Denial-of-service attacks on battery-powered mobile computers

2007

This paper describes a unique battery-sensing intrusion protection system (B-SIPS) for mobile computers, which alerts on power changes detected on small wireless devices, using an innovative Dynamic Threshold Calculation algorithm. B-SIPS enabled hosts are employed as sensors in a wireless network and form the basis of the intrusion detection system (IDS). B-SIPS implementation correlates device power consumption with IEEE 802.11 Wi-Fi and 802.15.1 Bluetooth communication activity. This battery exhaustion, Wi-Fi, and Bluetooth attack detection capability is scalable and complementary with existing commercial and open system network IDSs. Irregular and attack activity is detected and reported to an intrusion detection engine for correlation with existing trace signatures in a database and for forensic investigation by a security manager.

University of Westminster, 2019

Wireless sensor networks which form part of the core for the Internet of Things consist of resource-constrained sensors that are usually powered by batteries. Therefore, careful energy awareness is essential when working with these devices. Indeed, the introduction of security techniques such as authentication and encryption, to ensure confidentiality and integrity of data, can place higher energy load on the sensors. However, the absence of security protection could give room for energy-drain attacks such as denial-of-sleep attacks which have a higher negative impact on the life span (availability) of the sensors than the presence of security features. This thesis, therefore, focuses on tackling denial-of-sleep attacks from two perspectives-A security perspective and an energy-efficiency perspective. The security perspective involves evaluating and ranking a number of security-based techniques to curbing denial-of-sleep attacks. The energy-efficiency perspective, on the other hand, involves exploring duty-cycling and simulating three Media Access Control (MAC) protocols-Sensor-MAC, Timeout-MAC and TunableMAC-under different network sizes and measuring different parameters such as the Received Signal Strength (RSSI) and Link Quality Indicator (LQI), Transmit power, throughput and energy-efficiency. Duty cycling happens to be one of the major techniques for conserving energy in wireless sensor networks and this research aims to answer questions with regards to the effect of duty cycles on the energy efficiency as well as the throughput of three dutycycle protocols-Sensor-MAC (SMAC), Timeout-MAC (TMAC) and TunableMAC, in addition to creating a novel MAC protocol that is also more resilient to denial-of-sleep attacks than existing protocols. The main contributions to knowledge from this thesis are the developed framework used for evaluation of existing denial-of-sleep attack solutions and the algorithms which fuel the other contribution to knowledge-a newly developed protocol tested on the Castalia Simulator on the OMNET++ platform. The new protocol has been compared with existing protocols and has been found to have significant improvement in energy efficiency and also better resilience to denial-of-sleep attacks. Part of this research has been published-Two conference publications in IEEE Explore and one workshop paper.

Proceedings on Privacy Enhancing Technologies, 2018

Mobile devices are equipped with increasingly smart batteries designed to provide responsiveness and extended lifetime. However, such smart batteries may present a threat to users’ privacy. We demonstrate that the phone’s power trace sampled from the battery at 1KHz holds enough information to recover a variety of sensitive information. We show techniques to infer characters typed on a touchscreen; to accurately recover browsing history in an open-world setup; and to reliably detect incoming calls, and the photo shots including their lighting conditions. Combined with a novel exfiltration technique that establishes a covert channel from the battery to a remote server via a web browser, these attacks turn the malicious battery into a stealthy surveillance device. We deconstruct the attack by analyzing its robustness to sampling rate and execution conditions. To find mitigations we identify the sources of the information leakage exploited by the attack. We discover that the GPU or DRA...

2010

This paper provides insight into the ramifications of battery exhaustion Denial of Service (DoS) attacks on battery-powered mobile devices. Several IEEE 802.11 Wi-Fi, IEEE 802.15.1 Bluetooth, and blended attacks are studied to understand their effects on device battery lifetimes. In the worst case, DoS attacks against mobile devices were found to accelerate battery depletion as much as 18.5%. Also presented in this work is a hybrid Intrusion Detection System (IDS) designed to thwart this form of malicious activity; Multi-Vector Portable Intrusion Detection System (MVP-IDS). MVP-IDS combines host-based device instantaneous current (IC) monitoring with attack traffic signaturing modules.

Journal of Emerging Technologies in Web Intelligence, 2013

One of the most challenging issues in wireless sensor networks is resilience against malicious attacks. Since energy is the most precious resource for these networks, Denial of sleep attacks is recognized as one of the most serious threats. Such attacks exhaust power supply of sensor nodes and can reduce the sensor lifetime from years to days. Authentication and encryption solutions have been proposed to protect the network from denial of sleep attacks. Though, the resources constraint motivates the use of simpler solutions to the same security challenges. In this paper, we survey different types of denial of sleep attacks and we propose a cross layer energy efficient security mechanism to protect the network from these attacks. The cross layer interaction between network Mac and physical layers is mainly exploited to identify the intruders' nodes and prevent sensor nodes from energy exhaust attacks. Simulation results indicate that our proposal is energy efficient and can significantly reduce the effect of denial of sleep attacks.

