A Framework for Evaluating Security in the Presence of Signal Injection Attacks

“…To motivate our definition, the term injection was chosen because it captures the fact that values reported by a system are altered; it is not channel-specific; and it has already been adopted by different works [5], [11], [13], [35]- [44]. The out-of-band qualifier is necessary to distinguish the attacks studied in this survey from signal injection attacks on sensors using pulse reflections such as LiDARs [9], [14], [31], signal injection attacks on the physical layer of communication protocols [45], and false data injection attacks [28], [46].…”

“…The term (sensor) spoofing [8], [9], [14], [43] was also Injection [5], [13], [35], [38], [41]- [44] Intentional Interference [5], [10], [12], [36], [38], [40], [42], [49] Non-Linearity [11], [54], [55], [68] Spoofing [8], [9], [14], [43] Other (See Text) [7], [53], [67] avoided for similar reasons: it has an overloaded meaning in authentication contexts and with in-band signal injection attacks [6], [52]. Moreover, it does not capture the physical aspect of injections, and does not accurately describe coarsegrained attacks which lead to saturation of a sensor.…”

“…The effectiveness of different attacks, however, has mostly been evaluated in a qualitative fashion so far (e.g., whether the system was tricked into performing an action or not). Recent research, however, has attempted to mathematically define security against out-of-band signal injection attacks, and therefore quantify their success [44]. Specifically, Giechaskiel Fig.…”

“…2: Analog-to-Digital Converter (ADC) model: nonlinearities due to Electrostatic Discharge (ESD) protection diodes and amplifiers (e.g., comparators) counteract low-pass filtering effects of the sample-and-hold mechanism and can unintentionally demodulate high-frequency input signals. et al [44] introduced probabilistic definitions which attempt to capture the fidelity with which an adversary can make a target waveform appear at the input of the microcontroller of Figure 1. These definitions address both coarse-grained attacks which merely disrupt sensor measurements and finegrained attacks with precise waveform injections.…”

“…These two transfer functions dictate that for a successful injection, attacker signals typically need to be transmitted over high-frequency carriers, and be demodulated into lowfrequency, meaningful waveforms. According to the work of Giechaskiel et al, components within ADCs are the culprits for these demodulation effects [44]. The main constituents of an ADC that contribute to its demodulation characteristics are therefore summarized in Figure 2.…”

Taxonomy and Challenges of Out-of-Band Signal Injection Attacks and Defenses

“…To motivate our definition, the term injection was chosen because it captures the fact that values reported by a system are altered; it is not channel-specific; and it has already been adopted by different works [5], [11], [13], [35]- [44]. The out-of-band qualifier is necessary to distinguish the attacks studied in this survey from signal injection attacks on sensors using pulse reflections such as LiDARs [9], [14], [31], signal injection attacks on the physical layer of communication protocols [45], and false data injection attacks [28], [46].…”

“…The term (sensor) spoofing [8], [9], [14], [43] was also Injection [5], [13], [35], [38], [41]- [44] Intentional Interference [5], [10], [12], [36], [38], [40], [42], [49] Non-Linearity [11], [54], [55], [68] Spoofing [8], [9], [14], [43] Other (See Text) [7], [53], [67] avoided for similar reasons: it has an overloaded meaning in authentication contexts and with in-band signal injection attacks [6], [52]. Moreover, it does not capture the physical aspect of injections, and does not accurately describe coarsegrained attacks which lead to saturation of a sensor.…”

“…The effectiveness of different attacks, however, has mostly been evaluated in a qualitative fashion so far (e.g., whether the system was tricked into performing an action or not). Recent research, however, has attempted to mathematically define security against out-of-band signal injection attacks, and therefore quantify their success [44]. Specifically, Giechaskiel Fig.…”

“…2: Analog-to-Digital Converter (ADC) model: nonlinearities due to Electrostatic Discharge (ESD) protection diodes and amplifiers (e.g., comparators) counteract low-pass filtering effects of the sample-and-hold mechanism and can unintentionally demodulate high-frequency input signals. et al [44] introduced probabilistic definitions which attempt to capture the fidelity with which an adversary can make a target waveform appear at the input of the microcontroller of Figure 1. These definitions address both coarse-grained attacks which merely disrupt sensor measurements and finegrained attacks with precise waveform injections.…”

“…These two transfer functions dictate that for a successful injection, attacker signals typically need to be transmitted over high-frequency carriers, and be demodulated into lowfrequency, meaningful waveforms. According to the work of Giechaskiel et al, components within ADCs are the culprits for these demodulation effects [44]. The main constituents of an ADC that contribute to its demodulation characteristics are therefore summarized in Figure 2.…”

Taxonomy and Challenges of Out-of-Band Signal Injection Attacks and Defenses

ADC-Bank: Detecting Acoustic Out-of-Band Signal Injection on Inertial Sensors

An Evolutionary Computation-Based Federated Learning for Host Intrusion Detection in Real-Time Traffic Analysis