Ghost Talk: Mitigating {EMI} Signal Injection Attacks against Analog Sensors
Denis Foo Kune

Citation
Denis Foo Kune. "Ghost Talk: Mitigating {EMI} Signal Injection Attacks against Analog Sensors". Tutorial, 21, October, 2013.

Abstract
Electromagnetic interference (EMI) affects circuits by inducing voltages on conductors. Analog sensing of signals on the order of a few millivolts is particularly sensitive to interference. This work (1) measures the susceptibility of analog sensor systems to signal injection attacks by intentional, low-power emission of chosen electromagnetic waveforms, and (2) proposes defense mechanisms to reduce the risks. These experiments use specially crafted EMI at varying power and distance to measure susceptibility of sensors in implantable medical devices and consumer electronics. Results show that at distances of 1-2m, consumer electronic devices containing microphones are vulnerable to the injection of bogus audio signals. Measurements show that in free air, intentional EMI under 10W can inhibit pacing and induce defibrillation shocks at distances up to 1-2m on implantable cardiac electronic devices. However, with the sensing leads and medical devices immersed in a saline bath to better approximate the human body, the same experiment decreased to under 5cm.

Defenses range from prevention with simple analog shielding to detection with a signal contamination metric based on the root mean square of waveform amplitudes. A contribution to securing cardiac devices includes a novel defense mechanism that probes for forged pacing pulses inconsistent with the refractory period of cardiac tissue.

Denis Foo Kune is a visiting scholar at the University of Michigan in SPQR, the Security and Privacy Research Group Lab. He received his PhD from the University of Minnesota in 2012, and his thesis focused on improving security on the wireless medium. He looked at electromagnetic interference attacks on time-varying voltage sensors and vulnerabilities on wireless WAN protocols.

Electronic downloads


Internal. This publication has been marked by the author for TerraSwarm-only distribution, so electronic downloads are not available without logging in.
Citation formats  
  • HTML
    Denis Foo Kune. <a
    href="http://www.terraswarm.org/pubs/105.html"
    ><i>Ghost Talk: Mitigating {EMI} Signal Injection
    Attacks against Analog Sensors</i></a>,
    Tutorial,  21, October, 2013.
  • Plain text
    Denis Foo Kune. "Ghost Talk: Mitigating {EMI} Signal
    Injection Attacks against Analog Sensors". Tutorial, 
    21, October, 2013.
  • BibTeX
    @tutorial{FooKune13_GhostTalkMitigatingEMISignalInjectionAttacksAgainst,
        author = {Denis Foo Kune},
        title = {Ghost Talk: Mitigating {EMI} Signal Injection
                  Attacks against Analog Sensors},
        day = {21},
        month = {October},
        year = {2013},
        abstract = {Electromagnetic interference (EMI) affects
                  circuits by inducing voltages on conductors.
                  Analog sensing of signals on the order of a few
                  millivolts is particularly sensitive to
                  interference. This work (1) measures the
                  susceptibility of analog sensor systems to signal
                  injection attacks by intentional, low-power
                  emission of chosen electromagnetic waveforms, and
                  (2) proposes defense mechanisms to reduce the
                  risks. These experiments use specially crafted EMI
                  at varying power and distance to measure
                  susceptibility of sensors in implantable medical
                  devices and consumer electronics. Results show
                  that at distances of 1-2m, consumer electronic
                  devices containing microphones are vulnerable to
                  the injection of bogus audio signals. Measurements
                  show that in free air, intentional EMI under 10W
                  can inhibit pacing and induce defibrillation
                  shocks at distances up to 1-2m on implantable
                  cardiac electronic devices. However, with the
                  sensing leads and medical devices immersed in a
                  saline bath to better approximate the human body,
                  the same experiment decreased to under 5cm.
                  <p>Defenses range from prevention with simple
                  analog shielding to detection with a signal
                  contamination metric based on the root mean square
                  of waveform amplitudes. A contribution to securing
                  cardiac devices includes a novel defense mechanism
                  that probes for forged pacing pulses inconsistent
                  with the refractory period of cardiac tissue.</p>
                  <p>Denis Foo Kune is a visiting scholar at the
                  University of Michigan in SPQR, the Security and
                  Privacy Research Group Lab. He received his PhD
                  from the University of Minnesota in 2012, and his
                  thesis focused on improving security on the
                  wireless medium. He looked at electromagnetic
                  interference attacks on time-varying voltage
                  sensors and vulnerabilities on wireless WAN
                  protocols.</p> },
        URL = {http://terraswarm.org/pubs/105.html}
    }
    

Posted by Christopher Brooks on 18 Sep 2013.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.