GGrantIndex
← Search

EAGER: SARE: Detecting Zero-Day Side-channel Attacks in Sensor Rich Cyber-Physical Systems

$300,000FY2020ENGNSF

University Of California-Irvine, Irvine CA

Investigators

Abstract

This project introduces a method using an automated flow to detect side channel attacks over sensor-rich cyber-physical systems. The approach has the ability to identify, almost instantly and with high precision, anomalous behaviors indicative of possibly hazardous situations with either a known signature or never encountered during pre-deployment testing. The goal of this project is to have a prototype demonstrating its readiness for transition to practice and eventual deployment. Three types of threats are tackled: (1) Deliberate intrusions employing zero-day attacks and sophisticated evasion techniques; (2) Insider threats: abuse of privileges by insiders with or without spoofing of user identities; (3) Anomalous behaviors never encountered during pre-deployment testing of safety-critical systems and possibly indicative of malfunctioning. These anomalies include accidental or inadvertent failures due to bugs as well as physical side channel attacks that gives rise to execution of emergency actions. Anomalies in many safety-critical cyber-physical systems are particularly dangerous. For example, attacks against a car such as antilock-braking system (ABS) sensor spoofing, wireless command injection, and engine control unit (ECU) infiltration have been demonstrated, leading ultimately to a car crash or significant drift off the road. The importance of the research cannot be overstated when it comes to safety-critical and mission-critical cyber-physical systems that are increasingly relying on artificial intelligence and machine learning for decision making, situational awareness, and general reasoning. The explainability conundrum of deep learning algorithms and models coupled with the need to certify the overall system for safety and security points to the criticality of imposing continuous checks on these two criteria (safety and security) during operation to safeguard not only against unanticipated behavior but also the potential bugs and failures in system hardware including sensors/actuators. The research will create a framework allowing cyber-physical systems to be certified for safety and security through the ability to detect and diagnose unsafe and insecure anomalous situations. The research combines a scalable Runtime Verification (RV) framework intended for embedded systems and a Paraminer specification mining tool for Anomaly Detection (AD). A critical feature in this RV+AD approach is the ability to monitor properties using not only traces relevant to CPU execution, but also other system components such as memories, buses, sensors, and actuators. This observability across both the cyber and physical states adds significant capabilities to deal with physical side channel attacks which are extremely hard to detect or thwart. This can be achieved by correlating traces from both program execution on the CPU(s) and sensor data. In a power side channel attack, for example, the current sensor data can be correlated with execution of critical advanced encryption standard (AES) encryption algorithms running on the CPU to detect periods of potential vulnerability, and engage obfuscation measures to thwart such attacks. The approach in this project is hardware-based whereas the prior state-of-the-art approaches have been software-based. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →