Abstract
An analog-to-digital converter (ADC) is a critical part of most computing systems as it converts analog signals into quantifiable digital values. Since most digital devices operate only on digital values, the ADC acts as an interface between the digital and analog worlds. Hence, ADCs are commonly used in a wide-range of application areas, such as internet of things (IoT), industrial control systems (ICS), cyber-physical systems (CPS), audio/video devices, medical imaging, digital oscilloscopes, and cell phones, among others. For example, programmable logic controllers (PLCs) in ICS/CPS often make control decisions based on digital values that are converted from analog signals by ADCs. Due to its crucial role in various applications, ADCs are often targeted by a wide-range of physical and cyber attacks. Attackers may exploit vulnerabilities that could be found in the software/hardware of ADCs. In this work, we first conduct a deeper study on the ADC conversion logic to scrutinize relevant vulnerabilities that were not well explored by prior works. Hence, we manage to identify exploitable vulnerabilities on certain ADC registers that are used in the ADC conversion process. These vulnerabilities can allow attackers to launch dangerous attacks that can disrupt the behaviour of the targeted system (e.g., an IoT or control system) in a stealthy way. As a proof of concept, we design three such attacks by exploiting the vulnerabilities identified. Finally, we test the attacks on a mini-CPS testbed we designed using IoT devices, analog sensors and actuators. Our experimental results reveal high effectiveness of the proposed attack techniques in misleading PLCs to make incorrect control decisions in CPS. We also analyze the impact of such attacks when launched in realistic CPS testbeds.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
References
adafruit.com/: Using a temp sensor (2022). https://learn.adafruit.com/tmp36-temperature-sensor/using-a-temp-sensor
Alphonsus, E.R., Abdullah, M.O.: A review on the applications of programmable logic controllers (plcs). Renew. Sustain. Energy Rev. 60 (2016)
analog.com: Ad9364 register map reference manual (2021). https://www.analog.com/media/cn/technical-documentation/user-guides/ad9364_register_map_reference_manual_ug-672.pdf
Ashok, M., Levine, E.V., Chandrakasan, A.P.: Randomized switching SAR (RS-SAR) ADC protections for power and electromagnetic side channel security. In: 2022 IEEE Custom Integrated Circuits Conference (CICC), pp. 1ā2 (2022)
Bolshev, A., Larsen, J., Krotofil, M., Wightman, R.: A rising tide: design exploits in industrial control systems. In: 10th USENIX Workshop on Offensive Technologies (WOOT 16). USENIX Association, Austin, TX (2016)
Chekole, E.G., Castellanos, J.H., Ochoa, M., Yau, D.K.Y.: Enforcing memory safety in cyber-physical systems. In: Katsikas S. et al. (eds.) Computer Security. SECPRE 2017, CyberICPS 2017 (2017)
Chekole, E.G., Chattopadhyay, S., Ochoa, M., Huaqun, G.: Enforcing full-stack memory safety in cyber-physical systems. In: Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS 2018) (2018)
Chekole, E.G., Chattopadhyay, S., Ochoa, M., Guo, H., Cheramangalath, U.: CIMA: compiler-enforced resilience against memory safety attacks in cyber-physical systems. Comput. Secur. 94, 101832 (2020)
Chekole, E.G., Huaqun, G.: ICS-SEA: formally modeling the conflicting design constraints in ICS. In: Proceedings of the Fifth Annual Industrial Control System Security (ICSS) Workshop, pp. 60ā69. ICSS, Association for Computing Machinery, New York, NY, USA (2019). https://doi.org/10.1145/3372318.3372325
Chekole, E.G., Ochoa, M., Chattopadhyay, S.: SCOPE: secure compiling of PLCs in cyber-physical systems. Int. J. Crit. Infrastruct. Prot. 33, 100431 (2021). https://doi.org/10.1016/j.ijcip.2021.100431
Chen, R., Wang, H., Chandrakasan, A., Lee, H.S.: RaM-SAR: a low energy and area overhead, 11.3fj/conv.-step 12b 25ms/s secure random-mapping SAR ADC with power and EM side-channel attack resilience. In: 2022 IEEE Symposium on VLSI Technology and Circuits (VLSI Technology and Circuits), pp. 94ā95 (2022)
Elshamy, M., Di Natale, G., Pavlidis, A., LouĆ«rat, M.M., Stratigopoulos, H.G.: Hardware trojan attacks in analog/mixed-signal ICS via the test access mechanism. In: 2020 IEEE European Test Symposium (ETS), pp. 1ā6 (2020)
Gattu, N., Imtiaz Khan, M.N., De, A., Ghosh, S.: Power side channel attack analysis and detection. In: 2020 IEEE/ACM International Conference on Computer Aided Design (ICCAD), pp. 1ā7 (2020)
Geng, Y., et al.: Defending cyber-physical systems through reverse engineering based memory sanity check. IEEE Internet Things J., 1ā1 (2022)
