Embed Size (px)
Citation preview
Safeguarding Sensor Device Drivers Using Physical ConstraintsGregory Brooks†‡, Youchao Wang‡, and Phillip Stanley-MarbellUniversity of Cambridge
[1] K. Fu and W. Xu. Risks of trusting the physics of sensors. Communications of the ACM, 61(2):20–23, January 2018. [2] J. Lim and P. Stanley-Marbell. Newton: A language for describing physics. ArXiv Preprints, arXiv:1811.04626 [cs.PL], 2018. [3] Analog Devices, Analog devices advisory to ICSALERT-17-073-01.Technical Report, 2017.
Inferring Plausible Attacks using Bayesian Statistics
➂Abstract The measurand signals measured by sensors in a multi- sensor system are often constrained by physics — sensors can produce erroneous measurement values that violate the underlying physical constraints. Such errors in sensor measurements can cause software that uses sensor values to malfunction. Transduction attacks exploit this observation to induce sensors into generating erroneous measurement outputs. This work proposes using information about the constraints on the physics of signals to guard against transduction attacks.
References:This research is supported by an Alan Turing Institute award TU/B/000096 under EPSRC grant EP/N510129/1 and by Royal Society grant RG170136.
Measurements
Implementation of the equation [3] relating acceleration to transduction attack stimulus signal, in Newton [2].
Sensors measure measurands in the physical world to produce measurements. Drivers make implicit assumptions on plausible values of measurements. This may compromise security [1].
Context➀
Use a log-likelihood ratio to test for board resonance:
Observation➁
Structural mechanics of sensor placement imposes constraints on measurement values.
Preliminary Results④
Device Driver LogicMicrocontroller or Processor
I2C
SPI
I2C
SPI
Sensorsensing element
ADC
Experimental setup
‡ Student.† Presenting.
LLR ≈ -24600
LLR ≈ +3731
Simulating a transduction attack stimulus using a mobile phone speaker and a small circuit board containing an accelerometer.
The log-likelihood ratio (LLR) computed based on invariant from ➁ distinguishes between the control signal and sinusoidal transduction attack stimulus.
Future WorkAutomate generating sensor interface hardware and software to detect transduction attacks from Newton [2] physical system specification, in Newton compiler.
