TY - GEN
T1 - LED Alert
T2 - 25th IEEE International Symposium on On-Line Testing and Robust System Design, IOLTS 2019
AU - Tychalas, Dimitrios
AU - Keliris, Anastasis
AU - Maniatakos, Michail
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/7
Y1 - 2019/7
N2 - Industrial Internet-of-Things has been touted as the next revolution in the industrial domain, offering interconnectivity, independence, real-time operation, and self-optimization. Integration of smart systems, however, bridges the gap between information and operation technology, creating new avenues for attacks from the cyber domain. The dismantling of this air-gap, in conjunction with the devices' long lifespan -in the range of 2030 years-, motivates us to bring the attention of the community to emerging advanced persistent threats. We demonstrate a threat that bridges the air-gap by leaking data from memory to analog peripherals through Direct Memory Access (DMA), delivered as a firmware modification through the supply chain. The attack automatically adapts to a target device by leveraging the Device Tree and resides solely in the peripherals, completely transparent to the main CPU, by judiciously short-circuiting specific components. We implement this attack on a commercial Programmable Logic Controller, leaking information over the available LEDs. We evaluate the presented attack vector in terms of stealthiness, and demonstrate no observable overhead on both CPU performance and DMA transfer speed. Since traditional anomaly detection techniques would fail to detect this firmware trojan, this work highlights the need for industrial control system-appropriate techniques that can be applied promptly to installed devices.
AB - Industrial Internet-of-Things has been touted as the next revolution in the industrial domain, offering interconnectivity, independence, real-time operation, and self-optimization. Integration of smart systems, however, bridges the gap between information and operation technology, creating new avenues for attacks from the cyber domain. The dismantling of this air-gap, in conjunction with the devices' long lifespan -in the range of 2030 years-, motivates us to bring the attention of the community to emerging advanced persistent threats. We demonstrate a threat that bridges the air-gap by leaking data from memory to analog peripherals through Direct Memory Access (DMA), delivered as a firmware modification through the supply chain. The attack automatically adapts to a target device by leveraging the Device Tree and resides solely in the peripherals, completely transparent to the main CPU, by judiciously short-circuiting specific components. We implement this attack on a commercial Programmable Logic Controller, leaking information over the available LEDs. We evaluate the presented attack vector in terms of stealthiness, and demonstrate no observable overhead on both CPU performance and DMA transfer speed. Since traditional anomaly detection techniques would fail to detect this firmware trojan, this work highlights the need for industrial control system-appropriate techniques that can be applied promptly to installed devices.
KW - Embedded systems security
KW - device tree
KW - direct memory access
KW - supply chain attack
UR - http://www.scopus.com/inward/record.url?scp=85073719895&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85073719895&partnerID=8YFLogxK
U2 - 10.1109/IOLTS.2019.8854451
DO - 10.1109/IOLTS.2019.8854451
M3 - Conference contribution
T3 - 2019 IEEE 25th International Symposium on On-Line Testing and Robust System Design, IOLTS 2019
SP - 194
EP - 199
BT - 2019 IEEE 25th International Symposium on On-Line Testing and Robust System Design, IOLTS 2019
A2 - Gizopoulos, Dimitris
A2 - Alexandrescu, Dan
A2 - Papavramidou, Panagiota
A2 - Maniatakos, Michail
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 1 July 2019 through 3 July 2019
ER -