The chatty-sensor: A Provably-covert Channel in Cyber Physical Systems

Amir Herzberg; Yehonatan Kfir

doi:10.1145/3359789.3359794

The chatty-sensor: A Provably-covert Channel in Cyber Physical Systems

Amir Herzberg, Yehonatan Kfir

CS@BIU

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

12 Scopus citations

Abstract

Cyber physical systems (CPS) typically contain multiple control loops, where the controllers use actuators to trigger a physical process, based on sensor readings. Attackers typically coordinate attack with multiple corrupted devices; defenses often focus on detecting this abnormal communication. We present the first provably-covert channel from a ‘covertly-transmitting sensor’ to a ‘covertly-receiving actuator’, interacting only indirectly, via a benign threshold-based controller. The covert devices cannot be practically distinguished from benign devices. The covert traffic is encoded within the output noise of the covertly-transmitting sensor, whose distribution is indistinguishable from that of a benign sensor (with comparable specifications). We evaluated the channel, showing its applicability for signaling and coordinating attacks between the sensor and the actuator. This capability requires to re-evaluate security monitoring and preventing systems in CPS.

Original language	English
Title of host publication	Proceedings - 35th Annual Computer Security Applications Conference, ACSAC 2019
Publisher	Association for Computing Machinery
Pages	638-649
Number of pages	12
ISBN (Electronic)	9781450376280
DOIs	https://doi.org/10.1145/3359789.3359794
State	Published - 9 Dec 2019
Event	35th Annual Computer Security Applications Conference, ACSAC 2019 - San Juan, United States Duration: 9 Dec 2019 → 13 Dec 2019

Publication series

Name	ACM International Conference Proceeding Series

Conference

Conference	35th Annual Computer Security Applications Conference, ACSAC 2019
Country/Territory	United States
City	San Juan
Period	9/12/19 → 13/12/19

Bibliographical note

Funding Information:
This research is in part supported by an endowment from the Comcast corporation. The opinions expressed in the paper are those of the researchers themselves and not of their universities or of Comcast. We would like to acknowledge Dvir Shemesh for his support in this research.

Funding Information:
ACKNOWLEDGEMENTS: This research is in part supported by an endowment from the Comcast corporation. The opinions expressed in the paper are those of the researchers themselves and not of their universities or of Comcast. We would like to acknowledge Dvir Shemesh for his support in this research.

Publisher Copyright:
© 2019 Association for Computing Machinery.

Keywords

Covert channel
Cyber physical systems
Cyber security
Intrusion detection

Access to Document

10.1145/3359789.3359794

Cite this

@inproceedings{ad919fe3650f489fa9e4aea31a6f2431,

title = "The chatty-sensor: A Provably-covert Channel in Cyber Physical Systems",

abstract = "Cyber physical systems (CPS) typically contain multiple control loops, where the controllers use actuators to trigger a physical process, based on sensor readings. Attackers typically coordinate attack with multiple corrupted devices; defenses often focus on detecting this abnormal communication. We present the first provably-covert channel from a {\textquoteleft}covertly-transmitting sensor{\textquoteright} to a {\textquoteleft}covertly-receiving actuator{\textquoteright}, interacting only indirectly, via a benign threshold-based controller. The covert devices cannot be practically distinguished from benign devices. The covert traffic is encoded within the output noise of the covertly-transmitting sensor, whose distribution is indistinguishable from that of a benign sensor (with comparable specifications). We evaluated the channel, showing its applicability for signaling and coordinating attacks between the sensor and the actuator. This capability requires to re-evaluate security monitoring and preventing systems in CPS.",

keywords = "Covert channel, Cyber physical systems, Cyber security, Intrusion detection",

author = "Amir Herzberg and Yehonatan Kfir",

note = "Publisher Copyright: {\textcopyright} 2019 Association for Computing Machinery.; 35th Annual Computer Security Applications Conference, ACSAC 2019 ; Conference date: 09-12-2019 Through 13-12-2019",

year = "2019",

month = dec,

day = "9",

doi = "10.1145/3359789.3359794",

language = "אנגלית",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery",

pages = "638--649",

booktitle = "Proceedings - 35th Annual Computer Security Applications Conference, ACSAC 2019",

}

Herzberg, A & Kfir, Y 2019, The chatty-sensor: A Provably-covert Channel in Cyber Physical Systems. in Proceedings - 35th Annual Computer Security Applications Conference, ACSAC 2019. ACM International Conference Proceeding Series, Association for Computing Machinery, pp. 638-649, 35th Annual Computer Security Applications Conference, ACSAC 2019, San Juan, United States, 9/12/19. https://doi.org/10.1145/3359789.3359794

The chatty-sensor: A Provably-covert Channel in Cyber Physical Systems. / Herzberg, Amir; Kfir, Yehonatan.
Proceedings - 35th Annual Computer Security Applications Conference, ACSAC 2019. Association for Computing Machinery, 2019. p. 638-649 (ACM International Conference Proceeding Series).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - The chatty-sensor

T2 - 35th Annual Computer Security Applications Conference, ACSAC 2019

AU - Herzberg, Amir

AU - Kfir, Yehonatan

PY - 2019/12/9

Y1 - 2019/12/9

N2 - Cyber physical systems (CPS) typically contain multiple control loops, where the controllers use actuators to trigger a physical process, based on sensor readings. Attackers typically coordinate attack with multiple corrupted devices; defenses often focus on detecting this abnormal communication. We present the first provably-covert channel from a ‘covertly-transmitting sensor’ to a ‘covertly-receiving actuator’, interacting only indirectly, via a benign threshold-based controller. The covert devices cannot be practically distinguished from benign devices. The covert traffic is encoded within the output noise of the covertly-transmitting sensor, whose distribution is indistinguishable from that of a benign sensor (with comparable specifications). We evaluated the channel, showing its applicability for signaling and coordinating attacks between the sensor and the actuator. This capability requires to re-evaluate security monitoring and preventing systems in CPS.

AB - Cyber physical systems (CPS) typically contain multiple control loops, where the controllers use actuators to trigger a physical process, based on sensor readings. Attackers typically coordinate attack with multiple corrupted devices; defenses often focus on detecting this abnormal communication. We present the first provably-covert channel from a ‘covertly-transmitting sensor’ to a ‘covertly-receiving actuator’, interacting only indirectly, via a benign threshold-based controller. The covert devices cannot be practically distinguished from benign devices. The covert traffic is encoded within the output noise of the covertly-transmitting sensor, whose distribution is indistinguishable from that of a benign sensor (with comparable specifications). We evaluated the channel, showing its applicability for signaling and coordinating attacks between the sensor and the actuator. This capability requires to re-evaluate security monitoring and preventing systems in CPS.

KW - Covert channel

KW - Cyber physical systems

KW - Cyber security

KW - Intrusion detection

UR - http://www.scopus.com/inward/record.url?scp=85077812961&partnerID=8YFLogxK

U2 - 10.1145/3359789.3359794

DO - 10.1145/3359789.3359794

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85077812961

T3 - ACM International Conference Proceeding Series

SP - 638

EP - 649

BT - Proceedings - 35th Annual Computer Security Applications Conference, ACSAC 2019

PB - Association for Computing Machinery

Y2 - 9 December 2019 through 13 December 2019

ER -

The chatty-sensor: A Provably-covert Channel in Cyber Physical Systems

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this