Stealthy Information Leakage Through Peripheral Exploitation in Modern Embedded Systems
Autor: | Dimitrios Tychalas, Anastasis Keliris, Michail Maniatakos |
---|---|
Rok vydání: | 2020 |
Předmět: |
010302 applied physics
Computer performance Computer science business.industry media_common.quotation_subject Programmable logic controller Industrial control system 01 natural sciences Electronic Optical and Magnetic Materials Information sensitivity Debugging Embedded system 0103 physical sciences Information leakage Overhead (computing) Electrical and Electronic Engineering Safety Risk Reliability and Quality business Direct memory access media_common |
Zdroj: | IEEE Transactions on Device and Materials Reliability. 20:308-318 |
ISSN: | 1558-2574 1530-4388 |
DOI: | 10.1109/tdmr.2020.2994016 |
Popis: | Embedded systems are being aggressively integrated in every aspect of modern life, with uses ranging from personal devices to devices deployed in critical systems, such as autonomous vehicles, aircrafts, and industrial control systems. Embedded systems handle sensitive information, which can be potentially exposed leveraging their poor security posture. In this paper, we present a novel attack vector that automates stealthy information leakage from modern embedded systems. Specifically, we leverage the Device Tree, a data structure that describes the hardware profile of a system, to extract detailed information about the target system. Utilizing this information, we introduce a stealthy attack that attempts to bridge the air-gap by transferring data from memory directly to analog peripherals. The attack resides solely in the peripherals, completely transparent to the main CPU, by judiciously short-circuiting specific components. We implement this attack on a commercial Programmable Logic Controller (PLC), leaking information over the available LEDs. We evaluate the presented attack vector in terms of stealthiness, and we demonstrate no observable overhead on both CPU performance and DMA transfer speed. Furthermore, we propose a generalized defense scheme for peripheral exploitation attacks by establishing a hardware root of trust through JTAG debugging. Our methodology keeps track of peripheral traffic through JTAG-enabled monitoring, alerts the system for possible malicious behavior and handles the threat removal. We test our defense in terms of imposed performance overhead and overall potency, achieving solid detection of the underlying attack at a low performance cost. |
Databáze: | OpenAIRE |
Externí odkaz: |