Biblio

As more and more information systems rely sen-sors for their critical decisions, there is a growing threat of injecting false signals to sensors in the analog domain. In particular, LightCommands showed that MEMS microphones are susceptible to light, through the photoacoustic and photoelectric effects, enabling an attacker to silently inject voice commands to smart speakers. Understanding such unexpected transduction mechanisms is essential for designing secure and reliable MEMS sensors. Is there any other transduction mechanism enabling laser-induced attacks? We positively answer the question by experimentally evaluating two commercial piezoresistive MEMS pressure sensors. By shining a laser light at the piezoresistors through an air hole on the sensor package, the pressure reading changes by ±1000 hPa with 0.5 mW laser power. This phenomenon can be explained by the photoelectric effect at the piezoresistors, which increases the number of carriers and decreases the resistance. We finally show that an attacker can induce the target signal at the sensor reading by shining an amplitude-modulated laser light.

Many IoT devices are part of fixed critical infrastructure, where the mere act of moving an IoT device may constitute an attack. Moving pressure, chemical and radiation sensors in a factory can have devastating consequences. Relocating roadside speed sensors, or smart meters without knowledge of command and control center can similarly wreck havoc. Consequently, authenticating geolocation of IoT devices is an important problem. Unfortunately, an IoT device itself may be compromised by an adversary. Hence, location information from the IoT device cannot be trusted. Thus, we have to rely on infrastructure to obtain a proximal location. Infrastructure routers may similarly be compromised. Therefore, there must be a way to authenticate trusted routers remotely. Unfortunately, IP packets may be blocked, hijacked or forged by an adversary. Therefore IP packets are not trustworthy either. Thus, we resort to covert channels for authenticating Internet packet routers as an intermediate step towards proximal geolocation of IoT devices. Several techniques have been proposed in the literature to obtain the geolocation of an edge device, but it has been shown that a knowledgeable adversary can circumvent these techniques. In this paper, we survey the state-of-the-art geolocation techniques and corresponding adversarial countermeasures to evade geolocation to justify the use of covert channels on networks. We propose a technique for determining proximal geolocation using covert channel. Challenges and directions for future work are also explored.