Physical Side-Channel Attacks against Intermittent Devices
Authors: Muslum Ozgur Ozmen (Purdue University), Habiba Farrukh (University of California Irvine), Z. Berkay Celik (Purdue University)
Volume: 2024
Issue: 3
Pages: 461–476
DOI: https://doi.org/10.56553/popets-2024-0088
Abstract: Intermittent (batteryless) devices operate solely using energy harvested from their environment. These devices turn on when they have energy and turn off during energy scarcity. Intermittent devices have recently become increasingly popular in smart buildings, manufacturing plants, and medical implantables as they eliminate the need for battery replacement and enable green computing. Despite their growing adoption in critical applications, the privacy implications of intermittent devices remain largely unexplored. In this paper, we introduce a novel remote side-channel attack. Our observation is that the network packet frequency of an intermittent device can be exploited to learn its turn-on/off patterns. From these patterns, we can infer the energy availability of a device, which reveals privacy-sensitive information about its operating environment, e.g., the presence or absence of individuals. To realize our attack, we develop a three-stage hierarchical inference framework that leverages the timestamped network packet sequence of intermittent devices. Our framework automatically extracts a set of temporal features from inter-packet-arrival timings. It then employs a series of models to uncover (1) whether a target intermittent device is present in the environment, (2) its energy harvester type (e.g., vibration or water flow), and (3) its energy availability conditions (e.g., high-vibration or no-vibration). To validate our attack effectiveness, we conduct experiments in two environments: a smart home and a miniature manufacturing plant equipped with three intermittent devices powered by solar energy, vibration, and temperature. By analyzing their energy availability patterns, we are able to infer user activities and presence in the smart home and the robot’s movement patterns in the manufacturing plant with an average accuracy of 85%. This sensitive information enables an adversary to launch domain-specific attacks, such as burglarizing a smart home when the user is asleep or timely tampering with plant sensors to cause maximum damage.
Keywords: Intermittent devices, side-channel attacks, privacy
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.