a =d2(dbd)
dt2= (Qbddbd)
max!2 sin(!t)<latexit sha1_base64="JN35rxZ1pTHN04MQjMluwgGvUXk=">AAACNnicdVDLbhMxFPWUVymvFJZsroiQ0k3kGbU0WSBVsGGFWom0lTJJdMfjSa3anpF9BzUazV+x4DdYwoINILZ8As4DCRAcydLxOffIviertPLE+cdo69r1Gzdvbd/euXP33v0Hnd2Hp76snZAjUerSnWfopVZWjkiRlueVk2gyLc+yy5dL/+ytdF6V9g0tKjkxOLeqUAIpSLPOa4TnkBYO RZNPE+jlsybL2722yYGmSRvM3slKgo0zbQxetZCWRs4xJFKvbG99A9qbdbq8nxzw4eEAeP+Ax8P9JBDOB8NnHOJAluiyDY5nnQ9pXoraSEtCo/fjmFc0adCRElq2O2ntZYXiEudyHKhFI/2kWe3dwtOg5FCULhxLsFJ/TzRovF+YLEwapAv/t7cU/+WNayoGk0bZqiZpxfqhotZAJSxLhFw5KUgvAkHhVPgriAsMJVKoOnTwa1H4PzlN+nHgJ/vdoxebNrbZY/aE9VjMDtkRe8WO2YgJ9o59Yl/Y1+h99Dn6Fn1fj25Fm8wj9geiHz8BTnOqxA==</latexit><latexit sha1_base64="JN35rxZ1pTHN04MQjMluwgGvUXk=">AAACNnicdVDLbhMxFPWUVymvFJZsroiQ0k3kGbU0WSBVsGGFWom0lTJJdMfjSa3anpF9BzUazV+x4DdYwoINILZ8As4DCRAcydLxOffIviertPLE+cdo69r1Gzdvbd/euXP33v0Hnd2Hp76snZAjUerSnWfopVZWjkiRlueVk2gyLc+yy5dL/+ytdF6V9g0tKjkxOLeqUAIpSLPOa4TnkBYO RZNPE+jlsybL2722yYGmSRvM3slKgo0zbQxetZCWRs4xJFKvbG99A9qbdbq8nxzw4eEAeP+Ax8P9JBDOB8NnHOJAluiyDY5nnQ9pXoraSEtCo/fjmFc0adCRElq2O2ntZYXiEudyHKhFI/2kWe3dwtOg5FCULhxLsFJ/TzRovF+YLEwapAv/t7cU/+WNayoGk0bZqiZpxfqhotZAJSxLhFw5KUgvAkHhVPgriAsMJVKoOnTwa1H4PzlN+nHgJ/vdoxebNrbZY/aE9VjMDtkRe8WO2YgJ9o59Yl/Y1+h99Dn6Fn1fj25Fm8wj9geiHz8BTnOqxA==</latexit><latexit sha1_base64="JN35rxZ1pTHN04MQjMluwgGvUXk=">AAACNnicdVDLbhMxFPWUVymvFJZsroiQ0k3kGbU0WSBVsGGFWom0lTJJdMfjSa3anpF9BzUazV+x4DdYwoINILZ8As4DCRAcydLxOffIviertPLE+cdo69r1Gzdvbd/euXP33v0Hnd2Hp76snZAjUerSnWfopVZWjkiRlueVk2gyLc+yy5dL/+ytdF6V9g0tKjkxOLeqUAIpSLPOa4TnkBYO RZNPE+jlsybL2722yYGmSRvM3slKgo0zbQxetZCWRs4xJFKvbG99A9qbdbq8nxzw4eEAeP+Ax8P9JBDOB8NnHOJAluiyDY5nnQ9pXoraSEtCo/fjmFc0adCRElq2O2ntZYXiEudyHKhFI/2kWe3dwtOg5FCULhxLsFJ/TzRovF+YLEwapAv/t7cU/+WNayoGk0bZqiZpxfqhotZAJSxLhFw5KUgvAkHhVPgriAsMJVKoOnTwa1H4PzlN+nHgJ/vdoxebNrbZY/aE9VjMDtkRe8WO2YgJ9o59Yl/Y1+h99Dn6Fn1fj25Fm8wj9geiHz8BTnOqxA==</latexit><latexit sha1_base64="JN35rxZ1pTHN04MQjMluwgGvUXk=">AAACNnicdVDLbhMxFPWUVymvFJZsroiQ0k3kGbU0WSBVsGGFWom0lTJJdMfjSa3anpF9BzUazV+x4DdYwoINILZ8As4DCRAcydLxOffIviertPLE+cdo69r1Gzdvbd/euXP33v0Hnd2Hp76snZAjUerSnWfopVZWjkiRlueVk2gyLc+yy5dL/+ytdF6V9g0tKjkxOLeqUAIpSLPOa4TnkBYO RZNPE+jlsybL2722yYGmSRvM3slKgo0zbQxetZCWRs4xJFKvbG99A9qbdbq8nxzw4eEAeP+Ax8P9JBDOB8NnHOJAluiyDY5nnQ9pXoraSEtCo/fjmFc0adCRElq2O2ntZYXiEudyHKhFI/2kWe3dwtOg5FCULhxLsFJ/TzRovF+YLEwapAv/t7cU/+WNayoGk0bZqiZpxfqhotZAJSxLhFw5KUgvAkHhVPgriAsMJVKoOnTwa1H4PzlN+nHgJ/vdoxebNrbZY/aE9VjMDtkRe8WO2YgJ9o59Yl/Y1+h99Dn6Fn1fj25Fm8wj9geiHz8BTnOqxA==</latexit>
