Protecting the Security of Sensor Systems

Abstract

Sensors are a ubiquitous part of modern life, providing crucial data about the physical state of the world in application areas including entertainment in smartphones and virtual reality, transportation in aviation or (semi-)autonomous vehicles, manufacturing, smart infrastructure, and more. Thus a crucial aspect of ensuring the availability, integrity, and confidentiality of these applications is to ensure the same qualities in sensor systems. However, research shows how sensors may produce undesirable output that compromises security or privacy due to interaction with physical signals. For example, research shows that microphone output, representing sound, can instead represent light, a completely different quality. Adversaries can use this vector to launch attacks on sensor-reliant systems.

This dissertation posits the question, "How is systemic design for mitigating physically-based sensing vulnerabilities possible?" and sets a goal of laying the groundwork to enable such systemic design. This work contributes:

Methods, models, and language to categorize and analyze the space of physical sensor security. The primary categorization is between transduction and oversensing vulnerabilities. The Transduction Attack Model (TAM) provides a mathematical model to describe and categorize existing transduction vulnerabilities. For oversensing, the Anti-Oversensing System (OA-Sys) identifies categories of oversensing.

Mitigation design patterns for many physical sensor vulnerabilities to aid manufacturers and operating system designers. Specifically, existing mitigations for transduction vulnerabilities are categorized using TAM to reveal common design patterns to mitigate most oversensing vulnerabilities. OA-Sys provides preliminary mitigation designs for common sensor use-cases in smartphones.

Specific case studies of how to apply higher-level knowledge on transduction and oversensing vulnerabilities learned in TAM and OA-Sys to specific problems. Blue Note described two transduction vulnerabilities using acoustic waves to interrupt hard disk drive availability. Touchtone Eavesdropping uses motion sensor data to sense user input in smartphones via how motion sensors capture mechanically coupled sound.