Sensing danger: Exploiting sensors to build covert channels

Thomas Ulz; Markus Feldbacher; Thomas Pieber; Christian Steger

Sensing danger: Exploiting sensors to build covert channels

Thomas Ulz, Markus Feldbacher, Thomas Pieber, Christian Steger

Institute of Technical Informatics (4480)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

Recent incidents have shown that sensor-equipped devices can be used by adversaries to perform malicious activities, such as spying on end-users or for industrial espionage. In this paper, we present a novel attack scenario that uses unsecured embedded sensors to build covert channels that can be used to bypass security mechanisms and transfer information between isolated processes. We present covert channels that require read- and write-access for sensor registers as well as a covert channel that transfers data by just triggering sensor readings so that malicious behavior cannot be distinguished from normal sensor usage. For each presented covert channel we discuss the trade-off between data rate and the likelihood of being detected as well as potential countermeasures. The fastest covert channel we implemented achieves a data rate of 4844 bit/s while the stealthiest but slower covert channel cannot be distinguished from normal user behavior. To highlight the significance of these security issues, we used popular platforms, such as Linux and Android, to evaluate the presented covert channels. However, we do not make any assumption regarding the device's platform, and thus we believe that the presented exploits pose a significant security risk for any sensor-equipped device.

Original language	English
Title of host publication	ICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy
Editors	Paolo Mori, Olivier Camp, Steven Furnell
Publisher	SciTePress - Science and Technology Publications
Pages	100-113
Number of pages	14
ISBN (Electronic)	9789897583599
Publication status	Published - 1 Jan 2019
Event	5th International Conference on Information Systems Security and Privacy: ICISSP 2019 - Prague, Czech Republic Duration: 23 Feb 2019 → 25 Feb 2019

Publication series

Name	ICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy

Conference

Conference	5th International Conference on Information Systems Security and Privacy
Abbreviated title	ICISSP 2019
Country/Territory	Czech Republic
City	Prague
Period	23/02/19 → 25/02/19

Keywords

Covert Channel
Exploit
Security
Sensor
Side-channel

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications
Information Systems
Safety, Risk, Reliability and Quality

Cite this

Ulz, T., Feldbacher, M., Pieber, T., & Steger, C. (2019). Sensing danger: Exploiting sensors to build covert channels. In P. Mori, O. Camp, & S. Furnell (Eds.), ICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy (pp. 100-113). (ICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy). SciTePress - Science and Technology Publications.

Sensing danger: Exploiting sensors to build covert channels. / Ulz, Thomas; Feldbacher, Markus; Pieber, Thomas et al.
ICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy. ed. / Paolo Mori; Olivier Camp; Steven Furnell. SciTePress - Science and Technology Publications, 2019. p. 100-113 (ICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Ulz, T, Feldbacher, M, Pieber, T & Steger, C 2019, Sensing danger: Exploiting sensors to build covert channels. in P Mori, O Camp & S Furnell (eds), ICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy. ICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy, SciTePress - Science and Technology Publications, pp. 100-113, 5th International Conference on Information Systems Security and Privacy, Prague, Czech Republic, 23/02/19.

Ulz T, Feldbacher M, Pieber T, Steger C. Sensing danger: Exploiting sensors to build covert channels. In Mori P, Camp O, Furnell S, editors, ICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy. SciTePress - Science and Technology Publications. 2019. p. 100-113. (ICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy).

Ulz, Thomas ; Feldbacher, Markus ; Pieber, Thomas et al. / Sensing danger : Exploiting sensors to build covert channels. ICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy. editor / Paolo Mori ; Olivier Camp ; Steven Furnell. SciTePress - Science and Technology Publications, 2019. pp. 100-113 (ICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy).

@inproceedings{89c995dc29c24af8b3b4927bdbe5ba39,

title = "Sensing danger: Exploiting sensors to build covert channels",

abstract = "Recent incidents have shown that sensor-equipped devices can be used by adversaries to perform malicious activities, such as spying on end-users or for industrial espionage. In this paper, we present a novel attack scenario that uses unsecured embedded sensors to build covert channels that can be used to bypass security mechanisms and transfer information between isolated processes. We present covert channels that require read- and write-access for sensor registers as well as a covert channel that transfers data by just triggering sensor readings so that malicious behavior cannot be distinguished from normal sensor usage. For each presented covert channel we discuss the trade-off between data rate and the likelihood of being detected as well as potential countermeasures. The fastest covert channel we implemented achieves a data rate of 4844 bit/s while the stealthiest but slower covert channel cannot be distinguished from normal user behavior. To highlight the significance of these security issues, we used popular platforms, such as Linux and Android, to evaluate the presented covert channels. However, we do not make any assumption regarding the device's platform, and thus we believe that the presented exploits pose a significant security risk for any sensor-equipped device.",

keywords = "Covert Channel, Exploit, Security, Sensor, Side-channel",

author = "Thomas Ulz and Markus Feldbacher and Thomas Pieber and Christian Steger",

year = "2019",

month = jan,

day = "1",

language = "English",

series = "ICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy",

publisher = "SciTePress - Science and Technology Publications",

pages = "100--113",

editor = "Paolo Mori and Olivier Camp and Steven Furnell",

booktitle = "ICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy",

note = "5th International Conference on Information Systems Security and Privacy : ICISSP 2019, ICISSP 2019 ; Conference date: 23-02-2019 Through 25-02-2019",

}

TY - GEN

T1 - Sensing danger

T2 - 5th International Conference on Information Systems Security and Privacy

AU - Ulz, Thomas

AU - Feldbacher, Markus

AU - Pieber, Thomas

AU - Steger, Christian

PY - 2019/1/1

Y1 - 2019/1/1

N2 - Recent incidents have shown that sensor-equipped devices can be used by adversaries to perform malicious activities, such as spying on end-users or for industrial espionage. In this paper, we present a novel attack scenario that uses unsecured embedded sensors to build covert channels that can be used to bypass security mechanisms and transfer information between isolated processes. We present covert channels that require read- and write-access for sensor registers as well as a covert channel that transfers data by just triggering sensor readings so that malicious behavior cannot be distinguished from normal sensor usage. For each presented covert channel we discuss the trade-off between data rate and the likelihood of being detected as well as potential countermeasures. The fastest covert channel we implemented achieves a data rate of 4844 bit/s while the stealthiest but slower covert channel cannot be distinguished from normal user behavior. To highlight the significance of these security issues, we used popular platforms, such as Linux and Android, to evaluate the presented covert channels. However, we do not make any assumption regarding the device's platform, and thus we believe that the presented exploits pose a significant security risk for any sensor-equipped device.

AB - Recent incidents have shown that sensor-equipped devices can be used by adversaries to perform malicious activities, such as spying on end-users or for industrial espionage. In this paper, we present a novel attack scenario that uses unsecured embedded sensors to build covert channels that can be used to bypass security mechanisms and transfer information between isolated processes. We present covert channels that require read- and write-access for sensor registers as well as a covert channel that transfers data by just triggering sensor readings so that malicious behavior cannot be distinguished from normal sensor usage. For each presented covert channel we discuss the trade-off between data rate and the likelihood of being detected as well as potential countermeasures. The fastest covert channel we implemented achieves a data rate of 4844 bit/s while the stealthiest but slower covert channel cannot be distinguished from normal user behavior. To highlight the significance of these security issues, we used popular platforms, such as Linux and Android, to evaluate the presented covert channels. However, we do not make any assumption regarding the device's platform, and thus we believe that the presented exploits pose a significant security risk for any sensor-equipped device.

KW - Covert Channel

KW - Exploit

KW - Security

KW - Sensor

KW - Side-channel

UR - http://www.scopus.com/inward/record.url?scp=85064706880&partnerID=8YFLogxK

M3 - Conference paper

AN - SCOPUS:85064706880

T3 - ICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy

SP - 100

EP - 113

BT - ICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy

A2 - Mori, Paolo

A2 - Camp, Olivier

A2 - Furnell, Steven

PB - SciTePress - Science and Technology Publications

Y2 - 23 February 2019 through 25 February 2019

ER -

Sensing danger: Exploiting sensors to build covert channels

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this