Grami, A.: Chapter 5 - analog-to-digital conversion. In: Grami, A. (ed.) Introduction to Digital Communications, pp. 217ā264. Academic Press, Boston (2016)
Jeong, T.: Secure analog-to-digital conversion against power side-channel attack (2020). https://dspace.mit.edu/handle/1721.1/127018
Jeong, T., Chandrakasan, A.P., Lee, H.S.: S2adc: A 12-bit, 1.25ms/s secure SAR ADC with power side-channel attack resistance. In: 2020 IEEE Custom Integrated Circuits Conference (CICC), pp. 1ā4 (2020)
Jogdand, R.R., Dakhole, P.K., Palsodkar, P.: Low power flash ADC using multiplexer based encoder. In: 2017 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS), pp. 1ā5 (2017)
Kovacs, E.: ADC attacks can cause damage in industrial environments (2016). https://www.securityweek.com/adc-attacks-can-cause-damage-industrial-environments
Kovacs, E.: PLCs vulnerable to stealthy pin control attacks (2016). https://www.securityweek.com/plcs-vulnerable-stealthy-pin-control-attacks
Lab, M.: Analog to digital converter - how ADC works and types? (2017). https://microcontrollerslab.com/analog-to-digital-adc-converter-working/
Langmann, R., Stiller, M.: The PLC as a smart service in industry 4.0 production systems. Appl. Sci. 9(18), 3815 (2019)
Le, B., Rondeau, T., Reed, J., Bostian, C.: Analog-to-digital converters. IEEE Signal Process. Mag. 22(6), 69ā77 (2005)
Lee, E.A.: Cyber physical systems: design challenges. In: 2008 11th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC), pp. 363ā369 (2008). https://doi.org/10.1109/ISORC.2008.25
Li, P., Yi, X., Liu, X., Zhao, D., Zhao, Y., Wang, Y.: All-optical analog comparator. Sci. Rep. 6 (2016). https://doi.org/10.1038/srep31903
Miki, T., Miura, N., Sonoda, H., Mizuta, K., Nagata, M.: A random interrupt dithering SAR technique for secure ADC against reference-charge side-channel attack. IEEE Trans. Circ. Syst. II: Express Briefs 67(1), 14ā18 (2020)
Miki, T., Nagata, M.: Countermeasures against physical security attacks on ICs utilizing on-chip wideband ADCs. Japan. J. Appl. Phys. 61(SC), SC0803 (2022)
Mitescu, M., Susnea, I.: Interfacing to analog signals. Microcontrollers Pract., 93ā106 (2005)
Munny, R., Hu, J.: Power side-channel attack detection through battery impedance monitoring. In: 2021 IEEE International Symposium on Circuits and Systems (ISCAS), pp. 1ā5 (2021). https://doi.org/10.1109/ISCAS51556.2021.9401542
Mynbaev, D.K., Scheiner, L.L.: Analog signals and analog transmission, pp. 103ā201 (2020). https://doi.org/10.1002/9781119521501.ch2
docs.rs online.com: 8-channel, 12-bit, configurable ADC/DAC with on-chip reference, i2c interface (2014). https://docs.rs-online.com/1e6a/0900766b813daba4.pdf
Prathiba, G., Santhi, M., Ahilan, A.: Design and implementation of reliable flash ADC for microwave applications. Microelectron. Reliab. 88, 91ā97 (2018). 29th European Symposium on Reliability of Electron Devices, Failure Physics and Analysis (ESREF 2018)
Satoh, T., Takahashi, K., Matsui, H., Itoh, K., Konishi, T.: 10-GS/s 5-bit real-time optical quantization for photonic analog-to-digital conversion. IEEE Photonics Technol. Lett. 24(10), 830ā832 (2012)
Stouffer, K., Falco, J., Scarfone, K., et al.: Guide to industrial control systems (ICS) security. NIST Spec. Publ. 800(82), 16ā16 (2011)
Taheri, S., Lin, J., Yuan, J.S.: Security interrogation and defense for SAR analog to digital converter. Electronics 6(2), 48 (2017)
Taheri, S., Yuan, J.S.: Mixed-signal hardware security: attacks and countermeasures for \(\delta \sum \) ADC. Electronics 6(3), 60 (2017)
Wadatsumi, T., Miki, T., Nagata, M.: A dual-mode successive approximation register analog to digital converter to detect malicious off-chip power noise measurement attacks. Japan. J. Appl. Phys. 60(SB), SBBL03 (2021)
Yadav, G., Paul, K.: Architecture and security of scada systems: a review. Int. J. Crit. Infrastruct. Prot. 34, 100433 (2021)
Zanero, S.: Cyber-physical systems. Computer 50(4), 14ā16 (2017)
Acknowledgment
The work is partially supported by A*STAR under its RIE2020 Advanced Manufacturing and Engineering (AME) Industry Alignment Fund - Pre Positioning (IAF-PP) Award A19D6a0053. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not reflect the views of A*STAR.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Chekole, E.G., Thulasiraman, R., Zhou, J. (2023). EARIC: Exploiting ADC Registers in IoT and Control Systems. In: Zhou, J., et al. Applied Cryptography and Network Security Workshops. ACNS 2023. Lecture Notes in Computer Science, vol 13907. Springer, Cham. https://doi.org/10.1007/978-3-031-41181-6_14
Download citation
DOI: https://doi.org/10.1007/978-3-031-41181-6_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-41180-9
Online ISBN: 978-3-031-41181-6
eBook Packages: Computer ScienceComputer Science (R0)