research-article

Leave Your Phone at the Door: Side Channels that Reveal Factory Floor Secrets

Authors:

Avesta Hojjati,

Katarina Struckmann,

Thi Ngoc Tho Nguyen,

Kushagra Madan,

Marianne S. Winslett,

Carl A. Gunter,

William P. KingAuthors Info & Claims

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Pages 883 - 894

https://doi.org/10.1145/2976749.2978323

Published: 24 October 2016 Publication History

Abstract

From pencils to commercial aircraft, every man-made object must be designed and manufactured. When it is cheaper or easier to steal a design or a manufacturing process specification than to invent one's own, the incentive for theft is present. As more and more manufacturing data comes online, incidents of such theft are increasing. In this paper, we present a side-channel attack on manufacturing equipment that reveals both the form of a product and its manufacturing process, i.e., exactly how it is made. In the attack, a human deliberately or accidentally places an attack-enabled phone close to the equipment or makes or receives a phone call on any phone nearby. The phone executing the attack records audio and, optionally, magnetometer data. We present a method of reconstructing the product's form and manufacturing process from the captured data, based on machine learning, signal processing, and human assistance. We demonstrate the attack on a 3D printer and a CNC mill, each with its own acoustic signature, and discuss the commonalities in the sensor data captured for these two different machines. We compare the quality of the data captured with a variety of smartphone models. Capturing data from the 3D printer, we reproduce the form and process information of objects previously unknown to the reconstructors. On average, our accuracy is within 1 mm in reconstructing the length of a line segment in a fabricated object's shape and within 1 degree in determining an angle in a fabricated object's shape. We conclude with recommendations for defending against these attacks.

References

[1]

APT1: Exposing one of China's cyber espionage units. Mandiant Intelligence Center, 2013.

[2]

Kaspersky lab survey: One in every five manufacturing businesses has lost intellectual property to security breaches within the past year. Kaspersky Lab press release, August 2014.

[3]

Iranian cyber attack on new york dam shows future of war. Time, 2016. {Online; accessed 13-May-2016}.

[4]

M. A. Al Faruque, S. R. Chhetri, A. Canedo, and J. Wan. Acoustic side-channel attacks on additive manufacturing systems. In International Conference on Cyber-Physical Systems, 2016.

Digital Library

[5]

D. Asonov and R. Agrawal. Keyboard acoustic emanations. In IEEE Symposium on Security and Privacy, 2004.

[6]

T. Bifano and Y. Yi. Acoustic emission as an indicator of material-removal regime in glass micro-machining. Precision Engineering, 14(4):219--228, 1992.

[7]

L. Cai, S. Machiraju, and H. Chen. Defending against sensor-sniffing attacks on mobile phones. In ACM Workshop on Networking, Systems, and Applications for Mobile Handhelds, pages 31--36. ACM, 2009.

Digital Library

[8]

H.-C. Chen, K.-C. Lee, and J.-H. Lin. Electromagnetic and electrostatic shielding properties of co-weaving-knitting fabrics reinforced composites. Composites Part A: Applied Science and Manufacturing, 35(11):1249--1256, 2004.

[9]

R. Y. Chiou and S. Y. Liang. Analysis of acoustic emission in chatter vibration with tool wear effect in turning. International Journal of Machine Tools and Manufacture, 40(7):927--941, 2000.

[10]

D. Foo Kune and Y. Kim. Timing attacks on pin input devices. In ACM Conference on Computer and Communications Security, pages 678--680. ACM, 2010.

Digital Library

[11]

D. Genkin, I. Pipman, and E. Tromer. Get your hands off my laptop: Physical side-channel key-extraction attacks on PCs. Journal of Cryptographic Engineering, 5(2):95--112, 2015.

[12]

G. Goller and G. Sigl. Side channel attacks on smartphones and embedded devices using standard radio equipment. In Constructive Side-Channel Analysis and Secure Design, pages 255--270. Springer, 2015.

Digital Library

[13]

S. Hayashi, C. Thomas, D. Wildes, and G. Tlusty. Tool break detection by monitoring ultrasonic vibrations. CIRP Annals-Manufacturing Technology, 37(1):61--64, 1988.

[14]

ICS-CERT. ICS-CERT Monitor September 2014 -- February 2015. Technical report, March 2015.

