An official website of the United States government
Over the past decades, the major objectives of computer design have been to improve performance and to reduce cost, energy consumption, and size, while security has remained a secondary concern. Meanwhile, malicious attacks have rapidly grown as the number of Internet-connected devices, ranging from personal smart embedded systems to large cloud servers, have been increasing. Traditional antivirus software cannot keep up with the increasing incidence of these attacks, especially for exploits targeting hardware design vulnerabilities. For example, as DRAM process technology scales down, it becomes easier for DRAM cells to electrically interact with each other. For instance, in Rowhammer attacks, it is possible to corrupt data in nearby rows by reading the same row in DRAM. As Rowhammer exploits a computer hardware weakness, no software patch can completely fix the problem. Similarly, there is no efficient software mitigation to the recently reported attack Spectre. The attack exploits microarchitectural design vulnerabilities to leak protected data through side channels. In general, completely fixing hardware-level vulnerabilities would require a redesign of the hardware which cannot be backported. In this paper, we demonstrate that by monitoring deviations in microarchitectural events such as cache misses, branch mispredictions from existing CPU performance counters, hardware-level attacks such as Rowhammer and Spectre can be efficiently detected during runtime with promising accuracy and reasonable performance overhead using various machine learning classifiers.
more »
« less
On the Security and Data Integrity of Low-Cost Sensor Networks for Air Quality Monitoring
The emerging connected, low-cost, and easy-to-use air quality monitoring systems have enabled a paradigm shift in the field of air pollution monitoring. These systems are increasingly being used by local government and non-profit organizations to inform the public, and to support decision making related to air quality. However, data integrity and system security are rarely considered during the design and deployment of such monitoring systems, and such ignorance leaves tremendous room for undesired and damaging cyber intrusions. The collected measurement data, if polluted, could misinform the public and mislead policy makers. In this paper, we demonstrate such issues by using a.com, a popular low-cost air quality monitoring system that provides an affordable and continuous air quality monitoring capability to broad communities. To protect the air quality monitoring network under this investigation, we denote the company of interest as a.com. Through a series of probing, we are able to identify multiple security vulnerabilities in the system, including unencrypted message communication, incompetent authentication mechanisms, and lack of data integrity verification. By exploiting these vulnerabilities, we have the ability of “impersonating” any victim sensor in the a.com system and polluting its data using fabricated data. To the best of our knowledge, this is the first security analysis of low-cost and connected air quality monitoring systems. Our results highlight the urgent need in improving the security and data integrity design in these systems.
more »
« less
- Award ID(s):
- 1642124
- PAR ID:
- 10082798
- Date Published:
- Journal Name:
- Sensors
- Volume:
- 18
- Issue:
- 12
- ISSN:
- 1424-8220
- Page Range / eLocation ID:
- 4451
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
The Internet of Medical Things (IoMT) is a network of interconnected medical devices, wearables, and sensors integrated into healthcare systems. It enables real-time data collection and transmission using smart medical devices with trackers and sensors. IoMT offers various benefits to healthcare, including remote patient monitoring, improved precision, and personalized medicine, enhanced healthcare efficiency, cost savings, and advancements in telemedicine. However, with the increasing adoption of IoMT, securing sensitive medical data becomes crucial due to potential risks such as data privacy breaches, compromised health information integrity, and cybersecurity threats to patient information. It is necessary to consider existing security mechanisms and protocols and identify vulnerabilities. The main objectives of this paper aim to identify specific threats, analyze the effectiveness of security measures, and provide a solution to protect sensitive medical data. In this paper, we propose an innovative approach to enhance security management for sensitive medical data using blockchain technology and smart contracts within the IoMT ecosystem. The proposed system aims to provide a decentralized and tamper-resistant plat- form that ensures data integrity, confidentiality, and controlled access. By integrating blockchain into the IoMT infrastructure, healthcare organizations can significantly enhance the security and privacy of sensitive medical data.more » « less
-
— In this paper, we first develop a low-cost surfacebased air pollutants measurement system for the real-time air pollution monitoring and forecasting applications. Then, we compare the performance achieved by the proposed system in real-time urban environment with currently used static monitoring stations by the governmental environmental protection agency (EPA). The proposed design uses particulate matter, humidity, and temperature sensors to measure the values of the air pollutant that determines the value of the Air Quality Index (AQI). The SD storage device is interfaced with the system to store the large amount of data sensed by the system. The Arduino UNO-based processing unit integrates with the sensing units to process and control the sensed air pollutants data. The proposed system is deployed in indoors and outdoor environment in under served minority communities in big cities to illustrate real-time environmental pollution measurement and monitoring applications. The system can measure, monitor and alert the level of PM2.5 and PM10 components of the AQI as they are often the main pollutant that determines the AQI value. The performance of the proposed system compares with the expensive data logger-based EPA-approved LDEQ sensorsbased air quality monitoring system. Our analysis shows that the measurement and monitoring performance of the proposed system is comparable with the EPA-approved LDEQ sensorsbased air quality monitoring system. The analysis also shows that there is a spatial and temporal variation of PM2.5 and PM10 values even for sites that are less than a mile apart. The interaction interphase of the system is simpler and easier to use as compared with bulky display systems in traditional EPA-based monitoring systems. In contrast with the traditional data logger-based system, the proposed system is smaller and quicker to deploy to test specific air pollutants in interested urban and rural locations .more » « less
-
Padhy, Sudarsan; Oria, Vincent (Ed.)The simplicity, low cost, and scalability of Internet of Things (IoT) devices have led researchers to study their applications in a wide range of areas such as Healthcare, Transportation, and Agriculture. IoT devices help farmers to monitor the conditions in a field. These are connected to edge devices for real-time analysis. The edge servers send commands to actuators in the farm directly, without human intervention. At the same time, security vulnerabilities are a big concern, concomitant with the increasing utilization of IoT devices. If the duplication of an IoT device occurs and attackers gain access to the system, then the integrity of the entire ecosystem will be at stake, regardless of the application domain. This paper presents a Physical Unclonable Function (PUF) based hardware security primitive for the authentication of Internet of Agro-Things (IoAT) devices. The proposed security scheme has been prototyped with a testbed evaluation. An arbiter PUF module has been used for the validation of the proposed scheme. The PUF based security primitive is lightweight, scalable, and robust as it mainly depends on inherent manufacturing variations, thereby ensuring no chance for the duplication of IoT devices.more » « less
-
Cyber-physical system security is a significant concern in the critical infrastructure. Strong interdependencies between cyber and physical components render cyber-physical systems highly susceptible to integrity attacks such as injecting malicious data and projecting fake sensor measurements. Traditional security models partition cyber-physical systems into just two domains – high and low. This absolute partitioning is not well suited to cyber-physical systems because they comprise multiple overlapping partitions. Information flow properties, which model how inputs to a system affect its outputs across security partitions, are important considerations in cyber-physical systems. Information flows support traceability analysis that helps detect vulnerabilities and anomalous sources, contributing to the implementation of mitigation measures. This chapter describes an automated model with graph-based information flow traversal for identifying information flow paths in the Automatic Dependent Surveillance-Broadcast (ADS-B) system used in civilian aviation, and subsequently partitioning the flows into security domains. The results help identify ADS-B system vulnerabilities to failures and attacks, and determine potential mitigation measures.more » « less
- Free Publicly Accessible Full Text
-
Accepted Manuscript1.0
- Journal Article:
- https://doi.org/10.3390/s18124451
