Detection of Electromagnetic Signal Injection Attacks on Actuator Systems

TL;DR

This paper introduces a practical detection method for electromagnetic signal injection attacks on actuators, enabling microcontrollers to identify malicious interference without complex sampling or processing.

Contribution

The paper presents a novel, easy-to-implement detection technique for electromagnetic attacks on actuators that works across various systems without high-rate sampling.

Findings

Effective detection of electromagnetic injection attacks demonstrated

Method applicable to diverse actuator types

Robust against high-power adversaries

Abstract

An actuator is a device that converts electricity into another form of energy, typically physical movement. They are absolutely essential for any system that needs to impact or modify the physical world, and are used in millions of systems of all sizes, all over the world, from cars and spacecraft to factory control systems and critical infrastructure. An actuator is a "dumb device" that is entirely controlled by the surrounding electronics, e.g., a microcontroller, and thus cannot authenticate its control signals or do any other form of processing. The problem we look at in this paper is how the wires that connect an actuator to its control electronics can act like antennas, picking up electromagnetic signals from the environment. This makes it possible for a remote attacker to wirelessly inject signals (energy) into these wires to bypass the controller and directly control the actuator. To detect such attacks, we propose a novel detection method that allows the microcontroller to monitor the control signal and detect attacks as a deviation from the intended value. We have managed to do this without requiring the microcontroller to sample the signal at a high rate or run any signal processing. That makes our defense mechanism practical and easy to integrate into existing systems. Our method is general and applies to any type of actuator (provided a few basic assumptions are met), and can deal with adversaries with arbitrarily high transmission power. We implement our detection method on two different practical systems to show its generality, effectiveness, and robustness.