2005

Abstract Mobile computers are subject to a unique form of denial of service attack known as a battery exhaustion attack, in which an attacker attempts to rapidly drain the battery of the device. In this paper we present our first steps in the design of an intrusion detection system for these attacks, a system that takes into account the performance, energy, and memory constraints of mobile computing devices.

Security is becoming an everyday concern for a wide range of electronic systems that manipulate, communicate, and store sensitive data. An important and emerging category of such electronic systems are battery-powered mobile appliances, such as personal digital assistants (PDAs) and cell phones, which are severely constrained in the resources they possess, namely, processor, battery, and memory. This work focuses on one important constraint of such devices-battery life-and examines how it is impacted by the use of various security mechanisms. In this paper, we first present a comprehensive analysis of the energy requirements of a wide range of cryptographic algorithms that form the building blocks of security mechanisms such as security protocols. We then study the energy consumption requirements of the most popular transport-layer security protocol: Secure Sockets Layer (SSL). We investigate the impact of various parameters at the protocol level (such as cipher suites, authentication mechanisms, and transaction sizes, etc.) and the cryptographic algorithm level (cipher modes, strength) on the overall energy consumption for secure data transactions. To our knowledge, this is the first comprehensive analysis of the energy requirements of SSL. For our studies, we have developed a measurement-based experimental testbed that consists of an iPAQ PDA connected to a wireless local area network (LAN) and running Linux, a PC-based data acquisition system for real-time current measurement, the OpenSSL implementation of the SSL protocol, and parameterizable SSL client and server test programs. Based on our results, we also discuss various opportunities for realizing energy-efficient implementations of security protocols. We believe such investigations to be an important first step toward addressing the challenges of energy-efficient security for battery-constrained systems.

2015 12th Annual IEEE International Conference on Sensing, Communication, and Networking (SECON), 2015

Internet of Things (IoT) commonly identifies the upcoming network society where all connectable devices will be able to communicate with one another. In addition, IoT devices are supposed to be directly connected to the Internet, and many of them are likely to be battery powered. Hence, they are particularly vulnerable to Denial of Service (DoS) attacks specifically aimed at quickly draining battery and severely reducing device lifetime. In this paper, we propose SMACK, a security service which efficiently identifies invalid messages early after their reception, by checking a short and lightweight Message Authentication Code (MAC). So doing, further useless processing on invalid messages can be avoided, thus reducing the impact of DoS attacks and preserving battery life. In particular, we provide an adaptation of SMACK for the standard Constrained Application Protocol (CoAP). Finally, we experimentally evaluate SMACK performance through our prototype implementation for the resource constrained CC2538 platform. Our results show that SMACK is efficient and affordable in terms of memory requirements, computing time, and energy consumption.

Cyber-Physical Systems

Many IoT devices, especially those deployed at the network edge have limited power resources. A number of attacks aim to exhaust these resources and drain the batteries of such edge nodes. In this work, we study the effects of a variety of battery draining attacks against edge nodes. Through simulation, we clarify the extent to which such attacks are able to increase the usage and hence waste the power resources of edge nodes. Specifically, we implement hello flooding, packet flooding, selective forwarding, rank attack, and versioning attack in ContikiOS and simulate them in the Cooja simulator, and measure and report a number of time and power resource usage metrics including CPU time, low power mode time, TX/RX time, and battery consumption. Besides, we test the stretch attack with three different batteries as an extreme scenario. Our extensive measurements enable us to compare the effectiveness of these attacks. Our results show that Versioning attack is the most severe attack in terms of draining the power resources of the network, followed by Packet Flooding and Hello Flood attacks. Furthermore, we confirm that Selective Forwarding and Rank attacks are not able to considerably increase the power resource usage in our scenarios. By quantifying the effects of these attacks, we demonstrate that under specific scenarios, Versioning attack can be three to four times as effective as Packet Flooding and Hello Flood attacks in wasting network resources, while Packet Flooding is generally comparable to Hello Flood in CPU and TX time usage increase but twice as powerful in draining device batteries.