LLR = �2NX
i=1
1⇡
����1p
((Qbddbd)max)2!4�a2i
����
12be
⇣� |ai�µ|
b
⌘
<latexit sha1_base64="uXQUzQYLaxzq3kJ3vG8gzezC9gk=">AAACqnicdVFdb9MwFHXC1yhfZTzyYlFN6iRaOVHH2gekCV54mKZtomtR3USO47TW4iSzHUTl+s/xD3jk3+C0nQYIrmT7+Nwv+9ykyrnSCP30/Hv3Hzx8tPe49eTps+cv2i/3r1RZS8rGtMxLOU2IYjkv2FhznbNpJRkRSc4myfXHxj/5yqTiZfFZryo2F2RR8IxToh0Vt79DLIheSmFOTy8tfA97IcSqFrHh7hLYyJxZiDNJqNnugTW44hbnLNNreMepG6nNhu12L2KTpBamm+MwMoJ8s1jyxVIfRiEuBVuQaAB7kMQ8Cq2rv/Gt7V2LMLGQRbt6vS29duE9LGoXl9yWs7bVitsd1A+P0Oh4CFH/CAWjQegAQsPROwQDBxrrgJ2dx+0fOC1pLVihaU6UmgWo0nNDpOY0Z7aFa8UqQq/Jgs0cLIhgam42Wlt44JgUZqV0q9Bww/6eYYhQaiXc+w8aYdXfvob8l29W62w4N7yoas0Kum2U1TnUJWwGB1MuGdX5ygFCJXdvhXRJnDDajddpcPtR+H9wFfYDhy8GnZMPOzX2wGvwBnRBAI7BCfgEzsEYUK/rnXkTb+q/9S/9L/5sG+p7u5xX4A/z018wY9Nb</latexit><latexit sha1_base64="uXQUzQYLaxzq3kJ3vG8gzezC9gk=">AAACqnicdVFdb9MwFHXC1yhfZTzyYlFN6iRaOVHH2gekCV54mKZtomtR3USO47TW4iSzHUTl+s/xD3jk3+C0nQYIrmT7+Nwv+9ykyrnSCP30/Hv3Hzx8tPe49eTps+cv2i/3r1RZS8rGtMxLOU2IYjkv2FhznbNpJRkRSc4myfXHxj/5yqTiZfFZryo2F2RR8IxToh0Vt79DLIheSmFOTy8tfA97IcSqFrHh7hLYyJxZiDNJqNnugTW44hbnLNNreMepG6nNhu12L2KTpBamm+MwMoJ8s1jyxVIfRiEuBVuQaAB7kMQ8Cq2rv/Gt7V2LMLGQRbt6vS29duE9LGoXl9yWs7bVitsd1A+P0Oh4CFH/CAWjQegAQsPROwQDBxrrgJ2dx+0fOC1pLVihaU6UmgWo0nNDpOY0Z7aFa8UqQq/Jgs0cLIhgam42Wlt44JgUZqV0q9Bww/6eYYhQaiXc+w8aYdXfvob8l29W62w4N7yoas0Kum2U1TnUJWwGB1MuGdX5ygFCJXdvhXRJnDDajddpcPtR+H9wFfYDhy8GnZMPOzX2wGvwBnRBAI7BCfgEzsEYUK/rnXkTb+q/9S/9L/5sG+p7u5xX4A/z018wY9Nb</latexit><latexit sha1_base64="uXQUzQYLaxzq3kJ3vG8gzezC9gk=">AAACqnicdVFdb9MwFHXC1yhfZTzyYlFN6iRaOVHH2gekCV54mKZtomtR3USO47TW4iSzHUTl+s/xD3jk3+C0nQYIrmT7+Nwv+9ykyrnSCP30/Hv3Hzx8tPe49eTps+cv2i/3r1RZS8rGtMxLOU2IYjkv2FhznbNpJRkRSc4myfXHxj/5yqTiZfFZryo2F2RR8IxToh0Vt79DLIheSmFOTy8tfA97IcSqFrHh7hLYyJxZiDNJqNnugTW44hbnLNNreMepG6nNhu12L2KTpBamm+MwMoJ8s1jyxVIfRiEuBVuQaAB7kMQ8Cq2rv/Gt7V2LMLGQRbt6vS29duE9LGoXl9yWs7bVitsd1A+P0Oh4CFH/CAWjQegAQsPROwQDBxrrgJ2dx+0fOC1pLVihaU6UmgWo0nNDpOY0Z7aFa8UqQq/Jgs0cLIhgam42Wlt44JgUZqV0q9Bww/6eYYhQaiXc+w8aYdXfvob8l29W62w4N7yoas0Kum2U1TnUJWwGB1MuGdX5ygFCJXdvhXRJnDDajddpcPtR+H9wFfYDhy8GnZMPOzX2wGvwBnRBAI7BCfgEzsEYUK/rnXkTb+q/9S/9L/5sG+p7u5xX4A/z018wY9Nb</latexit><latexit