[15]

ICS-CERT. ICS-CERT Monitor November/December 2015. Technical report, May 2016.

[16]

B. Kim. Punch press monitoring with acoustic emission (AE) Part I: signal characterization and stock hardness effects. Journal of Engineering Materials and Technology, 105(4):295--300, 1983.

[17]

P. Kocher, J. Jaffe, B. Jun, and P. Rohatgi. Introduction to differential power analysis. Journal of Cryptographic Engineering, 1(1):5--27, 2011.

[18]

P. C. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Advances in Cryptology, pages 104--113. Springer, 1996.

Digital Library

[19]

S. Liang and D. Dornfeld. Tool wear detection using time series analysis of acoustic emission. Journal of Engineering for Industry, 111(3):199--205, 1989.

[20]

J. K. Nelson. Acoustic emission detection of metals and alloys during machining operations. Master's thesis, Purdue University, 2012.

[21]

D. X. Song, D. Wagner, and X. Tian. Timing analysis of keystrokes and timing attacks on SSH. In USENIX Security Symposium, 2001.

Digital Library

[22]

K. Uehara and Y. Kanda. Identification of chip formation mechanism through acoustic emission measurements. CIRP Annals-Manufacturing Technology, 33(1):71--74, 1984.

[23]

Verizon. 2013 data breach investigations report. Technical report, 2013.

[24]

M. Vuagnoux and S. Pasini. Compromising electromagnetic emanations of wired and wireless keyboards. In USENIX Security Symposium, pages 1--16, 2009.

Digital Library

[25]

Y. Yang, M. C. Gupta, K. L. Dudley, and R. W. Lawrence. Novel carbon nanotube-polystyrene foam composites for electromagnetic interference shielding. Nano Letters, 5(11):2131--2134, 2005.

[26]

K. Zetter. Meet 'Flame,' the massive spy malware infiltrating Iranian computers. Wired, 2012.

[27]

L. Zhuang, F. Zhou, and J. D. Tygar. Keyboard acoustic emanations revisited. ACM Transactions on Information and System Security, 13(1), 2009.

Digital Library

[28]

S. Zimmerman and D. Glavach. Applying and assessing cybersecurity controls for direct digital manufacturing systems. In Cybersecurity for Direct Digital Manufacturing Symposium, pages 51--64. NIST, 2015.

Cited By

Choi MOh SKim IHeo JKim H(2024)Extracting Payment Tokens Out of Sounds Produced by Magnetic Field FluctuationsIEEE Transactions on Mobile Computing10.1109/TMC.2024.335926623:9(8803-8821)Online publication date: Sep-2024
https://doi.org/10.1109/TMC.2024.3359266
Bukhari SJanjua MQadir J(2024)Secure Storage of Crypto Wallet Seed Phrase Using ECC and Splitting TechniqueIEEE Open Journal of the Computer Society10.1109/OJCS.2024.33987945(278-289)Online publication date: 2024
https://doi.org/10.1109/OJCS.2024.3398794
Wüstrich LGallenmüller SGünther SCarle GPahl M(2024)Shells Bells: Cyber-Physical Anomaly Detection in Data CentersNOMS 2024-2024 IEEE Network Operations and Management Symposium10.1109/NOMS59830.2024.10575124(1-10)Online publication date: 6-May-2024
https://doi.org/10.1109/NOMS59830.2024.10575124
Show More Cited By

Index Terms

Leave Your Phone at the Door: Side Channels that Reveal Factory Floor Secrets
1. Security and privacy
  1. Security in hardware
    1. Embedded systems security
    2. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures

Recommendations

Countermeasures for timing-based side-channel attacks against shared, modern computing hardware

There are several vulnerabilities in computing systems hardware that can be exploited by attackers to carry out devastating microarchitectural timing-based side-channel attacks against these systems and as a result compromise the security of the users of ...
Hardware-based cyber threats: attack vectors and defence techniques

There are certain vulnerabilities associated with computing hardware that attackers can exploit to launch destructive attacks which often go undetected by the existing hardware and software countermeasures. Side channel attacks (SCAs) and Rowhammer ...
Emerging (un-)reliability based security threats and mitigations for embedded systems: special session
CASES '17: Proceedings of the 2017 International Conference on Compilers, Architectures and Synthesis for Embedded Systems Companion

