Detection Mechanisms for Unauthorized Wireless Transmissions

Chang, Doohwang; Bhat, Ganapati; Ogras, Ümit Y.; Bakkaloglu, Bertan; Ozev, Sule

doi:10.1145/3241046

Cited by 7 publications

(8 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Two HT payload mechanisms are shown in [29], one that uses a single pole double throw switch and a pair of resistors to alter the input termination impedance of the power amplifier, and another one that reprograms the gain stages. In [28], it is proposed to use spread spectrum techniques to hide an unauthorized transmission signal within the legitimate signal below the noise level. For all the aforementioned HT attacks, the IC passes all conventional specification tests and the transmission signal still obeys the transmission specifications and is within the margins allowed because of process variations.…”

Section: Prior Art On Ht Attacks In the Analog Domainmentioning

confidence: 99%

“…However, the attacker knowing the HT payload mechanism can listen to the channel and recover the key. It has been demonstrated that this type of HTs can be detected by statistical side-channel fingerprinting [27], careful analysis of the transmitted signal spectrum [28], or adaptive channel estimation [29], which leverages the slowfading characteristics of indoor communication channels to distinguish between channel impairments and HT activity.…”

Section: Prior Art On Ht Attacks In the Analog Domainmentioning

confidence: 99%

See 1 more Smart Citation

Digital-to-Analog Hardware Trojan Attacks

Elshamy

Natale

Sayed

et al. 2022

IEEE Trans. Circuits Syst. I

View full text Add to dashboard Cite

We propose a Hardware Trojan (HT) attack for analog circuits with its key characteristic being that it cannot be prevented or detected in the analog domain. The HT attack works in the context of Systems-on-Chip (SoCs) comprising both digital and analog Intellectual Property (IP) blocks. The attacker could be either the SoC integrator or the foundry. More specifically, the HT trigger is placed inside a dense digital IP block where it can be effectively hidden, whereas the HT payload is in the form of a digital pattern transported via the test bus or generated within the test bus, reaching the Design-for-Test (DfT) or programmability interface of the victim analog IP with the test bus. The HT payload unexpectedly activates the DfT and sets the victim analog IP into some possibly partial and undocumented test mode or changes the nominal programmability. The HT payload can be designed to result in performance degradation or complete malfunction, i.e., denial of service. We demonstrate this HT attack scenario on two analog IPs, namely a low-dropout (LDO) regulator using simulation and an RF receiver using hardware measurements.

show abstract

Section: Prior Art On Ht Attacks In the Analog Domainmentioning

confidence: 99%

Section: Prior Art On Ht Attacks In the Analog Domainmentioning

confidence: 99%

Digital-to-Analog Hardware Trojan Attacks

Elshamy

Natale

Sayed

et al. 2022

IEEE Trans. Circuits Syst. I

View full text Add to dashboard Cite

show abstract

“…Several studies have demonstrated this type of HT attack. The HT can be embedded within the Medium Access Control (MAC) protocol [22], within the digital baseband physical layer (PHY) [23], [24], [25], [26], [27], or its payload mechanism can partially act upon the Analog Front-End (AFE) [28], [29], [30], [31], [32]. In parallel, these studies propose defenses for detecting the HT attack at test time or during run-time.…”

Section: Introductionmentioning

confidence: 99%

Leaking Wireless ICs via Hardware Trojan-Infected Synchronization

Diaz-Rizo¹,

Aboushady²,

Stratigopoulos³

2023

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

We propose a Hardware Trojan (HT) attack in wireless Integrated Circuits (ICs) that aims at leaking sensitive information within a legitimate transmission. The HT is hidden inside the transmitter modulating the sensitive information into the preamble of each transmitted frame which is used for the synchronization of the transmitter with the receiver. The data leakage does not affect synchronization and is imperceptible by the inconspicuous nominal receiver as it does not incur any performance penalty in the communication. A knowledgeable rogue receiver, however, can recover the data using signal processing that is too expensive and impractical to be used during run-time in nominal receivers. The HT mechanism is designed at circuit-level and is embedded entirely into the digital section of the RF transceiver having a tiny footprint. The proposed HT attack is demonstrated with measurements on a hardware platform. We demonstrate the stealthiness of the attack, i.e., its ability to evade defenses based on testing and run-time monitoring, and the robustness of the attack, i.e., the ability of the rogue receiver to recover the leaked information even under unfavorable channel conditions.

show abstract

“…cipher keys. It has been demonstrated how the key can be encoded into minute differences in amplitudes or frequencies of the transmitted signal [11], [12] or into an unauthorized transmission signal that is hidden within the legitimate signal [13]. In both cases, the IC passes all conventional specification tests and the transmission signal still obeys to the transmission specifications and is within the margins allowed because of process variations.…”

Section: Introductionmentioning

confidence: 99%

“…However, the attacker knowing the HT payload mechanism can listen to the channel and recover the key. It has been demonstrated that this type of HTs can be detected by statistical fingerprinting [11], [12], careful analysis of the transmitted signal spectrum [13], or channel estimation [14]. Another interesting direction for HT design is to exploit the fact that an analog IC may have undesired states or operation modes [15].…”

Section: Introductionmentioning

confidence: 99%

Hardware Trojan Attacks in Analog/Mixed-Signal ICs via the Test Access Mechanism

Elshamy¹,

Natale

Pavlidis³

et al. 2020

2020 IEEE European Test Symposium (ETS)

View full text Add to dashboard Cite

We present a Hardware Trojan (HT) attack scenario for analog circuits. The characteristic of this HT is that it does not reside inside the victim analog circuit. Instead, it resides on an independent digital circuit on the same die where it is triggered, yet its payload is applied only to the analog circuit after being transferred via the common test infrastructure and the test interface of the analog circuit. This HT attack cannot be detected or prevented in the analog domain and it exploits the dense digital circuit to hide effectively its footprint.

show abstract

Detection Mechanisms for Unauthorized Wireless Transmissions

Cited by 7 publications

References 25 publications

Digital-to-Analog Hardware Trojan Attacks

Digital-to-Analog Hardware Trojan Attacks

Leaking Wireless ICs via Hardware Trojan-Infected Synchronization

Hardware Trojan Attacks in Analog/Mixed-Signal ICs via the Test Access Mechanism

Contact Info

Product

Resources

About