes, such as compromising privacy, recruiting devices into a botnet, or misusing devices to perform cryptocurrency mining. In this paper, we present a practical Host-based Anomaly DEtection System for IoT (HADES-IoT) that represents the last line of defense. HADES-IoT has proactive detection capabilities, provides tamper-proof resistance, and it can be deployed on a wide range of Linux-based IoT devices. The main advantage of HADES-IoT is its low performance overhead, which makes it suitable for the IoT domain, where state-of-the-art approaches cannot be applied due to their high-performance demands. We deployed HADES-IoT on seven IoT devices to evaluate its effectiveness and performance overhead. Our experiments show that HADES-IoT achieved 100% effectiveness in the detection of current IoT malware such as VPNFilter and IoTReaper; while on average, requiring only 5.5% of available memory and causing only a low CPU load.

Cryptography and Security

Asanka Sayakkara,Nhien-An Le-Khac,Mark Scanlon

DOI: https://doi.org/10.1016/j.diin.2019.03.002

2019-03-19

Abstract:The increasing prevalence of Internet of Things (IoT) devices has made it inevitable that their pertinence to digital forensic investigations will increase into the foreseeable future. These devices produced by various vendors often posses limited standard interfaces for communication, such as USB ports or WiFi/Bluetooth wireless interfaces. Meanwhile, with an increasing mainstream focus on the security and privacy of user data, built-in encryption is becoming commonplace in consumer-level computing devices, and IoT devices are no exception. Under these circumstances, a significant challenge is presented to digital forensic investigations where data from IoT devices needs to be analysed. This work explores the electromagnetic (EM) side-channel analysis literature for the purpose of assisting digital forensic investigations on IoT devices. EM side-channel analysis is a technique where unintentional electromagnetic emissions are used for eavesdropping on the operations and data handling of computing devices. The non-intrusive nature of EM side-channel approaches makes it a viable option to assist digital forensic investigations as these attacks require, and must result in, no modification to the target device. The literature on various EM side-channel analysis attack techniques are discussed - selected on the basis of their applicability in IoT device investigation scenarios. The insight gained from the background study is used to identify promising future applications of the technique for digital forensic analysis on IoT devices - potentially progressing a wide variety of currently hindered digital investigations.

Cryptography and Security

Fangyu Li,Aditya Shinde,Yang Shi,Jin Ye,Xiang-Yang Li,Wenzhan Song

DOI: https://doi.org/10.1109/jiot.2019.2897063

IF: 10.6

2019-01-01

IEEE Internet of Things Journal

Abstract:Cyber attacks and malfunctions challenge the wide applications of Internet of Things (IoT). Since they are generally designed as embedded systems, typical auto-sustainable IoT devices usually have a limited capacity and a low processing power. Because of the limited computation resources, it is difficult to apply the traditional techniques designed for personal computers or super computers, like traffic analyzers and antivirus software. In this paper, we propose to leverage statistical learning methods to characterize the device behavior and flag deviations as anomalies. Because the system statistics, such as CPU usage cycles, disk usage, etc., can be obtained by IoT application program interfaces, the proposed framework is platform and deviceindependent. Considering IoT applications, we train multiple machine learning models to evaluate their feasibility and suitability. For the target auto-sustainable IoT devices, which operate well-planned processes, the normal system performances can be modeled accurately. Based on time series analysis methods, such as local outlier factor, cumulative sum, and the proposed adaptive online thresholding, the anomalous behaviors can be effectively detected. Comparing their performances on detecting anomalies as well as the computation sources required, we conclude that relatively simple machine learning models are more suitable for IoT security, and a data-driven anomaly detection method is preferred.

Amit Kumar Sikder,Giuseppe Petracca,Hidayet Aksu,Trent Jaeger,A. Selcuk Uluagac

DOI: https://doi.org/10.48550/arXiv.1802.02041

2018-02-07

Abstract:The concept of Internet of Things (IoT) has become more popular in the modern era of technology than ever before. From small household devices to large industrial machines, the vision of IoT has made it possible to connect the devices with the physical world around them. This increasing popularity has also made the IoT devices and applications in the center of attention among attackers. Already, several types of malicious activities exist that attempt to compromise the security and privacy of the IoT devices. One interesting emerging threat vector is the attacks that abuse the use of sensors on IoT devices. IoT devices are vulnerable to sensor-based threats due to the lack of proper security measurements available to control use of sensors by apps. By exploiting the sensors (e.g., accelerometer, gyroscope, microphone, light sensor, etc.) on an IoT device, attackers can extract information from the device, transfer malware to a device, or trigger a malicious activity to compromise the device. In this survey, we explore various threats targeting IoT devices and discuss how their sensors can be abused for malicious purposes. Specifically, we present a detailed survey about existing sensor-based threats to IoT devices and countermeasures that are developed specifically to secure the sensors of IoT devices. Furthermore, we discuss security and privacy issues of IoT devices in the context of sensor-based threats and conclude with future research directions.

Cryptography and Security

Yang Shi,Fangyu Li,Wen-Zhan Song,Xiangyang Li,Jin Ye

DOI: https://doi.org/10.1145/3321408.3321588

2019-01-01

Abstract:In this paper, we propose an attack detection framework in the Internet of Things (IoT) devices. The framework applies a data-centric method to process the energy consumption data and classify the attack status of the monitored device. We implement the framework in real hardware, and emulate common types of attacks to evaluate the performance of the attack detection framework. Due to the characteristic of the energy data, not only cyber attacks but also physical attacks such as heating are also emulated and tested. To shorten the detection time, a two-stage strategy is also proposed to first apply a short time window for a rough detection, then a long time window to the fine detection of anomalies. The accuracy of short-term detection is 90%, while in the long-term detections the accuracy reaches 99.5%. Due to the nature of information from energy consumption data, the framework is more secure in cases the kernel of the device is already compromised.

Luca Mottola,Arslan Hameed,Thiemo Voigt

DOI: https://doi.org/10.48550/arXiv.2304.08224

2023-07-17

Abstract:We study how ambient energy harvesting may be used as an attack vector in the battery-less Internet of Things (IoT). Battery-less IoT devices rely on ambient energy harvesting and are employed in a multitude of applications, including safety-critical ones such as biomedical implants. Due to scarce energy intakes and limited energy buffers, their executions become intermittent, alternating periods of active operation with periods of recharging energy buffers. Through an independent exploratory study and a follow-up systematic analysis, we demonstrate that by exerting limited control on ambient energy one can create situations of livelock, denial of service, and priority inversion, without physical device access. We call these situations energy attacks. Using concepts of approximate intermittent computing and machine learning, we design a technique that can detect energy attacks with 92%+ accuracy, that is, up to 37% better than the baselines, and with up to one fifth of their energy overhead. Crucially, by design, our technique does not cause any additional energy failure compared to the regular intermittent processing. We conclude with directions to inspire defense techniques and a discussion on the feasibility of energy attacks.

Cryptography and Security