This paper addresses two reliability-based security threats and mitigations for embedded systems namely, aging and thermal side channels. Device aging can be used as a hardware attack vector by using voltage scaling or specially crafted instruction ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

October 2016

1924 pages

ISBN:9781450341394

DOI:10.1145/2976749

General Chairs:
Edgar Weippl
SBA Research, Austria
,
Stefan Katzenbeisser
TU Darmstadt, CYSEC, Germany
,
Program Chairs:
Christopher Kruegel
University of California, Santa Barbara, USA
,
Andrew Myers
Cornell University, USA
,
Shai Halevi
IBM Research, USA

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 October 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Singapore's Agencyfor Science, Technology, And Research under the Human CenteredCyberphysical Systems program
U.S. Department of Homeland Security

Conference

CCS'16

Sponsor:

SIGSAC

CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security

October 24 - 28, 2016

Vienna, Austria

Acceptance Rates

CCS '16 Paper Acceptance Rate 137 of 831 submissions, 16%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

47
Total Citations
View Citations
1,406
Total Downloads

Downloads (Last 12 months)43
Downloads (Last 6 weeks)2

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Choi MOh SKim IHeo JKim H(2024)Extracting Payment Tokens Out of Sounds Produced by Magnetic Field FluctuationsIEEE Transactions on Mobile Computing10.1109/TMC.2024.335926623:9(8803-8821)Online publication date: Sep-2024
https://doi.org/10.1109/TMC.2024.3359266
Bukhari SJanjua MQadir J(2024)Secure Storage of Crypto Wallet Seed Phrase Using ECC and Splitting TechniqueIEEE Open Journal of the Computer Society10.1109/OJCS.2024.33987945(278-289)Online publication date: 2024
https://doi.org/10.1109/OJCS.2024.3398794
Wüstrich LGallenmüller SGünther SCarle GPahl M(2024)Shells Bells: Cyber-Physical Anomaly Detection in Data CentersNOMS 2024-2024 IEEE Network Operations and Management Symposium10.1109/NOMS59830.2024.10575124(1-10)Online publication date: 6-May-2024
https://doi.org/10.1109/NOMS59830.2024.10575124
Raeker-Jordan NChung JKong ZWilliams C(2024)Ensuring additive manufacturing quality and cyber–physical security via side-channel measurements and transmissionsJournal of Manufacturing Systems10.1016/j.jmsy.2024.02.00573(275-286)Online publication date: Apr-2024
https://doi.org/10.1016/j.jmsy.2024.02.005
Yampolskiy MGatlin J(2023)Data Security in Additive ManufacturingAdditive Manufacturing Design and Applications10.31399/asm.hb.v24A.a0006962(203-209)Online publication date: 30-Jun-2023
https://doi.org/10.31399/asm.hb.v24A.a0006962
Rossel JMladenov VSomorovsky J(2023)Security Analysis of the 3MF Data FormatProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607216(179-194)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607216
Pottebaum JRossel JSomorovsky JAcar YFahr RCabarcos PBodden EGräßler I(2023)Re-Envisioning Industrial Control Systems Security by Considering Human Factors as a Core Element of Defense-in-Depth2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW59978.2023.00048(379-385)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSPW59978.2023.00048
Ahsan MRais MAhmed I(2023)SOK: Side Channel Monitoring for Additive Manufacturing - Bridging Cybersecurity and Quality Assurance Communities2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP57164.2023.00071(1160-1178)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSP57164.2023.00071
Yampolskiy MGatlin J(2023)Security Threats in AMSpringer Handbook of Additive Manufacturing10.1007/978-3-031-20752-5_19(303-315)Online publication date: 18-Oct-2023
https://doi.org/10.1007/978-3-031-20752-5_19
Barua RDatta SDatta PRoychowdhury A(2022)Study and Application of Machine Learning Methods in Modern Additive Manufacturing ProcessesApplications of Artificial Intelligence in Additive Manufacturing10.4018/978-1-7998-8516-0.ch004(75-95)Online publication date: 2022
https://doi.org/10.4018/978-1-7998-8516-0.ch004
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents