skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: BIC: Blind Identification Countermeasure for Malicious Thermal Sensor Attacks in Mobile SoCs
Mobile System-on-Chips (SoCs) heavily rely on dynamic thermal management (DTM) methods in order to deal with their thermal and power density issues at runtime. The efficiency of any DTM method is directly related to the temperature data coming from the thermal sensors. For the first time, in this paper, we introduce a serious security attack on thermal sensors that can alter both the performance and reliability of the chip. We propose a Blind Identification Countermeasure (BIC) that successfully defeats the attack by identifying and isolating the infected sensor. In addition, the proposed method can accurately estimate the steady state temperature of the core associated with the isolated thermal sensor so that the DTM can continue its services with no interruption. Based on our wide range of evaluations, BIC can provide an excellent accuracy of 100% in detecting attacking sensors with a maximum temperature estimation error of ≈0.18°C. Also, BIC inflects a negligible performance overhead of 0.7% when tested with Geekbench 4.3.1 benchmark suite.  more » « less
Award ID(s):
2219680
PAR ID:
10442440
Author(s) / Creator(s):
; ; ;
Date Published:
Journal Name:
2022 23rd International Symposium on Quality Electronic Design (ISQED)
Page Range / eLocation ID:
1 to 6
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; ; (, Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security)
    Temperature sensing and control systems are widely used in the closed-loop control of critical processes such as maintaining the thermal stability of patients, or in alarm systems for detecting temperature-related hazards. However, the security of these systems has yet to be completely explored, leaving potential attack surfaces that can be exploited to take control over critical systems. In this paper we investigate the reliability of temperature-based control systems from a security and safety perspective. We show how unexpected consequences and safety risks can be induced by physical-level attacks on analog temperature sensing components. For instance, we demonstrate that an adversary could remotely manipulate the temperature sensor measurements of an infant incubator to cause potential safety issues, without tampering with the victim system or triggering automatic temperature alarms. This attack exploits the unintended rectification effect that can be induced in operational and instrumentation amplifiers to control the sensor output, tricking the internal control loop of the victim system to heat up or cool down. Furthermore, we show how the exploit of this hardware-level vulnerability could affect different classes of analog sensors that share similar signal conditioning processes. Our experimental results indicate that conventional defenses commonly deployed in these systems are not sufficient to mitigate the threat, so we propose a prototype design of a low-cost anomaly detector for critical applications to ensure the integrity of temperature sensor signals. 
    more » « less
  2. ; ; ; ; (, Sensors)
    Vision processing on traditional architectures is inefficient due to energy-expensive off-chip data movement. Many researchers advocate pushing processing close to the sensor to substantially reduce data movement. However, continuous near-sensor processing raises sensor temperature, impairing imaging/vision fidelity. We characterize the thermal implications of using 3D stacked image sensors with near-sensor vision processing units. Our characterization reveals that near-sensor processing reduces system power but degrades image quality. For reasonable image fidelity, the sensor temperature needs to stay below a threshold, situationally determined by application needs. Fortunately, our characterization also identifies opportunities—unique to the needs of near-sensor processing—to regulate temperature based on dynamic visual task requirements and rapidly increase capture quality on demand. Based on our characterization, we propose and investigate two thermal management strategies—stop-capture-go and seasonal migration—for imaging-aware thermal management. For our evaluated tasks, our policies save up to 53% of system power with negligible performance impact and sustained image fidelity. 
    more » « less
  3. ; (, IACR Transactions on Cryptographic Hardware and Embedded Systems)
    Spoofing a passive Hall sensor with fake magnetic fields can inject false data into the downstream of connected systems. Several works have tried to provide a defense against the intentional spoofing to different sensors over the last six years. However, they either only work on active sensors or against externally injected unwanted weak signals (e.g., EMIs, acoustics, ultrasound, etc.), which can only spoof sensor output in its linear region. However, they do not work against a strong magnetic spoofing attack that can drive the passive Hall sensor output in its saturation region. We name this as the saturation attack. In the saturation region, the output gets flattened, and no information can be retrieved, resulting in a denial-of-service attack on the sensor.Our work begins to fill this gap by providing a defense named PreMSat against the saturation attack on passive Hall sensors. The core idea behind PreMSat is that it cangenerate an internal magnetic field having the same strength but in opposite polarity to external magnetic fields injected by an attacker. Therefore, the generated internal magnetic field by PreMSat can nullify the injected external field while preventing: (i) intentional spoofing in the sensor’s linear region, and (ii) saturation attack in the saturation region. PreMSat integrates a low-resistance magnetic path to collect the injected external magnetic fields and utilizes a finely tuned PID controller to nullify the external fields in real-time. PreMSat can prevent the magnetic saturation attack having a strength up to ∼4200 A-t within a frequency range of 0 Hz–30 kHz with low cost (∼$14), whereas the existing works cannot prevent saturation attacks with any strength. Moreover, it works against saturation attacks originating from any type, such as constant, sinusoidal, and pulsating magnetic fields. We did over 300 experiments on ten different industry-used Hall sensors from four different manufacturers to prove the efficacy of PreMSat and found that the correlation coefficient between the signals before the attack and after the attack is greater than 0.94 in every test case. Moreover, we create a prototype of PreMSat and evaluate its performance in a practical system — a grid-tied solar inverter. We find that PreMSat can satisfactorily prevent the saturation attack on passive Hall sensors in real-time. 
    more » « less
  4. ; ; (, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems)
    This work proposes a new dynamic thermal and reliability management framework via task mapping and migration to improve thermal performance and reliability of commercial multi-core processors considering workload-dependent thermal hot spot stress. The new method is motivated by the observation that different workloads activate different spatial power and thermal hot spots within each core of processors. Existing run-time thermal management, which is based on on-chip location-fixed thermal sensor information, can lead to suboptimal management solutions as the temperatures provided by those sensors may not be the true hot spots. The new method, called Hot-Trim, utilizes a machine learning-based approach to characterize the power density hot spots across each core, then a new task mapping/migration scheme is developed based on the hot spot stresses. Compared to existing works, the new approach is the first to optimize VLSI reliabilities by exploring workload-dependent power hot spots. The advantages of the proposed method over the Linux baseline task mapping and the temperature-based mapping method are demonstrated and validated on real commercial chips. Experiments on a real Intel Core i7 quad-core processor executing PARSEC-3.0 and SPLASH-2 benchmarks show that, compared to the existing Linux scheduler, core and hot spot temperature can be lowered by 1.15 to 1.31C. In addition, Hot-Trim can improve the chip's EM, NBTI and HCI related reliability by 30.2%, 7.0% and 31.1% respectively compared to Linux baseline without any performance degradation. Furthermore, it improves EM and HCI related reliability by 29.6% and 19.6% respectively, and at the same time even further reduces the temperature by half a degree compared to the conventional temperature-based mapping technique. 
    more » « less
  5. ; (, Light: Science & Applications)
    Abstract Temperature is one of the most fundamental physical properties to characterize various physical, chemical, and biological processes. Even a slight change in temperature could have an impact on the status or dynamics of a system. Thus, there is a great need for high-precision and large-dynamic-range temperature measurements. Conventional temperature sensors encounter difficulties in high-precision thermal sensing on the submicron scale. Recently, optical whispering-gallery mode (WGM) sensors have shown promise for many sensing applications, such as thermal sensing, magnetic detection, and biosensing. However, despite their superior sensitivity, the conventional sensing method for WGM resonators relies on tracking the changes in a single mode, which limits the dynamic range constrained by the laser source that has to be fine-tuned in a timely manner to follow the selected mode during the measurement. Moreover, we cannot derive the actual temperature from the spectrum directly but rather derive a relative temperature change. Here, we demonstrate an optical WGM barcode technique involving simultaneous monitoring of the patterns of multiple modes that can provide a direct temperature readout from the spectrum. The measurement relies on the patterns of multiple modes in the WGM spectrum instead of the changes of a particular mode. It can provide us with more information than the single-mode spectrum, such as the precise measurement of actual temperatures. Leveraging the high sensitivity of WGMs and eliminating the need to monitor particular modes, this work lays the foundation for developing a high-performance temperature sensor with not only superior sensitivity but also a broad dynamic range. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email