The need for power-and energy-efficient computing has resulted in aggressive cooperative hardware-software energy management mechanisms on modern commodity devices. Most systems today, for example, allow software to control the frequency and voltage of the underlying hardware at a very fine granularity to extend battery life. Despite their benefits, these software-exposed energy management mechanisms pose grave security implications that have not been studied before. In this work, we present the CLKSCREW attack, a new class of fault attacks that exploit the security-obliviousness of energy management mechanisms to break security. A novel benefit for the attackers is that these fault attacks become more accessible since they can now be conducted without the need for physical access to the devices or fault injection equipment. We demonstrate CLKSCREW on commodity ARM/Android devices. We show that a malicious kernel driver (1) can extract secret cryptographic keys from Trustzone, and (2) can escalate its privileges by loading self-signed code into Trustzone. As the first work to show the security ramifications of energy management mechanisms, we urge the community to reexamine these security-oblivious designs.

Security and Privacy for …, 2005

As the popularity of wireless networks increases, so does the need to protect them. In recent years, many researchers have studied the limitations of the security mechanisms that protect wireless networks, as well as the effects of network traffic on the battery life. However, there has been less research on the effect of adding security mechanisms to mobile devices and their impact on energy usage. This is a particularly important area when one considers a class of attacks where an attacker can drain a device's battery by simply having it repeadly execute energy intensive programs. In this manuscript, we examine a method for analyzing trade-offs between energy and security proposed by Colón Osorio et al. This research describes a method to identify the most appropriate security profile for a given application, given battery constraints. We apply this methodology to the analysis of tradeoffs between energy utilization and security of current and proposed wireless protocols.

International Journal of Distributed Sensor Networks, 2006

The ability of sensor nodes to enter a low power sleep mode is very useful for extending network longevity. We show how adversary nodes can exploit clustering algorithms to ensure their selection as cluster heads for the purpose of launching attacks that prevent victim nodes from sleeping. We present two such attacks: the barrage attack and the sleep deprivation attack. The barrage attack bombards victim nodes with legitimate requests, whereas the sleep deprivation attack makes requests of victim nodes only as often as in necessary to keep the victims awake. We show that while the barrage attack causes its victims to spend slightly more energy, it is more easily detected and requires more effort on behalf of the attacker. Thus, we have focused our research on the sleep deprivation attack. Our analysis indicates that this attack can nullify any energy savings obtained by allowing sensor nodes to enter sleep mode. We also analyze three separate methods for mitigating this attack: the random vote scheme, the round robin scheme, and the hash-based scheme. We have evaluated these schemes based upon their ability to reduce the adversary's attack, the amount of time required to select a cluster head, and the amount of energy required to perform each scheme. We have found that of the three clustering methods analyzed, the hash-based scheme is the best at mitigating the sleep deprivation attack.

IEEE SECON 2016

Wake-up-radio-based sensing systems make use of radio-triggering techniques and ultra-low power wake-up receivers (WuRs) to enable on-demand asynchronous network wake ups. Thanks to this, they have the potential to achieve low latency data collection at minimum energy cost, thus meeting the challenging lifetime and quality-of-service demands of emerging Internet of Things (IoT) and Wireless Sensor Networks (WSNs) applications. However, the fact that nodes can be remotely activated on-demand makes wake-up-radio-based networks vulnerable to energy exhausting attacks. In this paper, with a focus on practical implementation and validation, we present a full-fledged solution to counteract Denial-of-Sleep (DoS) attacks to wake-up-radio-based sensing systems. A core component of our proposed solution is a key exchange protocol based on Elliptic Curve Cryptography (the Fully Hashed MQV protocol), which we use in conjunction with implicit certificates.

Because the sensors of wireless body area networks (WBANs) have limited battery power, many studies have focused on energy efficient medium access control (MAC) protocols to extend the lifetime of the sensors. In addition, WBANs face energy-exhausting attacks, which force the sensors to consume battery power partially or thoroughly. These attacks occur mainly in the MAC layer and threaten severely the energy efficiency of MAC protocols in WBANs. Because the attacks are made abruptly and unexpectedly, the lives of human beings and the quality of health care services can be threatened. Therefore, the aim of this study was to identify the major types of energy exhausting attacks in MAC protocols in WBANs, and show how easily the attacks can cause energy exhaustion in different MAC

Lecture Notes in Computer Science, 1999

We present Inferential Power Analysis (IPA), a new class of attacks based on power analysis. An IPA attack has two stages: a profiling stage and a key extraction stage. In the profiling stage, intratrace differencing, averaging, and other statistical operations are performed on a large number of power traces to learn details of the implementation, leading to the location and identification of key bits. In the key extraction stage, the key is obtained from a very few power traces; we have successfully extracted keys from a single trace. Compared to differential power analysis, IPA has the advantages that the attacker does not need either plaintext or ciphertext, and that, in the key extraction stage, a key can be obtained from a small number of traces.