- Award ID(s):
- 1738420
- NSF-PAR ID:
- 10073109
- Date Published:
- Journal Name:
- 2017 IEEE Military Communications Conference, MILCOM 2017
- Page Range / eLocation ID:
- 611 to 616
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
Designers are increasingly using mixed-criticality networks in embedded systems to reduce size, weight, power, and cost. Perhaps the most successful of these technologies is Time-Triggered Ethernet (TTE), which lets critical time-triggered (TT) traffic and non-critical best-effort (BE) traffic share the same switches and cabling. A key aspect of TTE is that the TT part of the system is isolated from the BE part, and thus BE devices have no way to disrupt the operation of the TTE devices. This isolation allows designers to: (1) use untrusted, but low cost, BE hardware, (2) lower BE security requirements, and (3) ignore BE devices during safety reviews and certification procedures.We present PCSPOOF, the first attack to break TTE’s isolation guarantees. PCSPOOF is based on two key observations. First, it is possible for a BE device to infer private information about the TT part of the network that can be used to craft malicious synchronization messages. Second, by injecting electrical noise into a TTE switch over an Ethernet cable, a BE device can trick the switch into sending these malicious synchronization messages to other TTE devices. Our evaluation shows that successful attacks are possible in seconds, and that each successful attack can cause TTE devices to lose synchronization for up to a second and drop tens of TT messages — both of which can result in the failure of critical systems like aircraft or automobiles. We also show that, in a simulated spaceflight mission, PCSPOOF causes uncontrolled maneuvers that threaten safety and mission success. We disclosed PCSPOOF to aerospace companies using TTE, and several are implementing mitigations from this paper.more » « less
-
Recently, switched Ethernet has become increasingly popular in networked cyber-physical systems (NCPS). In an Ethernet-based NCPS, network-connected devices (e.g., sensors and actuators) realize time-critical tasks by exchanging miscellaneous information, such as sensor readings and control commands. To ensure reliable control and operation, network-induced delays for time-critical NCPS applications must be carefully examined. In this work, we propose a framework combining network delay measurements and network-calculus-based delay performance analysis to obtain accurate, deterministic worst-case delay bounds for NCPS. By modeling traffic sources and networking devices (e.g., Ethernet switches) through measurements, we establish accurate traffic and device models for network-calculus-based analysis. To obtain worst-case delay bounds, different network-calculus-based analytical methods can be leveraged, allowing CPS architects to customize the proposed delay analysis framework to suit application-specific needs. Our evaluation results show that the proposed approach derives accurate delay bounds, making it a valuable tool for architects designing NCPSs supporting time-critical applications.more » « less
-
In many VoIP systems, Voice Activity Detection (VAD) is often used on VoIP traffic to suppress packets of silence in order to reduce the bandwidth consumption of phone calls. Unfortunately, although VoIP traffic is fully encrypted and secured, traffic analysis of this suppression can reveal identifying information about calls made to customer service automated phone systems. Because different customer service phone systems have distinct, but fixed (pre-recorded) automated voice messages sent to customers, VAD silence suppression used in VoIP will enable an eavesdropper to profile and identify these automated voice messages. In this paper, we will use a popular enterprise VoIP system (Cisco CallManager), running the default Session Initiation Protocol (SIP) protocol, to demonstrate that an attacker can reliably use the silence suppression to profile calls to such VoIP systems. Our real-world experiments demonstrate that this side-channel profiling attack can be used to accurately identify not only what customer service phone number a customer calls, but also what following options are subsequently chosen by the caller in the phone conversation.more » « less
-
The key concept for safe and efficient traffic management for Unmanned Aircraft Systems (UAS) is the notion of operation volume (OV). An OV is a 4-dimensional block of airspace and time, which can express an aircraft’s intent, and can be used for planning, de-confliction, and traffic management. While there are several high-level simulators for UAS Traffic Management (UTM), we are lacking a frame- work for creating, manipulating, and reasoning about OVs for heterogeneous air vehicles. In this paper, we address this and present SkyTrakx—a software toolkit for simulation and verification of UTM scenarios based on OVs. First, we illustrate a use case of SkyTrakx by presenting a specific air traffic coordination protocol. This protocol communicates OVs between participating aircraft and an airspace manager for traffic routing. We show how existing formal verification tools, Dafny and Dione, can assist in automatically checking key properties of the protocol. Second, we show how the OVs can be computed for heterogeneous air vehicles like quadcopters and fixed-wing aircraft using another verification technique, namely reachability analysis. Finally, we show that SkyTrakx can be used to simulate complex scenarios involving heterogeneous vehicles, for testing and performance evaluation in terms of workload and response delays analysis. Our experiments delineate the trade-off between performance and workload across different strategies for generating OVs.more » « less
-
Abstract Power intensification and miniaturization of electronics and energy systems are causing a critical challenge for thermal management. Single-phase heat transfer mechanisms including natural and forced convection of air and liquids cannot meet the ever-increasing demands. Two-phase heat transfer modes, such as evaporation, pool boiling, flow boiling, have much higher cooling capacities but are limited by a variety of practical instabilities, e.g., the critical heat flux (CHF), aka departure from nucleate boiling (DNB) in the nuclear industry, flow maldistribution, flow reversal, among others. These instabilities are often triggered suddenly during normal operation, and if not identified and mitigated in time, will lead to overheating issues and detrimental device failures. For example, when CHF is triggered during pool boiling, the device temperature can ramp up in the order of 150 °C/min. It is thus critical to implement real-time detection and mitigation algorithms for two-phase cooling. In the present work, we have developed an accurate and reliable technology for fault detection of high-performance two-phase cooling systems by coupling acoustic emission (AE) with multimodal fusion using deep learning. We have leveraged the contact AE sensor attached to the heater and hydrophones immersed in the working fluid to enable non-invasive fault detection.