sha1_base64="uXQUzQYLaxzq3kJ3vG8gzezC9gk=">AAACqnicdVFdb9MwFHXC1yhfZTzyYlFN6iRaOVHH2gekCV54mKZtomtR3USO47TW4iSzHUTl+s/xD3jk3+C0nQYIrmT7+Nwv+9ykyrnSCP30/Hv3Hzx8tPe49eTps+cv2i/3r1RZS8rGtMxLOU2IYjkv2FhznbNpJRkRSc4myfXHxj/5yqTiZfFZryo2F2RR8IxToh0Vt79DLIheSmFOTy8tfA97IcSqFrHh7hLYyJxZiDNJqNnugTW44hbnLNNreMepG6nNhu12L2KTpBamm+MwMoJ8s1jyxVIfRiEuBVuQaAB7kMQ8Cq2rv/Gt7V2LMLGQRbt6vS29duE9LGoXl9yWs7bVitsd1A+P0Oh4CFH/CAWjQegAQsPROwQDBxrrgJ2dx+0fOC1pLVihaU6UmgWo0nNDpOY0Z7aFa8UqQq/Jgs0cLIhgam42Wlt44JgUZqV0q9Bww/6eYYhQaiXc+w8aYdXfvob8l29W62w4N7yoas0Kum2U1TnUJWwGB1MuGdX5ygFCJXdvhXRJnDDajddpcPtR+H9wFfYDhy8GnZMPOzX2wGvwBnRBAI7BCfgEzsEYUK/rnXkTb+q/9S/9L/5sG+p7u5xX4A/z018wY9Nb</latexit>
-��� -��� ��� ��� ���������������������������
�������� �������� �-���� (������������ - �������)
������������������
Mean: 0.0248108, Stdev.: 0.115268Kurtosis: 1.66154 (3 is Gaussian), Skewness: -0.21255,
Coefficient of Variation of Abs[data]: 0.51737,Min: -0.168945, Max: 0.194824,
Significant Decimal Digits in Measurement Batch: 0Significant Binary Digits in Measurement Batch: 1
Est. Dist.: MixtureDistribution[{0.554123, 0.385767, 0.06011},{NormalDistribution[-0.0739557, 0.0837394],
NormalDistribution[0.120384, 0.0623194], NormalDistribution[0.237334,0.026112]}]
The null hypothesis that the data is distributed accordingto the NormalDistribution[x.. , y
.
. ] is rejected at the 5.percent level based on the Cramér-von Mises test.
��� ��� ��� ��� ��� ������
���
���
���
���
���
������������� ���
�����������
-���� -���� ���� ���� ���� ���� ��������
����
����
����
������� �������� �-���� (������������ - �������)
������������������
Mean: 0.0146101, Stdev.: 0.00556009Kurtosis: 3.96345 (3 is Gaussian), Skewness: 0.215582,
Coefficient of Variation of Abs[data]: 0.377685,Min: -0.00390625, Max: 0.0302734,
Significant Decimal Digits in Measurement Batch: 0Significant Binary Digits in Measurement Batch: 0
Est. Dist.: UniformDistribution[{-0.0919813, 0.123943}]The null hypothesis that the data is distributed according
to the NormalDistribution[x.. , y.. ] is rejected at the 5.
percent level based on the Cramér-von Mises test.
��� ��� ��� ��� ��� ������
���
���
���
���
���
������������� ���
�����������
